The timestamp format that the agent supports are the following:
If your log records use this format - [06/04/2013 06:57:30], the agent does not recognize it because of the brackets []. In such case, it will take the "modified timestamp" of the file itself. Currently, there are no plans to cater for these brackets as they are not standard formatting from the list above.
The historical alarms may have triggered after the IC cartridge was upgraded from 5.8.5.2 to 5.8.5.3. This was due to bug FAM-6585 which is actually fixed in 5.8.5.3. This means that once you are on 5.8.5.3, subsequent upgrades should not encounter this issue again.
Do note that another scenario on which historical records will be alerted is when you add a NEW log file to monitor which does not have the standard timestamp above. What this means is, if for example you copied Monitor.log to something like Monitor_new.log and you add this new file to the agent, the first collection will scan and retrieve all the historical logs and will raise the alerts. Subsequent collection will work per normal based on the modified timestamp of the file.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center