Chat now with support
Chat mit Support

Foglight for Infrastructure 5.9.8 - User Guide

Using Foglight for Infrastructure Monitoring log files with Foglight Log Monitor Monitoring IBM PowerVM environments
Before you begin Managing PowerVM HMC agents Monitoring your PowerVM environment
Advanced system configuration and troubleshooting Reference
Foglight for Infrastructure views Foglight Log Monitor views Rules Metrics
Appendix: Building regular expressions in Foglight

Monitoring log files with Foglight Log Monitor

Foglight for Infrastructure relies on the File Log Monitor and Windows Event Log Monitor agents to collect data. These agents collect desired information from selected logs. A log file consists of one or more entries, or log records. Depending on the format of a monitored log file a log record can span multiple lines. The collected information is visualized on the Log Monitor dashboard.

Start by ensuring that Foglight for Infrastructure is installed on the Management Server, and that the agent package is deployed. For installation instructions, see the Foglight for Infrastructure Release Notes.

Next, configure the File Log Monitor and Windows Event Log Monitor agents for data collection. For more information, see Configuring monitoring agents, Configuring agent properties, and Configuring connections to remote Windows platforms.

When your monitoring agent instances are configured and are collecting data, navigate to the Log Monitor dashboard. This dashboard allows you to look at individual log records, and observe their growth rate over the selected time range. For more information, see Investigating log records.

Configuring monitoring agents

Foglight for Infrastructure uses Quest File Log Monitor Agent and Quest Windows Log Monitor Agent instances to collect information from monitored hosts. When Foglight for Infrastructure is installed on the Management Server and the Host Agents package is deployed to a desired FoglightAgent Manager host, you can create these agents and configure them for data collection.

While the Quest File Log Monitor Agent collects information from selected text files, Quest Windows Event Log Monitor Agent collects information from Windows Event Log files. Both agents can look for the text patterns you specify in the monitored logs.

To create an agent instance, activate it, and start its data collection, use the appropriate wizard (Create FileLogMonitorAgent or Create WindowsEventLogMonitorAgent), accessible from the Log Monitor dashboard.

2
On the navigation panel, under Dashboards, click Log Monitor.
To create a Quest Windows Event Log Monitor Agent instance, on the Log Monitor dashboard, in the top-right corner, click Windows Event Log Monitor to launch the Create WindowsEventLogMonitorAgent wizard.
a
On the Agent Manager and Agent Name page in the wizard, click Agent Manager, and from the list that appears, select a host running an Agent Manager instance that you want to use to manage the agent instance that you are about to create.
b
Specify the name you want to assign to this agent instance. In the Agent Name box, type the agent name. Optionally, select the Generate Name check box to have the wizard generate the name automatically.
c
Click Next.
a
To view or edit a property, click View on the right of the list property name.
In the dialog box that appears, click Edit, and make changes to the existing entries, or add new ones, as required.
The Regular Expression Tester Dialog box allows you to write a regular expression, and test it against a text sample. Simply type a regular expression in the Test Regular Expression box, copy the text sample to the Test Source area, and click Match. The Test Result area displays the result of your regular expression.
To close the Regular Expression Tester Dialog box, click Cancel.
d
On the Agent Properties page, click Next.
5
Review the information on the Credential Verification page, and make any changes, if required.
If the page indicates that the Agent Manager does not have the credentials needed to access the monitored hosts, click Manage Credentials, and create a new credential, as required. For more information, see “Controlling System Access with Credentials” in the Administration and Configuration Help.
Click Next.
The Summary page reflects the newly configured settings, including agent properties. Because File Log Monitor and Windows Event Log Monitor agents each come with a different set of agent properties, the contents of this page are different, reflecting the type of the agent instance that you are creating.
6
Review the information on the Summary page, and click Finish to start collecting data.

Investigating log records

The Log Monitor dashboard displays the amount of log records over the monitored time range, lists the monitored log records, along with individual record details, such as its source, message, and severity, among others. Use this dashboard on a daily basis to review the monitored log records and identify potential signs that can lead to performance bottlenecks. For example, a significant increase in the number of log records can help you predict and prevent potential system-level issues.

To access this dashboard, from the navigation panel, choose Dashboards > Log Monitor.

Start by choosing the host containing the log files whose records you want to review, using the File Selector view. From here, for file logs, you can select the directory and the log file name.

For Windows Event Logs, select Event Log Files, and choose the name of the Windows Event Log (for example, Application).

For complete information about the data appearing in these views, see Foglight Log Monitor views.

Configuring agent properties

The File Log Monitor and Windows Event Log Monitor agents collect data from log files and send it to the Management Server.

The monitoring agents look for specific records given a text pattern in the monitored log files. They support regular expressions, which allows you to search for desired text patterns. The agents support PCRE (Perl Compatible Regular Expressions). For details about the PCRE syntax, visit http://perldoc.perl.org/perlre.html.

To monitor log records on a host, an agent establishes an SSH connection to Unix hosts, or a WMI or WinRM connection to Windows® hosts. Once this connection is in place, an agent executable is uploaded to the remote host (into %TEMP% on Windows and /tmp on UNIX®). The name of the executable name is unique to the agent instance. The executable then starts locating the monitored log files on the host and extracts the desired records, as specified in the agent properties. The agent sends back the extracted records to the agent for processing. The agent keeps track of the current location in all of the scanned log files so that the same information is only scanned once.

The monitoring agents use the same set of credentials as the other Foglight for Infrastructure agents, and the same credential purposes. For more information, see the Using Foglight for Infrastructure.

When an agent connects to Foglight, it is provided with sets of properties that it uses to configure its correct running state. The File Log Monitor and Windows Event Log Monitor agents are provided with list properties. List properties can be shared amongst multiple agent instances. Any changes you make to a list property affects all agent instances that are associated with that list.

Default versions of these properties are installed with Foglight for Infrastructure, and configured for your agent instances when you run the configuration wizards. If you need to make changes to any list properties after configuring your monitoring agents, you can do so (see Configuring File Log Monitor agent properties and Configuring Windows Event Log Monitor agent properties). However, keep in mind that any changes you make to a list property can affect other agent instances. For more information about LogMonitor remote monitoring, see Configuring connections to remote Windows platforms.

For complete information about working with agent properties, see the Administration and Configuration Help.

a
On the navigation panel, under Dashboards, select Administration > Agents > Agent Status.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen