Converse agora com nosso suporte
Chat com o suporte

Foglight for Infrastructure 5.9.4 - User Guide

Using Foglight for Infrastructure Monitoring log files with Foglight Log Monitor Monitoring IBM PowerVM environments
Before you begin Managing PowerVM HMC agents Monitoring your PowerVM environment
Advanced system configuration and troubleshooting Reference
Foglight for Infrastructure views Foglight Log Monitor views Rules Metrics
Appendix: Building regular expressions in Foglight

Data Collection Scheduler

The Datacenter Collection Scheduler agent properties specify the data frequency settings the agent uses to read monitored log files.

Collector Config: A list containing the data collectors the agent uses. Each entry in the list includes the following columns:
Collector Name: The name of the collector the agent uses to gather data.
Default Collection Interval: The number of milliseconds, seconds, minutes, hours, or days during which the agent collects data.
Time Unit: The time unit associated with the Default Collection Interval.
Fast-Mode Collection Interval: The number of milliseconds, seconds, minutes, hours, or days during which the agent collects data when working in the fast collection mode.
Fast-Mode Time Unit: The time unit associated with the Fast-Mode Collection Interval.
Fast-Mode Max Count: The maximum number of the times the agent can stay in fast collection mode.

FileLogMonitor configuration example

This example provides the configuration settings for monitoring the FglAM log files on a UNIX® system for WARN and ERROR records. The FglAM log files are located in the /home/user/FglAM/state/default/logs folder. FglAM log records have a date at the beginning of each record that look like this:

This format can be set as the regular expression for the record separator.

Monitored Hosts

Hosts

Host

host.domain.com

 

 

Host name override

(optional)

 

 

Host Type

UNIX

 

 

SSH Port

22

 

 

Operation Timeout

60000

 

 

Collect System ID

 

 

 

Remote Collector Executable

(optional)

 

 

Secure Launcher

(optional)

Log Files

Log Files

Directory

/home/user/FglAM/state/default/logs

 

 

Filename Pattern

FglAM_*\\.log$

 

 

File Format Name

 

 

Patterns

RegEx Match Patterns

WARN

ERROR

 

 

Match Severity

 

 

 

Tags

 

 

Exclude Records

RegEx Record Exclude Pattern

WARN

ERROR

 

 

RegEx File Exclude Pattern

C:\temp.log | D:\temp.txt

C:\apache\logs\FglAM.*.log|Test.*.log

 

 

Exclude Enable

 

File Formats

File Formats

Name

 

 

 

Max Record Size

1024

 

 

New Line Policy

ANYCRLF

 

 

Rollover Policy

NEW

 

 

Record Separator RegEx

^\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}\\.\\d{3}

 

 

Character Set

UTF-8

 

 

Maximum Match Count

200

 

 

Max Processing Time(s)

120

Record Transformations

Record Transformations

RegEx Record Transformation Pattern

(optional)

 

 

Record Transformation

(optional)

Data Collection Scheduler

Collector Config

Collector Name

(default)

 

 

Default Collection Interval

(default)

 

 

Time Unit

(default)

 

 

Fast-Mode Collection Interval

(default)

 

 

Fast-Mode Time Unit

(default)

 

 

Fast-Mode Max Count

(default)

This example only shows one scan, but the scan can be performed multiple times at regular intervals since more records can be added to the log files over time.

Configuring Windows Event Log Monitor agent properties

The Windows Event Log Monitor Agent collects information from Windows Event Log files. This agent expands the functionality of the Windows Agent, also included with Foglight for Infrastructure. However, while the Windows Agent can collect information only from Windows Logs and those Application and Service Logs that are accessible through WMI or WinRM, the Windows Event Log Monitor Agent can monitor both Windows Logs and any Application and Service Logs, including the Microsoft Application and Services Logs, available on some newer Microsoft Windows versions.

For more information about the Windows Agent, see the Managing Infrastructure User and Reference Guide.

This agent includes the following groups of agent properties:

For a configuration example, see WindowsEventLogMonitor configuration example.

Monitored Hosts

The Monitored Host properties specify the hosts whose log files you want to monitor with this the agent.

Hosts: A list specifying the hosts monitored by the agent instance. Typically you want a cloned list that is associated with a specific agent instance. Each entry in the list includes the following columns:
Host: The name of the monitored host or its IP address.
Host name override: The host name under which this host’s data is stored in the data model. This property is optional.
Network Operation Timeout (seconds): The maximum amount of time in seconds given to the agent for each phase of a collection attempt. This includes uploading the native executable, scanning for log entries, and retrieving log content.
Collect System ID: This property indicates to the agent whether or not to collect a unique system ID from this system. This is not desirable when monitoring Hyper-V systems, as some Hyper-V systems use the same ID for multiple systems, preventing them from being unique.
Remote Collector Executable: The name of the agent native executable on the remote monitored host. This property is optional. If not specified, a random name is used. Configure this property only if you need to set a specific name for the executable so that you can write a sudo rule for it, or to have it uploaded to a non-default directory. In that case, provide a complete a full path name along with the file name.
Maximum Record Match Count Per Log File: The maximum number of records the agent reads per log file. Setting this value to a reasonable number of records (for example, 200) allows you to control the amount of time and resources the agent spends to read monitored logs during a single collection interval, and to prevent bottlenecks during data collection. If you do not want to specify a limit, type -1.
Backlog of Events (seconds): The length of time in the past to start collecting data from until the present moment, if not already processed. Specifying a reasonable amount of time using this property (for example, 3,600 seconds or one hour) allows you to bring in historical data, providing a point of reference for future collections.
Max Logs Processing Time (seconds): The amount of time in seconds given to the agent for a data collection attempt. Setting this value to a reasonable number of seconds (for example, 120) allows you to control the amount of time the agent spends to read monitored logs during a single collection interval, and to prevent bottlenecks during data collection.
This value should be equal to or less than the Network Operation Timeout (seconds) value in the Hosts list.
Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação