Chat now with support
Chat with Support

Foglight for Infrastructure 5.9.2 - User Guide

Using Foglight for Infrastructure Monitoring log files with Foglight Log Monitor Monitoring IBM PowerVM environments
Before you begin Managing PowerVM HMC agents Monitoring your PowerVM environment
Advanced system configuration and troubleshooting Reference
Advanced System Configuration Foglight for Infrastructure views Foglight Log Monitor views Rules Metrics
Appendix: Building regular expressions in Foglight

Configuring agent properties

The File Log Monitor and Windows Event Log Monitor agents collect data from log files and send it to the Management Server.

The monitoring agents look for specific records given a text pattern in the monitored log files. They support regular expressions, which allows you to search for desired text patterns. The agents support PCRE (Perl Compatible Regular Expressions). For details about the PCRE syntax, visit http://perldoc.perl.org/perlre.html.

To monitor log records on a host, an agent establishes an SSH connection to Unix hosts, or a WMI or WinRM connection to Windows® hosts. Once this connection is in place, an agent executable is uploaded to the remote host (into %TEMP% on Windows and /tmp on UNIX®). The name of the executable name is unique to the agent instance. The executable then starts locating the monitored log files on the host and extracts the desired records, as specified in the agent properties. The agent sends back the extracted records to the agent for processing. The agent keeps track of the current location in all of the scanned log files so that the same information is only scanned once.

The monitoring agents use the same set of credentials as the other Foglight for Infrastructure agents, and the same credential purposes. For more information, see the Using Foglight for Infrastructure.

When an agent connects to Foglight, it is provided with sets of properties that it uses to configure its correct running state. The File Log Monitor and Windows Event Log Monitor agents are provided with list properties. List properties can be shared amongst multiple agent instances. Any changes you make to a list property affects all agent instances that are associated with that list.

Default versions of these properties are installed with Foglight for Infrastructure, and configured for your agent instances when you run the configuration wizards. If you need to make changes to any list properties after configuring your monitoring agents, you can do so (see Configuring File Log Monitor agent properties and Configuring Windows Event Log Monitor agent properties). However, keep in mind that any changes you make to a list property can affect other agent instances. For more information about LogMonitor remote monitoring, see Configuring connections to remote Windows platforms.

For complete information about working with agent properties, see the Administration and Configuration Help.

To configure agent properties:
1
Log in to the Foglight browser interface.
2
Ensure that the navigation panel is open.
To open the navigation panel, click the right-facing arrow on the left.
3
Open the Agent Status dashboard and navigate to the agent properties.
a
On the navigation panel, under Dashboards, select Administration > Agents > Agent Status.
 
* 
IMPORTANT: Another way of editing agent properties is through the Agent Properties dashboard. The properties you specify on this dashboard apply to all instances of the selected agent type, excluding any of the existing agents. To be certain that you are editing the properties of a particular agent instance and prevent overwriting of properties of another agent instance, use the Agent Status dashboard instead of the Agent Properties dashboard.
b
On the Agent Status dashboard, select the instance of the File Log Monitor or Windows Event Log Monitor agent whose properties you want to modify and click Edit Properties.
c
Indicate that you want to edit the properties of the selected agent instance.
A list of agent properties appears in the display area.

Configuring File Log Monitor agent properties

The File Log Monitor Agent collects information from selected text-based log files. A log file consists of one or more records; a record can span multiple lines, depending on the format of the log files.

The agent includes a set of properties that you can use to define the location, name, and structure of the log files it monitors. It includes the following groups of agent properties:
Monitored Hosts
Log Files
File Formats
Record Transformations
Data Collection Scheduler

For a configuration example, see FileLogMonitor configuration example.

Monitored Hosts

The Monitored Host properties specify the hosts whose log files you want to monitor with this agent.
Hosts: A list specifying the hosts monitored by the agent instance. Typically you want a cloned list that is associated with a specific agent instance. Each entry in the list includes the following columns:
Host: The name of the monitored host or its IP address.
Host name override: The host name under which this host’s data is stored in the data model. This property is optional.
Host Type: Windows or Unix. This property determines how the agent connects to the host: using SSH (Unix hosts), or using WMI or WinRM (Windows hosts).
SSH Port: The port number used for secure connections, if applicable. For Unix and Linux hosts, this value is typically set to 22. For Windows hosts, this is not applicable, and -1 should be specified (meaning not applicable). This property is optional.
Operation Timeout: The maximum amount of time in seconds given to the agent for each phase of a collection attempt. This includes uploading the native executable, scanning for log entries, and retrieving log content.
Collect System ID: This property indicates to the agent whether or not to collect a unique system ID from this system. This is not desirable when monitoring Hyper-V systems, as some Hyper-V systems use the same ID for multiple systems, preventing them from being unique.
Remote Collector Executable: The name of the agent native executable on the remote monitored host. This property is optional. If not specified, a random name is used. Configure this property only if you need to set a specific name for the executable so that you can write a sudo rule for it, or to have it uploaded to a non-default directory. In that case, provide a complete a full path name along with the file name.
 
* 
TIP: By default, the executable is created on the monitored host in the %TEMP% directory (Windows) or /tmp (Unix).
Secure Launcher: The name and path to the sudo that enables the agent to launch on Unix and Linux machines, for example: /usr/bin/sudo. This property is optional.

Log Files

The Log Files properties allow you to specify the monitored log files on each host the agent instance connects to, and the type of log records that you want to scan.

Log Files: A list specifying the log files monitored by this agent. If the list is shared between agent instances, or if the agent instance is configured to connect to multiple hosts, the log file locations specified in this list are checked on every host the agent connects to. This is useful in situations when you want to scan a standard log file, for example, /var/log/messages, across multiple hosts. To do that, create one agent instance with its own Hosts list, (see Monitored Hosts), and a single row in this list.
Each entry in the list includes the following columns:
Directory: The directory containing the log files that you want to monitor.
Filename Pattern: A regular expression that specifies which log files to monitor.
 
* 
TIP: The agent supports PCRE (Perl Compatible Regular Expressions). For details about the PCRE syntax, visit http://perldoc.perl.org/perlre.html.
File Format Name: The name of the file format the log file uses. File format definitions are specified in the File Formats properties. The value you provide in this column must match an existing file format.
Patterns:
RegEx Match Patterns: A regular expression that the agent uses to look for specific text in the monitored log files.
 
* 
TIP: The agent supports PCRE (Perl Compatible Regular Expressions). For details about the PCRE syntax, visit http://perldoc.perl.org/perlre.html.
Match Severity: The severity associated with log records that match the specified regular expression, in the monitored log file. There are five available severities that you can choose from: Warning, Critical, Fatal, Debug, and Informational.
.
* 
NOTE: The Critical severity is assigned to any log record with the Error severity.
Tags: One or more comma-separated tags that you want to add to log records that match the specified regular expression, in the monitored log file. This property is optional. Tags are useful because they can help you quickly locate records with a desired tag. If set, tags are reported along with any record that matches the specified regular expression. For example, the tag security, auth can be applied to any records that match the regular expression “.*login failed.*”. This allows the agent to identify all records (regardless of file name, host, agent or content) that relate to either security or authorization, and to display them on the Log Monitor dashboard.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating