Chat now with support
Chat with Support

Foglight for Infrastructure 5.9.2 - User Guide

Using Foglight for Infrastructure Monitoring log files with Foglight Log Monitor Monitoring IBM PowerVM environments
Before you begin Managing PowerVM HMC agents Monitoring your PowerVM environment
Advanced system configuration and troubleshooting Reference
Advanced System Configuration Foglight for Infrastructure views Foglight Log Monitor views Rules Metrics
Appendix: Building regular expressions in Foglight

Data Collection Scheduler

The Datacenter Collection Scheduler agent properties specify the data frequency settings the agent uses to read monitored log files.

Collector Config: A list containing the data collectors the agent uses. Each entry in the list includes the following columns:
Collector Name: The name of the collector the agent uses to gather data.
Default Collection Interval: The number of milliseconds, seconds, minutes, hours, or days during which the agent collects data.
Time Unit: The time unit associated with the Default Collection Interval.
Fast-Mode Collection Interval: The number of milliseconds, seconds, minutes, hours, or days during which the agent collects data when working in the fast collection mode.
Fast-Mode Time Unit: The time unit associated with the Fast-Mode Collection Interval.
Fast-Mode Max Count: The maximum number of the times the agent can stay in fast collection mode.

WindowsEventLogMonitor configuration example

This example provides the configuration settings for monitoring the “System” and “Application” Windows® event log files. Any records with a source value of Perflib are excluded from the monitoring, and only records that are of type Warning are included in the monitoring.

Monitored Hosts

Hosts

Host

host.domain.com

 

 

Host name override

(optional)

 

 

Network Operation Timeout (seconds)

120

 

 

Collect System ID

 

 

 

Remote Collector Executable

(optional)

 

 

Maximum Record Match Count Per Log File

200

 

 

Backlog of Events (seconds)

3600

 

 

Max Logs Processing Time (seconds)

120

Event Logs

Event Logs to Monitor

Event Log Name

System

Application

 

Event Log Filters

Include/Exclude

INCLUDE

 

 

Type

WARNING

 

 

User

*

 

 

Source

*

 

 

Category

*

 

 

EventID

0

 

 

Event Description

*

 

 

Tags

 

 

 

Event Throttle Count

 

 

 

Event Throttle Duration (seconds)

 

 

Event Log Severity

 

 

Record Transformations

Record Transformations

RegEx Record Transformation Pattern

(optional)

 

 

Record Transformation

(optional)

Data Collection Scheduler

Collector Config

Collector Name

(default)

 

 

Default Collection Interval

(default)

 

 

Time Unit

(default)

 

 

Fast-Mode Collection Interval

(default)

 

 

Fast-Mode Time Unit

(default)

 

 

Fast-Mode Max Count

(default)

This example only shows one scan, but the scan can be performed multiple times at regular intervals since more records can be added to the log files over time.

Configuring connections to remote Windows platforms

Foglight Log Monitor requires that a Windows® command shell connection be established to execute Windows commands on remote machines. There are two types of command shell connections that can be established to execute remote commands: WinRMCommandShell and DCOMWindowsCommandShell. You need to setup the remote machine based on the type of command shell connection you need to establish.

To execute Windows commands on a local machine, a LocalWindowsCommandShell may be used, if local user credentials are provided.

The Foglight Log Monitor command shells are described in the following sections.

Uses Windows Remote Management (WinRM) to execute remote commands. For configuration information, see section “Configuring Windows Remote Management (WinRM)” in the Foglight Agent Manager Guide.

NOTE: WinRmCommandShell connections are attempted before DCOMWindowsCommandShell.

This command shell type executes commands remotely using Windows Management Instrumentation (WMI). WinShell must be setup as well.

For configuration information, see sections “Configuring Windows Management Instrumentation (WMI)” and “Configuring Registry Settings for WinShell Access through DCOM” in the Foglight Agent Manager Guide.

This command shell type is for local command execution. No setup is required for executing commands on a local machine.

The Foglight for Infrastructure WindowsAgent can use the WMI mechanism to establish remote connections for monitoring Windows resources. In this case it can collect data only from specific event logs, but not all (for details, see About the WindowsAgent).

To monitor event logs within the “Applications and Services” category, you must use the LogMonitor agents (FileLogMonitorAgent or WindowsEventLogMonitorAgent).

Foglight LogMonitor copies an executable to the remote machine and runs this executable, which outputs the collected data and then Foglight Agent Manager processes it. The executable uses Windows native APIs to obtain the relevant data from the Windows Event Logs. To copy and run the executable on the remote machine, access to the Windows command prompt is required. If DCOM is used, an extra setup step is required (for details, see “Configuring Registry Settings for WinShell Access through DCOM” in the Foglight Agent Manager Guide). There are no extra setup steps required if WinRM is used.

The remote monitoring of Windows® and UNIX® hosts has unique requirements, as presented in the Foglight Agent Manager Guide. For example, the following log entry indicates that the Remote Connection failed.

2015-06-02 11:05:44.286 ECHO <HostAgents/5.7.2/FileLogMonitorAgent/LogMonitor-IIRWin_Webservers-agent> WARN [Quartz[0]-1228] com.quest.foglight.infrastructure.actions.logmonitor.file.FileLogScanAction - Could not execute data collection commands for File Log Scan Action [Host=host.example.com, HostType=WINDOWS, Directory=D:\Program Files(x86)\FglAM\state\default\logs, Filename=temp.log]. It will be skipped in this collection period.

com.quest.glue.api.services.RemoteConnectionException: a shell connection could not be established

 

Monitoring IBM PowerVM environments

Foglight™ for PowerVM allows you to monitor IBM® PowerVM® environments. Foglight alerts you about infrastructure problems when they develop, enabling you to resolve issues pro actively before end users are affected. Early intervention ensures consistent application performance at established service levels. Foglight for PowerVM monitors the health of your virtual system by tracking the levels of resource utilization such as processor, network, and memory consumption of individual objects in your integrated environment.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating