Chat now with support
Chat with Support

Foglight for Infrastructure 5.9.3 - User Guide

Using Foglight for Infrastructure Monitoring log files with Foglight Log Monitor Monitoring IBM PowerVM environments
Before you begin Managing PowerVM HMC agents Monitoring your PowerVM environment
Advanced system configuration and troubleshooting Reference
Foglight for Infrastructure views Foglight Log Monitor views Rules Metrics
Appendix: Building regular expressions in Foglight

About the MultiHostProcessMonitorAgent

The MultiHostProcessMonitorAgent monitors both Windows® and Linux® systems and collects the following information:

There are views, rules, and data associated with this agent. For more information, see Reference

For more details, see these topics:

Supported platforms

For a list of platforms supported for the MultiHostProcessMonitorAgent, see “System Requirements” in the Foglight for Infrastructure Release Notes.

Agent properties

When an agent connects to the Foglight Management Server, it is provided with a set of properties that it uses to configure its correct running state. For more information about working with agent properties, see Creating agent instances.

The MultiHostProcessMonitorAgent is shipped with default properties that can be modified to suit your system requirements. The properties specific to the MultiHostProcessMonitorAgent are illustrated in the following screenshot.

You can configure the following settings for this agent:

Host: availablePagingSpace, runQueueLength, contextSwitches
CPU: totalHz, percentUserTime
Memory: capacity, consumed, pageInRate, pageOutRate, and utilization
Use ping to validate host availability: Default value = False. When set to True, the agent is configured to use ping to detect if the monitored host is unavailable. If the agent fails to make a connection to the monitored host, and this property is set to True, the agent sends a ping command to the host. If the host does not respond, the Host.monitored observation is set to UNAVAILABLE (for more details, see Host availability alerting).
NOTE: When the Use ping to validate host availability property is enabled on a UNIX® platform, the sudoer file needs to configured to allow the ICMP process to run with NOPASSWD. For details, see Configuring secure launcher permissions using sudo.
Process Availability Config: A list of monitored processes and their expected instance counts. The list contains three columns: Process Name, Command Line, and Expected Process Count, and can be edited, as required. The agent compares the number of actual processes with the number of expected processes found in this list. Results are displayed in the Processes > Processes > User Defined Processes (Process Availability Config) view (for details, see User Defined Processes (Process Availability Config)).
Solaris: Execute the “/usr/bin/ps -e -o uid,pid,ppid,vsz,rss,time,pcpu,sid,s,user,comm,args” command. Then you will get the following process details.
Collector Config: defines how quickly the agent collects data. Both Windows and Linux® provide a defaultSchedule configuration. Users can modify, clone, and delete configurations, as necessary.

Some UnixAgents can function without root privileges, but certain metrics can only be collected by commands which must be run as root. In order to give these agents the required access, Foglight Agent Manager is configured to launch these agents using a tool such as sudo that allows privilege escalation (without a password).

To this effect, the sudo configuration file (/etc/sudoers) must be configured so that password prompts are not required for a number of executables. The commands requiring elevated privileges differ by platform. The following commands must be configured for this version of Foglight for Infrastructure.


/usr/bin/find, /bin/cat

Used to read IO statistics from the /proc filesystem.

/sbin/ethtool or /usr/sbin/ethtool (depending on distribution)

/sbin/mii-tool or /usr/sbin/mii-tool (depending on distribution)

Used to determine the network card bandwidth; ethtool is favoured if it is found.

The following is an example of how to configure the /etc/sudoers file to allow the user foglight to execute Linux® commands without being prompted for a password:

In addition, the requiretty flag must not be set in /etc/sudoers for the user, since Foglight for Infrastructure agents use non-interactive shells.

The following is an example of how to unset the requiretty flag for a single user named foglight, so that this user can run sudo commands remotely:

NOTE: If requiretty flag is set, sudo can run only when the user is logged in to a real tty. When this flag is set, sudo can only be run from a login session and not via other means, such as cron or cgi-bin scripts. This flag is off (unset) by default.

Using commands with sudo access can result in increased logging. Sudo provides the following levels of logging, each resulting in the capture of a specific type of information:

Depending on the user’s sudo and syslog.conf configuration, sudo use may result in excess logging. To minimize the amount of log messages, ensure that sudo does not make use of the LOG_INPUT or LOG_OUTPUT tags for the commands that the UnixAgent runs. Depending on the existing monitored hosts’ configuration, any lines added to the /etc/sudoers file for Foglight monitoring may have to include NOLOG_OUTPUT or NOLOG_INPUT to override the default configuration. For example, for a user named foglight connecting to a monitored host, the following lines are required:

foglight ALL = NOLOG_INPUT: ALL, NOLOG_OUTPUT: ALL, NOPASSWD: /usr/bin/find|,

The last argument in this syntax depends on the type and location of the tool, ethtool or mii-tool, used to determine the network card bandwidth. If you are unsure which tool your system uses, you can specify all of them:

foglight ALL = NOLOG_INPUT: ALL, NOLOG_OUTPUT: ALL, NOPASSWD: /usr/bin/find|,

/bin/cat, /sbin/ethtool, /usr/sbin/ethtool, /sbin/mii-tool, /usr/sbin/mii-tool


Monitoring log files with Foglight Log Monitor

Foglight for Infrastructure relies on the File Log Monitor and Windows Event Log Monitor agents to collect data. These agents collect desired information from selected logs. A log file consists of one or more entries, or log records. Depending on the format of a monitored log file a log record can span multiple lines. The collected information is visualized on the Log Monitor dashboard.

Start by ensuring that Foglight for Infrastructure is installed on the Management Server, and that the agent package is deployed. For installation instructions, see the Foglight for Infrastructure Release Notes.

Next, configure the File Log Monitor and Windows Event Log Monitor agents for data collection. For more information, see Configuring monitoring agents, Configuring agent properties, and Configuring connections to remote Windows platforms.

When your monitoring agent instances are configured and are collecting data, navigate to the Log Monitor dashboard. This dashboard allows you to look at individual log records, and observe their growth rate over the selected time range. For more information, see Investigating log records.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating