Chat now with support
Chat with Support

Foglight for Infrastructure 6.0.0 - User Guide

Using Foglight for Infrastructure Monitoring log files with Foglight Log Monitor Monitoring IBM PowerVM environments
Before you begin Managing PowerVM HMC agents Monitoring your PowerVM environment
Advanced system configuration and troubleshooting Reference
Foglight for Infrastructure views Foglight Log Monitor views Rules Metrics
Appendix: Building regular expressions in Foglight

WindowsEventLogMonitor configuration example

This example provides the configuration settings for monitoring the “System” and “Application” Windows® event log files. Any records with a source value of Perflib are excluded from the monitoring, and only records that are of type Warning are included in the monitoring.

Monitored Hosts





Host name override




Network Operation Timeout (seconds)




Collect System ID




Remote Collector Executable




Maximum Record Match Count Per Log File




Backlog of Events (seconds)




Max Logs Processing Time (seconds)


Event Logs

Event Logs to Monitor

Event Log Name




Event Log Filters

























Event Description








Event Throttle Count




Event Throttle Duration (seconds)



Event Log Severity



Record Transformations

Record Transformations

RegEx Record Transformation Pattern




Record Transformation


Data Collection Scheduler

Collector Config

Collector Name




Default Collection Interval




Time Unit




Fast-Mode Collection Interval




Fast-Mode Time Unit




Fast-Mode Max Count


This example only shows one scan, but the scan can be performed multiple times at regular intervals since more records can be added to the log files over time.

Configuring connections to remote Windows platforms

Foglight Log Monitor requires that a Windows® command shell connection be established to execute Windows commands on remote machines. There are two types of command shell connections that can be established to execute remote commands: WinRMCommandShell and DCOMWindowsCommandShell. You need to setup the remote machine based on the type of command shell connection you need to establish.

To execute Windows commands on a local machine, a LocalWindowsCommandShell may be used, if local user credentials are provided.

The Foglight Log Monitor command shells are described in the following sections.

Uses Windows Remote Management (WinRM) to execute remote commands. For configuration information, see section “Configuring Windows Remote Management (WinRM)” in the Foglight Agent Manager Guide.

NOTE: WinRmCommandShell connections are attempted before DCOMWindowsCommandShell.

This command shell type executes commands remotely using Windows Management Instrumentation (WMI). WinShell must be setup as well.

For configuration information, see sections “Configuring Windows Management Instrumentation (WMI)” and “Configuring Registry Settings for WinShell Access through DCOM” in the Foglight Agent Manager Guide.

This command shell type is for local command execution. No setup is required for executing commands on a local machine.

The Foglight for Infrastructure WindowsAgent can use the WMI mechanism to establish remote connections for monitoring Windows resources. In this case it can collect data only from specific event logs, but not all (for details, see About the WindowsAgent).

To monitor event logs within the “Applications and Services” category, you must use the LogMonitor agents (FileLogMonitorAgent or WindowsEventLogMonitorAgent).

Foglight LogMonitor copies an executable to the remote machine and runs this executable, which outputs the collected data and then Foglight Agent Manager processes it. The executable uses Windows native APIs to obtain the relevant data from the Windows Event Logs. To copy and run the executable on the remote machine, access to the Windows command prompt is required. If DCOM is used, an extra setup step is required (for details, see “Configuring Registry Settings for WinShell Access through DCOM” in the Foglight Agent Manager Guide). There are no extra setup steps required if WinRM is used.

The remote monitoring of Windows® and UNIX® hosts has unique requirements, as presented in the Foglight Agent Manager Guide. For example, the following log entry indicates that the Remote Connection failed.

2015-06-02 11:05:44.286 ECHO <HostAgents/5.7.2/FileLogMonitorAgent/LogMonitor-IIRWin_Webservers-agent> WARN [Quartz[0]-1228] - Could not execute data collection commands for File Log Scan Action [, HostType=WINDOWS, Directory=D:\Program Files(x86)\FglAM\state\default\logs, Filename=temp.log]. It will be skipped in this collection period. a shell connection could not be established


Monitoring IBM PowerVM environments

Foglight™ for PowerVM allows you to monitor IBM® PowerVM® environments. Foglight alerts you about infrastructure problems when they develop, enabling you to resolve issues pro actively before end users are affected. Early intervention ensures consistent application performance at established service levels. Foglight for PowerVM monitors the health of your virtual system by tracking the levels of resource utilization such as processor, network, and memory consumption of individual objects in your integrated environment.

Before you begin

Ensure that Foglight for Infrastructure is installed on the Management Server. For installation instructions, see the Foglight for Infrastructure Release Notes.

To monitor PowerVM® servers, you need a running instance of the PowerVM HMC Agent. This agent is provided with Foglight for Infrastructure.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating