Pro.Monitor Cockpit
User Guide
Support
Sidebar
products:cockpit.old:1.0:monitorsguide:netweaver:systemlogs
Book Creator
Add this page to your book
Add this page to your book Book Creator
Remove this page from your book
Remove this page from your book 
Manage book (
Help Table of Contents
System Logs
Purpose
Lot's of problems can be detected by checking the system logs. This monitor gives the possibility to regularly check within a period of time if a given log pattern can be found in sys log. When a problem is detected, you will be notified by an alarm containing the line of logs itself, or a count of lines matching the pattern.
This monitor can be very useful if you know the signature of a problem in the logs, to be notified as soon as it occurs. It can also be used to detect an abnormal number critical log lines.
Configuration hints
The monitor will look for a specific log level or string patterns in the log message. You can have two kinds of surveillance: - FORWARD mode : lines of log matching a filter will be forwarded as an alarm, if their number exceeds the threshold - COUNT mode, where an alarm will be sent if the number of lines matching the filter is over the threshold.
Use the surveillance table to adjust the monitoring settings: - Log Id - Log Sub Id - Program - Text pattern
Pattern syntax - str: Match if the string is contained in the text(case insensitive) - !str: Match if the string is *not* contained in the text(case insensitive) - str1,str2: Match if str1 or str2 is in the text(case insensitive) - str1+str2: Match if str1 and str2 is in the text(case insensitive) - str1+!str2: Match if str1 and *not* str2 is in the text(case insensitive) - Any regular expression.
Surveillance table
| Parameter | Description |
|---|---|
| Active | Use this field to activate or deactivate a line of configuration. |
| Mode | Choose the surveillance mode |
| Id | A filter for the line Id of the log |
| Sub Id | A filter for the SubId of the line. |
| Program | A filter for the program associated with the line. |
| String pattern | This field can be used to define the text pattern to look for in the log. Regular expressions can be used, or a coma separated list of strings. |
| Exclude Pattern | Use this field to exclude lines following a given pattern. Regular expressions can be used, or a coma separated list of strings. |
| Occurrence | In COUNT mode: The threshold for the maximum number of lines matching the filters. In FORWARD mode, the minimum number of (identical) matching lines necessary to forward the line in an alarm. |
| Period (min) | Defines how far in the past the probe will look for log lines. If set to 60, it will look for log lines written in the last 60 minutes. |
| Severity | The level of severity of the alarm generated by this line of surveillance. |
| Auto clear | If checked, the alarm will be cleared as soon as the alarm condition is not met anymore. |
| Alarm tag | This field allows to add custom text within the alarm message. %MSG% variable will contain the actual generated message and can be used such as: “my_prefix %MSG% my_suffix”. By default, tag will be used as prefix. |
| Alarm | If checked, this line of surveillance will be used for alarm generation. |
| Metric | If checked, this line of surveillance will be used for metric generation. |
| Report | If checked, this line of surveillance will used for showing threshold and severity in the daily report |
Examples
| Active | Mode | Id | Sub Id | Program | String pattern | Exclude Pattern | Occurrence | Period (min) | Severity | Auto clear | Alarm tag | Alarm | Metric | Report |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| true | COUNT | * | * | * | CPIC | 5 | 60 | MAJOR | true | true | false | false |
Effect : Sends a MAJOR alarm if 5 or more lines of log contain the string CPIC in the last 60 minutes
Examples
| Active | Mode | Id | Sub Id | Program | String pattern | Exclude Pattern | Occurrence | Period (min) | Severity | Auto clear | Alarm tag | Alarm | Metric | Report |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| true | FORWARD | * | * | * | CPIC | 5 | 60 | MAJOR | true | true | false | false |
Effect : Computes the numbers of identical lines of log containing the string CPIC. Sends an alarm for each identical line with a count greater or equal to 5.
Generated metrics
| metricId | metricUnit | metricTarget | metricDescription |
|---|---|---|---|
| SYSLOG_LINE_OCCURENCE | status | Pattern X on INSTANCE |
/home/clients/8c48b436badcd3a0bdaaba8c59a54bf1/wiki-web/data/pages/products/cockpit.old/1.0/monitorsguide/netweaver/systemlogs.txt · Last modified: 2024/05/01 18:39 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
