products:promonitor:6.8:monitorsguide:netweaver:systemlogs

System Logs

Lot's of problems can be detected by checking the system logs. This monitor gives the possibility to regularly 
check within a period of time if a given log pattern can be found in sys log. When a problem is detected, 
you will be notified by an alarm containing   the line of logs itself, or a count of lines matching the pattern.
This monitor can be very useful if you know the signature of a problem in the logs,
 to be notified as soon as it occurs. It can also be used to detect an abnormal number critical log lines.

Configuration hints

The monitor will look for a specific log level or string patterns in the log message. You can have two kinds of surveillance:

  • FORWARD mode : lines of log matching a filter will be forwarded as an alarm, if their number exceeds the threshold
  • COUNT mode, where an alarm will be sent if the number of lines matching the filter is over the threshold.

Use the surveillance table to adjust the monitoring settings:

  • Log Id
  • Log Sub Id
  • Program
  • Text pattern

Pattern syntax

  • str: Match if the string is contained in the text(case insensitive)
  • !str: Match if the string is *not* contained in the text(case insensitive)
  • str1,str2: Match if str1 or str2 is in the text(case insensitive)
  • str1+str2: Match if str1 and str2 is in the text(case insensitive)
  • str1+!str2: Match if str1 and *not* str2 is in the text(case insensitive)
  • Any regular expression.

Configuration

  • Send metadata:
    • If enabled, this parameter will send collected log lines as metadata to the configured plugins
    • It can usually be retrieved as logs or tabular data within the corresponding integrations

Surveillance table

ParameterDescription
ActiveUse this field to activate or deactivate a line of configuration.
ModeChoose the surveillance mode
IdA filter for the line Id of the log
Sub IdA filter for the SubId of the line.
ProgramA filter for the program associated with the line.
String patternThis field can be used to define the text pattern to look for in the log. Regular expressions can be used, or a coma separated list of strings.
Exclude PatternUse this field to exclude lines following a given pattern. Regular expressions can be used, or a coma separated list of strings.
OccurrenceIn COUNT mode: The threshold for the maximum number of lines matching the filters. In FORWARD mode, the minimum number of (identical) matching lines necessary to forward the line in an alarm.
Period (min)Defines how far in the past the probe will look for log lines. If set to 60, it will look for log lines written in the last 60 minutes.
SeverityThe level of severity of the alarm generated by this line of surveillance.
Auto clearIf checked, the alarm will be cleared as soon as the alarm condition is not met anymore.
Alarm tagThis field allows to add custom text within the alarm message. %MSG% variable will contain the actual generated message and can be used such as: “my_prefix %MSG% my_suffix”. By default, tag will be used as prefix.
AlarmIf checked, this line of surveillance will be used for alarm generation.
MetricIf checked, this line of surveillance will be used for metric generation.
ReportIf checked, this line of surveillance will used for showing threshold and severity in the daily report

Examples

ActiveModeIdSub IdProgramString patternExclude PatternOccurrencePeriod (min)SeverityAuto clearAlarm tagAlarmMetricReport
trueCOUNT***CPIC 560MAJORtrue truefalsefalse

Effect : Sends a MAJOR alarm if 5 or more lines of log contain the string CPIC in the last 60 minutes

Examples

ActiveModeIdSub IdProgramString patternExclude PatternOccurrencePeriod (min)SeverityAuto clearAlarm tagAlarmMetricReport
trueFORWARD***CPIC 560MAJORtrue truefalsefalse

Effect : Computes the numbers of identical lines of log containing the string CPIC. Sends an alarm for each identical line with a count greater or equal to 5.

Generated metrics

metricIdmetricUnitmetricTargetmetricDescription
SYSLOG_LINE_OCCURENCEstatusPattern X on INSTANCE
/home/clients/8c48b436badcd3a0bdaaba8c59a54bf1/wiki-web/data/pages/products/promonitor/6.8/monitorsguide/netweaver/systemlogs.txt · Last modified: 2024/05/01 18:35 (external edit)