Technical Blog Post
Abstract
How to configure Monitoring logs feature in APMv8
Body
IBM Monitoring 8 delivers Log File Agent (LFA) features inside OS agent. OS agent manual gives already good description how to configure this feature but I will give even more detailed with corresponding pictures.
On below url you can find official documentation about configuration:
Before you begin you have to create conf and fmt files which later you need to place to APM server. Available tags which can be used in conf file can also be found on below url.
In my experiment I have created regex1.conf and regex1.fmt files.
regex1.conf contains below two lines:
WINEVENTLOGS=System,Security,Application,Microsoft-Windows-Hyper-V-Worker-Admin,Microsoft-Windows-TaskScheduler-Operational
UseNewEventLogAPI=y
and regex1.fmt contains:
REGEX BaseWindowsEvent
^([A-Z][a-z]{2} [0-9]{1,2} [0-9]{1,2}:[0-9]{2}:[0-9]{2} [0-9]{4}) [0-9] (\S+) (\S+) (\S+) (\S+) ([0-9]+) (.*)
timestamp $1
severity $2 CustomSlot1
eventclass $3 CustomSlot2
eventsource $4 CustomSlot3
keywords $5 CustomSlot4
eventid $6 CustomSlot5
msg $7
END
Difference from LFA agent and OS agent log file monitoring in APM8 is that you have to import conf/fmt files via APM console. To configure log file monitoring you must follow below steps:
1. Click System configuration > Agent Configuration.
Depending on the system on which you want to monitor the log files, click either the Unix OS, Linux OS, or Windows OS tab. Since I want to monitor Windows event logs I have selected Windows OS. To create a new configuration, click the (+) icon to open the New Log File Configuration window.
2. Enter a name for the configuration and a description of the configuration. In my case regex1 and Configuration discription testWin
To view the contents of the .conf and the .fmt files, click View.
To upload the configuration by using the Performance Management server, select the .conf file and the.fmt file from the same system where you open the Performance Management console and click Done.
3. On the OS agent tab, select the configuration that you uploaded.
Important: The .conf and .fmt files that are distributed to the agents are renamed to the configuration name that you define.
4. To deploy the configuration, in the Log Configuration Distributions List table, select the agents to which you want to deploy the configuration and click Apply Changes. When this is done, Distribution attribute will change from 0 to 1.
When this is done navigate back to NT OS agent dashboard where you will see under Log Files widget your created Log Monitoring configuration:
If you click on your configuration (regex1) below workspace will open where you can see all your monitored event logs:
When you click on define event logs you can see all matched events:
When you click on event you will see detailed information:
Hope this blog was helpful.... Gregor
Subscribe and follow us for all the latest information directly on your social feeds:
|
|
|
Check out all our other posts and updates: | |
Academy Blogs: | h |
Academy Videos: | http://ow.ly/PIKFz |
Academy Google+: | http://ow.ly/Dj3nn |
Academy Twitter Handle: | http://ow.ly/Dj35c |
UID
ibm11277344