Technical Blog Post
Abstract
Best practice for creating LFA agent format file
Body
The Tivoli Log File Agent is an agent that provides a configurable log file monitoring capability that uses regular expressions. This regular expression statements are located in format file (fmt). Since this is fully user´s customizable agent you must follow some guidleliness to avoid high CPU or memory usage while using the agent.
-
Follow best practices for writing efficient regular expressions
For example regex should not start and end with (.*) but with ^ to the beginning and $ to the end of each of the RegEx statements
- Place *DISCARD* statements at the end of the format file to discard unwanted records.
Example of *DISCARD* statement:
REGEX *DISCARD*
(^.*sysctl: kernel.panic.*$)
END
-
Place expressions that are likely to match the most records as far towards the end of the format file as possible.
How to verify which RegEx statement is most matched and which not via TEP.
Navigate to LFA agent and select "All Regular Expression Statistics" workspace. Locate "Filter Count Matched" attribute. Based on this attribute place your RegEx statements accordingly from most matched records to less from bottom up.
-
Where possible, minimize the use of multi-line records.
When you creating LFA instance for the first time please also review Best practice for creating LFA agent configuration file blog entry.
In LFA agent installation image also contain example conf and fmt files which are located under <Image_Dir>\examples\ folder.
Having problems with installation and configuration LFA agent? Look no further, review How to install IBM Tivoli Log File Agent V6.3 and do basic configuration to recieve data in TEP?
Subscribe and follow us for all the latest information directly on your social feeds:
|
|
|
Check out all our other posts and updates: | |
Academy Blogs: | h |
Academy Videos: | http://ow.ly/PIKFz |
Academy Google+: | http://ow.ly/Dj3nn |
Academy Twitter Handle: | http://ow.ly/Dj35c |
UID
ibm11277398