Log File Monitoring

 

Every application prints status messages, error messages, and other critical information in its log. It is very tedious to skim through all these bulky log files to understand application performance. To manage such mission critical applications in real time, monitoring their log files is necessary. OpManager offers agent-based log file monitoring for real-time fault and performance management.

How does log file monitoring work?

The log file monitoring agent installed in the end machine, monitors the log files continuously for the required string (It may even be a regex). Once that string is printed, it immediately notifies the OpManager server, which in-turn raises an alarm based on the polling interval specified for that file monitor. 

Steps to add a log file monitor

Prerequisites:
  • Ensure that device in which you are about to install the agent has already been added in OpManager.
  • Download and install the log file monitoring agent in the device(s). You can do it in two ways:
    • From the OpManager UI: You can go to Settings → Monitoring → Agents and click on 'Download agent' to download the file monitoring agent.
    • In case of multiple devices, you can remotely push the downloaded agent through your AD service, and OpManager agent will get automatically installed on all selected devices.
  1. Go to Settings → Monitoring → Files → Add a New Template.
  2. Enter a template name, and a path to the file.
  3. Set the polling interval, so that the alarms can be raised. 
  4. Under File Contains row, enter the string to be searched. OpManager supports regular expressions as well. Note: All the special characters should be preceded by a backslash.
  5. Select 'Match Case' check box, if you want the search to be case-sensitive.
  6. Enter the number of consecutive times of the log print for which you want to raise the alarm.
  7. Save the template and associate it to a device.
  8. Now map the agent to the device that you have added in OpManager (prerequisite).
    1. Go to Admin → Agents. You can find the agent installed device listed.
    2. Select the respective device in the Mapped Device column.
    3. Click 'Confirm' to map the device.

You can also add a log file monitor from a particular device's snapshot page.

  1. Go to the Device's Snapshot Page → Monitors → File Monitor → Add New Monitor.
  2. Follow the same steps as provided above to add the file monitor.
  3. There is an additional option available here which allows you to test the file path to ensure that the file is available.

You have successfully created a log file monitor. 

Note: 

1. If the file monitoring interval is modified, the match string appeared in the current polling span (old monitoring interval) will be ignored and hence the alert will not be generated. The alert will be raised as usual based on the new monitoring interval from next poll.

For example:

  • Consider the file monitoring interval is 5 mins, starting at 10.00 AM.
  • Search string appears in the monitored log file at 10.02 AM (which will be raised as an alert at 10.05 AM).
  • File monitoring interval is modified as 10 mins at 10.03 AM.

In the above case, the agent will ignore the search string which appeared at 10.02 AM. It starts monitoring the log file afresh from 10.03 AM based on the new monitoring interval (10 mins).

2. Once a log file monitor is added and the agent is mapped to a device, a pointer will be set at the very end of that log file. OpManager will only monitor strings that are input after this point, and ignores all instances of the same string that were present before the monitor was mapped to the device.