Log File Monitoring

Every application prints status messages, error messages, and other critical information in its log. It is very tedious to skim through all these bulky log files to understand application performance. To manage such mission critical applications in real time, monitoring their log files is necessary. OpManager offers agent-based log file monitoring for real-time fault and performance management.

Log File Monitoring - ManageEngine OpManagerLog File Monitoring - ManageEngine OpManager

How does log file monitoring work?

The log file monitoring agent installed in the end machine, monitors the log files continuously for the required string (It may even be in regex format). Once that string, or the mentioned regex matching string format, is identified, it immediately notifies the OpManager server, which in-turn raises an alarm based on the polling interval specified for that file monitor. 

Steps to add a log file monitor

Prerequisites:
  • Log file monitoring can only be done in devices supporting agent-based monitoring. Ensure that the agent has been installed in the device(s) before adding the log file monitor.
  • Refer this page to know the different ways in which you can install the agent in your device.
  1. Go to Settings → Monitoring → Files → Add a New Template.
  2. Enter a template name, and a path to the file.
  3. Set the polling interval, so that the alarms can be raised. 
  4. Under the "File contains" field, users can either enter the search string [whole sequence of words / particular word] or as an regular expression format based string.

    NOTE:

    For Regex pattern string, Kindly make sure that you do not provide the delimiters or flags along with your regex.

    Kindly ensure that you have tested your regex internally, before configuring it in OpManager.

    For example, in the following, the first regex is acceptable, while the second and third ones are not accepted.

    1. File\d*\.(txt|log)$ for the strings File22042023.txt, and File18112022.log
    2. /File\d*\.(txt|log)$/
    3. /^File\d*\.(txt|log)$/gm

    Following are some more examples of how the regex must be used.

    Correct version Incorrect version
    ((Destination).*(Suspend)) /.*[Destination].*[suspend]/gi
    [error|critical] /[error|critical]/
    ^.*Exception.*$ /^.*Exception.*$/gm
  5. Select 'Match Case' check box, if you want the search to be case-sensitive.
  6. Enter the number of consecutive times of the log print for which you want to raise the alarm.
  7. Save the template and associate it to a device.

You can also add a log file monitor from a particular device's snapshot page.

  1. Go to the Device's Snapshot Page by navigating to Inventory → Devices and then clicking on a device.
  2. Now go to Monitors → File Monitor → Add New Monitor.
  3. Follow the same steps as provided above to add the file monitor.
  4. There is an additional "Test Monitor" option available here, that allows you to test the file path to ensure that the file is available.

You have successfully created a log file monitor. 

Note: 

  1. If the file monitoring interval is modified, the match string appeared in the current polling span (old monitoring interval) will be ignored and hence the alert will not be generated. The alert will be raised as usual based on the new monitoring interval from next poll.
    For example:

    • Consider the file monitoring interval is 5 mins, starting at 10.00 AM.
    • Search string appears in the monitored log file at 10.02 AM (which will be raised as an alert at 10.05 AM).
    • File monitoring interval is modified as 10 mins at 10.03 AM.
    In the above case, the agent will ignore the search string which appeared at 10.02 AM.It starts a new monitoring cycle from 10.03 AM based on the new monitoring interval (10 mins).

     

  2. Once a log file monitor is added and the agent is mapped to a device, a marker will be set at the very end of that log file. OpManager will only monitor strings that are input after this point, and ignores all instances of the same string that were present before the monitor was mapped to the device.

    This also applies to poll intervals, where OpManager sets a marker in the monitored file after each poll interval. Only the content after the most recent poll is checked for the search string, to avoid redundant alerts.

  3. OpManager does not take into consideration the number of instances of the string found, it only checks if the provided search string is in the log file or not. For example, if a search string "A" is found 10 times in the log file content in a poll interval of 15 minutes, OpManager raises only one alert for this log file monitor and not 10 alerts.

Thank you for your feedback!

Was this content helpful?

We are sorry. Help us improve this page.

How can we improve this page?
Do you need assistance with this topic?
By clicking "Submit", you agree to processing of personal data according to the Privacy Policy.