Log File Monitoring

Every application prints status messages, error messages, and other critical information in its log. It is very tedious to skim through all these bulky log files to understand application performance. To manage such mission critical applications in real time, monitoring their log files is necessary. OpManager offers agent-based log file monitoring for real-time fault and performance management.

How does log file monitoring work?

The log file monitoring agent installed in the end machine, monitors the log files continuously for the required string (It may even be a regex). Once that string is printed, it immediately notifies the OpManager server, which in-turn raises an alarm based on the polling interval specified for that file monitor. 

Steps to add a log file monitor

Prerequisites:
  • Log file monitoring can only be done in devices supporting agent-based monitoring. Ensure that the agent has been installed in the device(s) before adding the log file monitor.
  • Refer this page to know the different ways in which you can install the agent in your device.
  1. Go to Settings → Monitoring → Files → Add a New Template.
  2. Enter a template name, and a path to the file.
  3. Set the polling interval, so that the alarms can be raised. 
  4. Under File Contains row, enter the string to be searched. OpManager supports regular expressions as well. Note: All the special characters should be preceded by a backslash.
  5. Select 'Match Case' check box, if you want the search to be case-sensitive.
  6. Enter the number of consecutive times of the log print for which you want to raise the alarm.
  7. Save the template and associate it to a device.

You can also add a log file monitor from a particular device's snapshot page.

  1. Go to the Device's Snapshot Page → Monitors → File Monitor → Add New Monitor.
  2. Follow the same steps as provided above to add the file monitor.
  3. There is an additional option available here which allows you to test the file path to ensure that the file is available.

You have successfully created a log file monitor. 

Note: 

  1. If the file monitoring interval is modified, the match string appeared in the current polling span (old monitoring interval) will be ignored and hence the alert will not be generated. The alert will be raised as usual based on the new monitoring interval from next poll.
    For example:

    • Consider the file monitoring interval is 5 mins, starting at 10.00 AM.
    • Search string appears in the monitored log file at 10.02 AM (which will be raised as an alert at 10.05 AM).
    • File monitoring interval is modified as 10 mins at 10.03 AM.
    In the above case, the agent will ignore the search string which appeared at 10.02 AM.It starts a new monitoring cycle from 10.03 AM based on the new monitoring interval (10 mins).

     

  2. Once a log file monitor is added and the agent is mapped to a device, a marker will be set at the very end of that log file. OpManager will only monitor strings that are input after this point, and ignores all instances of the same string that were present before the monitor was mapped to the device.

    This also applies to poll intervals, where OpManager sets a marker in the monitored file after each poll interval. Only the content after the most recent poll is checked for the search string, to avoid redundant alerts.

  3. OpManager does not take into consideration the number of instances of the string found, it only checks if the provided search string is in the log file or not. For example, if a search string "A" is found 10 times in the log file content in a poll interval of 15 minutes, OpManager raises only one alert for this log file monitor and not 10 alerts.