×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC PATROL for Log Management 2.7 Configuring after installation

Configuring Text Files

This topic provides information about configuring the text files.

This video helps you configure numeric search criteria in PATROL for Log Management. 

This video helps you configure numeric search criteria in BMC PATROL for Log Management KM. 


Click Add to configure text files for monitoring.

Configuration details


Field
Description
Monitoring environment labelEnter the name of the label for the log file that you want to monitor.
Monitoring file logical name

Enter the logical name of the instance that you want to monitor. A maximum of 80 characters are allowed in this field.

Log file (full path)

Enter the full path and the filename of the file that you want to monitor.

Note: To monitor log files that have dynamic names, use wildcard characters, such as * and ? to define the file name. For example, if a log file is named backup_date.log, where date changes each day, enter the log file name as backup_*.log.  

A maximum of 900 characters are supported in this field.

Path contains environment variables

Select the check box if the full path contains environment variable and the path defined by the environment variable is resolved at run time.

File dispositionIf you are monitoring log file whose name is created dynamically, to monitor the latest such file, select Latest. To monitor all such files, select All.
Data collection interval for local monitoring (min)For local monitoring, set the data collection interval in minutes. For remote monitoring, the data is collected every 2 minutes only. For large systems, BMC recommends that you use the 10 or 30 minutes option.

Advanced Settings

Generate Alarm if file not modified (min)

Select this check box if you want the instance to generate an alarm if the monitored file is not modified periodically. Specify the time in minutes after which you want the KM to alarm if the file is not modified, in the minutes text box.

Backup file nameSpecify the name of the backup file.
If no match on the next scan return to OK

Select this check box if the KM goes into an alarm or a warning state because the search string is found and you want the KM state to return to OK if the search string is not found on the next scan.

Text Settings
Number of lines in log entrySpecify the number of lines that you want to display in the LOGMatchString text parameter when a match is found. For example, if you want to determine when a disk is full and where the disk is mounted, enter Error: Disc Full as the search string and 2 in this field. When a disk is full, the KM displays the following message in the LOGMatchString text parameter: 

Id=id1 
031605: Error: Disc Full 
Id=;MatchedLines 
/hd001 mounted as /opt 
SUMMARY:id1=1;

To include these specified number of lines in the generated event, after saving the configuration, add the /PMG/CONFIG/<instanceName>/appendLogEntryLinesToCustomEvent configuration variable (Configuration Variable > Add Configuration Variable with Value set as 1).

Note: If either the search string or the nullify string occurs again within the number of lines selected to be displayed, the KM does not find the instances of the search strings for all the search identifiers.
Always read at beginning after file modification

Select this check box if you want to scan the entire text file on each scan, rather than scanning only the new content.

Note: The text file is scanned only if the file changes.

File read position

Select the read position of a file after the PATROL Agent is re-initialized or when a new file matches the file path.

  • Read from last offset - Log file reads from the last offset
  • Read from end of file - Log file reads from the end of the file
  • Read from beginning of file - Log file reads from the beginning of the file
  • Use existing configuration - Log file is read from the last offset
Multiline search
Start delimiterSpecify the start limit to search a block of lines containing a match string.
End delimiterSpecify the end limit to search a block of lines containing a match string.
Remote Monitoring
Remote host nameEnter the host name for remote monitoring. This field is applicable only for UNIX and Linux platforms. UNIX KM must be installed and the Remote Monitoring policy must be defined.
Search criteria settings
Regex type

Select the regex type that you want to use to prepare the search criteria.

Note: The ECMAScript option is not supported on the HP-UX platform.

Search criteria to nullify an Alarm/Warning state

Specify the string to nullify the alarm for the dual search feature. You can configure dual search for an instance so that the KM goes into the alarm state when any of the search criteria is found in the monitored file and nullifies the alarm when the nullify string is found in the monitored file.

You must specify the first string in the Search String 1 > String text box of the Pattern search criteria section and the nullify string in this text box. For the nullified customized events, the default custom event message is used (as provided in the Custom Event Message text box in the Pattern search criteria section).

If you specify Alarm up in the String1 text box and Alarm down in this text box, the KM goes into an alarm state when Alarm up is found in the monitored file and the alarm is nullified when Alarm down is found in the monitored file.

Pattern search criteriaClick Add to add the pattern search criteria.
Search identifier nameEnter a unique label in the text box and configure a search string to define what type of messages the KM would search for.
Search string 1 and 2

In the String text box, enter the search string in one of the following formats:

  • A combination of XML elements and values that you want to find in the monitored file. For configuring XML search strings, see Rules for entering XML search strings.
  • Search pattern(s) - Each search pattern must be a valid regular expression. 

If you do not want to match the entered string, select the NOT check box.

Examples:

  • You want to search for the word 'error' in a file, enter error in the Search string 1 text box.
  • You want to search for the words 'error' and 'fatal' in one line a file, enter error in the Search string 1 text box and fatal in the Search string 2 text box.
  • You want to search for 'error', but 'warning' should not be present in the same line. In this case, enter error in the Search string 1 text box and warning in the Search string 2 text box. Select the NOT check box for the Search string 2 field.
Number search

Expand the Number search section to specify the search range in the log file.

Use this section to define a range of numbers found in your log files. Locate those lines by specifying the numbers in the First number and Second number fields. You can use the Operator fields to select an operator that creates a wider range of the numbers that you specify. For example, all the numbers greater than 500 and less than 599. In this case, enter 500 in the First number field, select > in the first Operator field, enter 599 in the Second number field, and select < in the second Operator field.

Tokens are the numbers that the KM assigns to words, characters, or punctuation marks in a log line. When a space is encountered in a line, next token number is assigned to the word, character, or any symbol that appears after the space. For example, in the following log line - 541 - Error - This field cannot be blank. Here is the token assignment for this log line:

Use the Begin token and End token fields to capture the words that you want to monitor in the log lines.

Custom Event handling configurationExpand the Custom Event handling configuration section to specify how to handle custom events.
Override Global Event handling configuration

Select this check box to custom-define the settings for each search criterion.

You can custom-define a search criterion with the settings that are different from the default settings.

Threshold #1 and Threshold #2

In a data collection interval, enter the minimum number of times the search string matches are found. When the threshold is reached, events are generated with the state configured in the threshold state fields. If you do not configure thresholds, events are not generated even though strings are matched in a data collection interval.

Specify a different state and a different number of matches in Threshold #1 and Threshold #2. Ensure that value in Threshold #2 is greater than Threshold #1. To search for a minimum number of text strings across a number of collection intervals, enter values in the x:y format.

Example 1:

Threshold #1: 3

Threshold #2: 5

If a string matches 3 times in a data collection interval, threshold #1 is reached, an event is generated and the KM generates an alarm, warning, or OK message based on the value set in Threshold #1 state. Similarly, if the string matches 5 times, an event is generated and the KM generates the configured state message.

Example 2:

Threshold #1: 3:5

Threshold #2: 5:5

If a string matches 3 times in last 5 data collection intervals, an event is generated and the KM generates and alarm, warning, or OK message based on the value set in Threshold #1 state. Similarly, if the string matches 5 times in last 5 data collection intervals, an event is generated and the KM generates the configured state message.

Threshold #1 state and Threshold #2 stateSelect the state of the KM when a threshold is reached.
Custom Event messageEnter the message that you want to be displayed in the events when your search string conditions are satisfied. For more information, see Customizing event messages.
Custom Event origin

Enter the customized origin for events. If you do not specify the origin, the KM uses the instance name as the default origin of events, which is APPCLASS.INSTANCE.textFileName.

You can use built-in macros (except the %x[-%y] macro) as the customized origin for events.

Ignore duplicate Events for next (min)

Specify the time threshold for which duplicate events are ignored.

Note: You can also modify the default search criterion settings after you configure the instance.

Global Event handling configuration for all search criteria
Threshold # 1 and Threshold #2

In a data collection interval, enter the minimum number of times the search string matches are found. When the threshold is reached, events are generated with the state configured in the threshold state fields. If you do not configure thresholds, events are not generated even though strings are matched in a data collection interval.

Specify a different state and a different number of matches in Threshold #1 and Threshold #2. Ensure that value in Threshold #2 is greater than Threshold #1. To search for a minimum number of text strings across a number of collection intervals, enter values in the x:y format.

Example 1:

Threshold #1: 3

Threshold #2: 5

If a string matches 3 times in a data collection interval, threshold #1 is reached, an event is generated and the KM generates an alarm, warning, or OK message based on the value set in Threshold #1 state. Similarly, if the string matches 5 times, an event is generated and the KM generates the configured state message.

Example 2:

Threshold #1: 3:5

Threshold #2: 5:5

If a string matches 3 times in last 5 data collection intervals, an event is generated and the KM generates and alarm, warning, or OK message based on the value set in Threshold #1 state. Similarly, if the string matches 5 times in last 5 data collection intervals, an event is generated and the KM generates the configured state message.

Threshold #1 state and Threshold #2 state

Select the state of the KM when a threshold is reached.

Custom Event message

Enter the message that you want to be displayed in the events when your search string conditions are satisfied. For more information, see Customizing event messages.

Custom Event origin

Enter the customized origin for events. If you do not specify the origin, the KM uses the instance name as the default origin of events, which is APPCLASS.INSTANCE.textFileName.

You can use built-in macros (except the %x[-%y] macro) as the customized origin for events.

Ignore duplicate Events for next (min)

Specify the time threshold for which duplicate events are ignored.

Note: You can also modify the default search criterion settings after you configure the instance.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Swati Malhotra on Aug 15, 2023
videos

Comments

  1. Sirish Kumar

    For the Search identifier name Search: Is it possible to have more than one string? Should we enclose the strings between Double or Single quotes to capture properly??

    For the Search with multi strings like String1 and 2: What will be the format if more than one Keys words are to be observed? Example: 1. Error1 is really Fatal results in Error2 and Crash the system. 2. Error3 is not really important and will not Crash the system. Here, we need to capture and generate events for the keywords Crash the system only when Error1 and or Error2 keywords are observed, but not when Error3 keyword is observed. Meaning: Crash the System to be observed, but the Error3 with Crash the system to be ignored or omitted. How can we acheieve this? Also Crash the system have 3 words and not a single word, how to capture these? Should we add the search string in Double or Single quotes?

    Jun 15, 2023 04:55
    1. Swati Malhotra

      Hello Sirish Kumar ,


      Thank you for your comment! The scenario that you have mentioned will require focused testing. We will take it up asap and will get back to you.


      Thanks and regards,

      Swati

      Jul 02, 2023 08:49

Log in or register to comment.

Configuring after installation
Configuring Binary Files
© Copyright 2011 - 2017, 2019, 2020 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.