Monitor file on Collection Agent

You can create a data collector to collect logs from a particular host.

To create a data collector for collecting files from a host

Select the collection host depending on whether you want to use the Collection Station or the Collection Agent to perform data collection.

The collection host is the computer on which the Collection Station or the Collection Agent is located.

By default, the Collection Station is already selected. You can either retain the default selection or select the Collection Agent.

1. Navigate to Administration > Data Collectors > Add Data Collector .
2. In the Name box, provide a unique name to identify this data collector.
3. From the Type list, select Monitor File on Collection Agent.

4. Provide the following information, as appropriate:

   Field	Description
   Target/Collection Host
   Collection Host (Agent)	Select the collection host depending on whether you want to use the Collection Station or the Collection Agent to perform data collection. The collection host is the computer on which the Collection Station or the Collection Agent is located. By default, the Collection Station is already selected. You can either retain the default selection or select the Collection Agent. Note: For this type of data collector, the target host and collection host are expected to have the same values.
   Collector Inputs
   Directory Path	Provide the absolute path of the log file. To retrieve log files from subdirectories, do not provide the absolute path; instead, provide the path up to the parent directory.
   Include subdirectories	(Optional) Select this check box if you want to retrieve log files from subdirectories of the file path specified.
   Filename/Rollover Pattern	Specify the file name only, or specify the file name with a rollover pattern to identify subsequent logs. You can use the following wild card characters: Period and asterisk (.*)—Use if you specify details to manually connect to the server containing your log files. The .* characters can be used to replace the changing text. Asterisk (*)—Use if you select the target host and collection host. The * character can be used to replace the changing text. Question mark (?)—Use if you select the target host and collection host. The ? symbol can be used to replace one changing character or number. This field is useful to monitor rolling log files where the log files are saved with the same name but differentiated with the time stamp or a number, for example. Examples: Scenario 1 You have log files that are saved with succeeding numbers once they reach a certain size; for example: IAS0.log IAS1.log IAS2.log In the preceding scenario, you can specify the rollover pattern as IAS?.log. Scenario 2 You have log files that roll over every hour and are saved with the same date but a different time stamp in the YYYY-MM-DD-HH format; for example: 2013-10-01-11.log 2013-10-01-12.log 2013-10-01-13.log In the preceding scenario, you can specify the rollover pattern as 2013-10-01-*.log.
   Pattern	Select the appropriate data pattern to use for indexing the data file. To select an option, you can do one of the following: Manually scan through the list available and select a data pattern. Filter the relevant data patterns that match the file. To find a list of relevant data patterns, click Filter Relevant Data Pattern next to this field. Click Refresh to refresh the filtered list and see the complete list of data patterns available. After selecting an option, click Preview parsed log entries to preview the sample data entries parsed. By looking at the preview of records, you can understand how the data will be indexed and be made available for searching. If you are not satisfied with the results of the selected data pattern, continue to look for another option and see the preview, until the results match your expectations. If you do not find a data pattern that matches your file, select Add Data Pattern available at the end of the list. By selecting this option, you are redirected to the Administration > Data Patterns page where you can create a new data pattern or customize an existing data pattern by cloning it. For more information, see Managing data patterns.
   Poll Interval (mins)	Enter a number to specify the poll interval (in minutes) for the log collection (0 indicates that this is a one-time log collection). By default, this value is set to 1.
   Time Zone	By default, the Use file time zone option is selected. This means the data is indexed as per the time zone available in the data file. If the data file does not contain a timezone, then the by default the time zone of the Collection Host (Collection Station or Collection Agent) server is used. You can also manually select a timezone from the list available. This timezone must match the timezone of the server from which you want to collect data. If your data file contains a timezone and you manually specify the timezone, then the manually specified timezone overrides the file timezone.
   Start Collection	(Optional) Select this check box if you want to start the data collection immediately.

   
   

   Tags (optional)
   Inherit Host Level Tags From Target Host	Select this check box to inherit your tag selections associated with the target host that you selected earlier. This option is not applicable if you did not select a target host.
   Select Tag name	You can manually add tags by selecting one of the tags in the list, specifying a corresponding value, and clicking Add . The list of added tags is displayed in the Tags pane on the Search tab. Click Remove Tag to remove a tag.
   Group Access (optional)
   Inherit Host Level Access Groups From Target Host	Select this check box to inherit your group access configurations associated with the target host that you selected earlier. This option is not applicable if you did not select a target host.
   Select All Groups	Select this option if you want to select all user groups. You can also manually select multiple user groups. If you do not select any user groups and data access control is not enabled, then by default all users can access data retrieved by this data collector. You can restrict access permissions by selecting the relevant user groups that must be given access permissions. To enable data access control, navigate to Administration > System Settings. If you do not select any user group and data access control is enabled, then only the creator of the data collector has access to data retrieved by this data collector. For more information, see Managing user groups.

5. Click Check to ensure that all mandatory fields are filled in and to ensure that no errors are detected.
6. Click Create to save your changes.