Configuring Log Monitoring

This topic provides information about configuring the Log Monitoring monitor type. 

Click Add to configure text files for monitoring.

Note

The Log Monitoring Monitor Type is available for selection only after you upgrade to 2.7.20.01 and later versions of the KM. For an older version, refer to the Global Settings Monitor Type.

On the Add Monitor Types dialog, with the Monitoring Profile set to Log Monitoring, and the Monitor Type set to Log Monitoring, provide the following details:

Field

Description

Default Monitoring

Monitor PATROL log files

The KM supports monitoring of PATROL Agent log files with predefined search criteria. To enable this monitoring, select the Monitor PATROL log files check box.

When this option is enabled, the KM creates two monitoring instances, PAgentLog_Alarm and PAgentLog_Warn to monitor the PATROL Agent log files with the predefined search criteria.

  • PAgentLog_Alarm - This instance is configured to raise the alarm if one or more of the following strings are detected:

    • “found inconsistencies”
    • “PatrolAgent-W-EINTERNAL: PatrolAgent is running low on memory”
    • “PatrolAgent: "not superuser"
    • “Please check parameter history for corruption“
    • “runqSchedPolicy is now set to 9“
    • “Detected during operation readRec.fseek”
    • PAgentLog_Alarm
  • PAgentLog_Warn - This instance is configured to raise a warning if one or more of the following strings are detected:

    • “remaining for PATROL license to expire”
    • “Not authorized connect agent”
    • “Please check parameter history for corruption”
    • “PatrolAgent-E-EFORK: Couldn't fork a new process”

The PAgentLog_Alarm and PAgentLog_Warn monitoring instances have a constant predefined search criteria that cannot be edited.

user permanent instance name when monitoring the latest file

Use permanent instance name when monitoring the latest file

Select this check box to have a single permanent instance while monitoring the latest log file.

Debug Settings

Enable reader debug

Select this check box if you want the KM to collect debug information for the pmgreader process in the log file.

The diagnostic output is written to the monitored system in the following location:

  • on UNIX: $PATROL_HOME/../pmg/port_ int*/readerLog.txt*
  • on Windows:%PATROL_HOME%\port_ int*\readerLog.txt*

where port is the port used by the agent and int is an integer (1, 2, or 3) that corresponds to the LOG KM collector's scan priority.

Note: Selecting this check box enables debug information collection for all supported file types - text, binary, script, XML, and named pipe.

Enable KM debug

Select this check box if you want the KM to collect debug information of the entire LOG KM data on the <hostname> System Output window.

Note: Selecting this check box enables debug information collection for all supported file types - text, binary, script, XML, and named pipe.

In about 15 minutes (two or three polling cycles) the diagnostic output is saved in the PATROL log file located at PATROL_HOME/log directory.

For local monitoring, the output will be saved at pmg-Main-PATROL Agent host name-PATROL Agent port.kmlog file.

For remote monitoring, the output will be saved at pmg-Monitored remote host-PATROL Agent host name-PATROL Agent port.kmlog file.

Monitoring User

User Name

 

Enter the user name.

This user name is the OS user for monitoring, who can access and read the monitored files and folder. However, the monitoring user must be an existing user. If this field is left blank, the PATROL default account is used for monitoring.

Password

Enter a password.

Confirm Password

Enter the same password again. 

Sudo Configuration 
Sudo Execution Mode (For Linux only) 

Configure this field to allows users to monitor logs. 

Select the required Sudo execution mode: 

  • Sudo is Not Configured: This option is selected by default. If your log monitoring requires Sudo access, you cannot monitor logs with this configuration. 
  • Use Sudo Without Password: This option allows you to monitor logs with Sudo access without a password. 
Important

If you modify Sudo configuration settings while log monitoring is active, you must restart the agent for the changes to take effect.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*