Skip to Content
Information
Unsupported content Version 2.7.41 of the product is in limited support, while versions 2.7.43 and 2.7.44 are fully supported. This documentation includes content for all versions. You will not be able to leave comments for version 2.7.41.

 

Log Management configuration

The purpose of the Log KM Configuration Plug-in is to configure the Log Management to monitor specific log files.

  • The General tab specifies a log or set of logs that you want to monitor. For the Log Management to monitor the desired log, the log must meet all the criteria specified in this dialog box.
  • The Configure Log Monitoring Blackout tab suppresses alerts that occur within a short span of time and may all have the same root cause. This option enables PATROL to take action and resolve the problem before an alert is issued. However, it provides a mechanism for monitoring the problem and if it persists, generating an alert.
  • The Configure Size tab specifies an automated recovery action when the log file being monitored meets or exceeds a designated size.
  • The Schedule Log tab specifies when and for how long PATROL scans the specified log files. This schedule recurs every 24 hours.

Before you begin

You must have set up a PATROL object to monitor a log file.

To configure log monitoring from PATROL Configuration Manager

  1. Add a new PATROL object instance to monitor a log file as described in Adding/specifying object instances to monitor or select a ruleset created to monitor a log file as described in Updating monitored object instances.
  2. Select an instance from the Log Instance List.
  3. Select the*General* tab and specify the log file and the messages for which you want generate alerts. For descriptions of the process properties used to define the criteria, see Add-File-for-Label-instanceName-dialog-box.
  4. Select the Configure Log Monitoring Blackout tab and specify under what conditions alerts can be generated. For descriptions of the process properties used to define the criteria, see Add-File-for-Label-instanceName-dialog-box.

  5. Select the Configure Size Actions tab and specify a recovery action for PATROL to perform when a monitored log file attains a certain size. The following table describes the process properties used to define the criteria.
    Configure Size Actions

    Field

    Description

    File Size Recovery Action

    Limit

    specifies a file size limit that, when exceeded, initiates a recovery action

    Action

    specifies the recovery action to take when the file size limit is exceeded

    Run Attended

    specifies a mode for running the recovery action

  6. Select the Schedule Log Scan tab and determine when and for how long PATROL must actively monitor this file. The following table describes the process properties used to define the criteria.
    Schedule Log Scan

    Field

    Description

    Start

    Using a 24-hour clock, select the hour, minute, and second at which you want the scan to begin every day.

    Duration

    Select how long (in hours, minutes, seconds) you want PATROL to scan the designated logs.

    Generate Alert if no Match Found at Scan End

    Select this option if you want to be notified if none of the contents of the logs match the strings that you provided.

  7. Click Apply to save the settings.
  8. Click OK. PATROL Configuration Manager saves your changes and closes the dialog box.
  9. Apply the configuration changes.
    • If you are adding a new object instance for monitoring (working in the Agent tree view pane), click Apply to apply the ruleset and begin monitoring.
    • If you are updating an object instance for monitoring, (working in the RuleSet tree view pane) assign the updated rulesets to the desired agent(s), and then click Apply to apply the ruleset and begin monitoring with the new settings.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC PATROL for Log Management 2.7