Monitoring an XML log instance

You can define multiple search criteria for an XML instance. Each of the search criteria can have a search identifier, XML search string, thresholds with their states, custom events, and so on.

Before you begin

You must be using the PATROL Central Operator - Windows Edition, PATROL Central Operator - Web Edition, or a PATROL Console in Developer mode. You can also add a script to monitor by using the  PATROL Configuration Manager plug-in as described in PATROL Agent Configuration Variables.

To monitor an XML instance

1. Access the LOG application menu as described in Accessing Menu Commands, InfoBoxes and Online Help.
2. Select Add Instance.
3. In the Add Instance dialog box, enter a label for the XML file that you want to start monitoring.
   The log icon label must be 50 characters or less and cannot contain any spaces.
4. Click Accept.

5. In the Add File for Label: instanceName dialog box, in the File/Pipe Name text box, enter the full path and file name for the XML file you want to monitor.

   Note

   To monitor log files that have dynamic names, use the * and ? regular expressions to define the file name. For example, if a log file is named backup_date.log, where date changes each day, enter the log file name as backup_.log.* For more information about using regular expressions, see Regular Expressions.

6. Specify a logical name for the LOGMON instance that you want to monitor, which appears in the event manager.
7. Select the Contains Environmental Variables check box to enter a path defined by an environment variable that is resolved at run time. If you select this check box, environment variables in the XML file path are resolved. Otherwise, the XML file is treated as a pure file name.
8. Select XML File as the File Type option.
9. (Optional) To always read the log file from the beginning, rather than the portion of the file that has been added since the last time the file was read, select the Always Read at Beginning option.
10. (Optional) If you are monitoring a dynamically named file and you want to monitor all of the files using the dynamic name specified in the File/Pipe Name field, rather than just the latest file, choose the All file disposition option to monitor all of the files.
11. Select the Generate ALARM if file not modified in check box if you want the KM to generate an alarm if the file is not modified after a specific interval.
12. In the Minutes text box, specify the time after which an alarm will be generated if the file is not modified.
13. (Optional) In the Default Settings ForSearch Criteriasection, specify the default search criterion as follows:
    1. Enter the Match Count for Threshold #1 and #2 and select a State. The selected state option does not occur until the threshold count has been satisfied.
    2. In the Custom Event Message text box, define how you want the product to respond when a search criteria is satisfied. 
       
       The custom event must consist of string literals and the elements in the XML search string. For a detailed explanation and an example, see Customizing event messages . 
       
       For more information, see Generating-an-alarm-based-on-file-age.
    3. In the Custom Event Origin text box, specify the origin for events. If you do not specify the origin, the product uses the instance name as the default origin of events, which is APPCLASS. INSTANCE. xmlFileName.

    4.  In the Minutestext box, specify the time threshold, for which the duplicate events will be ignored.

       Note

       You can also modify the default search criterion settings after you configure the instance. For more information, see To modify the default search criteria settings for an instance.

14. In the Once closing root-tag is found, Delete instance after minutes text box, enter the number of minutes after you want to delete the instance if the closing root tag is found.
15. Select the Return to OK if no match found on next scan check box if the KM goes into an alarm or a warning state because the search string is found and you want the KM state to return to OK if the search string is not found on the next scan.

16. From the Scan Priority list, select a scan priority: Normal, Medium, or Low.

    Note

    You cannot select a value other than Normal for remote log instances. Attempting to do so will result in an error message.

17. Click Next.

18. (Optional) In the Configure Search Criteria: instanceName: Define Search Criterion dialog box, in the Search Criterion area, define a search criterion, specify a unique label in the Search Identifier text box, and configure a search string to define what type of messages the KM should search for.
    The Search Identifierlabel appears in the search list and helps you identify the search criterion.

    Note

    • You can view the search patterns of the configured search criterion for the instance by using the Report Configuration menu command. For more information, see Viewing-search-criteria-for-an-instance .
    • You can also modify individual search criterion for an instance after you configure the instance. For more information, see To modify individual search criteria for an instance.
19. In the String1text box, enter the search string in one of the following formats:
    • A combination of XML elements and values that you want to find in the monitored file. For configuring XML search strings, see Rules-for-entering-XML-search-strings.

    • Search pattern (s). Each search pattern should be a valid regular expression. Enclose each pattern in parentheses ({}).

      Note

      The KM searches for each search pattern in the log file in the order in which you have specified the search patterns. These patterns are searched for the number of polling intervals that you specify in the Polling Intervals text box on the Configure Search Criteria: instanceName: Override Default Settings dialog box. If all the search patterns are not found in the specified polling intervals, the KM generates an alarm. The KM will not generate any alarm if you specify only a single pattern in the String1 text box.

      Note

      BMC does not recommend performing the following actions:

      • Entering multiple search patterns in the String1 text box and selecting the Always Read At Beginning check box in step 9 simultaneously.
      • Entering a single search pattern in the String1 text box. The KM might not generate an alarm in this case. For example, {<Node1>attribute value</Node1>}

      Once the search string is found in the file, the KM generates an alarm. For more information about configuring search strings, see Monitoring-a-file-for-a-particular-string.

      Note

      If you do not specify a search string, the LOGErrorLvl parameter will not be set. When the LOGErrorLvl parameter is not set for a period of time, "no data for specified range" messages are displayed in PATROL history. If you did not specify a search string, this message is benign.

20. Click Next.
21. In the Configure Search Criteria: instanceName: Override Default Settings dialog box, you can custom-define a search criterion with settings that are different from the default settings in the Add File for Label: instanceName dialog box. To do so, select the Override default setting check box and custom-define the settings for each search criterion as described in step A through step D.
22. In the Generate ALARM when pattern not found within ..Polling Intervals text box, specify the number of polling intervals after which an alarm should be generated if the multiple search patterns are not found within those polling intervals.
23. Click Next.
24. In the Configure Search Criteria: instanceName: Summary dialog box, do one of the following:
    • To add more search criterion for the instance, select the Add option, and click Update.
    • To delete a search criterion, select the search criterion, select the Delete option, and click Update to delete the search criterion.
    • To modify a search criterion, select the search criterion, select the Modify option, and click Update to modify the search criterion.
25. Select the Discard changes option if you want to revert all changes made in this dialog box and use the original Search list.
26. Click Finish.
27. (Optional) Access the LOGT application menu as described in Accessing Menu Commands, InfoBoxes and Online Help.
28. Select Advanced Features > Configure Size Actions to configure automatic recovery actions to determine how the KM should respond when the file reaches a defined size.
    For more information, see To configure a recovery action for a log file based on file size.
29. (Optional) Select Advanced Features > Schedule Log Scan to configure the KM to scan the file at different schedules.
    For more information, see To schedule a file scan.