Skip to Content
Information
Unsupported content Version 2.7.41 of the product is in limited support, while versions 2.7.43 and 2.7.44 are fully supported. This documentation includes content for all versions. You will not be able to leave comments for version 2.7.41.

 

User goals and features

The PATROL for Log Management monitors and manages log files in your environment. This KM is a set of files containing knowledge in the form of command descriptions, application classes, and parameters that PATROL uses when monitoring the application instances and their associated components.

You can use the KM to monitor text and script file types. You can create predefined recovery actions that execute when monitored log files exceed a specified size or growth rate.
The PATROL for Log Management automatically monitors the Agent error log.

Features

The PATROL for Log Management allows you to

  • Select logs to be monitored, including:
    • Log files that have not yet been created
    • Text and script files
    • Log files with dynamic log file names
  • Monitor log files for:

    • Size, growth rate, and age

    • Content
    • State (WARN, ALARM)
    • Numeric comparisons
    • Change in permissions and timestamp
  • Temporarily stop log monitoring during system maintenance by using external control flags
  • Set multiple schedules for multiple polling cycles per log file
  • Generate alerts when:
    • A monitored log file is no longer present
    • A text string or regular expression is discovered within a log file
    • Log file exceeds a specified size
    • Log file reaches a specified age
    • Log file permission changes
    • Log file timestamp changes
    • A log file is inactive beyond a specified duration
    • A number of matches are found over a period of polling cycles
  • Alert a specific person or group based on a matched string in the log file
  • View error strings found in the last log update that caused alert and all entries that match that error string from the last log update.
  • Configure log searches to:
    • Ignore subsequent alerts for a specified number of polling cycles if the search finds a matching string or regular expression in a log file.
    • Override an ignored alert if the search finds a matching string or regular expression more than n times before the ignore setting is completed.
    • Specify the number of log scan cycles after which a WARN or ALARM state is automatically changed to OK.
    • Include part of or all of the text from the log in the event message text.
    • Use NOT and AND statements with the text strings or regular expressions to narrow the log search.
    • Monitor text log files by using multiple search criteria including overriding of default settings for a search criterion.
    • Ignore case-sensitivity for text files
  • Use regular expressions to create:
    • An exclude alert string that prevents alarms and warnings from occurring by filtering out messages in the log that match specified alarm or warning strings
    • Use regular expressions to create an exclude to warn alert string that interprets message text that matches alarm strings and moves the text into a warning
  • Generate one of the following automated recovery actions when a log file exceeds an acceptable size or growth rate:
    • Clear and back up log files
    • Delete files
    • Run in attended and unattended modes
    • Reset log alerts which occur as a result of updated text in the log file that matches a specified alert string
  • Configure a text or XML instance to search for multiple patterns in a log file for a particular number of polling cycles
  • Perform all of the above functions on remote UNIX hosts

For information about configuring and using the PATROL for Log Management, see Monitoring-log-files.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC PATROL for Log Management 2.7