log_monitoring_service MCS Profile Type Configuration

This section describes the following information:
Verify the following information before you configure and deploy the probe:
  • Verify that your archive contains a log_monitoring_service probe that is at least v1.0.0.
  • Complete any probe-specific prerequisites.
  • Verify that you meet the minimum hardware and software requirements before you deploy a monitoring configuration profile.
Configure the log_monitoring_service Profile Types
Use the log monitoring service profile types to monitor system log files. The log monitoring profile types are:
  • Setup Log Monitoring Service
  • Log Monitoring Service
Create a Setup log_monitoring_service configuration profile to configure general probe settings.
Before you configure the profile section of the probe, you must first configure the setup section through MCS templates.
Fields to Know
Setup log_monitoring_service Profile Type
  • Log Level.
    Level of information to be written to the log file. Log as less as possible during normal operation to minimize disk consumption.?
    • 0 – Fatal. Logs only severe information
    • 1 – Error. Logs error information
    • 2 – Warn. Logs warning information
    • 3 – Info. Logs general information (Default)
    • 4 – Debug. Logs debugging information
    • 5 – Trace. Logs tracing/low-level debugging information
  • Tenant ID for Agile Operations Analytics - Base Platform:
    A unique Tenant UUID provided during the Agile Operations Analytics - Base Platform tenant creation process.
  • AXA Elasticsearch Host.
    Comma separated list of Agile Operations Analytics - Base Platform Elasticsearch hostnames.
  • AXA Elasticsearch Port.
    Agile Operations Analytics - Base Platform Elasticsearch port.
    Keep the port open where this probe is deployed to connect to Agile Operations Analytics - Base Platform.
    Default: 9200
    For Digital Operational Intelligence: 80
Log_monitoring_service Profile Type
  • Available Data Categories
  • Data Category
  • Available Data Types
  • Data Type
  • Search String
  • Send Alarm On Each Match.
    Generates a separate alarm for each match found in the log data.
  • Match Alarm Message.
    Default: Match found for $profileName search string $query in message: $result
  • Match Alarm Severity
  • Maximum Alarm Limit.
    Maximum number of alarms to be sent when
    Send Alarm On Each Match
    is selected. Default: 5.
  • Query Interval (seconds).
    Frequency of querying the analytics data store (CA App Experience Analytics Elasticsearch) to find the matches.
  • Search Time Window (seconds)
  • QoS on.
    Generates a metric with count of matches found in the log data.
  • Alarm on.
    Raises an alarm for the match count metric based on the High and Low Thresholds.
  • High Threshold Value.
    If the metric value crosses this value, an alarm with severity
    is raised.
  • Low Threshold Value.
    If the metric value crosses this value, an alarm with severity
    is raised.
Customize Alarm Message
The default alarm message variables ($profileName, $query, and $result) are specific to log_monitoring_service probe and not generic. These variables are used as placeholder variables which are replaced by associated values in the generated alarm messages.
The following list provides information about different variables and their replacement values:
  • $profileName:
    In the alarm message, this variable is replaced by the profile name of the probe which generated the alarm.
  • $query:
    In the alarm message, this variable is replaced by the Elasticsearch string/query against which the match was found and resulted in alarm generation.
  • $result:
    In the alarm message, this variable is replaced by the Elasticseach document’s key-value pairs. The Elasticsearch document contains any attribute(s) satisfying the matching criteria. Also, this document is part of an Elasticsearch index on which the search is applicable.
Default Settings
Setup log_monitoring_service
  • Log Level - 3 - Info
  • CA App Experience Analytics Elasticsearch Host - localhost
  • CA App Experience Analytics Elasticsearch Port - 9200
Log Monitoring Service
The Log Monitoring profile type is deactivated by default. No default profiles are shipped with this probe. To forward log file content, create a profile type through AC or MCS.
  • Active - Selected
  • Send Alarm On Each Match - Selected
  • Maximum Alarm Limit - 5
  • Query Interval (seconds) - 300
  • Units - sec
  • QoS on - Selected
For more information: