logmon AC Configuration

This article is for probe versions 3.5 or later.
uimpga-ga
logmon_AC
This article describes the configuration concepts and procedures to set up the Log Monitoring (logmon) probe. The probe is configured to monitor log files, web pages, messages from queues, and output from commands. The probe is deployed with some default configuration such as alarms, QoS measurements, and monitoring profiles. You can use the default configuration or can modify the settings, as needed.
This article is for probe versions 3.5 or later.
The following diagram outlines the process to configure the logmon probe.
Configuring logmon
Configuring logmon
Contents
2
Verify Prerequisites
The probe has the following prerequisites:
  • Verify that required hardware and software is available and preconfiguration requirements are met before you configure the probe. For more information, see logmon (Log Monitoring) Release Notes .
  • Verify that the
    url_response
    probe is deployed and active to monitor URLs using the logmon probe.
Configure General Properties
You can configure the following properties of the probe:
  • Logging and global monitoring properties of the probe
  • Alarms for missing or open files
Follow these steps:
  1. Open the
    logmon
    node.
    The
    Probe Information
    section provides information about the probe name, probe version, start time of the probe, and the probe vendor.
  2. In the
    General Setup
    section, Update the following information to configure the log properties.
    The log file of the probe (excluding the system log files) contains information about the activity of the probe itself.
    • Log Level:
      specifies the level of details that are written to the log file.
      Default: 0 - Fatal
      Log as little as possible during normal operation to minimize disk consumption, and increase the amount of detail when debugging.
    • Log File Size (KBytes):
      specifies the size of the log file where the internal log messages of the probe are written, in kilobytes. When this size is reached, new log file entries are added and the older entries are deleted.
      Default: 100
  3. Update the following information to configure the user credentials for the probe, if required. You can define user credentials to access directories and files of the host or network system.
    • User Name (Including domain name):
      defines the username for the credentials in the following format:
      <domain name>/<user name>
    • Password:
      defines the password for the specified user name.
  4. Update the following information to configure the character encodings of the log files in non english locales:
    • Output Encoding:
      defines the character encoding to generate alarms and QoS messages when the probe is deployed in a non english locale. The probe also uses the encoding to identify the file name that is specified in the monitoring profile.
    • System Encoding:
      specifies the encoding of the system where the probe is deployed.
  5. Update the following information to configure format and watcher rule properties. The rules allows you to specify and refine the text that is monitored in the log files.
    The values apply to all monitoring profiles of the probe.
    • Format Interval:
      defines the number of intervals to save the incomplete pattern details of a format rule. An incomplete pattern is created when the start and end expressions of a format rule are identified in the text in different monitoring intervals.
      The
      Format Interval
      value does not work in the following situations:
      • A regular expression is used in a profile to monitor multiple files.
      • The probe has generated a missing file alarm during any interval.
    • Run Command Threads:
      defines the maximum number of commands a watcher rule can execute, when the watcher expression matches.
      Example: the value is set to 10 and the watcher rule expression matches 12 times in an interval. Here, the probe executes the command 10 times. The command is defined in the
      Run Command on Match
      section in the
      Standard
      monitor of a watcher rule.
  6. Navigate to the
    File Missing/Open Alarm
    section.
    : CA does not recommend you to configure alarms in this section when using regular expressions to identify any file. This can cause unknown probe behaviour on different operating systems.
  7. Update the following information to configure alarms for missing or open files:
    If a regular expression is used in a profile, the alarm is generated only when there are no files in the specified directory.
    • Publish Alarms:
      generates an alarm if the monitored log file is missing or is not readable by the probe. This option also clears the alarm in the subsequent interval after the probe reads the file.
    • Clear Alarm on Restart:
      generates a clear alarm when the probe restarts and successfully reads a log file that was missing earlier.
      Example: the probe generates file missing alarms and then restarts. The probe generates a clear alarm if this option is selected.
      This field is only enabled when you select
      Publish Alarms
      .
  8. Navigate to the
    Quality of Service Definitions
    section to add or delete custom QoS from the probe.
    For more information, see Create and Configure Custom QoS.
  9. Click
    Save
    to save the configuration.
Create and Configure Custom QoS
You can create QoS in the probe to generate customized QoS messages from profiles.
Follow these steps:
  1. Navigate to the
    Quality of Service Definitions
    section.A list of all custom QoS is displayed.
  2. Click
    New
    .
  3. Update the following information to configure the QoS:
    • QoS Header Name
      : enters a header name for the QoS.
    • QoS Name
      : enters a name for the QoS.
    • QoS Description:
      enters any additional information for the QoS.
    • QoS Unit and Unit Abbreviation
      : selects an appropriate unit and its abbreviation for the QoS.
      Default: Bytes
    • Enable Has Max Value
      : allows you to specify the maximum permissible value for the QoS.
    • Has Maximum value
      : enters the maximum permissible value for the QoS.
    • As Expected:
      allows you to generate the QoS messages according to the expected value set for that variable. If not selected, the QoS messages on variables are sent after a specific time interval.
  4. Click
    Save
    to save the configuration.
You can also select and delete a QoS definition from the probe. The watcher rules of profiles that use the deleted QoS revert to the default QoS.
Create a Profile
You can create a profile to monitor any of the following entities. The
robot name
node displays the type of profiles that can be created. Special time-formatting primitives are also available for targets such as files, commands, queues and URLs. For more information, see the
Use Time Formatting Primitives
section in logmon Advanced AC Configuration.
  • Files: You can monitor files using the
    Cat
    ,
    Full
    ,
    Full Time
    , and
    Updates
    profiles.
    CA recommends you to monitor large files only in the
    Updates
    mode. Monitoring large files from start can increase the CPU usage.
  • Commands: You can specify a command and can monitor the output, using the
    Command
    profile. You can also specify thresholds to generate alarms for exit codes.
    For more information, see the
    Configure Command Exit Code Alarms
    section in logmon Advanced AC Configuration.
  • Queues: You can monitor messages in queues of the CA UIM hub where the probe is deployed. You can use a
    Queue
    profile.
  • URLs: You can specify web-based URLs to monitor web page content, using the
    Url
    profile. You can also set up timeout, alarm, and authentication properties of the website.
The probe uses the url_response probe to monitor URLs. You can only create watcher rules for URLs.
: (From logmon 3.56) In the url mode, the probe generates single alarm for all the matches in the webpage when using * as the match expression.
Create File Profiles
You can perform the following actions to create profiles to monitor files in the probe:
  • Configure monitoring properties of the profile.
  • Activate or deactivate the profile.
  • Specify the character encoding of the file.
  • Configure alarms for maximum count of matches.
Follow these steps:
  1. Navigate to the
    robot name
    node.
  2. Click the
    Options (icon)
    next to the node.
  3. Select one of the following options:
    • Add Cat Profile:
      indicates the probe to always scan the log file from beginning to the end.
    • Add Full Profile:
      indicates the probe to scan the log file from beginning to the end, only when the file is modified.
      A file is considered as modified when the content of the file is updated.
    • Add Full Time Profile:
      indicates the probe to scan the log file from beginning to the end, only when the file is modified.
      A file is considered as modified when the modification time of the file is updated.
    • Add Updates Profile
      : indicates the probe to scan the file from the last EOF mark that was placed when the file was modified.
      The probe uses the end of the file, the file size, and the file modification time to determine modifications.
      CA recommends using
      updates
      mode when new entries are inserted at the end of the log file. If a file is modified before the EOF mark, the probe scans the entire file again.
  4. Specify the values in the following fields to create the profile:
    • Profile Name:
      defines a name for the profile.
    • Mode:
      displays the type of profile that is created.
    • File:
      defines the full name of the log file for monitoring.
      You can use pattern matching and regular expression. For example, use the wildcard operators
      *.txt
      for identifying multiple log files at run time. You can use regular expressions as discussed in the  section in logmon Hints and Examples.
    • logmonBrowse.png Browse: allows you to open the
      Remote File Browser
      dialog to select the file to be monitored.
    • logmonTail.png Tail...: allows you to view the contents of the selected file. The probe displays garbled text if the encoding of the file is different from the specified value.
      Verify the value of
      System Encoding
      in the
      Setup
      dialog if the probe shows garbled text in the log file. For more information, see Configure General Properties.
  5. Update the following information to configure the probe interval, file read position, QoS, and alarm properties:
    • Check Interval:
      specifies the time interval which the profile runs. Reduce this interval to increase the frequency of alarms.
      Default: 5
      Reduce this interval to increase the frequency of alarms. A shorter interval can also increase the system load.
    • Units:
      indicates the unit for the Check Interval field.
      Default: Seconds
    • Generate Quality of Service:
      enables the profile to send the QoS messages for variables and number of matches.
    • Generate Alarm:
      enables the alarm message for each matching expression of the watcher rule.
    • Send Message Using a Specific Subject:
      defines the custom subject of the alarm, which overrides the default subject.
    • Subject: specifies a Subject that is displayed when the logmon probe generates a CA UIM message.
      The Subject field is enabled only when
      Send Message Using a Specific Subject
      is selected.
    • Set File Read Position:
      allows you to set the position in the file from where the probe starts monitoring.
      The
      Set File Read Position
      ,
      Initial File Read Position
      , and
      Resume File Read Position
      options are only applicable to
      updates
      profiles.
      The following fields are available for configuration:
      • Initial File Read Position:
        defines the start position from where the probe starts monitoring the file.
        The value can be Start of File or End of File.
      • Resume File Read Position:
        defines the position from where the monitoring is resumed, if the probe or the profile is restarted.
        The value can be Last Read Line or End of File.
  6. Click
    Submit
    .
    The created profile is available as a
    profile name
    node.
  7. Navigate to the
    profile name
    node.
    The
    General Properties
    section allows you to configure the profile again. The fields in this section are the same as the fields in
    Step 4
    and
    Step 5
    .
  8. Select
    Active
    in the
    Profile Status
    section to activate the profile for monitoring.
  9. Select the
    File Encoding
    to select the character encoding of the input file that is selected for monitoring. The probe detects the encoding of the input file automatically. However, you can specify the appropriate character encoding when the probe fails to detect the character encoding. For example, specify the file encoding as
    Windows-1252
    for monitoring binary and data files in a Linux environment.
  10. (From logmon 3.70) Enable File Missing/Open Alarm:
    generates an alarm if the monitored log file is missing or is not readable by the probe. This option also clears the alarm in the subsequent interval after the probe reads the file.
  11. (From logmon 3.70)  Clear Alarm on Restart:
    generates a clear alarm when the probe restarts and successfully reads a log file that was missing earlier. This field is only enabled when you select
    Enable File Missing/Open Alarm
    .
    Example: the probe generates file missing alarms and then restarts. The probe generates a clear alarm if this option is selected.
    The
    Enable File Missing/Open Alarm
    and
    Clear Alarm on Restart
    options apply to a profile only if the
    Publish Alarms
    and
    Clear Alarm on Restart
    options are not selected in the
    logmon
    node. If you do not want to configure alarms for a profile, do not enable these options in the
    logmon
    and the
    profile name
    nodes.
  12. (From logmon 4.0) Directory Recursion:
    Enables the probe to recurse into sub folders
    to find a matching file pattern.
  13. (From logmon 4.0) Number of levels to Recurse:
    specifies the maximum number of sub folders the probe searches to find a matching file pattern.
    The
    Directory Recursion
    and
    Number of levels
    to Recurse
    functionality is applicable only for
    cat, full, full_time,
    and
    updates
    operating modes.
    The
    Directory Recursion
    and
    Number of levels to Recurse
    options are not applicable for the
    Test Profile
    option. Enabling the
    Directory Recursion
    and
    Number of levels to Recurse
    options with the
    Test Profile
    option may adversely affect the probe performance.
  14. Update the following information in the maximum alarm count section:
    • Publish Alarms:
      enables the profile to generate an alarm for maximum alarm count.
    • Maximum Alarm Count:
      defines the limit to the number of alarms, the watcher in profile can generate.
      (From logmon 4.0)
      The field
      Maximum Alarm Count
      defines the limit for the number of alarms the Suppression Keys in a watcher can generate. To enable the probe to generate alarms based on suppression keys, create the key
      MaxAlarmPerWatcherSuppKey
      and set the value for the key as
      Yes
      .
      To add the
      MaxAlarmPerWatcherSuppKey
      key, follow these steps:
      1. Navigate to the
        Raw Configure
        interface >
        setup
        section.
      2. Add a new key
        MaxAlarmPerWatcherSuppKey
        and set the value as
        Yes
        .
      3. Save the configuration and restart the probe.
      For an example of Maximum Alarm Count based on Suppression Keys, see logmon Use Case Examples.
      • If the value for the key
        MaxAlarmPerWatcherSuppKey
        is set as
        No,
        then
        Maximum Alarm Count
        number
        ,
        if used
        ,
        defines the limit to the number of alarms, the watcher in a profile can generate.
      • If the value for the key
        MaxAlarmPerWatcherSuppKey
        is set as
        Yes
        ,
        then
        Maximum Alarm Count
        number
        ,
        if used
        ,
        defines the limit to the number of alarms, a suppression key of a watcher in a profile can generate.
      • If the value for the key
        MaxAlarmPerWatcherSuppKey
        is set as
        Yes,
        it is expected that
        suppression keys
        are configured for a watcher. If watcher
        suppression key
        is not configured, then default
        suppression key
        generated from the profile name and watcher name is used.
    • Maximum Alarm Level:
      defines the severity of the alarm that the probe generates when the maximum alarm count is reached.
    • Maximum Alarm Message:
      defines the alarm message text that the probe generates when the maximum alarm count is reached.
      You can use variables in the
      ${Variable}
      format. For more information, see the
      Variable Expansion in Alarms
      section in logmon Advanced AC Configuration.
  15. Click
    Save
    to save the configuration.
Create Command Profiles
You can perform the following actions to create profiles to monitor output of commands in the probe:
  • Configure monitoring properties of the profile.
  • Activate or deactivate the profile.
  • Specify the character encoding of the file.
  • Configure alarms for maximum count of matches.
  • Configure the timeout duration for executing the command.
  • Generate alarms when commands time out.
  • Specify thresholds to generate alarms for exit codes. For more information, see the
    Configure Command Exit Code Alarms
    section in logmon Advanced AC Configuration.
  • Generate alarms for exit codes.
Follow these steps:
  1. Navigate to the
    robot name
    node.
  2. Click the
    Options (icon)
    next to the node.
  3. Select
    Add Command Profile
    to indicate the probe to scan the output of a console command.
    The
    command
    operating mode is not available for the IBM iseries environment.
  4. Specify the values in the following fields to create the profile:
    • Profile Name:
      defines a name for the profile.
    • Mode:
      displays the type of profile that is created.
    • Command:
      defines the command for monitoring the output.
    • logmonBrowse.png Browse: allows you to open the
      Remote File Browser
      dialog to select a batch file with the commands to be monitored.
    • Exit Code Monitoring:
      allows you to configure multiple exit codes as threshold.
      For more information, see the
      Configure Command Exit Code Alarms
      section in logmon Advanced AC Configuration.
  5. Update the following information to configure the probe interval, QoS, and alarm properties:
    • Check Interval:
      specifies the time interval which the profile runs.
      Default: 5
      Reduce this interval to increase the frequency of alarms. A shorter interval can also increase the system load.
    • Units:
      indicates the unit for the Check Interval field.
      Default: Seconds
    • Generate Quality of Service:
      enables the profile to send the QoS messages for variables and number of matches.
    • Generate Alarm:
      enables the alarm message for each matching expression of the watcher rule.
    • Send Message Using a Specific Subject:
      defines the custom subject of the alarm, which overrides the default subject.
    • Subject
      : specifies a Subject that is displayed when the logmon probe generates a CA UIM message.
      The Subject field is enabled only when
      Send Message Using a Specific Subject
      is selected.
  6. Click
    Submit
    .
    The created profile is available as a
    profile name
    node.
  7. Navigate to the
    profile name
    node.
    The
    General Properties
    section allows you to configure the profile again. The fields in this section are the same as the fields in
    Step 4
    and
    Step 5
    .
  8. Select
    Active
    in the
    Profile Status
    section to activate the profile for monitoring.
  9. Select the
    File Encoding
    to select the character encoding of the input file that is selected for monitoring. The probe detects the encoding of the input file automatically. However, you can specify the appropriate character encoding when the probe fails to detect the character encoding. For example, specify the file encoding as
    Windows-1252
    for monitoring binary and data files in a Linux environment.
  10. Update the following information in the maximum alarm count section:
    • Publish Alarms:
      enables the profile to generate an alarm for maximum alarm count.
    • Maximum Alarm Count:
      defines the limit to the number of alarms, the watcher in profile can generate.
    • Maximum Alarm Level:
      defines the severity of the alarm that the probe generates when the maximum alarm count is reached.
    • Maximum Alarm Message:
      defines the alarm message text that the probe generates when the maximum alarm count is reached.
      You can use variables in the
      ${Variable}
      format. For more information, see the
      Variable Expansion in Alarms
      section in logmon Advanced AC Configuration.
  11. Navigate to the
    Set Command Timeout
    section.
  12. Update the following information to configure command timeout:
    • Enable Command Timeout:
      enables the option to configure the timeout duration for executing the command.
      Active processes that were previously executed are not terminated.
    • Command Timeout(Sec):
      defines the time duration (in seconds) after which the probe terminates the associated process. The value must be less than the value in the
      Check Interval
      field. Parent and child processes are terminated using this option. For example: the profile has executed a batch file which has internally executed another process. The probe terminates both the batch script process and the child process.
      In
      Windows
      systems, you must keep the association between the batch file process and its child processes. If the child process is not associated with the parent process; the probe does not terminate the child processes.
      Example: you can execute the
      START/W C: \Windows\System32\notepad.exe
      command (with
      /W
      option) in a batch file for creating association between the child process (notepad.exe) and the parent batch file process.
  13. Navigate to the
    Command Timeout Alarm
    section.
  14. Update the following information to configure command timeout alarms:
    • Publish Alarms:
      enables the profile to generate an alarm when a command times out and the probe terminates the associated processes.
    • Command Timeout Alarm Level:
      specifies the severity of the command timeout alarm.
  15. Navigate to the
    Threshold  Settings for Command mode
    section to specify thresholds to generate alarms for exit codes.
    For more information, see the
    Configure Command Exit Code Alarms
    section in logmon Advanced AC Configuration.
  16. Navigate to the
    Exit Code
    section.
  17. Select
    Publish Alarms
    to generate alarms for exit codes.
  18. Click
    Save
    to save the configuration.
Create Queue Profiles
You can perform the following actions to create profiles to monitor files in the probe:
  • Configure monitoring properties of the profile.
  • Activate or deactivate the profile.
  • Specify the character encoding of the file.
  • Configure alarms for maximum count of matches.
Follow these steps:
  1. Navigate to the
    robot name
    node.
  2. Click the
    Options (icon)
    next to the node.
  3. Select
    Add Queue Profile
    to indicate the probe to scan the messages of a CA UIM queue.
    The queue is configured in the CA UIM hub where the probe is deployed. The probe scans the message text and line string fields in the message.
  4. Specify the values in the following fields to create the profile:
    • Profile Name:
      defines a name for the profile.
    • Mode:
      displays the type of profile that is created.
    • Queue:
      specifies the queue name of the CA UIM hub for monitoring messages of the queue.
  5. Update the following information to configure the probe interval, file read position, QoS, and alarm properties:
    • Check Interval:
      specifies the time interval which the profile runs. Reduce this interval to increase the frequency of alarms.
      Default: 5
      Reduce this interval to increase the frequency of alarms. A shorter interval can also increase the system load.
    • Units:
      indicates the unit for the Check Interval field.
      Default: Seconds
    • Generate Quality of Service:
      enables the profile to send the QoS messages for variables and number of matches.
    • Generate Alarm:
      enables the alarm message for each matching expression of the watcher rule.
    • Send Message Using a Specific Subject:
      defines the custom subject of the alarm, which overrides the default subject.
    • Subject
      : specifies a Subject that is displayed when the logmon probe generates a CA UIM message.
      The Subject field is enabled only when
      Send Message Using a Specific Subject
      is selected.
  6. Click
    Submit
    .
    The created profile is available as a
    profile name
    node.
  7. Navigate to the
    profile name
    node.
    The
    General Properties
    section allows you to configure the profile again. The fields in this section are the same as the fields in
    Step 4
    and
    Step 5
    .
  8. Select
    Active
    in the
    Profile Status
    section to activate the profile for monitoring.
  9. Select the
    File Encoding
    to select the character encoding of the messages in the queue that is selected for monitoring.
  10. Update the following information in the maximum alarm count section:
    • Publish Alarms:
      enables the profile to generate an alarm for maximum alarm count.
    • Maximum Alarm Count:
      defines the limit to the number of alarms, the watcher in profile can generate.
    • Maximum Alarm Level:
      defines the severity of the alarm that the probe generates when the maximum alarm count is reached.
    • Maximum Alarm Message:
      defines the alarm message text that the probe generates when the maximum alarm count is reached.
      You can use variables in the
      ${Variable}
      format. For more information, see the
      Variable Expansion in Alarms
      section in logmon Advanced AC Configuration.
  11. Click
    Save
    to save the configuration.
Create URL Profiles
You can perform the following actions to create profiles to monitor URLs in the probe:
  • Configure monitoring properties of the profile. You can also configure the URL access settings.
  • Activate or deactivate the profile.
  • Specify the character encoding of the file.
  • Configure alarms for maximum count of matches.
Follow these steps:
  1. Navigate to the
    robot name
    node.
  2. Click the
    Options (icon)
    next to the node.
  3. Select
    Add Url Profile
    to indicate the probe to scan the content of the web page, which is accessible at the given URL.
    Deploy the url_response probe on the same robot as the logmon probe.
  4. Specify the values in the following fields to create the profile:
    • Profile Name:
      defines a name for the profile.
    • Mode:
      displays the type of profile that is created.
  5. Update the following information to configure the URL and its properties:
    • URL
      : defines the complete URL of the web page you want to scan. The probe sends an alarm if the specified url is not found or the probe is unable to contact the url. The probe also sends an alarm, if the specified url exists, its http response is 200 but its fetch data is 0.
      From version 3.90, the probe does not expand the % symbol in URL profiles to time formatting primitives.
    • Timeout (sec.):
      specifies the wait time for the probe for loading the complete web page. If the page takes more than the specified time to load, an alarm is generated.
    • Retries Before Failure:
      specifies the number of attempts for accessing the URL before giving up and then sends a failure alarm.
    • Failure Alarm Level:
      specifies the severity level of the alarm to be sent if an error occurs (timeout or too many retries).
    • Windows NT Authentication:
      allows you to configure the username and password for impersonating the Windows user account for authenticating the probe for accessing the URL.
      • Host:
        defines the IP address or host name of the proxy server, which forwards the URL requests.
      • Port:
        defines the http port of the proxy server.
      • User:
        defines the username of the proxy server.
      • Password:
        defines the password for the corresponding proxy user.
    • SSL Settings:
      specifies the degree of encryption of the data traffic. You can configure the user authentication detail. This option is required when the web server hosting the URL requires you to log in.
      • User:
        defines the user name of the web server host for accessing the web page.
      • Password:
        defines the password for the corresponding user.
  6. Update the following information to configure the probe interval, file read position, QoS, and alarm properties:
    • Check Interval:
      specifies the time interval which the profile runs. Reduce this interval to increase the frequency of alarms.
      Default: 5
      Reduce this interval to increase the frequency of alarms. A shorter interval can also increase the system load.
    • Units:
      indicates the unit for the Check Interval field.
      Default: Seconds
    • Generate Quality of Service:
      enables the profile to send the QoS messages for variables and number of matches.
    • Generate Alarm:
      enables the alarm message for each matching expression of the watcher rule.
    • Send Message Using a Specific Subject:
      defines the custom subject of the alarm, which overrides the default subject.
    • Subject
      : specifies a Subject that is displayed when the logmon probe generates a CA UIM message.
      The Subject field is enabled only when
      Send Message Using a Specific Subject
      is selected.
  7. Click
    Submit
    .
    The created profile is available as a
    profile name
    node.
  8. Navigate to the
    profile name
    node.
    The
    General Properties
    section allows you to configure the profile again. The fields in this section are the same as the fields in
    Step 4
    and
    Step 5
    .
  9. Select
    Active
    in the
    Profile Status
    section to activate the profile for monitoring.
  10. Select the
    File Encoding
    to select the character encoding of the text in the webpage that the URL hosts.
  11. Update the following information in the maximum alarm count section:
    • Publish Alarms:
      enables the profile to generate an alarm for maximum alarm count.
    • Maximum Alarm Count:
      defines the limit to the number of alarms, the watcher in profile can generate.
    • Maximum Alarm Level:
      defines the severity of the alarm that the probe generates when the maximum alarm count is reached.
    • Maximum Alarm Message:
      defines the alarm message text that the probe generates when the maximum alarm count is reached.
      You can use variables in the
      ${Variable}
      format. For more information, see the
      Variable Expansion in Alarms
      section in logmon Advanced AC Configuration.
  12. Click
    Save
    to save the configuration.
Create Watcher Rules
A Watcher Rule defines a pattern to identify the required information in the target file and generate QoS and alarm messages. If a format rule is also specified, the watcher rule looks for the information in the matching text block. You can attach multiple watcher rules with one format rule, but the probe generates a separate alarm for each rule. If a watcher rule is not attached to any format rule, then the rule applies to all active format rules.
Follow these steps:
  1. Navigate to the
    Watcher Rules
    node of the required profile.
  2. Click the
    Options (icon)
    next to the node.
  3. Select
    Add New Watcher
    .
    The
    Watcher Configuration
    dialog appears.
  4. Enter a name for the rule.
  5. Select
    Active
    to enable the rule, on creation.
  6. (From logmon 3.60)
    Update the following information to use multiple strings in a regular expression. For more information, see
    Using Pattern Files
    in logmon Hints and Examples.
    The probe only supports text files in which the each string is listed as a new line.
    • Enable regex from external file:
      allows you to use the same regular expression with multiple strings.
      8-bit PCRE supports a maximum length of 30000 characters for the regex and string combination. Ensure that each regex and string combination is a valid regular expression.
    • Token to be replaced:
      replaces the specified text in the match expression with each string in the file and executes the rule.
    • Path to pattern file:
      specifies the path of the file with the pattern strings to include in the expression. You can also browse and select the pattern file with the strings for the regular expression.
      Restart the probe if you modify the pattern file. The probe only supports UTF-8 encoding for the pattern file.
  7. Click
    Submit
    .
    The watcher rule is created as the
    watcher rule name
    node.
  8. Click
    Save
    to save the configuration.
    You can then configure the following properties in the rule:
Configure Custom Variables
You can create and configure custom variables to use in alarm and QoS messages. The variables can retrieve text from the log file and use it in probe alarms. You can use variables in the
${Variable}
format. For more information, see the
Variable Expansion in Alarms
section in logmon Advanced AC Configuration. You can also configure thresholds in the variable to generate alarms.
Follow these steps:
  1. Navigate to the
    watcher rule name
    node.
  2. Click
    New
    in the
    Variables
    section.
  3. Update the following information to configure the variable properties:
    • Name:
      specifies a name for the variable.
    • Text block:
      allows you to specify the entire text block as a variable. The content is used without truncating any control characters and all other fields are disabled.
    • Source Line:
      enables the probe to use a custom initial point in the log file to extract the variable value.
      The option is used when format rules are also used.
      Do not select the source line while monitoring a URL.
    • Source Line Value:
      defines the beginning of the log file to extract the variable value.
      The field is available if
      Source Line
      is selected.
    • Source FROM Position
      • Column
        • From Character Position:
          defines the character position in the source line to retrieve the variable value.
        • Source To Position
          • Ignore ‘To’:
            ignores the '
            To'
            position and extracts the entire content from the starting position to the end of log file.
          • To column:
            specifies the end column position to retrieve the variable value.
          • To End of Line:
            retrieves the variable value to the end of line of the starting position.
        • To column Position:
          specifies the end column position to retrieve the variable value.
      • Character
        • From Character Position:
          defines the character position in the source line to retrieve the variable value.
        • Source To Position
          • To char. pos.:
            specifies the end character position to retrieve the variable value.
          • To End of Line:
            retrieves the variable value to the end of line of the starting position.
        • To column Position:
          specifies the end column position to retrieve the variable value.
      • Match Expression
        • From Character Position:
          defines the character position in the source line to retrieve the variable value from the match expression of the watcher.
        • Source To Position
          • Ignore ‘To’:
            ignores the '
            TO'
            position and extracts the entire content from the starting position to the end of log file.
  4. Update the following information to configure thresholds for the variable:
    • Operator:
      defines the operator for the variable.
    • Threshold (Expected Value):
      defines the threshold value for the variable.
    The watcher generates an alarm if the expected values are not met. For example, if you set threshold condition as ${VariableName} < 21, then no alarms are generated for values less than 21. The variables are assigned values according to the definition, such as a word on each line.
  5. Click
    Save
    to save the configuration.
Configure QoS on Variables
You can configure QoS messages for created variables.
You must use different QoS definition for watcher and variables. Using the same QoS indicates the probe to generate the same QoS multiple times.
Follow these steps:
  1. Navigate to the
    watcher rule name
    node.
  2. Select a variable in the
    QoS on Variables
    section.
  3. Select
    Add QoS on Variable
    from the
    Actions
    menu.
  4. Update the following information to configure the QoS message for each variable:
    • Active:
      activates the QoS on the configured variable, on creation.
    • QoS Name:
      allows you to select the QoS definition to use.
      You can also select a custom QoS.
    • QoS Target:
      defines the QoS target where the QoS value is measured.
      Default: profilename.watchername
      QoS on variables are sent on numeric value or state (true or false) when the
      As Expected
      option is selected in
      logmon
      node
      >
      Quality of Service Definitions section.
  5. Click
    Submit
    .
  6. Click
    Save
    to save the configuration.
Configure Standard Properties
You can configure the following watcher rule properties in the Standard tab:
  • Match expressions
  • Alarm on match
  • Command to execute on match
Follow these steps:
  1. Navigate to the
    Watcher Monitors
    node.
  2. Select
    Publish Alarms
    in the
    Standard
    section to enable alarms.
  3. Update the following information to configure the match expression properties:
    • Match Expression:
      defines a regular expression to specify the text to be watched in the log messages. From logmon 3.60, you can also specify a pattern file to use multiple strings in the regular expression. For more information, see
      Create Watcher Rules
      .
      You must define a
      Match Expression
      to generate QoS messages.
    • Message to Send on Match:
      defines the alarm message text, which the probe generates when the log file text matches the regular expression.
      You can use variables in the
      ${Variable}
      format. For more information, see the
      Variable Expansion in Alarms
      section in logmon Advanced AC Configuration.
      If the profile generates QoS messages, the message text is converted into an integer value. The converted value is displayed as the sample value of the QoS message for each watcher match. If the message text is a string, it gets converted to 0.
    • Message Severity:
      allows you to
      select the severity of the alarm message.
  4. Update the following information to specify commands to execute on a match:
    • Run command on match:
      allows you to run commands or batch files with optional parameters, when the log file text matches the expression.
      The Command Executable and Timeout fields are enabled after you select the checkbox.
      The probe cannot run VB script (.vbs) files. You can use the
      cscript
      utility to execute a VB script file from a batch file.
    • Command Executable:
      specifies the command or the path of the batch file with the commands to be executed.
    • logmonBrowse.png Browse: allows you to open the
      Remote File Browser
      dialog to select the file with the commands to be executed.
    • Command Arguments:
      specifies the arguments to be executed with commands.
    • Field Separator:
      defines a character to separate fields in each record of the log file.
      All variables are stripped of trailing whitespace after they are extracted, (no matter how they are extracted). The leading whitespace is handled on the basis of the mechanism used and the characters in the separator list.
      Some examples of field separators are as follows:
      • Space: ‘white space’ (<return>, <tab>, <space>). The space is the default field separator.
      • Colon: The record is first divided into fields, based on <tabs> found. Then, if a colon character (: ) is found in a field (for example, time format hh: mm), the field is further divided.
      • \\ indicates that the <backslash> character (\) is used as a field separator.
    • Timeout:
      defines the time duration (in seconds) after which the probe terminates the associated process. The value must be less than the value in the
      Check Interval
      field. Parent and child processes are terminated using this option. For example: the profile has executed a batch file which has internally executed another process. The probe terminates both the batch script process and the child process.
      In
      Windows
      systems, you must keep the association between the batch file process and its child processes. If the child process is not associated with the parent process; the probe does not terminate the child processes.
      Example: you can execute the
      START/W C: \Windows\System32\notepad.exe
      command (with
      /W
      option) in a batch file for creating association between the child process (notepad.exe) and the parent batch file process.
  5. Check
    Alarm on First Match only
    to generate alarm for only the first instance of the match expression in the monitored log.
  6. Click
    Save
    to save the configuration.
Configure Advanced Properties
You can assign the watcher rule to a format rule specified for the profile.
If no format rule is specified, the watcher rule applies to all active format rules.
Follow these steps:
  1. Navigate to the
    Watcher Monitors
    node.
  2. Select
    Publish Alarms
    in the
    Advanced
    section to enable alarms.
    The
    Message to Send on Match
    and
    Message Severity
    fields are enabled.
  3. Update the following information to assign the watcher rule to a format rule:
    • Restrict Format Definition:
      enables the Format Definition Name field to attach the watcher rule to a format.
    • Format Definition Name:
      allows you to select
      a format rule to apply the watcher rule on the text block.
    • Abort on Match:
      aborts to run remaining watchers after the match is found in same line of the monitoring file.
    • Message to Send on Match:
      defines the alarm message text that the probe generates when the log file text matches the regular expression.
      You can use variables in the
      ${Variable}
      format. For more information, see the
      Variable Expansion in Alarms
      section in logmon Advanced AC Configuration.
      If the profile generates QoS messages, the message text is converted into an integer value. The converted value is displayed as the sample value of the QoS message for each watcher match. If the message text is a string, it gets converted to 0.
    • Message Severity:
      allows you to
      select the severity of the alarm message.
    • Send clear alarm:
      allows you to generate a clear alarm if all variable values are as expected. This option is applicable when testing if a variable is as expected, and a suppression key is set in the
      Alarm and QoS Metrics
      section. It does not have any effect on a Watcher that only verifies log entries, or where variables are not verified. A clear alarm is generated for alarms that are configured in the
      Standard
      section.
  4. Click
    Save
    to save the configuration.
Configure Alarm and QoS Metrics
You can configure the subsystem properties of alarms. You can also specify thresholds to generate QoS messages for count of matches.
Follow these steps:
  1. Navigate to the
    Watcher Monitors
    node.
  2. Select
    Publish Data
    in the
    Alarms and QoS Metrics
    section to enable QoS messages.
    The probe only generates QoS messages when
    Generate Quality of Service
    is selected in the
    Profile name
    node >
    General Properties
    section.
  3. Update the following information configure the alarms properties:
    • Message Subsystem ID:
      defines the subsystem ID of alarms.
    • Suppression Key:
      defines a suppression key to avoid multiple instances of the same alarm.
      • If you leave this field blank, the probe puts the suppression key as blank and all watcher alarms are suppressed on a single alarm. This may not be a desired requirement if you have too many watcher rules. CA recommends you to consider before leaving this field blank
      • Avoid using underscore in the suppression key. For example, use ${PROFILE}-$WATCHER or ${PROFILE}/$WATCHER instead of the ${PROFILE}_$WATCHER
    • Source:
      defines the alarm source that is mentioned the sender of the alarm.
      The value can be used to impersonate the host system.
  4. Update the following information if you have enabled QoS generation for count matches:
    • Threshold Operator:
      defines the operator for the variable.
    • Count Match Threshold:
      defines the threshold value for the variable.
      The match count is calculated as follows:
      • Number of times the format rule is identified, when there is an active format rule.
      • Number of times the watcher rule is identified, when an active format rule is not attached to the watcher.
  5. (Optional)
    Specify a
    Pattern Match  Threshold
    value to generate pattern match alarms when the specified threshold value is breached.
    Pattern Match Threshold
    is only applicable for the
    updates
    operating mode.
    From
    version 3.70,
    the probe does not generate watcher alarms when you specify pattern match thresholds. The probe only generates the applicable alarm when the pattern match threshold breached.
  6. (From logmon 3.70)
    Specify the
    Pattern Threshold Message
    and the
    Pattern Threshold Severity
    for the alarms when the specified threshold value is breached and override the default alarm message and severity. The
    Pattern Threshold  Severity
    field is enabled only if you specify a
    Pattern Threshold  Message
    . If you do not specify a message and severity, the probe generates an alarm with the default message and the
    Message Severity
    defined in the
    Standard
    section.
  7. (From logmon 3.91)
    Define the values for Variable Exceed Alarm:
    • Variable Exceed Threshold
      : Define the minimum number of times the Threshold breach for all defined variables must occur for the probe to generate the alarm.
    • Variable Threshold Alarm Text
      : Defines the message text sent with the alarm.
    • Variable Threshold
      Severity: Define the severity of the alarm. The probe will generate the alarms only for the defined severity. If you do not define any severity, the probe sends the default message defined in the
      Standard
      section.
    • Variable Threshold
      Suppression Key: Define the suppression key to avoid multiple instances of the same alarm .
      : The Variable Exceed Alarm is applicable for the Update and Command mode. Setting the alarm disables the watcher rules.
  8. Update the following information to configure QoS properties:
    • QoS Name:
      allows you to select the QoS definition to use.
      You can also select a custom QoS.
    • QoS Target:
      defines the QoS target where the QoS value is measured.
      Default: profilename.watchername
  9. Select
    Compute Baseline
    to enable thresholds. This option might not be available depending on your CA Unified Infrastructure Management configuration. For more information, see Configuring Alarm Thresholds.
  10. Click
    Save
    to save the configuration.
    uimpga-ga
    Alarm Thresholds
    The alarm threshold options that are available can vary depending on the probe versions installed at the hub level. The alarm threshold settings to allow the probe to:
    • Send alarms when threshold criteria is met
    • Indicate to baseline_engine to compute baselines
    See Configuring Alarm Thresholds for details.
Configure Exclude Rules
You can configure exclude rules for each Watcher rule to define expressions to be excluded for monitoring. The probe ignores these text blocks or lines where the excluded expression exists. You can define multiple exclude rules.
Follow these steps:
  1. Select the required watcher rule.
  2. Open the
    Excludes
    tab.
  3. Right-click and select
    New
    .
    The
    Add New Exclude Definition
    dialog appears.
  4. Enter a name for the rule.
  5. Click
    OK
    .
    The exclude rule is created.
  6. Specify text or expression in the
    Exclude Expression
    field to exclude lines or blocks of input from monitoring.
Each block or line of input is checked to see if the expression entered in the
Exclude Expression
field is found. If a match occurs, the line or block is ignored and does not trigger any action.
Configure Advanced Profile Properties
You can configure format and exclude rules to refine the text that is monitored in the log files.
You can also perform the following operations:
  • Use time formatting primitives
  • Configure command exit code alarms
  • Use variable expansion in alarms
For more information, see logmon Advanced AC Configuration.
Test Created Profile
You can test file and command profiles created in your probe.
The probe does not support testing queue profiles.
Test File Profile
The
Test Profile
option allows you to verify a file profile before activating it in a production environment. You can configure rules and monitoring properties before testing a profile.
Follow these steps:
  1. Click the
    Options (icon)
    next to the
    profile name
    node.
  2. Select
    Test Profile
    .
    The Test Profile dialog appears.
  3. Select one of the following options and update the applicable fields:
    • Test File:
      allows you to specify that a file is to be tested.
      You can use pattern matching and regular expressions for files. For example, use the wildcard operators
      *.txt
      for identifying multiple log files at run time. You can use regular expressions as discussed in the  section in logmon Hints and Examples.
      • File
        : defines the full name of the log file.
      • logmonBrowse.png : allows you to open the
        Remote File Browser
        dialog to navigate to and select a file to monitor.
    • Test String:
      allows you to specify that a string is to be tested.
      • String:
        specifies the string to be texted.
  4. Update the following information to verify a profile:
    • File Encoding:
      allows you to select the character encoding of the file selected for monitoring.
      The field also allows you to select the character encoding of the html file generated for the URL.
    • Watchers:
      allows you to double-click a watcher in the
      Available
      list to move it to the
      Selected
      list.
      A selected watcher is included in the test execution.
  5. Click
    Submit
    to validate the watcher rule.
    The probe displays the output alarms. Each record displays a watcher rule and the corresponding message that is generated. If there are no matches, the probe displays a No Results dialog.
(From logmon 3.70) Test Command Profile
You can test the command profiles to verify whether the profile configuration and execution is correct. The test feature is available from the Probe utility only.
Follow these steps:
  1. Activate a command profile in the probe.
  2. In Admin Console, click the icon next to
    logmon
    , and select
    Probe Utility
    from the menu. Click the icon next to the probe name. A pop-up menu displays.
  3. In the Probe Utility, select the
    testprofile
    Command.
  4. Specify the
    profilename
    , and click the
    green arrow
    button.
    If you do not
    Enable Command Timeout
    in your profile, the command does not stop and the probe becomes unresponsive.
The probe generates alarms for the profile, which you can view on the Alarm Console.
More information: