logmon IM Configuration

This article is for probe versions 3.5 or later.
uimpga-ga
logmon_IM
This article describes the configuration concepts and procedures to set up the Log Monitoring (logmon) probe. The probe is configured to monitor log files, web pages, messages from queues, and output from commands. The probe is deployed with some default configuration such as alarms, QoS measurements, and monitoring profiles. You can use the default configuration or can modify the settings, as needed.
 
This article is for probe versions 3.5 or later.
 
The following diagram outlines the process to configure the logmon probe.
Configuring_logmon (IM)
Configuring_logmon (IM)
 
Contents
 
 
 
2
 
 
Verify Prerequisites
The probe has the following prerequisites:
  • Verify that required hardware and software is available and preconfiguration requirements are met before you configure the probe. For more information, see logmon (Log Monitoring) Release Notes . 
  • Verify that the 
    url_response
     probe is deployed and active to monitor URLs using the logmon probe.
  • Before you deploy the probe version 3.80, you must enable the FIPS encryption on the system where the probe is configured.
Configure General Properties
You can set up the logging and global monitoring properties of the probe. The probe uses the default settings if you do not configure the general properties.
 
Follow these steps: 
 
  1. Click the 
    Edit General Properties 
    icon from the toolbar.
    The 
    General
     tab of the 
    Setup
     window appears.
  2. Select 
    Active
     to activate the probe for monitoring.
    Default: Selected
  3. Update the following information to configure the log properties.
    The log file of the probe (excluding the system log files) contains information about the activity of the probe itself.
    •  
      Log File Size:
       specifies the size of the log file where the internal log messages of the probe are written, in kilobytes. When this size is reached, new log file entries are added and the older entries are deleted.
      Default: 100
    •  
      Log Level: 
      specifies the level of details that are written to the log file.
      Default: 0 - Fatal 
       Log as little as possible during normal operation to minimize disk consumption, and increase the amount of detail when debugging.
  4. Update the following information to configure global properties of format and watcher rules. The rules allows you to specify and refine the text that is monitored in the log files.
    The values apply to all monitoring profiles of the probe.
    •  
      Format Interval: 
      defines the number of intervals to save the incomplete pattern details of a format rule. An incomplete pattern is created when the start and end expressions of a format rule are identified in the text in different monitoring intervals.
       The 
      Format Interval
       value is not applicable in the following situations:
      • A regular expression is used in the 
        File
         field in the 
        General
         tab of a profile to monitor multiple files.
      • The probe has generated a missing file alarm during any interval.
    •  
      Run Command Threads: 
      defines the maximum number of commands a watcher rule can execute, when the watcher expression matches.
      Example: the value is set to 10 and the watcher rule expression matches 12 times in an interval. Here, the probe executes the command 10 times. The command is defined in the 
      Run Command on Match
       section in the 
      Standard
       tab of a watcher rule.
  5. Update the following information to configure the character encodings of the log files in non english locales:
    •  
      Output Encoding: 
      defines the character encoding to generate alarms and QoS messages when the probe is deployed in a non english locale. The probe also uses the encoding to identify the file name that is specified in the monitoring profile.
    •  
      System Encoding: 
      specifies the encoding of the system where the probe is deployed.
  6. Update the following information to configure alarms for missing or open files:
     If a regular expression is used in a profile, the alarm is generated only when there are no files in the specified directory.
    •  
      Enable File Missing/Open Alarm: 
      generates an alarm if the monitored log file is missing or is not readable by the probe. This option also clears the alarm in the subsequent interval after the probe reads the file.
       CA does not recommend you to use this option when using regular expressions to identify any file. This can cause unknown probe behaviour on different operating systems.
    •  
      Clear Alarm on Restart: 
      generates a clear alarm when the probe restarts and successfully reads a log file that was missing earlier.
      Example: the probe generates file missing alarms and then restarts. The probe generates a clear alarm if this option is selected.
       This field is enabled only when you select 
      Enable File Missing/Open Alarm
      .
  7. Update the following information to configure the user credentials for the probe, if required.
    •  
      Run as User: 
      allows you to define the user credentials to access directories and files of the host or network system.
      •  
        User Name (Including domain name):
         defines the username for the credentials in the following format:
        <domain name>/<user name>
      •  
        Password:
         defines the password for the specified user name.
  8. Click the 
    Quality of Service Definitions
     tab to add or delete custom QoS from the probe.
    For more information, see Create and Configure Custom QoS.
  9. Click 
    OK
    .
  10. Click 
    Apply
     to save the configuration.
Create and Configure Custom QoS
You can create QoS in the probe to generate customized QoS messages from profiles.
 
Follow these steps: 
 
  1. Click the 
    Edit General Properties 
    icon from the toolbar.
    The 
    Setup 
    window appears.
  2. Open the 
    Quality of Service Definitions
     tab.
    A list of all custom QoS is displayed.
  3. Click  logmonAddQoS.png .
    The 
    Quality of Service Properties
     dialog appears.
  4. Update the following information, as required to configure the QoS:
    •  
      QoS Name
      : enters a name for the QoS.
    •  
      QoS Description: 
      enters any additional information for the QoS.
    •  
      QoS Unit and Unit Abbreviation
      : selects an appropriate unit and its abbreviation for the QoS.
      Default: Bytes
    •  
      Has Maximum value
      : allows you to specify the maximum permissible value for the QoS.
    •  
      As Expected:
       allows you to generate the QoS messages according to the expected value set for that variable. If not selected, the QoS messages on variables are sent after a specific time interval.
  5. Click 
    OK
     to create the QoS.
  6. Click 
    OK 
    to close the
     Setup
     window.
  7. Click 
    Apply
     to save the configuration.
 You can also select a QoS and click  logmonDelQoS.png  to delete the QoS definition from the probe. Watcher rules in profiles that use the deleted QoS revert to the default QoS.
Create a Profile
You can create a profile to monitor any of the following entities. Special time-formatting primitives are also available for targets such as files, commands, queues and URLs. For more information, see the 
Use Time Formatting Primitives
 section in logmon Advanced IM Configuration.
  •  Files: You can monitor files using the 
    cat
    full
    full_time
    , and 
    updates 
    operating modes. You can monitor the files using the Universal Naming Convention (UNC) path on a Windows system only.
     CA recommends you to monitor large files only in the 
    Updates
     mode. Monitoring large files from start can increase the CPU usage.
  •  Commands: You can specify a command and can monitor the output, using the 
    command
     operating mode. You can also specify thresholds to generate alarms for exit codes.
    For more information, see the 
    Configure Command Exit Code Alarms
     section in logmon Advanced IM Configuration.
: On Windows platform, the logmon probe does not support commands such as Telnet that require two way communication between the user and the system. 
  •  Queues: You can monitor messages in queues of the CA UIM hub where the probe is deployed. The profile uses the 
    queue
     operating mode.
  •  URLs: You can specify web-based URLs to monitor web page content, using the 
    url
     operating mode.
(From logmon 3.56)
 In the url mode, the probe generates single alarm for all the matches in the webpage when using * as the match expression.
You can also set up timeout, alarm, and authentication properties of the website. For more information, see the 
Configure URL Settings
 section in logmon Advanced IM Configuration.
 The probe uses the url_response probe to monitor URLs. You can only create watcher rules for URLs.
 
Follow these steps:
 
 Skip 
Step 1
 and 
Step 2
 to configure an existing profile. Double click a profile to start configuring.
  1. Click  logmonCrtProfile.png  from the toolbar. 
  2. Define the profile name in the 
    Name 
    field and click 
    OK
    .
    The new profile appears in the left pane.
  3. In the 
    General
     tab, select the operating mode to define the type of log files to be monitored.
    •  
      cat:
       indicates the probe to always scan the log file from beginning until the end.
    •  
      command: 
      indicates the probe to scan the output of a console command.
       The 
      command
       operating mode is not available for the IBM iseries environment.
    •  
      full: 
      indicates the probe to scan the log file from beginning to the end, only when the file is modified. A file is considered as modified when the content of the file is updated.
    •  
      full_time: 
      indicates the probe to scan the log file from beginning to the end, only when the file is modified. A file is considered as modified when the modification time of the file is updated.
    •  
      queue: 
      indicates the probe to scan the messages of a CA UIM queue. The queue is configured in the CA UIM hub where the probe is deployed. The probe scans the message text and line string fields in the message.
    •  
      updates
      : indicates the probe to scan the file from the last EOF mark that was placed when the file was modified. The probe uses the end of the file, the file size, and the file modification time to determine modifications.
       CA recommends using 
      updates
       mode when new entries are inserted at the end of the log file. If a file is modified before the EOF mark, the probe scans the entire file again.
    •  
      url
      : indicates the probe to scan the content of the web page, which is accessible at the given URL.
      Deploy the url_response probe on the same robot as the logmon probe.
  4. Specify the values in the available fields for the selected mode:
    •  
      cat, full, full_time, updates: 
      The available fields are as follows:
      •  
        File: 
        defines the full name of the log file for monitoring.
        You can use pattern matching and regular expression. For example, use the wildcard operators 
        *.txt
         for identifying multiple log files at run time. You can use regular expressions as discussed in the  section in logmon Hints and Examples.
      •  
        Browse: 
        allows you to open the 
        Select File
         dialog to select the file to be monitored. You can also monitor the files using the UNC path on a Windows system only. For example, the following screenshot shows you how to access the remote files using the probe.
        UNC_logmon.jpg  
      •  
        File Encoding:
         allows you to select the character encoding of the input file that is selected for monitoring. The probe detects the encoding of the input file automatically. However, you can specify the appropriate character encoding when the probe fails to detect the character encoding. For example, specify the file encoding as 
        Windows-1252
         for monitoring binary and data files in a Linux environment.
      •  
        View:
         allows you to view the contents of the selected file. The probe displays incorrect text if the encoding of the file is different from the specified value.
         Verify the value of 
        System Encoding
         in the 
        Setup
         dialog if the probe shows garbled text in the log file. For more information, see Configure General Properties.
    •  
      command
      : The available fields are as follows:
      •  
        Command: 
        defines the command for monitoring the output.
      •  
        Browse: 
        allows you to open the 
        Select File
         dialog to navigate to and select the file with the commands to be monitored.
      •  
        Encoding:
         allows you to select the output character encoding of the command that is specified for monitoring.
      •  
        Exit Code Monitoring: 
        allows you to configure multiple exit codes as threshold.
        The 
        Settings
         button is enabled.
      •  
        Settings:
         opens the 
        Thresholds
         dialog to specify thresholds to generate alarms for exit codes.
        For more information, see the 
        Configure Command Exit Code Alarms
         section in logmon Advanced IM Configuration.
      •  
        Set Command Timeout: 
        enables the option to configure the timeout duration for executing the command.
         Active processes that were previously executed are not terminated.
      •  
        Command Timeout (Seconds): 
        defines the time duration (in seconds) after which the probe terminates the associated process. The value must be less than the value in the 
        Check Interval
         field. Parent and child processes are terminated using this option. For example: the profile has executed a batch file which has internally executed another process. The probe terminates both the batch script process and the child process.
         In 
        Windows
         systems, you must keep the association between the batch file process and its child processes. If the child process is not associated with the parent process; the probe does not terminate the child processes.
        Example: you can execute the 
        START/W C: \Windows\System32\notepad.exe
         command (with 
        /W
         option) in a batch file for creating association between the child process (notepad.exe) and the parent batch file process.
      •  
        Generate Alarm: 
        enables the profile to generate an alarm when a command times out and the probe terminates the associated processes.
      •  
        Severity: 
        specifies the severity of the command timeout alarm.
    •  
      queue:
       The available fields are as follows:
      •  
        Queue: 
        specifies the queue name of the CA UIM hub for monitoring messages of the queue.
      •  
        Browse: 
        allows you to open the 
        Select Queue
         dialog to select the queue to be monitored.
      •  
        Encoding:
         allows you to select the character encoding of the queue that is specified for monitoring.
    •  
      url
      : The available fields are as follows:
      •  
        Url
        : defines the URL to monitor the content of the html file generated for the URL.
         From version 3.90, the probe does not expand the % symbol in URL profiles to time formatting primitives.
      •  
        Settings:
         allows you to set up timeout, alarm, and authentication properties of the website.
        For more information, see the 
        Configure URL Settings
         section in logmon Advanced IM Configuration.
      •  
        Encoding:
         allows you to select the character encoding of the html file generated for the URL.
      •  
        View:
         allows you to view the source text of the html page using the default editor for 
        txt
         files.
  5. Update the following information to configure the probe interval, file read position, QoS, and alarm properties:
    •  
      Check Interval: 
      specifies the time interval which the profile runs.
      Reduce this interval to increase the frequency of alarms. A shorter interval can also increase the system load.
    •  
      Set File Read Position: 
      allows you to set the position in the file from where the probe starts monitoring.
      The 
      Set File Read Position
      Initial File Read Position
      , and 
      Resume File Read Position
       options are only applicable to 
      updates
       operating mode.
      The following fields are available for configuration:
      •  
        Initial File Read Position:
         defines the start position from where the probe starts monitoring the file.
        The value can be Start of File or End of File.
      •  
        Resume File Read Position: 
        defines the position from where the monitoring is resumed, if the probe or the profile is restarted.
        The value can be Last Read Line or End of File.
    •  
      Generate Quality of Service:
      enables the profile to send the QoS messages for variables and number of matches.
    •  
      Generate Alarm: 
      enables the alarm message for each matching expression of the watcher rule.
    •  
      Send Message Using a Specific Subject: 
      defines the custom subject of the alarm, which overrides the default subject.
      Specify a Subject that is displayed when the logmon probe generates a CA UIM message.
      The 
      Subject
       field is enabled only when 
      Send Message Using a Specific Subject
       is selected.
    •  
      Maximum Alarm Count: 
      defines the limit to the number of alarms, the watcher in profile can generate.
      (From logmon 4.0)
       The field 
      Maximum Alarm Count 
      defines the limit for the number of alarms the Suppression Keys in a watcher can generate. To enable the probe to generate alarms based on suppression keys, create the key 
      MaxAlarmPerWatcherSuppKey 
      and set the value for the key as 
      Yes
      .
      To add the 
      MaxAlarmPerWatcherSuppKey 
      key, follow these steps:
      1. Navigate to the 
        Raw Configure
         interface > 
        setup
         section.
      2. Add a new key
         
         
        MaxAlarmPerWatcherSuppKey
         
         
        and set the value as
         Yes
        .
      3. Save the configuration and restart the probe.
      For an example of Maximum Alarm Count based on Suppression Keys, see logmon Use Case Examples.
      • If the value for the key
         MaxAlarmPerWatcherSuppKey 
        is set as 
        No, 
        then
         Maximum Alarm Count 
        number
        if used
        defines the limit to the number of alarms, the watcher in a profile can generate.
      • If the value for the key 
        MaxAlarmPerWatcherSuppKey 
        is set as 
        Yes
        ,
         
        then
         Maximum Alarm Count 
        number
        if used
        defines the limit to the number of alarms, a suppression key of a watcher in a profile can generate.
      • If the value for the key 
        MaxAlarmPerWatcherSuppKey 
        is set as 
        Yes, 
        it is expected that 
        suppression keys
         are configured for a watcher. If watcher 
        suppression key
         is not configured, then default 
        suppression key
         generated from the profile name and watcher name is used.
    •  
      Maximum Alarm Level: 
      specifies the maximum alarm level.
    •  
      Maximum Alarm Message: 
      defines the alarm message text, the probe generates when the maximum alarm count is reached.
      You can use variables in the 
      ${Variable}
       format. For more information, see the 
      Variable Expansion in Alarms
       section in logmon Advanced IM Configuration.
    •  
      (From logmon 3.70) Enable File Missing/Open Alarm:
       generates an alarm if the monitored log file is missing or is not readable by the probe. This option also clears the alarm in the subsequent interval when the probe can read the file. 
    •  
      (From logmon 3.70) Clear Alarm on Restart:
       generates a clear alarm when the probe restarts and successfully reads a log file that was missing earlier. This field is enabled only when you select 
      Enable File Missing/Open Alarm
      .
      Example: the probe generates file missing alarms and then restarts. The probe generates a clear alarm if this option is selected.
       The 
      Enable File Missing/Open Alarm 
      and
       Clear Alarm on Restart
       options apply to a profile only if these options are not selected in the probe
       Setup
       window. If you do not want to configure alarms for a profile, do not enable these options in the probe 
      Setup
       window and in the profile. 
    •  
      (From logmon 4.0) Directory Recursion: 
      Enables the probe to recurse into sub folders
       
      to find a matching file pattern.
    •  
      (From logmon 4.0) Number of levels to Recurse: 
      specifies the maximum number of sub folders the probe searches to find a matching file pattern.
      The 
      Directory Recursion
       and 
      Number of levels
       
      to Recurse
       functionality is applicable only for 
      cat, full, full_time, 
      and 
      updates 
      operating modes.
      The
       Directory Recursion 
      and
       Number of levels to Recurse 
      options are not applicable for the
       Test Profile 
      option. Enabling the
       Directory Recursion 
      and
       Number of levels to Recurse 
      options with the
       Test Profile 
      option may adversely affect the probe performance.
  6. Select the checkbox next to the profile name in the left pane to activate the profile.
  7. Click 
    Apply
     to save the configuration.
Create Watcher Rules
A Watcher Rule defines a pattern to identify the required information in the target file and generate QoS and alarm messages. If a format rule is also specified, the watcher rule looks for the information in the matching text block. You can attach multiple watcher rules with one format rule, but the probe generates a separate alarm for each rule. If a watcher rule is not attached to any format rule, then the rule applies to all active format rules.
Right-click and select 
New
 to create a watcher rule. You can configure the following properties of the rule:
  • Match expressions and alarms that are generated using the Standard tab.
  • Create watcher variables from monitored text to include in alarms using the Variables tab.
  • Attach a format rule to the watcher rule using the Advanced tab.
  • Configure Quality of Service properties using the QoS tab.
  • Configure subsystem properties using the Alarm tab.
  • Configure Exclude rules using the Excludes tab.
 Watchers are executed in the order they appear in the list. Right-click a watcher in the list, to reorder.
Configure Standard Properties
You can configure the following watcher rule properties in the Standard tab:
  • Match expressions
  • Alarm on match
  • Command to execute on match
 
Follow these steps: 
 
  1. Select the required watcher rule.
  2. Open the 
    Standard
     tab.
  3. Update the following information to configure the match expression properties:
    •  
      Match Expression: 
      defines a regular expression to specify the text to be watched in the log messages. On probe versions 3.60 and later, you can also specify a pattern file to use multiple strings in the regular expression. For more information, see 
      Create Watcher Rules
      .
      You must define a 
      Match Expression
       to generate QoS messages.
    •  
      Message to Send on Match: 
      defines the alarm message text, which the probe generates when the log file text matches the regular expression.
      You can use variables in the 
      ${Variable}
       format. For more information, see the 
      Variable Expansion in Alarms
       section in logmon Advanced IM Configuration.
      If the profile generates QoS messages, the message text is converted into an integer value. The converted value is displayed as the sample value of the QoS message for each watcher match. If the message text is a string, it gets converted to 0.
    •  
      Message Severity: 
      allows you to
       
      select the severity of the alarm message.
  4.  
    (From logmon 3.60)
     Update the following information to use multiple strings in a regular expression. For more information, see 
    Using Pattern Files
     in logmon Hints and Examples.
     The probe only supports text files in which the each string is listed as a new line.
    •  
      Enable regex from external file:
       allows you to use the same regular expression with multiple strings.
       8-bit PCRE supports a maximum length of 30000 characters for the regex and string combination. Ensure that each regex and string combination is a valid regular expression.
    •  
      Token to be replaced:
       replaces the specified text in the match expression with each string in the file and executes the rule.
    •  
      Path to pattern file:
       specifies the path of the file with the pattern strings to include in the expression. You can also browse and select the pattern file with the strings for the regular expression.
       Restart the probe if you modify the pattern file. The probe only supports UTF-8 encoding for the pattern file.
  5. Update the following information to specify commands to execute on a match:
    •  
      Run command on match:
       allows you to run commands or batch files with optional parameters, when the log file text matches the expression.
      The Browse, Command Executable, Command Arguments, and Timeout fields are enabled after you select the checkbox.
       The probe cannot run VB script (.vbs) files. You can use the 
      cscript
       utility to execute a VB script file from a batch file.
    •  
      Browse: 
      allows you to open the 
      Select File
       dialog to navigate to and select the file with the commands to be executed.
    •  
      Command Executable: 
      specifies the command or the path of the batch file with the commands to be executed.
       To execute the command successfully, ensure that the path to the executable files or commands does not contain any spaces.
    •  
      Command Arguments:
       specifies the arguments to be executed with commands.
    •  
      Timeout: 
      defines the time duration (in seconds) after which the probe terminates the associated process. The value must be less than the value in the 
      Check Interval
       field. Parent and child processes are terminated using this option. For example: the profile has executed a batch file which has internally executed another process. The probe terminates both the batch script process and the child process.
       In 
      Windows
       systems, you must keep the association between the batch file process and its child processes. If the child process is not associated with the parent process; the probe does not terminate the child processes.
      Example: you can execute the 
      START/W C: \Windows\System32\notepad.exe
       command (with 
      /W
       option) in a batch file for creating association between the child process (notepad.exe) and the parent batch file process.
  6. Check 
    Alarm on First Match only
     to generate alarm for only the first instance of the match expression in the monitored log.
  7. Select the checkbox next the rule to enable the watcher rule.
  8. Click 
    Apply
     to save the configuration.
Configure Custom Variables
You can create and configure custom variables to use in alarm and QoS messages. The variables can retrieve text from the log file and use it in probe alarms. You can use variables in the 
${Variable}
 format. For more information, see the 
Variable Expansion in Alarms
 section in logmon Advanced IM Configuration. You can also configure thresholds in the variable to generate alarms.
 
Follow these steps: 
 
  1. Select the required watcher rule.
  2. Open the 
    Variables
     tab.
  3. Right-click and select 
    New
    .
    The Variable Settings dialog appears.
  4. Update the following information to configure the variable properties:
    •  
      Name: 
      specifies a name for the variable.
    •  
      Source Line:
       allows you to define the beginning of the log file to extract the variable value.
      The option is used when format rules are also used.
       Do not select the source line while monitoring a URL.
    •  
      Text block: 
      allows you to specify the entire text block as a variable. The content is used without truncating any control characters and all other fields are disabled.
    •  
      Source FROM Position
      •  
        Column: 
        defines the column in the source to retrieve the variable value.
      •  
        Character Position: 
        defines the character position in the source line to retrieve the variable value.
      •  
        Match Expression: 
        retrieves the variable value from the match expression of the watcher.
    •  
      Source TO Position
      •  
        Ignore ‘To’: 
        ignores the '
        TO'
         position and extracts the entire content from the starting position to the end of log file.
      •  
        To column: 
        specifies the end column position to retrieve the variable value.
      •  
        To End of Line: 
        retrieves the variable value to the end of line of the starting position.
  5. Update the following information to configure thresholds (
    Expected Value
    ) for the variable:
    •  
      Operator: 
      defines the operator for the variable.
    •  
      Threshold: 
      defines the threshold value for the variable.
    The watcher generates an alarm if the expected values are not met. For example, if you set threshold condition as ${VariableName} < 21, then no alarms are generated for values less than 21. The variables are assigned values according to the definition, such as a word on each line.
  6. Click 
    OK
    .
  7. Define a character to separate fields in each record of the log file in the 
    Field Separator
     field.
     All variables are stripped of trailing whitespace after they are extracted, (no matter how they are extracted). The leading whitespace is handled on the basis of the mechanism used and the characters in the separator list.
    Some examples of field separators are as follows:
    • Space: ‘white space’ (<return>, <tab>, <space>). The space is the default field separator.
    • Colon: The record is first divided into fields, based on <tabs> found. Then, if a colon character (: ) is found in a field (for example, time format hh: mm), the field is further divided.
    • \\ indicates that the <backslash> character (\) is used as a field separator.
  8. Select the checkbox next the rule to enable the watcher rule.
  9. Click 
    Apply
     to save the configuration.
Configure Advanced Properties
You can assign the watcher rule to a format rule specified for the profile.
 If no format rule is specified, the watcher rule applies to all active format rules.
 
Follow these steps: 
 
  1. Select the required watcher rule.
  2. Open the 
    Advanced
     tab.
  3. Update the following information to assign the watcher rule to a format rule:
    •  
      Restrict to Format Definition: 
      allows you to select
       
      a format rule to apply the watcher rule on the text block.
    •  
      Abort on Match: 
      aborts to run remaining watchers after the match is found in same line of the monitoring file.
      With no format rules, each line is considered as an individual format. When the Watcher finds a match, the remaining watchers are aborted only for that line. However, if format rules are applied, then the match is applied to the entire format even if it spans multiple lines. See the following example for more information:
       
      Example:
       
      Create a file, C:Sample.txt, with the following content:
      "Critical Oracle error"
      "Critical OS error"
      "Critical file system error"
      "random Critical error
      Create a logmon profile with 4 watcher profiles and enable QoS and alarms 
      Oracle
      match expression = /.*Critical Oracle error.*/
      Abort on match = yes
      OS
      match expression = /.*Critical OS error.*/
      Abort on match = yes
      FS
      match expression = /.*Critical file system error.*/
      Abort on match = yes
      other
      match expression = /.*Critical.*/
      Abort on match = yes
      In the above example, since there is single content in the Sample.txt file as per watcher regex, that part is only matched in line. If there are more words or bigger line with content matching 
      Abort on Match
      , the content after the first match is skipped and the remaining watchers are not processed for the rest of the content.
      If you have only enabled watchers and no format rules are specified, then when the Sample.txt file is read, each line of the file is treated as a single format. The watchers are applied on every line resulting in alarms because each line is treated as a single format.
    •  
      Match on Every Run: 
      enables the probe to match values for the specified format rule each time a log file is scanned.
      For example, some applications write heartbeat messages to a log. If a match is found, the probes generates alarms as configured in 
      Message to Send on Match
      . If the match is not found the probe generates the alarm that is configured in the 
      Standard 
      tab.
      Message to Send on Match, Message Severity, and Send Clear Alarms fields are enabled only when Match on Every Run is selected.
    •  
      Message to Send on Match: 
      defines the alarm message text that the probe generates when the log file text matches the regular expression.
      You can use variables in the 
      ${Variable}
       format. For more information, see the 
      Variable Expansion in Alarms 
      section in logmon Advanced IM Configuration.
      If the profile generates QoS messages, the message text is converted into an integer value. The converted value is displayed as the sample value of the QoS message for each watcher match. If the message text is a string, it gets converted to 0.
    •  
      Message Severity: 
      allows you to
       
      select the severity of the alarm message.
    •  
      Send clear alarm: 
      allows you to generate a clear alarm if all variable values are as expected. This option is applicable when testing if a variable is as expected, and a suppression key is set in the 
      Alarm
       section. It does not have any effect on a Watcher that only verifies log entries, or where variables are not verified. A clear alarm is generated for the following alarm messages:
      • Alarm that is configured in the 
        Standard 
        tab.
      • Alarm that is configured in the 
        Alarm 
        tab when the match count threshold breaches.
         Define a suppression key in the 
        Alarm 
        tab. The probe sends clear alarms for alarms that are generated by configuration in the 
        Alarm
         tab.
  4. Select the checkbox next the rule to enable the watcher rule.
  5. Click 
    Apply
     to save the configuration.
Configure QoS on Variables
You can configure the profile to generate QoS messages for the number of matches by the watcher rule. You can also configure QoS messages for variables created in the 
Variables
 tab.
 You must use different QoS definition for watcher and variables. Using the same QoS indicates the probe to generate the same QoS multiple times.
 
Follow these steps: 
 
  1. Select the required watcher rule.
  2. Open the 
    QoS
     tab.
  3. Update the following information to generate QoS messages for the number of matches:
    •  
      Count matches:
       allows you to enable QoS messages on the number of matches found by the watcher rule.
       If the option is not selected, the probe generates QoS for each watcher match. This is applicable if the profile generates only QoS message.
    •  
      QoS Name: 
      allows you to select the QoS definition to use.
      You can also select 
      <Add New QoS Definition>
       to specify a custom QoS.
    •  
      QoS Description: 
      displays a short description of the QoS message.
    •  
      QoS Target: 
      defines the QoS target where the QoS value is measured.
      Default: profilename.watchername 
  4. Select the checkbox next to the variable name in the 
    QoS on Variables
     table to activate QoS generation for the variable.
    The table lists the variables that are defined in the 
    Variables
     tab for the watcher rule.
  5.  
    (Optional)
     Right-click a variable and select 
    Edit
    .
    The 
    Set QoS Variable Values
     dialog appears.
  6.  
    (Optional)
     Update the following information to configure the QoS message for each variable:
    •  
      Name: 
      displays the name of the configured variable.
    •  
      QoS Name: 
      allows you to select the QoS definition to use.
      You can also select 
      <Add New QoS Definition>
       to specify a custom QoS.
    •  
      QoS Target: 
      defines the QoS target where the QoS value is measured.
      Default: profilename.watchername
     QoS on variables are sent on numeric value or state (true or false) when the 
    As Expected
     option is selected on QoS definition dialog. The QoS tab is enabled only when the 
    Generate Quality of Service
     check box is selected on the 
    General
     tab.
  7. Click 
    OK
    .
    The 
    Set QoS Variable Values
     dialog closes. 
  8. Select the checkbox next the rule to enable the watcher rule.
  9. Click 
    Apply
     to save the configuration.
Configure Alarm Properties
You can configure the subsystem properties of alarms in the Alarm tab. You can also specify thresholds to generate alarms for count of matches.
 
Follow these steps: 
 
  1. Select the required watcher rule.
  2. Open the 
    Alarm
     tab.
  3. Update the following information to configure alarm properties:
    •  
      Message Subsystem ID: 
      defines the subsystem ID of alarms.
    •  
      Suppression Key: 
      defines a suppression key to avoid multiple instances of the same alarm.
      • If you leave this field blank, the probe puts the suppression key as blank and all watcher alarms are suppressed on a single alarm. This may not be a desired requirement if you have too many watcher rules. CA recommends you to consider before leaving this field blank
      • Avoid using underscore in the suppression key. For example, use ${PROFILE}-$WATCHER or ${PROFILE}/$WATCHER instead of the ${PROFILE}_$WATCHER
    •  
      Source: 
      defines the alarm source that is mentioned as the sender of the alarm.
      The value can be used to impersonate the host system.
  4. Update the following information if you have enabled QoS generation for count matches in the 
    QoS
     tab:
    •  
      Operator: 
      defines the operator for the variable.
    •  
      Threshold: 
      defines the threshold value for the variable.
    The match count is calculated as follows:
    • Number of times the format rule is identified, when there is an active format rule.
    • Number of times the watcher rule is identified, when an active format rule is not attached to the watcher.
  5.  
    (Optional)
     Specify a 
    Threshold
     value to generate pattern match alarms when the specified threshold value is breached. 
    Pattern Match Threshold
     is only applicable for the 
    updates
     operating mode.
    From 
    version 3.70,
     the probe does not generate watcher alarms when you specify pattern match thresholds. The probe only generates the applicable alarm when the pattern match threshold breached.
  6.  
    (From logmon 3.70)
     Specify the 
    Message to Send
     and the threshold 
    Severity
     for the alarms when the specified threshold value is breached and override the default alarm message and severity. The 
    Severity
     field is enabled only if you specify a 
    Message to Send
    . If you do not specify a message and severity, the probe generates an alarm with the default message and 
    Message Severity
     defined in the 
    Standard
     tab.
  7.  
    (From logmon 3.91)
     Define the values for Variable Exceed Alarm:
    •  
      Minimum Match Count
      : Define the minimum number of times the Threshold breach for all defined variables must occur for the probe to generate the alarm.
    •  
      Alarm Text
      : Defines the message text sent with the alarm.
    •  
      Severity
      : Define the severity of the alarm. The probe will generate the alarms only for the defined severity. If you do not define any severity, the probe sends the default message defined in the 
      Standard
       section.
    •  
      Suppression Key
      : Define the suppression key to avoid multiple instances of the same alarm .
      : The Variable Exceed Alarm is applicable for the Update and Command mode. Setting the alarm disables the watcher rules.
  8. Select the checkbox next to the rule to enable the watcher rule.
  9. Click 
    Apply
     to save the configuration.
Configure Exclude Rules
You can configure exclude rules for each Watcher rule to define expressions to be excluded for monitoring. The probe ignores these text blocks or lines where the excluded expression exists. You can define multiple exclude rules.
 
Follow these steps:
 
  1. Select the required watcher rule.
  2. Open the 
    Excludes
     tab.
  3. Right-click and select 
    New
    .
    The 
    Add New Exclude Definition
     dialog appears. 
  4. Enter a name for the rule.
  5. Click 
    OK
    .
    The exclude rule is created.
  6. Specify text or expression in the 
    Exclude Expression
     field to exclude lines or blocks of input from monitoring.
 Each block or line of input is checked to see if the expression entered in the 
Exclude Expression
 field is found. If a match occurs, the line or block is ignored and does not trigger any action.
Configure Advanced Profile Properties
You can configure format and exclude rules to refine the text that is monitored in the log files.
You can also perform the following operations:
  • Use time formatting primitives
  • Configure command exit code alarms
  • Configure URL settings
  • Use variable expansion in alarms
For more information, see logmon Advanced IM Configuration.
Test Created Profile
You can test file and command profiles created in the probe.
 The probe does not support testing queue profiles.
Test File Profile
The 
Test Profile
 option allows you to verify a file profile before activating it in a production environment. You can configure rules and monitoring properties before testing a profile. 
 
Follow these steps: 
 
  1. Right-click a profile in the left pane and select 
    Test Profile
    .
    The Test Profile dialog appears.
  2. Specify the file or the url in the text box.
  3. Update the following information to verify a profile:
     The 
    Test File
     and 
    Test String
     fields are only available for profiles created for file monitoring.
    •  
      Test File:
       specifies that a file is to be tested.
    •  
      Test String:
       specifies that a string is to be tested.
       You can only specify a file or a string.
    •  
      Browse: 
      allows you to open the 
      Select File
       dialog to navigate to and select the file to be monitored.
    •  
      File Encoding: 
      allows you to select the character encoding of the file selected for monitoring.
      The field also allows you to select the character encoding of the html file generated for the URL.
    •  
      Watcher Name:
       allows you to select the watchers defined for the profile. A selected watcher is included in the test execution.
  4. Click the 
    Test
     button to validate the watcher rule.
    The 
    Matching 
    section displays the output alarms. Each record displays the watcher rule and the corresponding message that is generated. If there are no matches, the probe displays a No Results dialog.
  5. Click 
    Cancel
     to close the window.
(From logmon 3.70) Test Command Profile
You can test the command profiles to verify whether the profile configuration and execution is correct. The test feature is available from the Probe utility only.
 
Follow these steps:
 
  1. Activate a command profile in the probe.
  2. In Infrastructure Manager, select 
    logmon
     in the main window, and press 
    Ctrl + P
    .
  3. In the Probe utility, select the 
    testprofile
     Probe commandset.
  4. Specify the 
    profilename
    , and click the 
    Send command request
     button on the toolbar.
     If you do not 
    Set Command Timeout
     in your profile, the command does not stop and the probe becomes unresponsive.
The probe generates alarms for the profile, which you can view on the Alarm Console.
 
More information: