logmon IM Configuration

This article is for probe versions 3.5 or later.

uimpga-ga

logmon_IM

This article describes the configuration concepts and procedures to set up the Log Monitoring (logmon) probe. The probe is configured to monitor log files, web pages, messages from queues, and output from commands. The probe is deployed with some default configuration such as alarms, QoS measurements, and monitoring profiles. You can use the default configuration or can modify the settings, as needed.

This article is for probe versions 3.5 or later.

The following diagram outlines the process to configure the logmon probe.

Contents

Verify Prerequisites

The probe has the following prerequisites:

Verify that required hardware and software is available and preconfiguration requirements are met before you configure the probe. For more information, see logmon (Log Monitoring) Release Notes .

Verify that the url_response
probe is deployed and active to monitor URLs using the logmon probe.

Before you deploy the probe version 3.80, you must enable the FIPS encryption on the system where the probe is configured.

Configure General Properties

You can set up the logging and global monitoring properties of the probe. The probe uses the default settings if you do not configure the general properties.

Follow these steps:

Click the Edit General Properties
icon from the toolbar.

The General
tab of the Setup
window appears.

Select Active
to activate the probe for monitoring.

Default: Selected

Update the following information to configure the log properties.

The log file of the probe (excluding the system log files) contains information about the activity of the probe itself.

Log File Size:
specifies the size of the log file where the internal log messages of the probe are written, in kilobytes. When this size is reached, new log file entries are added and the older entries are deleted.

Default: 100

Log Level:
specifies the level of details that are written to the log file.

Default: 0 - Fatal

Log as little as possible during normal operation to minimize disk consumption, and increase the amount of detail when debugging.

Update the following information to configure global properties of format and watcher rules. The rules allows you to specify and refine the text that is monitored in the log files.

The values apply to all monitoring profiles of the probe.

Format Interval:
defines the number of intervals to save the incomplete pattern details of a format rule. An incomplete pattern is created when the start and end expressions of a format rule are identified in the text in different monitoring intervals.

The Format Interval
value is not applicable in the following situations:

A regular expression is used in the File
field in the General
tab of a profile to monitor multiple files.

The probe has generated a missing file alarm during any interval.

Run Command Threads:
defines the maximum number of commands a watcher rule can execute, when the watcher expression matches.

Example: the value is set to 10 and the watcher rule expression matches 12 times in an interval. Here, the probe executes the command 10 times. The command is defined in the Run Command on Match
section in the Standard
tab of a watcher rule.

Update the following information to configure the character encodings of the log files in non english locales:

Output Encoding:
defines the character encoding to generate alarms and QoS messages when the probe is deployed in a non english locale. The probe also uses the encoding to identify the file name that is specified in the monitoring profile.

System Encoding:
specifies the encoding of the system where the probe is deployed.

Update the following information to configure alarms for missing or open files:

If a regular expression is used in a profile, the alarm is generated only when there are no files in the specified directory.

Enable File Missing/Open Alarm:
generates an alarm if the monitored log file is missing or is not readable by the probe. This option also clears the alarm in the subsequent interval after the probe reads the file.

CA does not recommend you to use this option when using regular expressions to identify any file. This can cause unknown probe behaviour on different operating systems.

Clear Alarm on Restart:
generates a clear alarm when the probe restarts and successfully reads a log file that was missing earlier.

Example: the probe generates file missing alarms and then restarts. The probe generates a clear alarm if this option is selected.

This field is enabled only when you select Enable File Missing/Open Alarm
.

Update the following information to configure the user credentials for the probe, if required.

Run as User:
allows you to define the user credentials to access directories and files of the host or network system.

User Name (Including domain name):
defines the username for the credentials in the following format:

<domain name>/<user name>

Password:
defines the password for the specified user name.

Click the Quality of Service Definitions
tab to add or delete custom QoS from the probe.

For more information, see Create and Configure Custom QoS.

Click OK
.

Click Apply
to save the configuration.

Create and Configure Custom QoS

You can create QoS in the probe to generate customized QoS messages from profiles.

Follow these steps:

Click the Edit General Properties
icon from the toolbar.

The Setup
window appears.

Open the Quality of Service Definitions
tab.

A list of all custom QoS is displayed.

Click

The Quality of Service Properties
dialog appears.

Update the following information, as required to configure the QoS:

QoS Name
: enters a name for the QoS.

QoS Description:
enters any additional information for the QoS.

QoS Unit and Unit Abbreviation
: selects an appropriate unit and its abbreviation for the QoS.

Default: Bytes

Has Maximum value
: allows you to specify the maximum permissible value for the QoS.

As Expected:
allows you to generate the QoS messages according to the expected value set for that variable. If not selected, the QoS messages on variables are sent after a specific time interval.

Click OK
to create the QoS.

Click OK
to close the
Setup
window.

Click Apply
to save the configuration.

You can also select a QoS and click

to delete the QoS definition from the probe. Watcher rules in profiles that use the deleted QoS revert to the default QoS.

Create a Profile

You can create a profile to monitor any of the following entities. Special time-formatting primitives are also available for targets such as files, commands, queues and URLs. For more information, see the Use Time Formatting Primitives
section in logmon Advanced IM Configuration.

Files: You can monitor files using the cat
, full
, full_time
, and updates
operating modes. You can monitor the files using the Universal Naming Convention (UNC) path on a Windows system only.

CA recommends you to monitor large files only in the Updates
mode. Monitoring large files from start can increase the CPU usage.

Commands: You can specify a command and can monitor the output, using the command
operating mode. You can also specify thresholds to generate alarms for exit codes.

For more information, see the Configure Command Exit Code Alarms
section in logmon Advanced IM Configuration.

: On Windows platform, the logmon probe does not support commands such as Telnet that require two way communication between the user and the system.

Queues: You can monitor messages in queues of the CA UIM hub where the probe is deployed. The profile uses the queue
operating mode.

URLs: You can specify web-based URLs to monitor web page content, using the url
operating mode.

: (From logmon 3.56)
In the url mode, the probe generates single alarm for all the matches in the webpage when using * as the match expression.

You can also set up timeout, alarm, and authentication properties of the website. For more information, see the Configure URL Settings
section in logmon Advanced IM Configuration.

The probe uses the url_response probe to monitor URLs. You can only create watcher rules for URLs.

Follow these steps:

Skip Step 1
and Step 2
to configure an existing profile. Double click a profile to start configuring.

Click

from the toolbar.

Define the profile name in the Name
field and click OK
.

The new profile appears in the left pane.

In the General
tab, select the operating mode to define the type of log files to be monitored.

cat:
indicates the probe to always scan the log file from beginning until the end.

command:
indicates the probe to scan the output of a console command.

The command
operating mode is not available for the IBM iseries environment.

full:
indicates the probe to scan the log file from beginning to the end, only when the file is modified. A file is considered as modified when the content of the file is updated.

full_time:
indicates the probe to scan the log file from beginning to the end, only when the file is modified. A file is considered as modified when the modification time of the file is updated.

queue:
indicates the probe to scan the messages of a CA UIM queue. The queue is configured in the CA UIM hub where the probe is deployed. The probe scans the message text and line string fields in the message.

updates
: indicates the probe to scan the file from the last EOF mark that was placed when the file was modified. The probe uses the end of the file, the file size, and the file modification time to determine modifications.

CA recommends using updates
mode when new entries are inserted at the end of the log file. If a file is modified before the EOF mark, the probe scans the entire file again.

url
: indicates the probe to scan the content of the web page, which is accessible at the given URL.

Deploy the url_response probe on the same robot as the logmon probe.

Specify the values in the available fields for the selected mode:

cat, full, full_time, updates:
The available fields are as follows:

File:
defines the full name of the log file for monitoring.

You can use pattern matching and regular expression. For example, use the wildcard operators *.txt
for identifying multiple log files at run time. You can use regular expressions as discussed in the section in logmon Hints and Examples.

Browse:
allows you to open the Select File
dialog to select the file to be monitored. You can also monitor the files using the UNC path on a Windows system only. For example, the following screenshot shows you how to access the remote files using the probe.

File Encoding:
allows you to select the character encoding of the input file that is selected for monitoring. The probe detects the encoding of the input file automatically. However, you can specify the appropriate character encoding when the probe fails to detect the character encoding. For example, specify the file encoding as Windows-1252
for monitoring binary and data files in a Linux environment.

View:
allows you to view the contents of the selected file. The probe displays incorrect text if the encoding of the file is different from the specified value.

Verify the value of System Encoding
in the Setup
dialog if the probe shows garbled text in the log file. For more information, see Configure General Properties.

command
: The available fields are as follows:

Command:
defines the command for monitoring the output.

Browse:
allows you to open the Select File
dialog to navigate to and select the file with the commands to be monitored.

Encoding:
allows you to select the output character encoding of the command that is specified for monitoring.

Exit Code Monitoring:
allows you to configure multiple exit codes as threshold.

The Settings
button is enabled.

Settings:
opens the Thresholds
dialog to specify thresholds to generate alarms for exit codes.

For more information, see the Configure Command Exit Code Alarms
section in logmon Advanced IM Configuration.

Set Command Timeout:
enables the option to configure the timeout duration for executing the command.

Active processes that were previously executed are not terminated.

Command Timeout (Seconds):
defines the time duration (in seconds) after which the probe terminates the associated process. The value must be less than the value in the Check Interval
field. Parent and child processes are terminated using this option. For example: the profile has executed a batch file which has internally executed another process. The probe terminates both the batch script process and the child process.

In Windows
systems, you must keep the association between the batch file process and its child processes. If the child process is not associated with the parent process; the probe does not terminate the child processes.

Example: you can execute the START/W C: \Windows\System32\notepad.exe
command (with /W
option) in a batch file for creating association between the child process (notepad.exe) and the parent batch file process.

Generate Alarm:
enables the profile to generate an alarm when a command times out and the probe terminates the associated processes.

Severity:
specifies the severity of the command timeout alarm.

queue:
The available fields are as follows:

Queue:
specifies the queue name of the CA UIM hub for monitoring messages of the queue.

Browse:
allows you to open the Select Queue
dialog to select the queue to be monitored.

Encoding:
allows you to select the character encoding of the queue that is specified for monitoring.

url
: The available fields are as follows:

Url
: defines the URL to monitor the content of the html file generated for the URL.

From version 3.90, the probe does not expand the % symbol in URL profiles to time formatting primitives.

Settings:
allows you to set up timeout, alarm, and authentication properties of the website.

For more information, see the Configure URL Settings
section in logmon Advanced IM Configuration.

Encoding:
allows you to select the character encoding of the html file generated for the URL.

View:
allows you to view the source text of the html page using the default editor for txt
files.

Update the following information to configure the probe interval, file read position, QoS, and alarm properties:

Check Interval:
specifies the time interval which the profile runs.

Reduce this interval to increase the frequency of alarms. A shorter interval can also increase the system load.

Set File Read Position:
allows you to set the position in the file from where the probe starts monitoring.

The Set File Read Position
, Initial File Read Position
, and Resume File Read Position
options are only applicable to updates
operating mode.

The following fields are available for configuration:

Initial File Read Position:
defines the start position from where the probe starts monitoring the file.

The value can be Start of File or End of File.

Resume File Read Position:
defines the position from where the monitoring is resumed, if the probe or the profile is restarted.

The value can be Last Read Line or End of File.

Generate Quality of Service:
enables the profile to send the QoS messages for variables and number of matches.

Generate Alarm:
enables the alarm message for each matching expression of the watcher rule.

Send Message Using a Specific Subject:
defines the custom subject of the alarm, which overrides the default subject.

Specify a Subject that is displayed when the logmon probe generates a CA UIM message.

The Subject
field is enabled only when Send Message Using a Specific Subject
is selected.

Maximum Alarm Count:
defines the limit to the number of alarms, the watcher in profile can generate.

(From logmon 4.0)
The field Maximum Alarm Count
defines the limit for the number of alarms the Suppression Keys in a watcher can generate. To enable the probe to generate alarms based on suppression keys, create the key MaxAlarmPerWatcherSuppKey
and set the value for the key as Yes
.

To add the MaxAlarmPerWatcherSuppKey
key, follow these steps:

Navigate to the Raw Configure
interface > setup
section.

Add a new key

MaxAlarmPerWatcherSuppKey

and set the value as
Yes
.

Save the configuration and restart the probe.

For an example of Maximum Alarm Count based on Suppression Keys, see logmon Use Case Examples.

If the value for the key
MaxAlarmPerWatcherSuppKey
is set as No,
then
Maximum Alarm Count
number
,
if used
,
defines the limit to the number of alarms, the watcher in a profile can generate.

If the value for the key MaxAlarmPerWatcherSuppKey
is set as Yes
,
then
Maximum Alarm Count
number
,
if used
,
defines the limit to the number of alarms, a suppression key of a watcher in a profile can generate.

If the value for the key MaxAlarmPerWatcherSuppKey
is set as Yes,
it is expected that suppression keys
are configured for a watcher. If watcher suppression key
is not configured, then default suppression key
generated from the profile name and watcher name is used.

Maximum Alarm Level:
specifies the maximum alarm level.

Maximum Alarm Message:
defines the alarm message text, the probe generates when the maximum alarm count is reached.

You can use variables in the ${Variable}
format. For more information, see the Variable Expansion in Alarms
section in logmon Advanced IM Configuration.

(From logmon 3.70) Enable File Missing/Open Alarm:
generates an alarm if the monitored log file is missing or is not readable by the probe. This option also clears the alarm in the subsequent interval when the probe can read the file.

(From logmon 3.70) Clear Alarm on Restart:
generates a clear alarm when the probe restarts and successfully reads a log file that was missing earlier. This field is enabled only when you select Enable File Missing/Open Alarm
.

Example: the probe generates file missing alarms and then restarts. The probe generates a clear alarm if this option is selected.

The Enable File Missing/Open Alarm
and
Clear Alarm on Restart
options apply to a profile only if these options are not selected in the probe
Setup
window. If you do not want to configure alarms for a profile, do not enable these options in the probe Setup
window and in the profile.

(From logmon 4.0) Directory Recursion:
Enables the probe to recurse into sub folders

to find a matching file pattern.

(From logmon 4.0) Number of levels to Recurse:
specifies the maximum number of sub folders the probe searches to find a matching file pattern.

The Directory Recursion
and Number of levels
to Recurse
functionality is applicable only for cat, full, full_time,
and updates
operating modes.

The
Directory Recursion
and
Number of levels to Recurse
options are not applicable for the
Test Profile
option. Enabling the
Directory Recursion
and
Number of levels to Recurse
options with the
Test Profile
option may adversely affect the probe performance.

Select the checkbox next to the profile name in the left pane to activate the profile.

Click Apply
to save the configuration.

Create Watcher Rules

A Watcher Rule defines a pattern to identify the required information in the target file and generate QoS and alarm messages. If a format rule is also specified, the watcher rule looks for the information in the matching text block. You can attach multiple watcher rules with one format rule, but the probe generates a separate alarm for each rule. If a watcher rule is not attached to any format rule, then the rule applies to all active format rules.

Right-click and select New
to create a watcher rule. You can configure the following properties of the rule:

Match expressions and alarms that are generated using the Standard tab.

Create watcher variables from monitored text to include in alarms using the Variables tab.

Attach a format rule to the watcher rule using the Advanced tab.

Configure Quality of Service properties using the QoS tab.

Configure subsystem properties using the Alarm tab.

Configure Exclude rules using the Excludes tab.

Watchers are executed in the order they appear in the list. Right-click a watcher in the list, to reorder.

Configure Standard Properties

You can configure the following watcher rule properties in the Standard tab:

Match expressions

Alarm on match

Command to execute on match

Follow these steps:

Select the required watcher rule.

Open the Standard
tab.

Update the following information to configure the match expression properties:

Match Expression:
defines a regular expression to specify the text to be watched in the log messages. On probe versions 3.60 and later, you can also specify a pattern file to use multiple strings in the regular expression. For more information, see Create Watcher Rules
.

You must define a Match Expression
to generate QoS messages.

Message to Send on Match:
defines the alarm message text, which the probe generates when the log file text matches the regular expression.

You can use variables in the ${Variable}
format. For more information, see the Variable Expansion in Alarms
section in logmon Advanced IM Configuration.

If the profile generates QoS messages, the message text is converted into an integer value. The converted value is displayed as the sample value of the QoS message for each watcher match. If the message text is a string, it gets converted to 0.

Message Severity:
allows you to

select the severity of the alarm message.

(From logmon 3.60)
Update the following information to use multiple strings in a regular expression. For more information, see Using Pattern Files
in logmon Hints and Examples.

The probe only supports text files in which the each string is listed as a new line.

Enable regex from external file:
allows you to use the same regular expression with multiple strings.

8-bit PCRE supports a maximum length of 30000 characters for the regex and string combination. Ensure that each regex and string combination is a valid regular expression.

Token to be replaced:
replaces the specified text in the match expression with each string in the file and executes the rule.

Path to pattern file:
specifies the path of the file with the pattern strings to include in the expression. You can also browse and select the pattern file with the strings for the regular expression.

Restart the probe if you modify the pattern file. The probe only supports UTF-8 encoding for the pattern file.

Update the following information to specify commands to execute on a match:

Run command on match:
allows you to run commands or batch files with optional parameters, when the log file text matches the expression.

The Browse, Command Executable, Command Arguments, and Timeout fields are enabled after you select the checkbox.

The probe cannot run VB script (.vbs) files. You can use the cscript
utility to execute a VB script file from a batch file.

Browse:
allows you to open the Select File
dialog to navigate to and select the file with the commands to be executed.

Command Executable:
specifies the command or the path of the batch file with the commands to be executed.

To execute the command successfully, ensure that the path to the executable files or commands does not contain any spaces.

Command Arguments:
specifies the arguments to be executed with commands.

Timeout:
defines the time duration (in seconds) after which the probe terminates the associated process. The value must be less than the value in the Check Interval
field. Parent and child processes are terminated using this option. For example: the profile has executed a batch file which has internally executed another process. The probe terminates both the batch script process and the child process.

Check Alarm on First Match only
to generate alarm for only the first instance of the match expression in the monitored log.

Select the checkbox next the rule to enable the watcher rule.

Click Apply
to save the configuration.

Configure Custom Variables

You can create and configure custom variables to use in alarm and QoS messages. The variables can retrieve text from the log file and use it in probe alarms. You can use variables in the ${Variable}
format. For more information, see the Variable Expansion in Alarms
section in logmon Advanced IM Configuration. You can also configure thresholds in the variable to generate alarms.

Follow these steps:

Select the required watcher rule.

Open the Variables
tab.

Right-click and select New
.

The Variable Settings dialog appears.

Update the following information to configure the variable properties:

Name:
specifies a name for the variable.

Source Line:
allows you to define the beginning of the log file to extract the variable value.

The option is used when format rules are also used.

Do not select the source line while monitoring a URL.

Text block:
allows you to specify the entire text block as a variable. The content is used without truncating any control characters and all other fields are disabled.

Source FROM Position

Column:
defines the column in the source to retrieve the variable value.

Character Position:
defines the character position in the source line to retrieve the variable value.

Match Expression:
retrieves the variable value from the match expression of the watcher.

Source TO Position

Ignore ‘To’:
ignores the 'TO'
position and extracts the entire content from the starting position to the end of log file.

To column:
specifies the end column position to retrieve the variable value.

To End of Line:
retrieves the variable value to the end of line of the starting position.

Update the following information to configure thresholds (Expected Value
) for the variable:

Operator:
defines the operator for the variable.

Threshold:
defines the threshold value for the variable.

The watcher generates an alarm if the expected values are not met. For example, if you set threshold condition as ${VariableName} < 21, then no alarms are generated for values less than 21. The variables are assigned values according to the definition, such as a word on each line.

Click OK
.

Define a character to separate fields in each record of the log file in the Field Separator
field.

All variables are stripped of trailing whitespace after they are extracted, (no matter how they are extracted). The leading whitespace is handled on the basis of the mechanism used and the characters in the separator list.

Some examples of field separators are as follows:

Space: ‘white space’ (<return>, <tab>, <space>). The space is the default field separator.

Colon: The record is first divided into fields, based on <tabs> found. Then, if a colon character (: ) is found in a field (for example, time format hh: mm), the field is further divided.

\\ indicates that the <backslash> character (\) is used as a field separator.

Select the checkbox next the rule to enable the watcher rule.

Click Apply
to save the configuration.

Configure Advanced Properties

You can assign the watcher rule to a format rule specified for the profile.

If no format rule is specified, the watcher rule applies to all active format rules.

Follow these steps:

Select the required watcher rule.

Open the Advanced
tab.

Update the following information to assign the watcher rule to a format rule:

Restrict to Format Definition:
allows you to select

a format rule to apply the watcher rule on the text block.

Abort on Match:
aborts to run remaining watchers after the match is found in same line of the monitoring file.

With no format rules, each line is considered as an individual format. When the Watcher finds a match, the remaining watchers are aborted only for that line. However, if format rules are applied, then the match is applied to the entire format even if it spans multiple lines. See the following example for more information:

Example:

Create a file, C:Sample.txt, with the following content:

"Critical Oracle error" "Critical OS error" "Critical file system error""random Critical error

Create a logmon profile with 4 watcher profiles and enable QoS and alarms

Oracle

match expression = /.*Critical Oracle error.*/

Abort on match = yes

match expression = /.*Critical OS error.*/

Abort on match = yes

match expression = /.*Critical file system error.*/

Abort on match = yes

other

match expression = /.*Critical.*/

Abort on match = yes

In the above example, since there is single content in the Sample.txt file as per watcher regex, that part is only matched in line. If there are more words or bigger line with content matching Abort on Match
, the content after the first match is skipped and the remaining watchers are not processed for the rest of the content.

If you have only enabled watchers and no format rules are specified, then when the Sample.txt file is read, each line of the file is treated as a single format. The watchers are applied on every line resulting in alarms because each line is treated as a single format.

Match on Every Run:
enables the probe to match values for the specified format rule each time a log file is scanned.

For example, some applications write heartbeat messages to a log. If a match is found, the probes generates alarms as configured in Message to Send on Match
. If the match is not found the probe generates the alarm that is configured in the Standard
tab.

Message to Send on Match, Message Severity, and Send Clear Alarms fields are enabled only when Match on Every Run is selected.

Message to Send on Match:
defines the alarm message text that the probe generates when the log file text matches the regular expression.

You can use variables in the ${Variable}
format. For more information, see the Variable Expansion in Alarms
section in logmon Advanced IM Configuration.

Message Severity:
allows you to

select the severity of the alarm message.

Send clear alarm:
allows you to generate a clear alarm if all variable values are as expected. This option is applicable when testing if a variable is as expected, and a suppression key is set in the Alarm
section. It does not have any effect on a Watcher that only verifies log entries, or where variables are not verified. A clear alarm is generated for the following alarm messages:

Alarm that is configured in the Standard
tab.

Alarm that is configured in the Alarm
tab when the match count threshold breaches.

Define a suppression key in the Alarm
tab. The probe sends clear alarms for alarms that are generated by configuration in the Alarm
tab.

Select the checkbox next the rule to enable the watcher rule.

Click Apply
to save the configuration.

Configure QoS on Variables

You can configure the profile to generate QoS messages for the number of matches by the watcher rule. You can also configure QoS messages for variables created in the Variables
tab.

You must use different QoS definition for watcher and variables. Using the same QoS indicates the probe to generate the same QoS multiple times.

Follow these steps:

Select the required watcher rule.

Open the QoS
tab.

Update the following information to generate QoS messages for the number of matches:

Count matches:
allows you to enable QoS messages on the number of matches found by the watcher rule.

If the option is not selected, the probe generates QoS for each watcher match. This is applicable if the profile generates only QoS message.

QoS Name:
allows you to select the QoS definition to use.

You can also select <Add New QoS Definition>
to specify a custom QoS.

QoS Description:
displays a short description of the QoS message.

QoS Target:
defines the QoS target where the QoS value is measured.

Default: profilename.watchername

Select the checkbox next to the variable name in the QoS on Variables
table to activate QoS generation for the variable.

The table lists the variables that are defined in the Variables
tab for the watcher rule.

(Optional)
Right-click a variable and select Edit
.

The Set QoS Variable Values
dialog appears.

(Optional)
Update the following information to configure the QoS message for each variable:

Name:
displays the name of the configured variable.

QoS Name:
allows you to select the QoS definition to use.

You can also select <Add New QoS Definition>
to specify a custom QoS.

QoS Target:
defines the QoS target where the QoS value is measured.

Default: profilename.watchername

QoS on variables are sent on numeric value or state (true or false) when the As Expected
option is selected on QoS definition dialog. The QoS tab is enabled only when the Generate Quality of Service
check box is selected on the General
tab.

Click OK
.

The Set QoS Variable Values
dialog closes.

Select the checkbox next the rule to enable the watcher rule.

Click Apply
to save the configuration.

Configure Alarm Properties

You can configure the subsystem properties of alarms in the Alarm tab. You can also specify thresholds to generate alarms for count of matches.

Follow these steps:

Select the required watcher rule.

Open the Alarm
tab.

Update the following information to configure alarm properties:

Message Subsystem ID:
defines the subsystem ID of alarms.

Suppression Key:
defines a suppression key to avoid multiple instances of the same alarm.

If you leave this field blank, the probe puts the suppression key as blank and all watcher alarms are suppressed on a single alarm. This may not be a desired requirement if you have too many watcher rules. CA recommends you to consider before leaving this field blank

Avoid using underscore in the suppression key. For example, use ${PROFILE}-$WATCHER or ${PROFILE}/$WATCHER instead of the ${PROFILE}_$WATCHER

Source:
defines the alarm source that is mentioned as the sender of the alarm.

The value can be used to impersonate the host system.

Update the following information if you have enabled QoS generation for count matches in the QoS
tab:

Operator:
defines the operator for the variable.

Threshold:
defines the threshold value for the variable.

The match count is calculated as follows:

Number of times the format rule is identified, when there is an active format rule.

Number of times the watcher rule is identified, when an active format rule is not attached to the watcher.

(Optional)
Specify a Threshold
value to generate pattern match alarms when the specified threshold value is breached. Pattern Match Threshold
is only applicable for the updates
operating mode.

From version 3.70,
the probe does not generate watcher alarms when you specify pattern match thresholds. The probe only generates the applicable alarm when the pattern match threshold breached.

(From logmon 3.70)
Specify the Message to Send
and the threshold Severity
for the alarms when the specified threshold value is breached and override the default alarm message and severity. The Severity
field is enabled only if you specify a Message to Send
. If you do not specify a message and severity, the probe generates an alarm with the default message and Message Severity
defined in the Standard
tab.

(From logmon 3.91)
Define the values for Variable Exceed Alarm:

Minimum Match Count
: Define the minimum number of times the Threshold breach for all defined variables must occur for the probe to generate the alarm.

Alarm Text
: Defines the message text sent with the alarm.

Severity
: Define the severity of the alarm. The probe will generate the alarms only for the defined severity. If you do not define any severity, the probe sends the default message defined in the Standard
section.

Suppression Key
: Define the suppression key to avoid multiple instances of the same alarm .

: The Variable Exceed Alarm is applicable for the Update and Command mode. Setting the alarm disables the watcher rules.

Select the checkbox next to the rule to enable the watcher rule.

Click Apply
to save the configuration.

Configure Exclude Rules

You can configure exclude rules for each Watcher rule to define expressions to be excluded for monitoring. The probe ignores these text blocks or lines where the excluded expression exists. You can define multiple exclude rules.

Follow these steps:

Select the required watcher rule.

Open the Excludes
tab.

Right-click and select New
.

The Add New Exclude Definition
dialog appears.

Enter a name for the rule.

Click OK
.

The exclude rule is created.

Specify text or expression in the Exclude Expression
field to exclude lines or blocks of input from monitoring.

Each block or line of input is checked to see if the expression entered in the Exclude Expression
field is found. If a match occurs, the line or block is ignored and does not trigger any action.

Configure Advanced Profile Properties

You can configure format and exclude rules to refine the text that is monitored in the log files.

You can also perform the following operations:

Use time formatting primitives

Configure command exit code alarms

Configure URL settings

Use variable expansion in alarms

For more information, see logmon Advanced IM Configuration.

Test Created Profile

You can test file and command profiles created in the probe.

The probe does not support testing queue profiles.

Test File Profile

The Test Profile
option allows you to verify a file profile before activating it in a production environment. You can configure rules and monitoring properties before testing a profile.

Follow these steps:

Right-click a profile in the left pane and select Test Profile
.

The Test Profile dialog appears.

Specify the file or the url in the text box.

Update the following information to verify a profile:

The Test File
and Test String
fields are only available for profiles created for file monitoring.

Test File:
specifies that a file is to be tested.

Test String:
specifies that a string is to be tested.

You can only specify a file or a string.

Browse:
allows you to open the Select File
dialog to navigate to and select the file to be monitored.

File Encoding:
allows you to select the character encoding of the file selected for monitoring.

The field also allows you to select the character encoding of the html file generated for the URL.

Watcher Name:
allows you to select the watchers defined for the profile. A selected watcher is included in the test execution.

Click the Test
button to validate the watcher rule.

The Matching
section displays the output alarms. Each record displays the watcher rule and the corresponding message that is generated. If there are no matches, the probe displays a No Results dialog.

Click Cancel
to close the window.

(From logmon 3.70) Test Command Profile

You can test the command profiles to verify whether the profile configuration and execution is correct. The test feature is available from the Probe utility only.

Follow these steps:

Activate a command profile in the probe.

In Infrastructure Manager, select logmon
in the main window, and press Ctrl + P
.

In the Probe utility, select the testprofile
Probe commandset.

Specify the profilename
, and click the Send command request
button on the toolbar.

If you do not Set Command Timeout
in your profile, the command does not stop and the probe becomes unresponsive.

The probe generates alarms for the profile, which you can view on the Alarm Console.

More information:

logmon Use Case Examples

logmon (Log Monitoring)

logmon Advanced IM Configuration

CA Unified Infrastructure Management Probes

logmon IM Configuration