logmon (Log Monitoring) Release Notes

The probe monitors the following items:
uimpga-ga
logmon_RN
The Log Monitoring (logmon) probe scans ASCII-based systems and application log files by matching specified expressions. Alarms are generated when the log file content matches the defined expression.
The probe monitors the following items:
  •  
    Unix system
     (line-oriented) and 
    database
     (record-oriented) log files
  •  
    Content of HTML web pages:
     You can use the URL Endpoint Response Monitoring (url_response) probe with the logmon probe to monitor the text in a web page.
  •  
    Text output 
    after executing specified commands
  •  
    Text messages 
    in CA UIM queues
  •  
    Files
     from remote shared folders
The probe also extracts and stores metric data from the matched log file entry in the QoS database. 
 
Contents
 
 
 
Revision History
This section describes the history of the revisions for logmon probe.
 Support case(s) may not be viewable to all customers.
 
Version
 
 
Description
 
 
State
 
 
Date
 
4.11
What's New:
Fixed Defect:
  • Fixed an issue where the variable WATCHERMATCHEDLINE did not work as expected. 
    Support case: 01259593
GA
July 2019
4.10
 
What's New:
 
  •  
    (May 2019)
     Updated the logmon MCS (version 2.02 onwards) as part of addressing the common vulnerabilities and exposures by updating the jackson-databind libraries. For more information and CVE numbers, see Addressing Jackson Vulnerabilities.
  • Enhanced the probe to support adding a property for tracking 'updates' (events added) to the body of an existing log file, without reading the whole file again. For more information see Using ExcludeEndTag property to monitor XML logs.
GA
February 2019
4.00
 
What's New:
 
  • The probe now generates number of alarms specified in the 
    Max Alarm Count
     field based on the Suppression Keys. For more information, see logmon IM configuration and logmon AC configuration.
  •  
    (AC, IM,
     and 
    MCS Interface)
     Added 
    Excludes
     at the Watcher level. In the previous version of the probe, Excludes were present at the profile level only. For more information, see the logmon IM configurationlogmon AC configuration, and logmon MCS configuration articles.
  •  
    (AC, IM,
     and 
    MCS Interface)
     Added 
    Directory Recursion
     check box and 
    Number of levels to Recurse
     field to allow the probe to look into the specified number of directories/folders to find a matching file pattern. For more information, see the logmon IM configurationlogmon AC configuration, and logmon MCS configuration articles.
     
  • Updated this probe as part of removing dependency on the end-of-life (EOL) Microsoft Visual C++ Redistributables in CA UIM 9.0.2. CA UIM 9.0.2 now uses Microsoft Visual C++ Redistributable for Visual Studio 2017.
  • (December 2018) Added support for monitoring Amazon Linux 2.
  • (February 2019) Added support for monitoring Windows 2019.
GA
October 2018
3.92
 
What's New:
 
  • (April 2018 - Beta) New MCS template with enhanced profiles that enable you to configure metrics, baselines, alarm thresholds, alarms - including Time Over Threshold alarms - and custom alarm and close alarm messages, all within a single MCS profile. For more information, see Configuring Alarm Thresholds in MCS.
  • (June 2018) Added support for monitoring Windows 10 (x64).
  • (June 2018) New MCS template (logmon_mcs_template 4.0) with enhanced profiles that enable you to configure metrics, baselines, alarm thresholds, alarms - including Time Over Threshold alarms - and custom alarm and close alarm messages, all within a single MCS profile. For more information, see Configuring Alarm Thresholds in MCS.
  • (July 2018) Added support for monitoring RHEL 7.4 x86 and x86 64-bit, and zLinux 64-bit.
  • (September 2018) Added support for monitoring Ubuntu 18.04. Apply robot 7.93HF10 for this support. 
    Support Case: 01184423
     
 
Fixed Defects:
 
  • The probe started reading the log file from the beginning after the probe was restarted. 
    Salesforce Case: 00802824
     
  • The probe failed to start when upgrading to version 3.91 on some Linux systems. 
    Salesforce Case: 00873778
     
  • The probe was running out of available threads when the threads were not terminating properly and were aborted after some time. 
    Salesforce Case:
     
     00682136
     
  • The probe was saving a variable created using MCS template with ‘Ignore “To”’ configuration as ‘To End of Line’. 
    Salesforce Case: 00668211
     
  • The probe version 3.91 failed to start on some Linux systems. 
    Salesforce Case: 00920811
     
GA
February 2018
3.91
 
What's New:
 
Introduced the Variable Exceed Alarm, which generates alerts when the variables exceed the operator value.
 
Fixed Defects:
 
  • The probe was creating core dumps. 
    Salesforce case: 00606262
     
  • The probe was not working on the SunOS 5.10 Generic_125101-04 i86pc operating system. 
    Salesforce case: 00712559
     
  • The field Send clear alarm was not available for MCS Profile Type Monitoring of the probe. 
    Salesforce case: 00764177
     
  • The user was not able to configure variables using MCS Profile Type Monitoring. 
    Salesforce case: 00668211
     
  •  
    The 50-character limit on the Run Command On Match parameter in MCS Profile Type Monitoring affected the parameter list defined for a probe watcher. The parameter can now accept 1024 characters. 
    Salesforce case: 00840150
     
     
GA
October 2017
3.90
 
What's New:
 
  • Added support to test profiles using regular expressions in file path. 
    Support case number 658483
     
  • Added support for internationalization on AIX 64 Bit and HP-UX IA 64-Bit platforms.
 
Fixed Defects:
 
  • The probe did not convert values in non-English locales to decimal values in QoS messages. 
    Support case number 505302
     
  • The probe was unable to monitor URLs with the % symbol. The probe incorrectly expanded the % symbol in URL profiles as time formatting primitives. 
    Support case number 643969
     
 
Important!
 This version of the probe does not support FIPS encryption.
GA
April 2017
3.80
 
What's New:
 
  •  
    (IM Interface only)
     Added support for:
    • AES-128 encryption that is required for FIPS compliance
    • Monitor Windows systems where FIPS encryption is enabled. Before you deploy the probe version 3.80 on your IM, you must enable the FIPS encryption on the system where the probe is deployed.
       In a FIPS encryption enabled environment, you cannot configure the probe from Admin Console (AC) interface.
CR
April 2017
3.71
 
Fixed Defects:
 
  • For the AS/400 systems, the probe was unable to search a text using the regular expression.
     Support case number 00601757
     
  • In a pure IPv6 environment, the probe was unable to generate alarms and QoS for the log files that were read from the HP-UX system.
GA
March 2017
3.70
 
What's New:
 
  • Test Command mode profiles from the Probe Utility interface.
  • Added alarm message and severity options for pattern match thresholds.
  • Configure missing file and clear alarms for individual profiles.
  • Use positive lookahead regular expression in the end expression of a format rule.
 
Fixed Defects:
 
  •  
    (On iSeries platform)
     The probe did not monitor a .mbr file in the EBCDIC format. 
    Support case number 521534
     
  •  
    (On HP-UX platform)
     The probe did not display correct exit codes as SHELL and PATH variables were missing in the environment. 
    Support case number 512468
     
  •  
    (For Windows and UNIX platforms)
     Updated the probe documentation about using % as a variable in a filename or a command. 
    Support case number 477760
     
GA
November 2016
3.60
 
What's New:
 
  • Added support to monitor log files that are greater than 2 GB. We recommend that you monitor only the updates to large files. Monitoring large files from start can increase the CPU usage.
    Note:
     The probe does not support monitoring of log files that are greater than 2 GB on 32-bit UNIX systems.
  • Added support to use multiple strings in regular expressions using UTF-8 encoded pattern files.
 
Fixed Defects:
 
  • The probe was unable to read UTF-8 files with special characters. 
    Support case number 357073
     
July 2016
3.56
 
Fixed Defects:
 
  • The probe was unable to read some files on AIX platform. 
    Support case numbers 00284131, 00290605.
     
  • The CPU utilization of the probe was high when monitoring URLs in UTF-8 encoding.
     
     
    Support case number 00275815
     
     
     
  • When running on Japanese system, the probe generated illegible alarms when the system encoding was selected as UTF-8
     
     
     
    Support case number 00272866
     
     
     
     
     
  • Updated the IM Configuration article to state that the probe does not support commands (such as Telnet) that require two-way communication between the user and the system.
     Support case number 00268926.
     
  • Added a recommendation in the IM Configuration article about not including regular expressions while using the 
    Enable File Missing/Open Alarm 
    option to clear the missing file alarm. 
     
     
     
     
    Support case number 00308935
     
     
     
     
     
May 2016
3.55
 
Fixed Defects:
 
  • The probe did not correctly convert variable characters to defined file encoding in URL mode. 
    Support case number 00245330
     
  • The probe did not support white spaces in paths for batch files. Batch files include commands that can be monitored. 
    Support case numbers 00270650, 00246042
     
January 2016
3.54
 
What's New:
 
  • Added support for IBM iSeries version V7R2.
 
Fixed Defects:
 
  • The probe was unable to read UTF-16LE files. 
    Salesforce case 
    00169492
  • The probe was crashing with exit code functionality. 
    Salesforce case 00169505
     
  • The probe was unable to retrieve complete command output in the command mode. 
    Salesforce case 00169863
     
  • Updated document regarding localization support.
     Salesforce case
     70002007
  • Updated the document regarding alarms in the url mode. 
    Salesforce case 00163388
     
September 2015
3.53
 
Fixed Defect:
 
The probe restarts when a variable was added to the sub-system id. 
Salesforce cases 00170003, 00169384, 00167502, 00168440, 00168601, 00166738, 00168537
 
August 2015
3.52
 
What's New
:
  • Upgraded support for factory templates.
  • Removed localization support on AIX platform.
 
Fixed Defects
:
  •  
    Fixed an issue in which the probe was unable to detect “File encoding” when “File encoding” was selected from GUI. 
    Salesforce case 00167536
     
     
June 2015
 3.50
 
What's New:
 
  • Upgraded OpenSSL to version 1.0.0m.
  • The probe can now generate alarms only on the first match of regular expression (defined in Watcher Rule), in a specified interval.
 
Fixed Defects:
 
  • The regular expressions were not working with the defined threshold. 
    Salesforce case
    00156818, 00159939, 00158632
     
  • The probe was not generating correct exit code on Windows, Unix, Linux, Solaris, and AIX. 
    Salesforce case
     
    00157528, 00160884
     
  • Exit code variables were not expanding on USM. 
    Salesforce case
     
    00161303
     
  • Improved CPU usage of the probe. 
    Salesforce case
     
    00153268
     
June 2015
3.49
 
What's New
:
  • The probe can now be migrated to standard static alarm thresholds using the threshold_migrator probe. 
  • Added support for factory templates
March 2015
3.48
 
Fixed Defects:
 
  • Entries for the QoS variable having multiple targets were getting overlapped on the USM. 
    Salesforce case
     
    00149257
     
  • No Exit code alarm was generated on Windows OS in case command was not found. 
     
    Salesforce case
     
    00150798
     
     
  • View option in the GUI did not show updated file content. 
    Salesforce case
     
     
     
    00147856
     
  •  
    Probe stopped working when the number of characters in the match expression is greater than 1020. 
    Salesforce case
     
     
     00145499
     
  • No alarms were generated when the threshold applied on a watcher variable was breached. 
     
    Salesforce case
     
    00137155
     
     
  • The probe did not identify the UTF-16 log files. 
    Salesforce case: 00139268
     
December 2014
3.47
  • Added a timeout option for the Command mode profiles to kill the command process and all its child processes after a defined time limit.
November 2014
3.45
 
What's New
:
  • Added the localization support for AIX 64-bit operating systems.
 
Fixed Defect:
 
  • Fixed a defect where the probe is reading the log file always from beginning when running in update mode. This issue occurred when the probe reads some unprintable characters.
     Salesforce case 00136466
     
  • Fixed a defect where the probe was writing text Debug to the log file when the log level is zero.
  • Fixed a defect where the probe was not identifying the PCRE space characters (/s) in a regular expression. This issue was also causing the probe crash on Linux and Solaris operating systems. 
    Salesforce case
     
    00138780
     
October 2014
3.44
 
What's New
:
  • Added a Timeout option to kill an executing script.
 
Fixed Defect:
 
  • Fixed a defect where the -R option, which makes the monitoring start from the end of the file, was not working.
  • Fixed a defect where the probe was not starting due to dependency on ICU library files. 
    Salesforce case
     
    00141353
     
September 2014
3.42
  • Added the localization support for Simplified Chinese, Japanese, Korean, Spanish, German, French, Italian, and B-Portuguese languages from VB and Admin Console GUI. For localization support through Admin Console GUI probe must run with CA UIM 7.6 or later version and PPM 2.34 or later version.
  • Added the support for zLinux environment.
  • Updated the probe VB GUI and Web GUI for configuring the format interval and for specifying the character encoding in different locales.
 
Note:
 Do not use the Raw Configure GUI for updating the probe configuration in the non-English locales because it can corrupt the entire probe configuration file.
June 2014
3.32
  • Enhanced the probe for making file missing/open alerts user-configurable with its clear alarms on probe restart.
February 2014
3.31
  • Fixed the probe functionality issue when both the abort on match and the match on every run options are selected together.
December 2013
3.30
  • Enhanced the Format Rule feature for making it functional across check intervals. The number of intervals is user-configurable.
  • Implemented a new alarm when the log file is missing or not readable.
 
Fixed Defects:
 
  • Fixed an issue for not over writing the alarm subject.
December 2013
3.27
  • Fixed issue that is related to Invalid entries in callback crashes probe.
  • Fixed issue that is related to Probe PID changing.
September 2013
3.26
  • Fixed issue that is related to locale.
June 2013
3.25
  • The probe is now available in Admin Console GUI.
March 2013
3.25
  • Fixed issue that is related to logmon send empty QoS.
  • Fixed issue where Text profiles returns "0" instead of matching string as it used to.
March 2013
3.24
  • Added Probe Defaults
February 2013
3.23
  • Fixed memory leak issue on Windows, Linux, and AIX machines.
February 2013
3.22
  • GUI changes in probe to display Japanese characters correctly.
  • Alarm display in Japanese character in IM alarm sub console and UMP alarm sub console.
  • Regular Expression in Japanese.
  • View File having Japanese character correctly.
  • Open file with Japanese character in file name.
  • Fixed a defect when probe contains more than one watcher and format rules
December 2012
3.21
  • Fixed crash issue on Linux.
August 2012
3.20
  • Added fix for variable expanding in message string.
  • Added option to override alarm severity for max alarm message.
  • Added fix to clear max alarm only if error condition is returned to normal.
  • Added fix to support abort on match functionality in URL mode.
  • Added support for exit code monitoring when mode is set as command.
  • Extended format rule limitation to 200 lines.
  • Added support to refer entire text block as a variable.
August 2012
3.13
  • Fixed SOC issue.
June 2012
3.12
  • Fix Issue with QoS generation in test profile through GUI.
  • GUI fix: Test profile screen opens even if the watcher contains a numeric name.
  • The help button will display online help instead of CHM
March 2012
3.11
  • Fixed localization issue in SOC
March 2012
3.03
  • Added fixes for web-based Service Oriented Configuration.
January 2011
3.02
  • Support for reading alarm tokens from cfg.
  • Added support for Web-based Service Oriented Configuration (SOC).
December 2010
3.01
  • Added fix to read a new file from beginning for the first time when "Updates" mode is selected and "Match on every run" option is enabled. For example, when files are monitored based on time/day using %m,%M and so on.
October 2010
3.00
  • Added support for wildcard characters in file-name.
  • Added support to configure severity and message for "Match on every run" option per watcher.
  • Added Support for internationalization.
  • Fixed the crash due to stack overflow.
September 2010
2.92
  • Fixed a problem with variables, when using with format definitions.
September 2010
2.91
  • Made changes to libraries with respect to configuration locking.
June 2010
2.90
  • Added NIS (TNT2) Support.
May 2010
2.85
  • Fixed the suppression key problem that was introduced in version 2.82.
May 2010
2.84
  • Windows: Converted Command executable to short path name.
  • Fixed interaction between logmon and url_response probes
March 2010
2.83
  • Fixed problem with large suppression keys in max alarms alarm situation.
  • Enabled Source override for max alarm situation.
  • Improved url_response probe interaction.
  • Fixed File browsing issue for AS/400 environment.
February 2010
2.80
  • Added a feature to test a profile or individual watchers within a profile for regular expression.
  • Added a fix to set proper timeout.
December 2009
2.72
  • Fixed issue in underlying library where the probe would fail to find the correct file location when the file had been both truncated and appended to.
September 2009
2.71
  • Added a fix for monitoring files on non-domain machines in windows.
  • Added support for Linux systems with glibc 2.2.
  • Monitoring of files using UNC path is now possible on Windows only.
  • Suppressing logic to avoid sending excessive alarms.
  • Fixed the issue of message variables not getting filled properly.
  • Message variable expansion fixed when match on every run is selected.
  • When both QoS and Alarm are selected for a profile only Variable QoS or number of matches (if selected) are sent.
  • Modified layout of QoS tab for Watchers in the GUI.
September 2009
2.62
  • Modified thread pool behavior to avoid timing problems.
  • Added logging to show when a thread has been started.
  • Retry after 5 seconds if a thread is not available (was 60 seconds).
  • Fixed log file preview function to enable viewing the last section of large log files.
  • Removed numeric input checking on variable 'limit'.
  • Fixed configurator failure on creation of new QoS from watcher.
  • Disabled 'View' button for mode 'command'.
  • Fixed error situations in file browser.
  • Added support for Windows on Itanium 2 systems (IA64).
April 2009
2.56
  • Rebuild following NimBUS library fixes.
  • Modified pt-lib call to be able to detect log file changes when the file date was unchanged.
December 2008
2.54
  • Fix problem assigning variable from regex which contains only one character.
  • Fix problem expanding date primitives in path. Fix problem with last line in a multi-line format rule being skipped.
  • Bring 2.5x into line with changes that are made in the 2.4x series.
  • Fix potential problem with parsing of variables from a matched line.
  • Added support for 64-bit Windows (x64).
 
Note: 
For version 2.54 and higher of this probe, NimBUS Robot version 3.00 (or higher) is a prerequisite. You are advised to carefully read the document "Upgrading the NimBUS Robot" before installing/upgrading.
September 2008
2.41
  • Fixed potential problem extracting variables from a matched line.
  • Added dynamic buffer allocation for suppression keys.
  • Corrected several minor issues with the configuration tool:
  • Advanced tab dimmed for url type profiles
  • Wrong tooltip for 'Send clear alarm'
  • -Move up/down changed active state and upper/lower case profile name problems.
July 2008
2.39
  • Fixed a timing problem which could cause a line in the log file to be skipped by the next scan if it was written during the current scan of the file.
  • Does not post messages when not specified to do so.
  • QoS target defaults to profile.watcher when not specified.
  • Corrected parameter transfer on url View.
  • Modified handling of Exclude rules to minimize cpu usage when scanning files.
  • Allow wildcards in path names and file names.
May 2008
2.23
  • Fixed memory leak when probe is restarted.
  • Fixed potential thread deadlock upon failure to save last_run time.
  • Fixed issue with file offset being stored incorrectly when probe is stopped/restarted.
  • UNIX: Fixed incorrect time display in logfile and potential heap corruption issues due to a non-threadsafe system call.
  • Increased size of buffers used to store profile and watcher names. Fixed memory leak when alarm message was over 1024 characters.
  • Fixes segmentation violation due to failed compilation of a RegEx. Log an error message when a RegEx fails to compile.
  • Added support for editing archived configurations.
  • Enhanced configuration tool resize.
  • Fixed problem with $FILENAME expansion.
  • Added support for referring environment variables.
December 2007
2.19
  • Add advanced option "sendclear" to watchers. If set, it sends a clear alarm if the current watcher is as expected and the watcher has a suppression key set. This requires that the suppression key is unique enough that it cannot an alarm unexpectedly. Using a variable that is unique for each alarm situation in the suppression key is advised.
October 2007
2.18
  • Apply changes to log level and log size after restart of the probe.
  • GUI: When copying a profile the excludes are also copied.
September 2007
2.17
  • Store last run for profiles in logmon.dta so expansion of LASTRUN() is correct even after a restart.
  • Fix problem with Format rules not triggering.
  • Fix problem reading directories with / as path separator on windows systems.
  • Fix problem with abort on match flag. Fix problem with date expansion in filenames/commands.
  • GUI fix when trying to view contents of a web page
August 2007
2.14
  • Library change (and platform list corrected)
May 2007
2.02
  • Fixed problem where alarm flag would be reset to 'yes' on every restart.
  • Fixed potential hang situation where a thread would fail to release a lock.
  • Added support for URL authentication when windows authentication is used with a proxy configuration.
  • Probe has been re-written as a multi-threaded daemon.
  • Profiles are checked in a thread, allowing for higher throughput and configurable intervals for each profile.
  • A new mode 'url' is available, which fetches a web page through the url_response probe and performs checks on the page.
  • Variables in a watcher can be read from positions in the regular expression in addition to the fixed character or column specifications used prior to this release.
  • Variables can have a threshold set, where an alarm is sent only if the variable is outside the expected value.
  • Variables can generate Quality of Service (QoS) messages, either with their values (if numerical) or with the result of the check against an expected value (both numerical and strings).
  • A watcher is no longer bound to sending either Alarm, QoS or user defined messages. One or more types of message can be selected for each watcher.
  • Added ability to run a command when a watcher matches.
February 2007
1.67
  • Fixed problem with using time formatting together with wildcards in filenames.
  • Extended timeout for getting 'queue' data.
  • Fixed crash caused by long log messages. Now long log messages will be cut after 1024 characters.
  • The introduction of wildcards caused the two modes of 'queue' and 'command' to not function any longer. The wildcard check is now only performed if the mode is set to scanning files, and for the modes of 'queue' and 'command' it is working as before wildcards was introduced. 'command' was also not showing up in dropdown list. This is fixed.
December 2006
1.63
  • Added possibility to send number of matches per run as QoS.
  • Fixed core dump on True64 (long regexp).
  • Fixed GUI problem when minimizing/restoring window.
  • Fixed spelling error in GUI.
  • Changed name of ‘Checkpoint ID’ field to ‘Suppression key’.
  • Fixed missing subsystem ID when copying profiles.
  • Stripped off unnecessary text in $PROFILE variable.
  • Fixed problem with blank fields and tabs.
  • Added possibility of using wildcards in filenames.
  • Fixed blank variable problem.
  • Fixed problem with long matching lines.
September 2006
1.61
  • Added FILENAME message variable.
  • Resolved problems with large amounts of new log-data arriving while scanning for updates on a log file.
June 2005
Supported Locales
The probe supports the following encoding files for various locales.
 The probe versions 3.80 and earlier support internationalization only on Windows and Linux systems.
Encoding
Name
UTF-8
Unicode (UTF-8)
UTF-16BE
UnicodeBigUnmarked
UTF-16LE
UnicodeLittleUnmarked
Shift_JIS
Japanese(Shift_JIS)
ISO-2022-JP
Japanese(JIS)
ISO-2022-CN
Chinese(ISO)
ISO-2022-KR
Korean (ISO)
GB18030
Chinese Simplified (GB18030)
GB2312
Chinese Simplified (GB2312)
Big5
Chinese Traditional (Big5)
EUC-JP
Japanese (EUC)
EUC-KR
Korean (EUC)
ISO-8859-1
Western European (ISO)
ISO-8859-2
Central European (ISO)
windows-1250
Central European (Windows)
windows-1252
Western European (Windows)
 Do not use the Raw Configuration GUI when the probe is deployed in a non-English locale.
Threshold Configuration Migration
From logmon version 3.49, the threshold configurations can be migrated to standard static alarm thresholds using the threshold_migrator probe on CA UIM 8.2 or later. Refer the
 ? 
 threshold_migrator probe document for information about how to migrate a probe. 
The changes in the probe after migration are:
  • The Infrastructure Manager (IM) GUI of the probe will not be available and the probe will only be configured using Admin Console (AC).
  • Probe specific alarm configurations in the probe monitors will be replaced by Static Alarm, Time To Threshold, and Time Over Threshold configurations.
  • The alarms will be sent by the 
    baseline_engine
     probe.
  • Any section of the probe with an applied policy will no longer be available for configuration through the probe. The policy must be removed to configure the probe using the Admin Console GUI.
Preconfiguration Requirements
The probe has the following preconfiguration requirements:
  • The probe requires at least one of the following components for monitoring:
    • ASCII-based log files
    • URL of the web page
    • Command Outputs
    • Messages in the CA UIM Hub queues
  • The 
    url_response
     probe for monitoring web page content.
: The probe does not support url_response mode on AIX platform. Thus, this mode must be disabled for both Admin Console and Infrastructure Manager.
  • Secure Hub & Robot (CA UIM 9 SP1 and above) - In a secure environment, if any probe that is installed on an independent secure robot tries to subscribe to queues in the related secure hub, the probe fails to attach to the queues. As a workaround, if the probes requires to read or publish to a hub queue, then deploy the probe on the primary hub robot. For more information, see Secure Hub and Robot.
Probe Specific Hardware Requirements
The logmon probe should be installed on systems with the following minimum resources:
  • Memory: 2-4GB of RAM. The probe OOB configuration requires 256MB of RAM
  • CPU: 3GHz dual-core processor, 32-bit or 64-bit
Probe Specific Software Requirements
The logmon probe requires the following software environment:
  • CA Unified Infrastructure Management 8.0 or later
  • Robot 7.62 or later (recommended)
  • (to enable FIPS encryption) Bus (Robot) version 7.80
  • Probe Provisioning Manager (PPM) probe version 3.20 or later (required for Admin Console)
  • Java JRE 6 or later (required for Admin Console)
  • glibc 2.5 or later (required for Linux platforms)
  • Download and install the VS-2017 redistributable package (vs2017_vcredist_x64 and vs2017_vcredist_x86) to the Archive.
(Version 3.80) Probe Specific Changes After Upgrade
The probe supports AES-128 bit encryption and decryption. To enable this feature in your Infrastructure Manager (IM), set the 
NIM_PROBE_CRYPTO_MODE
 environment variable to one of the following values in the controller probe:
  •  
    TWOFISH
     (default)
  •  
    AES_128_COMPAT
     
  • If you do not set any value of the environment variable, then the probe uses 
    TWOFISH
     encryption and decryption, by default.
  • Set this value in all the robots where the logmon probe is configured.
  • Restart the 
    Nimsoft Robot Watcher
     service after you set the environment variable.
  • The probe fails to start if you provide incorrect values for the environment variable. CA does not recommend you to change this value after you set it once.
    However, if your probe still fails to respond, see 
    Known Issues and Workarounds
     section for more information.
Troubleshooting
 
Symptom:
 logmon probe 3.91 fails to startup on RHEL 6 and RHEL 7 servers.
Executing the logmon probe binary from the command prompt: 
/probes/system/logmon
 results in the following error: 
/logmon ./logmon: error while loading shared libraries: libicuuc.so.51: cannot open shared object file: No such file or directory
 
 
Solution: 
You can either use the logmon probe version 3.90 or manually set the environment variables in the controller probe as following:
  • In the controller probe: 
    LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH:/apps/nimsoft/probes/system/logmon
     
  • To execute the binary from the command prompt: 
    export LD_LIBRARY_PATH=/apps/nimsoft/probes/system/logmon
     
Known Issues
The known issues of the probe are as follows:
  • On the AIX platform, if the files selected for monitoring using a wildcard are very large (~500+ depending on the file size), the probe crashes due to AIX platform limitations.
  •  
    (On Version 3.91)
     The probe, when using the URL mode, can read only one line at a time.
  •  
    (On Version 3.80)
     On your IM on a Windows system, sometimes the probe GUI might not open or might not respond. To fix this, create an environment variable on the Windows system from where you are accessing the IM.
     
    Follow these steps:
     
    1. Right-click on 
      My Computer
       and select 
      Properties
      .
    2. Click 
      Advanced System Settings
       to open the 
      System Properties
       dialog.
    3. Click 
      Environment Variables
      , and then click 
      New
       to add a new variable.
    4. Specify the following details for the 
      New User Variable
      :
      •  
        Variable name
        : NIM_PROBE_CRYPTO_MODE
      •  
        Variable value
        : AES_128_COMPAT
    5. Click 
      OK
       and exit from System Properties.
    6. Restart the 
      Nimsoft Robot Watcher
       service after you set the environment variable.
  •  
    (From logmon 3.70)
     The probe has the following limitations on iSeries platforms:
    • The probe displays incorrect probe version number on the GUI and the probe logs.
    • The probe intermittently does not display the monitored .mbr file on the GUI.
  • The probe does not support monitoring log queues with multiple encodings. If the sysloggtw probe monitors syslog devices with different encodings, the probe might not be able to identify the characters from the SYSLOG.IN queue.
  • The probe does not support Byte Order Mark (BOM) in the monitored files. If BOM is present in the files, the first character might be a '?'.
  • The probe only generates alarms for a file if the probe continuously receives pattern matches, as in Queue mode or from a continuous running command, from the monitored file.
  • Command for some system calls (fgets) fail, resulting in wrong exit code by the probe. 
  • Signal 13 and 15 result in exit code 141 and 143. The signals are used to kill a process.
  • The logmon Probe Provisioning UI does not allow user to view the file for URL mode.
  • The probe does not support URL mode, Command mode and Run Command on Match on IBM iSeries platform.
  • The probe has the following limitations when deployed in a non-English locale:
    • While monitoring an ASCII-based file using the ASCII characters for matching, you cannot use Japanese characters in the alarm message text. The probe cannot identify Japanese characters in alarm messages in such cases.
    • The probe displays illegible file name when clicking the 
      Tail/View File 
      button, while monitoring a Japanese log file.
    • The probe GUI shows illegible text on clicking the 
      Tail/View File
       button to view the log file text.
    • The 
      Raw Configure
       GUI of the probe is not supported for updating the probe configuration because it can corrupt the entire probe configuration file.
    • The localization is supported only on Windows 32-Bit, Windows 64-Bit, and Linux 64-Bit.
  • The probe does not support queues with multiple encodings.
Upgrades and Migrations
This section provides information that is required while upgrading the probe from a previous version to other higher versions.
 
 
3
 
3
 
 
Upgrade to version 3.42 or Later
While upgrading the probe from a previous version to 3.42 or later in the Japanese locale, take a back-up of your existing 
logmon.cfg
 file in UTF-8 encoding. The process ensures that the configuration file is not corrupt and the upgraded probe reads the Japanese characters correctly.
 
Follow these steps:
 
  1. Deactivate older release of logmon probe.
  2. Copy the existing 
    logmon.cfg
     file to any other location of your system to make a backup.
  3. Open the copied 
    logmon.cfg
     file and save it to UTF-8 without BOM. If the file is with BOM, the probe throws an error while reading the file.
    BOM is a special text at the beginning of the text file for identifying the file encoding. You can use a text editor, like 
    Notepad++
     on Windows system and 
    gedit
     on Linux system, for defining your file encoding. You can also use the 
    iconv 
    command on Linux for changing the character encoding. Alternatively, edit the configuration file on Windows system and copy it back to the Linux system.
  4. Upgrade the probe to 3.42 or later version.
  5. Activate the probe.
The probe reads the Japanese characters of the 
logmon.cfg
 file correctly.
In case, the probe is already upgraded to version 3.42 or later without taking a back-up of the configuration file, you can delete all such profiles and can recreate them.
Upgrade from a Previous Version to 3.44 or Later
The existing monitoring profile, where the 
Run Command on Match
 option is selected for a watcher rule, does not have any value for the 
Timeout
 field. This field is introduced with the 3.43 version onwards of the probe. Open the probe GUI and save the configuration for adding a default value (1 second) for this 
Timeout
 field.
Upgrade from a Previous Version to 3.47 or Later
The probe is introduced with an option to kill the command after given time limit, which the 
Command
 type monitoring profile executes. This new option does not kill the already running processes, which are executed by a previous version or when command timeout key is not enabled. You can manually kill those already running processes.
Upgrade from a Previous Version to 3.49 or Later
Starting with version 3.49, alarms will be generated only for Count Match Alarms. 
Upgrade from a Previous Version to 3.56 or Later
In the url mode, the probe generates single alarm for all the matches in the webpage when using * as the match expression.