logmon MCS Profile Type Configuration

A monitoring administrator uses Monitoring Configuration Service (MCS) to create configuration profiles for groups of devices.
uimpga-ga
logmon_MCS
A monitoring administrator uses Monitoring Configuration Service (MCS) to create configuration profiles for groups of devices.
Prerequisites
Verify the following information before you configure and deploy the probe:
  • Verify that your archive contains a logmon probe that is at least v3.55.
  • Complete any probe-specific prerequisites.
  • Verify that you meet the minimum hardware and software requirements before you deploy a monitoring configuration profile.
To use the enhanced profiles, review the following information:
  • CA Unified Infrastructure Management version 9 SP1 (or later)
  • Monitoring Configuration Service (MCS) version 9.10 (or later)
  • Metrics plug-in version 7.96 (or later)
  • Robot version 9.10 (or later)
For more information, see logmon (Log Monitoring) Release Notes.
If you are migrating from version 4.00 to version 4.01 (legacy templates), then, delete the old logmon-profile-migrator.jar from the migrators folder in mon_config_service probe directory (Nimsoft\probes\service\mon_config_service\migrators), otherwise, migrators may fail.
Enhanced Profiles in MCS
This release of CA UIM includes a new type of Monitoring Configuration Service (MCS) profile, called an enhanced profile. Enhanced profiles enable you to configure metrics, baselines, alarm thresholds, alarms - including Time Over Threshold alarms - and custom alarm and close alarm messages, all within a single MCS profile. For more information, see Configuring Alarm Thresholds in MCS in CA UIM Probe Documentation.
You can convert your existing MCS profiles to enhanced profiles. We recommend that you first migrate existing profiles to the latest available version and then convert them to enhanced profiles. For more information, see Migrating and Converting Existing Profiles.
Configure the logmon Profile Types
Use the log monitoring profile types to monitor system log files. The 7 log monitoring profile types are:
  • Setup logmon
  • QoS Definition
  • Log Monitoring
  • Exclude Rules
  • Exit Code Monitoring
  • Watcher Rules
  • Variables
Create a Setup logmon configuration profile to configure general probe settings. Configure a QoS definition if you want to create custom variables the probe uses in alarms and QoS metrics.
Use the Log Monitoring, Exclude Rules, Exit Code Monitoring, and Watcher Rules profile types to qualify the information in the log files the probe monitors.
If you want to create custom QoS metrics that can be used with variables, create configuration profiles using the QoS Definition and Variables profile types. You connect the QoS definition and the configured variable by selecting the QoS definition profile and the Active option in the Variables profile type.
The following figure provides an overview of how to configure the log monitoring profile types.
Using logmon Profile Types
Using logmon Profile Types
Note:
You cannot configure the logmon probe to monitor a URL or a queue using the MCS profile types.
Create a Log Monitoring Profile
The Log Monitoring profile type lets you create an initial profile and one or more Rules sub-profiles. After you create a Log Monitoring configuration profile, the Exclude Rules, Exit Code Monitoring, Format Rules, and Watcher Rules sub-profiles appear. Configure the desired log monitoring rules. For more information about configuring enhanced alarm thresholds, see Configuring Alarm Thresholds in MCS.
When you create device log monitoring configuration profiles, you can modify the device configuration settings and you can add or delete rules at any time. This configuration profile is applied only to the selected device. The same holds true for group configuration profiles.
After group log monitoring configuration profiles are applied to devices in the group, you can override the group configuration for a selected device. There are two ways to override group configuration:
  • Modify a
    few
    configuration settings:
    Select a device log monitoring profile or one of the associated rules sub-profiles. Modify configured settings to override the group settings for a device. The configuration changes are applied only to the selected device. An * (asterisk) appears for each setting override. You can revert device overrides back to the group configuration settings by using the Revert arrow. However, you cannot delete the device profiles or sub-profiles, or cannot add or delete sub-profiles.
  • Modify several configuration settings and add or remove rules:
    Select the desired device log monitoring profile. Clear the
    Active
    check box to deactivate the configuration profile for the selected device, and then save the change. For the selected device, create a replacement device log monitoring configuration profile and add rules sub-profiles. At the device level, you can continue to modify device configuration settings and add or remove rules sub-profiles for this new device configuration profile. Group configuration changes are not applied to the new device configuration profile. However, group configuration changes are applied to the deactivated device configuration profile, although changes do not affect log monitoring because the device profile is deactivated.
Note:
If you are using a MySQL database, all sub-profile names must be unique across all monitoring profiles. If you attempt to create a sub-profile with a name that is already in use, an error stating that a duplicate name profile already exists. The system prevents you from creating a sub-profile with duplicate name.
Fields to Know
Setup logmon Profile Type
  • Run Command Threads
    field: This setting indicates how many commands the Watcher rule can run when the probe detects a matching pattern (specified with the Watcher Rule profile type).
QoS Definition Profile Type
  • As Expected
    field: Select this option to allow the probe to generate a QoS metric when the value in the Expected Value fields set in the Variables profile type is breached.
Watcher Rules Profile Type
  • Restrict to Format Rule
    field: A watcher rule looks for a match that is based on the format rule you enter in this field. Use this field to logically connect a watcher rule to a format rule. Use the Profile name of the format rule as the format rule name.
  • Run Command on Match
    fields: Specify the command and command arguments the probe runs when the probe finds a pattern that matches the RegEx expression that is entered in the Pattern to Match field. All of these fields appear on the Watcher Rules profile type.
Variables Profile Type
  • Source Line and Source Line Value
    fields: Configure these fields on the Variables profile type. These fields allow the probe to extract data from a monitored log file or command output to replace the configured variable. Configure these fields only when a Format Rule has been configured for this log monitoring configuration profile.
  • Expected Value
    fields: The threshold that is configured in this section
  • QoS Metric for Variable
    fields: Select the QoS Definition in the QoS Metric Name field to connect the configured QoS Definition to this Variable. Select the
    Active
    option before you can select a QoS Metric Name.
Exit Code Monitoring Profile Type
  • Subsystem ID
    field: defines the alarm subsystem ID.
Default Settings
Setup logmon
  • Log Level - 0 - Fatal
  • Log File Size - 100 KB
  • Log File - logmon.log
  • Alarm on Missing or Open File - Checked
  • Run Command Threads - 5
QoS Definition Profile Type
  • Unit - Bytes
  • Unit Abbreviation - B
Log Monitoring
The Log Monitoring profile type is deactivated by default and does not generate any QoS metrics or alarms. If you want the logmon probe to generate QoS metrics and alarms, activate the profile type.
  • Mode - CAT
  • Log File/Command Encoding - UTF-8
  • Check Interval - 5 minutes
  • Publish Alarms - Checked
  • Maximum Alarm Count - 0 (zero)
  • Maximum Alarm Count Severity - Major
Directory Recursions
Deactivated by default. Select the
Directory Recursion
check box and specify a value in the
Number of levels to Recurse
field to allow the probe to look into the specified number of directories/folders to find a matching file pattern.
We recommend not to enable the
Directory Recursion
and
Number of levels
to Recurse
options for the
Test Profile
option as enabling the options may adversely affect the probe performance.
Exclude Rules
No default settings.
Exit Code Monitoring
  • Operator - = (equals)
  • Severity (of alarm) - Information
Format Rules
  • End by - End expression
Watcher Rules
The Watcher Rules profile type is activated by default and does not generate any alarms or QoS metrics. If you want the logmon probe to generate QoS metrics and alarms based on watch rule settings, specify a profile name.
  • Active - Checked
  • Pattern to Match - Error*
  • Severity - Clear
  • Pattern Match Operator - = (equals)
  • Alarm on Every Run Severity - Warning
Watcher Exclude Rules
No default settings. For more information see, logmon AC or IM configuration articles.
Variable Definition
  • Source Line Value - 1 (one)
  • Source From Column - No
  • Source From Character Position - No
  • Source From Match Expression - No
  • Source From Position - 1 (one)
  • Source To Position - Ignore To
  • Expected Value operator - = (equals)
  • (From logmon 3.91)
    Variable Exceed Threshold - None
    Define the values of the following parameters to create a variable threshold:
    • Threshold
      : Define the minimum number of times the Threshold breach for all defined variables must occur for the probe to generate the alarm.
    • Alarm Text
      : Defines the message text that is sent with the alarm.
    • Severity
      : Define the severity of the alarm. The probe generates the alarms only for the defined severity. If you do not define any severity, the probe sends the default message that is defined in the
      Standard
      section.
    • Suppression Key
      : Define the suppression key to avoid multiple instances of the same alarm.
      The Variable Exceed Alarm is applicable for the Update and Command mode. Setting the alarm disables the watcher rules.
Upgrade Considerations
(from MCS 4.12 or 4.14 to MCS 4.15)
In MCS 4.12 and 4.14, Setup logmon (Enhanced) and QoS Definition (Enhanced) are two individual templates. From MCS 4.15 onwards, QoS Definition (Enhanced) is incorporated under Setup logmon (Enhanced) as a child template.
Prerequisites:
Since the Setup logmon (Enhanced) template is parent of QoS Definition (Enhanced) template, the existing profiles should be created in the below sequence.
  1. Setup logmon (Enhanced) profile
  2. Qos Definition (Enhanced) profile (ProfileId of the parent template should always be greater than profileId of the child template).
If the sequence of profile creation was in reverse, then after template upgrade, the profiles will be moved to modified state and later cannot be editable.
If there are any profiles created for 'Setup logmon (Enhanced)' and 'QoS Definition (Enhanced)' templates (BLT) on logmon template version "4.12" or "4.14", then the below queries must be executed before migrating to 4.15 version.
If there are any profiles created for other than 'Setup logmon (Enhanced)' and 'QoS Definition (Enhanced)' templates (BLT), then there is no need to execute any SQL query before migrating to higher version.
  1. Query to update the parentProfile column in SSRV2Profile
    DECLARE @id INT DECLARE @cs_id INT DECLARE @groupid INT DECLARE @childtemplateid INT DECLARE @getProfile CURSOR SET @childtemplateid = (select templateId from SSRV2Template where templateName='QoS Definition (Enhanced)') SET @getProfile = CURSOR FOR Select profileId,cs_id,group_id from SSRV2Profile where profileName='Setup logmon (Enhanced)' OPEN @getProfile FETCH NEXT FROM @getProfile INTO @id, @cs_id,@groupid WHILE @@FETCH_STATUS = 0 BEGIN IF @cs_id IS NULL Update SSRV2Profile set [email protected] where [email protected] and [email protected] and profileId [email protected] ELSE Update SSRV2Profile set [email protected] where [email protected]_id and [email protected] and profileId [email protected] FETCH NEXT FROM @getProfile INTO @id, @cs_id,@groupid END CLOSE @getProfile DEALLOCATE @getProfile
  2. Query to update parentId for child template in SSRV2Template
    update SSRV2Template set parent=(select templateId from SSRV2Template where templateName='Setup logmon (Enhanced)') where templateid in (select templateId from SSRV2Template where templateName='QoS Definition (Enhanced)')