Analyzing and tracking issues in a log file during emergencies can be a challenge for administrators. The log file monitor tracks errors in logs generated from applications on Windows and Linux servers. The benefits of log file monitoring include:
- Monitor log data for any particular event or pattern
- Identify errors for any failure
- Improved security
A log file maintains a record and timestamp of events that occur in an application. The agent examines log files with a known search string (or pattern) based on the configured check type. If the agent detects a match, an alert is triggered in the alert browser. The system monitors log files including audit logs, transaction logs, and event logs. Different varieties of log file extensions can be used, however,
.log is recommended for logs that are monitored.
Log management can be a complex task maintaining log file size, applying a file checksum, and making it easy for administrators to search through old log data files to locate errors. Log rotation compresses old data (and large data) into a new log file. This process simplifies log management while allowing more space for new logs.
By using log file monitors, administrators can rule out the chance of missing an error in logs. Log file monitors can be added using Setup > Monitoring > Templates > Other Monitors.
See the Logging section for information on how to create and maintain Linux and Windows log file monitors.
Log monitor alerts
Critical alerts are sent while monitoring log files. View the alerts in the Alert browser. Examine the inverse flag in the alert description to verify the check type.
The inverse flag displays 0 if the check type exists. The alert description displays 50 characters from the last occurrence of the search string in one iteration.
The inverse flag displays 1 if the check type does not exist.
A critical alert is sent for missing log files and sends an
OK alert after the retrieval of the same file.
Log monitor graphs
The graphical data is displayed for each name configured in the log file monitor. Monitor graphs can be viewed under Infrastructure > Resources > Device Details > Metrics. Only one graph is displayed for all configured names in an individual log file monitor. The log file monitor graph is different for Windows and Linux devices.
In Windows devices, OpsRamp plots the graph as follows:
1: The input string exists
0The input string does not exist
For Linux devices, graphs plot according to the search string count. For example, if the search string is displayed 6 times in the log file, the log monitor graph displays the instances according to the number of times the search string is displayed in the log file.
Log file monitor graphs have the following limitations:
- Log files with
.rarfile extensions are not supported.
- Regular expressions are not supported in folder names.
- Up to 20 sections can be added.