Debugging rules files

When you change the rules file, add new rules, or create lookup tables, it is useful to test the probe by running it in debug mode. Debug mode shows how an event is being parsed by the probe and can uncover any problems with the rules file.

About this task

You can enable debug mode from the command-line interface or by changing the probe properties file. If you need to change the message level of a running probe without stopping the probe, you can use the kill command against the probe process ID (PID).

Procedure

  • To enable debug mode from the command-line interface, enter the following command:

    $OMNIHOME/probes/nco_p_probename -messagelevel DEBUG -messagelog STDOUT

    If you omit the -messagelog command-line option, the debug information is sent to the probe log file in the $OMNIHOME/log directory rather than to the screen.

  • To enable debug mode by using the probe properties file, add the following entries to the file:
    MessageLevel: "DEBUG"
    MessageLog: "STDOUT"
    If you omit the MessageLog property, the debug information is sent to the probe log file in the $OMNIHOME/log directory rather than to the screen.
  • To change the message level of a running probe to debug mode, use the kill -USR2 pid command on the probe PID.

    Each time you issue the kill -USR2 pid command, the message level is cycled.

    For more information, see the man pages for the ps and kill commands.

    Tip: For JAVA probes, issue the kill command on the nco_p_nonnative process ID.

What to do next

For changes to the rules file to take effect, force the probe to reread the rules file.