IBM Support

How to configure Monitoring logs feature in APMv8

Technical Blog Post


Abstract

How to configure Monitoring logs feature in APMv8

Body

IBM Monitoring 8 delivers Log File Agent (LFA) features inside OS agent. OS agent manual gives already good description how to configure this feature but I will give even more detailed with corresponding pictures.

On below url you can find official documentation about configuration:

http://www.ibm.com/support/knowledgecenter/en/SSHLNR_8.1.3/com.ibm.pm.doc/install/osagent_configcontainer.htm

Before you begin you have to create conf and fmt files which later you need to place to APM server. Available tags which can be used in conf file can also be found on below url.

 

In my experiment I have created regex1.conf and regex1.fmt files.

regex1.conf contains below two lines:

WINEVENTLOGS=System,Security,Application,Microsoft-Windows-Hyper-V-Worker-Admin,Microsoft-Windows-TaskScheduler-Operational
UseNewEventLogAPI=y

 

and regex1.fmt contains:

REGEX BaseWindowsEvent
^([A-Z][a-z]{2} [0-9]{1,2} [0-9]{1,2}:[0-9]{2}:[0-9]{2} [0-9]{4}) [0-9] (\S+) (\S+) (\S+) (\S+) ([0-9]+) (.*)
timestamp $1
severity $2 CustomSlot1
eventclass $3 CustomSlot2
eventsource $4 CustomSlot3
keywords $5 CustomSlot4
eventid $6 CustomSlot5
msg $7
END

 

Difference from LFA agent and OS agent log file monitoring in APM8 is that you have to import conf/fmt files via APM console. To configure log file monitoring you must follow below steps:

    1. Click System configuration > Agent Configuration.

    Depending on the system on which you want to monitor the log files, click either the Unix OS, Linux OS, or Windows OS tab. Since I want to monitor Windows event logs I have selected Windows OS. To create a new configuration, click the (+) icon to open the New Log File Configuration window.

image

   2. Enter a name for the configuration and a description of the configuration. In my case regex1 and Configuration discription testWin
    To view the contents of the .conf and the .fmt files, click View.
    To upload the configuration by using the Performance Management server, select the .conf file and the.fmt file from the same system where you open the Performance Management console  and click Done.

image

   3. On the OS agent tab, select the configuration that you uploaded.
    Important: The .conf and .fmt files that are distributed to the agents are renamed to the configuration name that you define.

   4. To deploy the configuration, in the Log Configuration Distributions List table, select the agents to which you want to deploy the configuration and click Apply Changes. When this is done, Distribution attribute will change from 0 to 1.

image

When this is done navigate back to NT OS agent dashboard where you will see under Log Files widget your created Log Monitoring configuration:

image

If you click on your configuration (regex1) below workspace will open where you can see all your monitored event logs:

image

   When you click on define event logs you can see all matched events:

image

 

   When you click on event you will see detailed information:

image

 

Hope this blog was helpful....  Gregor

 

 

 

Tutorials Point

 

Subscribe and follow us for all the latest information directly on your social feeds:

 

 

image

 

image

 

image

 

 

  

Check out all our other posts and updates:

Academy Blogs: http://ow.ly/Otue0
Academy Videos: http://ow.ly/PIKFz
Academy Google+: http://ow.ly/Dj3nn
Academy Twitter Handle: http://ow.ly/Dj35c


image

 

 

 

 

 

[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SSVJUL","label":"IBM Application Performance Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]

UID

ibm11277344