IBM Support

How to install IBM Tivoli Log File Agent V6.3 and do basic configuration to recieve data in TEP?

Technical Blog Post


Abstract

How to install IBM Tivoli Log File Agent V6.3 and do basic configuration to recieve data in TEP?

Body

Download IBM Tivoli Log File Agent V6.3 from Passport Advantage site

IBM Tivoli Log File Agent (LFA) V6.3, Multiplatform, Multilingual
Part Number: CIGM5ML

Note:  Upgrading to the v6.3 of the KLO agent is not dependent on a v6.3 infrastructure. The minimum pre-req is 6.2.2 FP2.

 

Extract image to your temporary directory. After that navigate to <temp_dir>\WINDOWS\ and execute setup.exe file to start installation wizard.

image

 

When installation wizard starts proceed with Next:  

image

 

Read prerequisites and proceed with Next:

image

 

Confirm license agreement with Next (Scrshot show license agreement in Slovenian language):

image

 

Review setting and proceed with Next:

image

 

Confirm installation with Yes button:

image

 

Select Log file agent and proceed with Next:

image

 

Select setup type and proceed with Next. You can reconfigure agent also after installation.

image


Since I selected "Configure agents default connections..." following window appears where you configure communication protocol, TEMS location and other settings. Proceed with OK.

image

 

When installation / configuration ends finish installation with Finish button.

image

 

After successful installation Manage Tivoli Enterprise Monitoring Service (MTEMS) window will open where you can see LFA agent template from which you create agent instances.

image

To create instance right click in LFA template and select Configure Using Defaults in menu:

image

Enter a Unique instance name. I named my instance Test-Inst:

image

In next window specify agent parameters like conf and fmt file location, if events are sent to ITM or OMNIbus via EIF or maybe both. In this blog I will configure agent to use example conf and fmt files which are provided with agent installation image. They are located under /examples folder. I have uploaded example configuration files (regex1.conf and regex1.fmt) at the end of this blog. If you are using Autodiscovery feature you can leave Conf file and Format File parameters empty. Proceed with Next

image

Configure Global setting if needed and finish configuration with OK.

image

 

Conf file modification. Point LogSources tag to your monitored custom log. Set UnmatchLog tag to file which will capture messages which does not match a pattern in the fmt file. On Windows system you can also specify Event logs which you want to be monitored using WINEVENTLOGS tag. Snippet from regex1.conf file:

# Files to monitor.  The single file /tmp/regextest.log, or any file like /tmp/foo-1.log or /tmp/foo-a.log.
LogSources=C:\test.log

# If more than one file matches the pattern /tmp/foo-?.log above, monitor only the newest one
FileComparisonMode=CompareByLastUpdate

# Any records in the monitored log that do NOT match a pattern in the fmt are written here
UnmatchLog=C:\regextest.un

# Monitor the named event logs on Microsoft Windows.  The latter two require Windows 2008 or higher,
# and the fourth one requires the Hyper-V role.
WINEVENTLOGS=System,Security,Application,Microsoft-Windows-Hyper-V-Worker-Admin,Microsoft-Windows-TaskScheduler-Operational

 

Format which matches messages containing Error: message. Snippet from regex1.fmt file:

// Matches a simple error message like:
//
//  Error: disk full
REGEX REBase
Error: (.*)
msg $1
END

 

After successful configuration and modification of example conf and fmt files start agent:

image

 

After agent startup you can see agent online in TEP console. From default workspace you can see if all Datacollectors started with no Errors and status of monitored files which were specified in LogSources

image

To verify if agent reads and matches monitored log messages correctly navigate to Logfile Events workspace:

image

After updating Test.log file with "Error: Disk Full" entry you can see that agent matched event with REGEX REBase format is seen in agent workspace. You can also see that agent is reading messages from Windows Event logs:

image

 

Example configuration files which are also located in LFA installation image under /examples folder.

regex1.conf|View Detailsregex1.fmt|View Details

 

 

When you creating LFA instance for the first time please also review Best practice for creating LFA agent format file and Best practice for creating LFA agent configuration file blog entries.

 

 

Tutorials Point

 

Subscribe and follow us for all the latest information directly on your social feeds:

 

 

image

 

image

 

image

 

 

  

Check out all our other posts and updates:

Academy Blogs: http://ow.ly/Otue0
Academy Videos: http://ow.ly/PIKFz
Academy Google+: http://ow.ly/Dj3nn
Academy Twitter Handle: http://ow.ly/Dj35c


image

 

[{"Business Unit":{"code":"BU025","label":"IBM Cloud and Cognitive Software"}, "Product":{"code":"SSVJUL","label":"IBM Application Performance Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]

UID

ibm11277380