APM

How to Configure Monitoring Logs Feature in APM v8

By Kristen Meren posted Tue October 15, 2019 02:34 AM

  

by Gregor Kovacic

IBM Monitoring 8 delivers Log File Agent (LFA) features inside OS agent. OS agent manual gives already good description how to configure this feature but I will give even more detailed with corresponding pictures.

On below url you can find official documentation about configuration:

http://www.ibm.com/support/knowledgecenter/en/SSHLNR_8.1.3/com.ibm.pm.doc/install/osagent_configcontainer.htm

Before you begin you have to create conf and fmt files which later you need to place to APM server. Available tags which can be used in conf file can also be found on below url.

 

In my experiment I have created regex1.conf and regex1.fmt files.

regex1.conf contains below two lines:

WINEVENTLOGS=System,Security,Application,Microsoft-Windows-Hyper-V-Worker-Admin,Microsoft-Windows-TaskScheduler-Operational
UseNewEventLogAPI=y

 

and regex1.fmt contains:

REGEX BaseWindowsEvent
^([A-Z][a-z]{2} [0-9]{1,2} [0-9]{1,2}:[0-9]{2}:[0-9]{2} [0-9]{4}) [0-9] (\S+) (\S+) (\S+) (\S+) ([0-9]+) (.*)
timestamp $1
severity $2 CustomSlot1
eventclass $3 CustomSlot2
eventsource $4 CustomSlot3
keywords $5 CustomSlot4
eventid $6 CustomSlot5
msg $7
END

 

Difference from LFA agent and OS agent log file monitoring in APM8 is that you have to import conf/fmt files via APM console. To configure log file monitoring you must follow below steps:

    1. Click System configuration > Agent Configuration.

    Depending on the system on which you want to monitor the log files, click either the Unix OS, Linux OS, or Windows OS tab. Since I want to monitor Windows event logs I have selected Windows OS. To create a new configuration, click the (+) icon to open the New Log File Configuration window.

image

   2. Enter a name for the configuration and a description of the configuration. In my case regex1 and Configuration discription testWin
    To view the contents of the .conf and the .fmt files, click View.
    To upload the configuration by using the Performance Management server, select the .conf file and the.fmt file from the same system where you open the Performance Management console  and click Done.

image

   3. On the OS agent tab, select the configuration that you uploaded.
    Important: The .conf and .fmt files that are distributed to the agents are renamed to the configuration name that you define.

   4. To deploy the configuration, in the Log Configuration Distributions List table, select the agents to which you want to deploy the configuration and click Apply Changes. When this is done, Distribution attribute will change from 0 to 1.

image

When this is done navigate back to NT OS agent dashboard where you will see under Log Files widget your created Log Monitoring configuration:

image

If you click on your configuration (regex1) below workspace will open where you can see all your monitored event logs:

image

   When you click on define event logs you can see all matched events:

image

 

   When you click on event you will see detailed information:

image

 

1 comment
3 views

Permalink

Comments

Thu January 11, 2018 03:54 AM

Latest documentation link

The latest Cloud APM, Private documentation for configuring OS agent log file monitoring is available here:

https://www.ibm.com/support/knowledgecenter/en/SSHLNR_8.1.4/com.ibm.pm.doc/install/osagent_configcontainer.htm

The latest Cloud APM documentation for configuring OS agent log file monitoring is available here:

https://www.ibm.com/support/knowledgecenter/SSMKFH/com.ibm.apmaas.doc/install/osagent_configcontainer.htm