Skip to content
CA Unified Infrastructure Management Probes
Documentation powered by DocOps

logmon Use Case Examples

Last update March 19, 2019

This article lists the following examples of how to configure the logmon probe, with minimum configuration settings:

Example: When both "Generate alarm" and "Generate Quality of Service" check boxes are selected.

This example shows you the output when both Generate alarm and Generate Quality of Service check boxes are selected.

Follow these steps:

  1. Create a profile and a watcher with a variable.
  2. From the General tab, enable both Generate Quality of Service and Generate alarm check boxes.
  3. Navigate to Watcher Rules > QoS and enable the qos for variable.
  4. Create a qos for variable and assign a target.
  5. Apply and save the configuration.
  6. Check for alarms and QoS.

Result:In this example, QoS settings are disabled as shown in the screenshot. This results in the following outcomes:

  • Alarm generated for matching pattern.
  • Qos generated for the variable. QoS on variables can only be sent on numeric value or state (true or false), provided that the option As expected is selected on the QoS definition dialog (the dialog launched when creating a new QoS).
  • No QoS for profile is generated

Example: When only "Generate Quality of Service" check box is selected

This example shows you the output when only Generate Quality of Service check box is selected.

Follow these steps:

  1. Create a profile and a watcher with a variable. 
  2. From the General tab, enable Generate Quality of Service check box.
  3. Navigate to Watcher Rules > QoS.
  4. Enter the QoS Name and QoS Target.
  5. Apply and save the configuration.
  6. Check for alarms and QoS.

Result: In this example, QoS settings are enabled because the profile is running in “Send QoS” Mode only. Hence user will get two QoS as follows:

  • A QoS for which you have created the target, "profile qos” as shown in the screenshot. In case the target is not set here, then it will take the default target as profilename.watchername. The value for this QoS depends on the alarm message being sent on matching pattern. For example, if the text message is an integer, profile qos will print the value of that integer else it would print 0 for a string.
  • A QoS for variable with target 10.112.77.242.variable as shown in the screenshot. QoS on variables can only be sent on numeric value or state (true or false), provided that the option As expected is selected on the QoS definition dialog (launched when creating a new QoS).

If running in Send QoS mode, the content of the Message to send on match field is converted to a number (double) unless the keyword NULL is used.

  1. Apply and save the configuration.
  2. Check for alarms and QoS.

Monitor Response of Ping Command

Objective:

Monitor the response of the ping command with the following parameters:

  • Generate alarm with text for round trip time in the format Maximum Time and Average Time. For example, 2 and 1.
  • Individual QoS messages for both values.
  • Restrict the format to the last four lines.
  • Exclude alarms if one or more packets are lost.

Steps:

Prerequisites:

  • logmon probe is installed
  • permission to execute the CLI

Regular Expressions:

The regular expressions implemented in this use case are as follows:

  • Format Rule: The expression restricts the text block to start from the statistics section. For the end, we have used the line count.

    /.*Ping stat.*/

  • Exclude Rule: The expression looks for the count of lost packets. If the count is not zero, the lines are excluded from monitoring.

    /.*Lost = (?!0).*/

  • Watcher Rule: The expression looks for the line in the text with the maximum and average values. The values, as they are not constant, are specified using wildcards.

    /.*Maximum = (.*)ms, Average = (.*)ms.*/

  • Watcher Rule Variables: The following variables are defined to match the expression.
    • The variable for maximum value looks for the first match in the watcher rule. The value is picked from the first capturing group in the expression.

      Maximum = (.*)ms

    • The variable for average value looks for the second match in the watcher rule. The value is picked from the second capturing group in the expression.

      Average = (.*)ms

Test Command Response using CLI

Test the command and its response using the CLI in your Operating System. For example, Command Prompt in Windows.

Follow these steps:

  1. Open the CLI.
  2. Execute the command and view the response.

For example, for the ping command, the response is as follows:

D:\Users\abc.d>ping 10.112.69.69


Pinging 10.112.69.69 with 32 bytes of data:
Reply from 10.112.69.69: bytes=32 time=1ms TTL=63
Reply from 10.112.69.69: bytes=32 time=2ms TTL=63
Reply from 10.112.69.69: bytes=32 time=2ms TTL=63
Reply from 10.112.69.69: bytes=32 time=1ms TTL=63


Ping statistics for 10.112.69.69:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 4ms, Average = 3ms

The expected alarm message text for this ping is as follows:

4 and 3


Configure Profile With Watcher Rule

You can configure the probe to monitor the ping response of a network system.

Follow these steps:

  1. Create a command profile. For example, CommandUseCase.
  2. In the General tab > Command field, specify the command in the ping <IP> format.
    For example, ping 10.112.69.69
  3. Create a Watcher rule.
  4. In the Watcher Rules tab > Standard tab of the rule > Match Expression field, specify the expression to match in the command response.
    For example, specify /.*Maximum = (.*)ms, Average = (.*)ms.*/ to look for the last line of the text keyword in the response.

    Note: If you specify * as the expression, the probe generates an alarm for each line of the response.

  5. Enable the watcher rule and the profile to start monitoring.
  6. The probe generates the alarm with the following text:

        Minimum = 3ms, Maximum = 4ms, Average = 3ms

Configure Custom Variable in Watcher Rule

You can configure custom variables and use the variable in the alarm message text. You can also configure QoS messages for these variables.

Follow these steps:

  1. In the Variables tab, create a variable. For example, create a variable maxVar that extracts the maximum value from the ping response.
  2. In the Variable Settings dialog, specify the initial location of the string. For example, select Match Expression with value 1 to capture the first matching group.
  3. Repeat this for the average value with and has Match Expression with value 2 to capture the second matching group.
  4. In the Watcher Rules tab > Standard tab of the rule > Match Expression field, specify the variables in the alarm message.
  5. The probe generates an alarm with the following text:

    4 and 3

  6. In the QoS tab, select the variable to generate QoS messages.

    Important! The probe generates QoS messages with 0 as the value if the variable text is non-numeric.

  7. The probe generates the following QoS messages:

    • With target CommandUseCase.W1.maxVar, the QoS value is 4.
    • With target CommandUseCase.W1.avgVar, the QoS value is 3.

Restrict Format Definition to Last Four Lines

You can restrict the profile to look for the string in a specific block of text using format rules. For example, create a format rule that restricts the search parameters to the last four lines of the ping response. In this example, the probe restricts the text block using the format rule, looks for the watcher rule expression in that text block, and when found, applies the variable parameters on the format rule block to generate the alarm.

Note: When you use a format rule, variables in associated watcher rules are applicable on the format rule text block.


Follow these steps:

  1. In the Format Rules tab, create a format rule.
  2. Specify the start and end expressions.
    For example, specify /.*Ping stat.*/ as the start expression and end after four lines.
  3. The probe generates the alarm with the following text:

    4 and 3

Exclude Monitoring If One or More Packets Are Lost

You can specify an expression to exclude lines of matching text from monitoring. In this example, the probe restricts monitoring if one or more packets are lost.

Follow these steps:

  1. In the Exclude Rules tab, create an exclude rule.
  2. Specify the expression to exclude the matching text.
    For example, specify /.*Lost = (?!0).*/ as the expression.
  3. The probe generates the following alarm message if no packets are lost:

  4. The probe generates the following QoS messages if no packets are lost:

Monitor a log file using regular expression and run a script

Objective: Monitor a log file and run a script when the specified text is found in the file.

Prerequisites:

  • logmon probe is installed, configured and active.
  • log file is available for monitoring.
  • script file is available for execution.

Follow these steps:

  1. Create and configure a profile (for example, demo_logmon) in the probe with the following minimum settings:
    • From the General tab, browse and select the monitored log file (for example, my.log file). 
    • Select the Mode as cat to search for the required text in the entire log file.
    • Select the Generate Alarm check box to receive alerts when the match is found.
  2. Create and configure a watcher rule (for example, script_run), with the following minimum settings to define the conditions to run the script.

    • Under Match Expression, add the expression that the probe will search in the log file. For example, add *[Hh]eartbeat*. When the text, Heartbeat or heartbeat is found in the log file, the specified script will be executed. For more information about Regular Expression Construct Rules, see logmon Hints and Examples.

    • Under Message to Send on Match, add the text that will be displayed as an alert when the match is found. For example, "Match Found".

    • Select the Run Command on Match check box to run the script when the match is found.
    • Browse and select the script file that will be executed, upon successful match. For example, script.sh file.

  3. Activate the profile to start monitoring.

Output: In this example, when the script is executed, the "script.txt" file is created. See the following screenshot.

An alarm is also displayed with the specified "Match Found" text.

Monitor a log file using regular expression and use the matched string as the alarm message

Objective: Monitor the log file and generate an alert when the specified text is found. The alarm message is same as the found text.

Prerequisites:

  • logmon probe is installed, configured and active.
  • log file is available for monitoring.

Follow these steps:

  1. Create and configure a profile (for example, demo_logmon2) in the probe, with the following minimum settings:
    • From the General tabbrowse and select the monitored log file (for example, my.log file). 
    • Select the Mode as cat to search for the required text in the entire log file.
    • Select the Generate Alarm check box to receive alerts when the match is found.
  2. Create and configure a watcher rule (for example, alarm), with the minimum following setting:
    • Under Match Expression, add the expression that the probe will search in the log file. For example, add *[Hh]eartbeat*. When the text, Heartbeat or heartbeat is found in the log file, an alarm will be generated. For more information about Regular Expression Construct Rules, see logmon Hints and Examples.

  3. Activate the profile to start monitoring.

Output: In this example, the "my.log" file contains the text, "heartbeat found in file". When the profile found the "heartbeat" text in the log file, the following alarm is generated.

Monitor a text file using regular expression and generate a QoS message

Objective: Monitor a text file and generate a QoS message when the specified text is found. The QoS message displays the monitoring information, such as the number of times the text was found in the log file.

Prerequisites:

  • logmon probe is installed, configured and active.
  • file is available for monitoring.

Follow these steps:

  1. Create and configure a profile (for example, my_log) in the probe with the following minimum settings:
    • From the General tabbrowse and select the monitored file (for example, test.txt). 
    • Select the Mode as cat to search for the required text in the entire log file.
    • Select the Generate Quality of Service check box to generate the QoS message, upon successful match.
  2. Create and configure a watcher rule (for example, ora), with the following minimum settings:
    • Under Match Expression, add the expression that the probe will search in the text file. For example, add *us*. For more information about Regular Expression Construct Rules, see logmon Hints and Examples.
  3. From the QoS tab, select the Count Matches check box.
  4. Save the information and restart the probe.

Output: An alarm is generated when "us" expression is found in any word in the text file. As shown in the following screenshot, QOS_LOGMON_VARIABLE captures the number of times the expression "us" has been found in the text file. In this example, the expression has been found only once, so the samplevalue shows "1".

Example: Maximum Alarm Count based on Suppression Keys

You can configure the probe to generate maximum number of alarms specified in the Maximum Alarm Count field based on Suppression Keys defined for a watcher.

When the MaxAlarmPerWatcherSuppKey value set to No, the probe limits the number of alarms to the value specified in the Maximum Alarm Count field per watcher.

For example, for a profile with Maximum Alarm Count not specified and watcher configured with the regex pattern /(?i:WSVR0220I\:[^\:]*\:(?<apllog>\s*[^\s]*))/, Suppression Key (suppid) GBM_${apllog}_SCH. For file update mode with below log file content:

[10/3/17 13:23:13:390 CEST] 0000004d ApplicationMg A WSVR0220I: Application stopped: GlobalConfirmingBatchListaceEAR 
[10/3/17 13:23:13:390 CEST] 0000004d ApplicationMg A WSVR0220I: Application stopped: GlobalConfirmingBatchListaceEAR 
[10/3/17 13:23:13:390 CEST] 0000004d ApplicationMg A WSVR0220I: Application stopped: GlobalConfirmingBatchListaceEAR 
[10/3/17 13:23:13:390 CEST] 0000004d ApplicationMg A WSVR0220I: Application stopped: GlobalConfirmingBatchListaceEAR 
[10/3/17 13:23:13:390 CEST] 0000004d ApplicationMg A WSVR0220I: Application stopped: GlobalConfirmingContabilidadEAR 
[10/3/17 13:23:13:390 CEST] 0000004d ApplicationMg A WSVR0220I: Application stopped: GlobalConfirmingContabilidadEAR 
[10/3/17 13:23:13:390 CEST] 0000004d ApplicationMg A WSVR0220I: Application stopped: GlobalConfirmingContabilidadEAR 
[10/3/17 13:23:13:390 CEST] 0000004d ApplicationMg A WSVR0220I: Application stopped: GlobalConfirmingContabilidadEAR 


The probe generates 
two different alarms with supp count equals to 4.

  • Four events with supp id: GBM_BVMNGLAPCFSI21_BVMNGLAPCFSI22_STOPPEDSTARTING_GlobalConfirmingBatchListaceEAR_SCH 
  • Four events with supp id: GBM_BVMNGLAPCFSI21_BVMNGLAPCFSI22_STOPPEDSTARTING_GlobalConfirmingContabilidadEAR_SCH 

When the MaxAlarmPerWatcherSuppKey value set to Yes and for the same regex pattern, Suppression Key, and the Maximum Alarm Count value as 1, the probe generates:

  • One event with supp id: GBM_BVMNGLAPCFSI21_BVMNGLAPCFSI22_STOPPEDSTARTING_GlobalConfirmingBatchListaceEAR_SCH
  • One event with supp id: GBM_BVMNGLAPCFSI21_BVMNGLAPCFSI22_STOPPEDSTARTING_GlobalConfirmingContabilidadEAR_SCH
Was this helpful?

Please log in to post comments.

  1. Abhishek Singh
    2018-10-15 09:33

    It appears that something is missing in log file content snippet for example "Maximum Alarm Count based on Suppression Keys"

    1. Medikonda, Sandeep Samuel
      2018-10-16 05:42

      Hi Abhishek Singh, we will review the snippet and update as required.

      -Documentation Team