Transcription
Tivoli Log File AgentVersion 6.3User's Guide SC14-7484-04
Tivoli Log File AgentVersion 6.3User's Guide SC14-7484-04
NoteBefore using this information and the product it supports, read the information in “Notices” on page 143.This edition applies to version 6.3 of Tivoli Log File Agent (product number 5724-C04) and to all subsequentreleases and modifications until otherwise indicated in new editions. Copyright IBM Corporation 2010, 2013.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.
ContentsFigures . . . . . . . . . . . . . . . vTables . . . . . . . . . . . . . . . viiChapter 1. Overview of the agent . . . . 1IBM Tivoli Monitoring . . . . . . . .New in this release . . . . . . . . .Components of the IBM Tivoli Monitoringenvironment . . . . . . . . . . .Agent Management Services . . . . . .User interface options . . . . . . . .Data sources . . . . . . . . . . . 1. 1.2334Chapter 2. Requirements and agentinstallation and configuration . . . . . 5Requirements for the monitoring agent . . . . . 5Generate a software product compatibility reportfor the Log File agent . . . . . . . . . . 6Agent-specific installation and configuration. . . . 6Configuring from the configuration panel. . . . 6Configuring from the command line . . . . . 8Configuration Files . . . . . . . . . . . 9Changing the agent configuration and format files 9Centralized Configuration . . . . . . . . 10CPU throttling . . . . . . . . . . . . 10Remote log file monitoring . . . . . . . . 11Remote installation and configuration . . . . 14Starting the agent . . . . . . . . . . . 15Forwarding events to Tivoli Netcool OMNIbusObjectServers . . . . . . . . . . . . . 15Subnodes . . . . . . . . . . . . . . 18Chapter 6. Workspaces reference . . . 51Predefined workspaces . . .Workspace descriptions . . .Log Files Navigator item . .LFAProfiles Navigator item .LogfileEvents Navigator itemTivoli Log File Profile subnode.525252555556Chapter 7. Attributes reference . . . . 57Attribute groups for the monitoring agent . . .Attributes in each attribute group . . . . . .LFAProfiles attribute group . . . . . . .Log File RegEx Statistics attribute group. . .Log File Status attribute group . . . . . .LogfileEvents attribute group . . . . . .LogfileProfileEvents attribute group . . . .Performance Object Status attribute group . .pro Performance Object Status attribute group.Thread Pool Status attribute group . . . .Disk capacity planning for historical data . . .5758586063677176818689Chapter 8. Situations reference . . . . 91Predefined situations . . . . . . . . . .Situation descriptions . . . . . . . . . .KLO Log Agent Config Error situation . . .KLO PRO Log Agent Config Error situation .91929293Chapter 9. Take Action commandsreference. . . . . . . . . . . . . . 95Predefined Take Action commands. 95Chapter 10. Policies reference. . . . . 97Chapter 3. Configuration file . . . . . 23Predefined policies .Chapter 4. Format file . . . . . . . . 33Chapter 11. Troubleshooting . . . . . 99Format file specifications . .Inheritance . . . . . .Multi-line . . . . . . .Mappings . . . . . . .Value specifiers . . . .Keywords . . . . . .Maximum message lengthTrace logging . . . . . . . . . . . . .Overview of log file management . . . . .Principal trace log files . . . . . . . . .Examples: Using trace logs . . . . . . . .RAS trace parameters . . . . . . . . .Dynamic modification of trace settings . . . .Setting trace parameters for the Tivoli EnterpriseConsole server . . . . . . . . . . . .Problems and workarounds. . . . . . . . .Installation and configuration troubleshootingRemote deployment troubleshooting. . . . .Agent troubleshooting . . . . . . . . .CPU throttling troubleshooting . . . . . .Remote log file monitor troubleshooting . . .Workspace troubleshooting . . . . . . . .Situation troubleshooting . . . . . . . .Take Action commands troubleshooting . . .Support information . . . . . . . . . . .33373738394041Chapter 5. Event filtering andsummarization . . . . . . . . . . . 43Detecting and filtering duplicate events . . . .Summary interval . . . . . . . . . . .Filtering events . . . . . . . . . . . .Summarization attributes . . . . . . . . .Viewing event filtering and summarization in theTivoli Enterprise Portal . . . . . . . . . Copyright IBM Corp. 2010, 2013.43444445. 45. 130iii
Appendix A. Event mapping . . . . . 131Other sources of documentation .Appendix B. Windows 2008 event logNotices . . . . . . . . . . . . . . 143137Trademarks .Appendix C. Documentation libraryPrerequisite publications.Related publications . .iv.Tivoli Log File Agent User's Guide.139. 139. 140. 140. 145Index . . . . . . . . . . . . . . . 147
Figures1.2.Historical view and cache viewis selected . . . . . . .Historical view and cache viewsend none is selected . . . Copyright IBM Corp. 2010, 2013when send all. . . . . . 46when. . . . . . 473.4.Historical view and cache viewsend first is selected . . .Historical view and cache viewis selected . . . . . . .when. . . . . . 48when nInteger. . . . . . 49v
viTivoli Log File Agent User's Guide
Tables1.2.3.4.5.6.7.8.Allocation of configuration files to servers20Slots and the DEFAULT value . . . . . . 40EventFloodThreshold values . . . . . . . 44Capacity planning for historical data logged bythe Log File agent . . . . . . . . . . 90Information to gather before contacting IBMSoftware Support . . . . . . . . . . 99Trace log files for troubleshooting agents101Problems and solutions for installation andconfiguration. . . . . . . . . . . . 111General problems and solutions foruninstallation . . . . . . . . . . . 113 Copyright IBM Corp. 2010, 20139.10.11.12.13.14.15.Remote deployment problems and solutionsAgent problems and solutions . . . . .CPU throttling problems and solutionsRemote log file monitor problems andsolutions . . . . . . . . . . . .Workspace problems and solutions . . .Situation problems and solutions . . . .Take Action commands problems andsolutions . . . . . . . . . . . .115. 116123. 124. 125. 127. 130vii
viiiTivoli Log File Agent User's Guide
Chapter 1. Overview of the agentThe Tivoli Log File Agent (product code LO) provides you with the capability to monitor Application logfiles.IBM Tivoli Monitoring is the base software for the Log File agent.The Tivoli Log File Agent is an agent that provides a configurable log file monitoring capability that usesregular expressions. For compatibility, the agent can consume the configuration information and formatstrings previously used by the Tivoli Event Console Log File Adapter. These strings allow the agent tofilter the log data according to patterns in the format file, and submit only the interesting data to anevent consumer. The agent can send data both to a Tivoli Enterprise Monitoring Server or through theEvent Integration Facility (EIF) to any EIF receiver, such as the OMNIbus EIF probe.IBM Tivoli MonitoringIBM Tivoli Monitoring provides a way to monitor the availability and performance of all the systems inyour enterprise from one or several designated workstations. It also provides useful historical data thatyou can use to track trends and to troubleshoot system problems.You can use IBM Tivoli Monitoring to achieve the following tasks:v Monitor for alerts on the systems that you are managing by using predefined situations or customsituations.v Establish your own performance thresholds.v Trace the causes leading to an alert.v Gather comprehensive data about system conditions.v Use policies to take actions, schedule work, and automate manual tasks.The Tivoli Enterprise Portal is the interface for IBM Tivoli Monitoring products. You can use theconsolidated view of your environment as seen in the Tivoli Enterprise Portal to monitor and resolveperformance issues throughout the enterprise.See the IBM Tivoli Monitoring publications listed in “Prerequisite publications” on page 139 for completeinformation about IBM Tivoli Monitoring and the Tivoli Enterprise Portal.New in this releaseFor version 6.3 of the Log File agent, the following enhancements were made since version 6.2.3.2:v Remote log file monitoring. The Log File agent can monitor text logs on remote systems by using theSecure Shell (SSH) File Transfer Protocol. For more information, see “Remote log file monitoring” onpage 11.v Changes related to system requirements. See the information about system requirements in Softwareproduct compatibility reports /v1r0/clarity/index.html). For more information about running a software product compatibility report specific toLog File agent, see “Generate a software product compatibility report for the Log File agent” on page6.v Updated klo.baroc file to support IBM Tivoli Enterprise Console event mapping changes.v Added support for the IBM Prerequisite Scanner. The Prerequisite Scanner is a stand-alone prerequisitechecking tool that analyzes system environments before the installation or upgrade of a Tivoli productor IBM solution. Copyright IBM Corp. 2010, 20131
Components of the IBM Tivoli Monitoring environmentAfter you install and set up the Log File agent, you have an environment that contains the client, server,and monitoring agent implementation for Tivoli Monitoring.This Tivoli Monitoring environment contains the following components:Tivoli Enterprise Portal clientThe portal has a user interface based on Java for viewing and monitoring your enterprise.Tivoli Enterprise Portal ServerThe portal server is placed between the client and the Tivoli Enterprise Monitoring Server andenables retrieval, manipulation, and analysis of data from the monitoring agents. The TivoliEnterprise Portal Server is the central repository for all user data.Tivoli Enterprise Monitoring ServerThe monitoring server acts as a collection and control point for alerts received from themonitoring agents, and collects their performance and availability data. The Tivoli EnterpriseMonitoring Server is also a repository for historical data.Tivoli Enterprise Monitoring Agent, Log File agentThis monitoring agent collects data and distributes the data to the Tivoli Enterprise MonitoringServer, Tivoli Enterprise Portal Server, Tivoli Enterprise Portal, Tivoli Data Warehouse, and IBMDashboard Application Services Hub.Multiple copies of this agent can run on the same system.IBM Tivoli Netcool/OMNIbusTivoli Netcool/OMNIbus is an optional component and the recommended event managementcomponent. The Netcool/OMNIbus software is a service level management (SLM) system thatdelivers real-time, centralized monitoring of complex networks and IT domain events. Eventinformation is tracked in a high-performance, in-memory database and presented to specific usersthrough individually configurable filters and views. The software includes automation functionsthat you can use to perform intelligent processing on managed events. You can use this softwareto forward events for Tivoli Monitoring situations to Tivoli Netcool/OMNIbus.IBM Tivoli Enterprise ConsoleThe Tivoli Enterprise Console is an optional component that acts as a central collection point forevents from various sources, including events from other Tivoli software applications, Tivolipartner applications, custom applications, network management platforms, and relationaldatabase systems. You can view these events through the Tivoli Enterprise Portal (by using theevent viewer), and you can forward events from Tivoli Monitoring situations to the TivoliEnterprise Console component. If you do not already use Tivoli Enterprise Console and need anevent management component, you can choose to use IBM Tivoli Netcool/OMNIbus.IBM Tivoli Common ReportingTivoli Common Reporting is a separately installable feature available to users of Tivoli softwarethat provides a consistent approach to generating and customizing reports. Some individualproducts provide reports that are designed for use with Tivoli Common Reporting and have aconsistent look and feel.IBM Tivoli Application Dependency Discovery Manager (TADDM)TADDM delivers automated discovery and configuration tracking capabilities to build applicationmaps that provide real-time visibility into application complexity.IBM Tivoli Business Service ManagerThe Tivoli Business Service Manager component delivers real-time information to help yourespond to alerts effectively based on business requirements. Optionally, you can use thiscomponent to meet service-level agreements (SLAs). Use the Tivoli Business Service Managertools to help build a service model that you can integrate with Tivoli Netcool/OMNIbus alerts or2Tivoli Log File Agent User's Guide
optionally integrate with data from an SQL data source. Optional components provide access todata from other IBM Tivoli applications such as Tivoli Monitoring and TADDM.IBM Dashboard Application Services HubThe Dashboard Application Services Hub has a core set of components that provide suchadministrative essentials as network security and database management. This component replacesthe Tivoli Integrated Portal component after version 2.2.Agent Management ServicesYou can use IBM Tivoli Monitoring Agent Management Services to manage the Log File agent.Agent Management Services is available for the following IBM Tivoli Monitoring OS agents: Windows,Linux, and UNIX. The services are designed to keep the Log File agent available, and to provideinformation about the status of the product to the Tivoli Enterprise Portal. IBM Tivoli Monitoring V6.2.2,Fix Pack 2 or later provides support for Agent Management Services. For more information about AgentManagement Services, see Agent Management Services in the IBM Tivoli Monitoring Administrator's Guide.User interface optionsInstallation of the base IBM Tivoli Monitoring software and other integrated applications providesvarious interfaces that you can use to work with your resources and data.The following interfaces are available:Tivoli Enterprise Portal user interfaceYou can run the Tivoli Enterprise Portal as a desktop application or a browser application. Theclient interface is a graphical user interface (GUI) based on Java on a Windows or Linuxworkstation. The browser application is automatically installed with the Tivoli Enterprise PortalServer. The desktop application is installed by using the Tivoli Monitoring installation media orwith a Java Web Start application. To start the Tivoli Enterprise Portal browser client in yourInternet browser, enter the URL for a specific Tivoli Enterprise Portal browser client installed onyour Web server.Command-line interfaceYou can use Tivoli Monitoring commands to manage the Tivoli Monitoring components and theirconfiguration. You can also run commands at the Tivoli Enterprise Console event server or theTivoli Netcool/OMNIbus ObjectServer to configure event synchronization for enterprisesituations.Manage Tivoli Enterprise Monitoring Services windowYou can use the window for the Manage Tivoli Enterprise Monitoring Services utility to configurethe agent and start Tivoli services not designated to start automatically.IBM Tivoli Netcool/OMNIbus event listYou can use the Netcool/OMNIbus event list to monitor and manage events. An event is createdwhen the Netcool/OMNIbus ObjectServer receives an event, alert, message, or data item. Eachevent is made up of columns (or fields) of information that are displayed in a row in theObjectServer alerts.status table. The Tivoli Netcool/OMNIbus web GUI is also a web-basedapplication that processes network events from one or more data sources and presents the eventdata in various graphical formats.IBM Tivoli Enterprise ConsoleYou can use the Tivoli Enterprise Console to help ensure the optimal availability of an IT servicefor an organization. The Tivoli Enterprise Console is an event management application thatintegrates system, network, database, and application management. If you do not already useTivoli Enterprise Console and need an event management component, you can choose to useTivoli Netcool/OMNIbus.Chapter 1. Overview of the agent3
IBM Tivoli Common ReportingUse the Tivoli Common Reporting web user interface for specifying report parameters and otherreport properties, generating formatted reports, scheduling reports, and viewing reports. Thisuser interface is based on the Dashboard Application Services Hub.IBM Tivoli Application Dependency Discovery ManagerThe Discovery Management Console is the TADDM client user interface for managingdiscoveries.IBM Tivoli Business Service ManagerThe Tivoli Business Service Manager console provides a graphical user interface that you can useto logically link services and business requirements within the service model. The service modelprovides an operator with a second-by-second view of how an enterprise is performing at anymoment in time or how the enterprise performed over a time period.IBM Dashboard Application Services HubThe Dashboard Application Services Hub provides an administrative console for applications thatuse this framework. It is a web-based console that provides common task navigation forproducts, aggregation of data from multiple products into a single view, and the passing ofmessages between views from different products. This interface replaces the Tivoli IntegratedPortal component after version 2.2.Data sourcesMonitoring agents collect data from specific data sources.The Log File agent collects data from the following sources:Log filesThe agent uses the file system to monitor application log files or other data files to gathermetrics.4Tivoli Log File Agent User's Guide
Chapter 2. Requirements and agent installation andconfigurationAgent installation and configuration requires the use of the IBM Tivoli Monitoring Installation and SetupGuide and agent-specific installation and configuration information.To install and configure Tivoli Log File Agent, use the procedures for installing monitoring agents in theIBM Tivoli Monitoring Installation and Setup Guide along with the agent-specific installation andconfiguration information.If you are installing silently by using a response file, see Performing a silent installation of IBM TivoliMonitoring in the IBM Tivoli Monitoring Installation and Setup Guide.With the self-describing agent capability, new or updated IBM Tivoli Monitoring agents using IBM TivoliMonitoring V6.2.3 or later can become operational after installation without having to perform additionalproduct support installation steps. To take advantage of this capability, see Enabling self-describing agentcapability at the hub monitoring server in the IBM Tivoli Monitoring Installation and Setup Guide. Also, seeSelf-describing monitoring agents in the IBM Tivoli Monitoring Administrator's Guide.Requirements for the monitoring agentThe Log File agent has specific operating system, resource, and software requirements.In addition to the requirements described in the IBM Tivoli Monitoring Installation and Setup Guide, theTivoli Log File Agent has the following requirements:v For the most current information about system requirements, see the Software product compatibilityreports /v1r0/clarity/index.html). For moreinformation about running a software product compatibility report specific to Log File agent, see“Generate a software product compatibility report for the Log File agent” on page 6.v A single computer that hosts the hub monitoring server, portal server, and a monitoring agent requiresapproximately 300 MB of space. A computer that hosts only the monitoring agent requiresapproximately 30 MB of space, including the specific enablement code for the monitoring agent. Morespace is required for
Chapter 1. Overview of the agent The Tivoli Log File Agent (product code LO) provides you with the capability to monitor Application log files. IBM Tivoli Monitoring is the base software for the Log File age
