C.6. LogAgent
The probes in this section monitor the log files on your systems. You can use them to query logs for certain expressions and track the sizes of files. For LogAgent probes to run, the
nocpulse user must be granted read access to your log files.
Note that data from the first run of these probes is not measured against the thresholds to prevent spurious notifications caused by incomplete metric data. Measurements will begin on the second run.
C.6.1. LogAgent::Log Pattern Match
The LogAgent::Log Pattern Match probe uses regular expressions to match text located within the monitored log file and collects the following metrics:
- Regular Expression Matches — The number of matches that have occurred since the probe last ran.
- Regular Expression Match Rate — The number of matches per minute since the probe last ran.
Requirements — The Red Hat Network Monitoring Daemon (
rhnmd) must be running on the monitored system to execute this probe. For this probe to run, the nocpulse user must be granted read access to your log files.
In addition to the name and location of the log file to be monitored, you must provide a regular expression to be matched against. The expression must be formatted for
egrep, which is equivalent to grep -E and supports extended regular expressions. This is the regular expression set for egrep:
| ^ | beginning of line |
| $ | end of line |
| . | match one char |
| * | match zero or more chars |
| [] | match one character set, e.g. '[Ff]oo' |
| [^] | match not in set '[^A-F]oo' |
| + | match one or more of preceding chars |
| ? | match zero or one of preceding chars |
| | | or, e.g. a|b |
| () | groups chars, e.g., (foo|bar) or (foo)+ |
Warning
Do not include single quotation marks (') within the expression. Doing so causes
egrep to fail silently and the probe to time out.
Table C.30. LogAgent::Log Pattern Match settings
| Field | Value |
|---|---|
| Log file* | /var/log/messages |
| Basic regular expression* | |
| Timeout* | 45 |
| Critical Maximum Matches | |
| Warning Maximum Matches | |
| Warning Minimum Matches | |
| Critical Minimum Matches | |
| Critical Maximum Match Rate | |
| Warning Maximum Match Rate | |
| Warning Minimum Match Rate | |
| Critical Maximum Match Rate |
