Red Hat Training
A Red Hat training course is available for Red Hat Satellite
D.6. LogAgent
The probes in this section monitor the log files on your systems. You can use them to query logs for certain expressions and track the sizes of files. For LogAgent probes to run, the
nocpulse user must be granted read access to your log files.
Note that data from the first run of these probes is not measured against the thresholds to prevent spurious notifications caused by incomplete metric data. Measurements will begin on the second run.
D.6.1. LogAgent::Log Pattern Match
The LogAgent::Log Pattern Match probe uses regular expressions to match text located within the monitored log file and collects the following metrics:
- Regular Expression Matches — The number of matches that have occurred since the probe last ran.
- Regular Expression Match Rate — The number of matches per minute since the probe last ran.
Requirements — The Red Hat Network Monitoring Daemon (
rhnmd) must be running on the monitored system to execute this probe. For this probe to run, the nocpulse user must be granted read access to your log files.
In addition to the name and location of the log file to be monitored, you must provide a regular expression to be matched against. The expression must be formatted for
egrep, which is equivalent to grep -E and supports extended regular expressions. This is the regular expression set for egrep:
^ beginning of line $ end of line . match one char * match zero or more chars [] match one character set, e.g. '[Ff]oo' [^] match not in set '[^A-F]oo' + match one or more of preceding chars ? match zero or one of preceding chars | or, e.g. a|b () groups chars, e.g., (foo|bar) or (foo)+
Warning
Do not include single quotation marks (') within the expression. Doing so causes
egrep to fail silently and the probe to time out.
Table D.30. LogAgent::Log Pattern Match settings
| Field | Value |
|---|---|
| Log file* | /var/log/messages |
| Basic regular expression* | |
| Timeout* | 45 |
| Critical Maximum Matches | |
| Warning Maximum Matches | |
| Warning Minimum Matches | |
| Critical Minimum Matches | |
| Critical Maximum Match Rate | |
| Warning Maximum Match Rate | |
| Warning Minimum Match Rate | |
| Critical Maximum Match Rate |
D.6.2. LogAgent::Log Size
The LogAgent::Log Size probe monitors log file growth and collects the following metrics:
- Size — The size the log file has grown in bytes since the probe last ran.
- Output Rate — The number of bytes per minute the log file has grown since the probe last ran.
- Lines — The number of lines written to the log file since the probe last ran.
- Line Rate — The number of lines written per minute to the log file since the probe last ran.
Requirements — The Red Hat Network Monitoring Daemon (
rhnmd) must be running on the monitored system to execute this probe. For this probe to run, the nocpulse user must be granted read access to your log files.
Table D.31. LogAgent::Log Size settings
| Field | Value |
|---|---|
| Log file* | /var/log/messages |
| Timeout* | 20 |
| Critical Maximum Size | |
| Warning Maximum Size | |
| Warning Minimum Size | |
| Critical Minimum Size | |
| Critical Maximum Output Rate | |
| Warning Maximum Output Rate | |
| Warning Minimum Output Rate | |
| Critical Minimum Output Rate | |
| Critical Maximum Lines | |
| Warning Maximum Lines | |
| Warning Minimum Lines | |
| Critical Minimum Lines | |
| Critical Maximum Line Rate | |
| Warning Maximum Line Rate | |
| Warning Minimum Line Rate | |
| Critical Minimum Line Rate |
