Editing a Remote File Log Source

You can modify the following fields of the Remote file log source:

Option

Description

General

Log Source Enabled

Click toggle button Yes or No to define whether the current Log Source is enabled or disabled.

Name

Name of the Log Source.

Description

Description of the Log Source.

Forwarders

Select Forwarder

Select the Forwarding connection to which you want to forward collected RT File logs from dropdown list.

Universal Collector Collection date

Define whether the log message sent to the LogLogic LMI server remains in a local system time zone or is converted into UTC time zone.

Collection

Host IP/Name

Enter the IP or name of the remote log source.

Protocol

Define whether the Log Source uses the FTP, SFTP, CIFS or file protocol.

On Windows, Remote file collection by using file protocol is unavailable on network shared and Network File System (NFS) mounted drives.

(If ftp is selected)

Server Time Zone

Select the time zone of the remote log source.

User ID

Enter the User ID to connect to the remote log source.

User password

Enter the user password.

File Path

Specify the path of the log file to be collected.

If the log file is rotated, you may enter [id] or [date] or both in the file name and configure the File rotation parameters.

For example, c:\temp\logFile[date].log to obtain file names such as logFile20170521.log

File rotation

Click Yes or No to activate or deactivate the option.

(If File rotation is active) Date pattern

Select check box and enter the date format you want to use for the [date] parameter.

For example, yyyyMMdd for 20170421.

(If File rotation is active) Max number of digits

Select the check box and enter the maximum number of digits you want for the [id] parameter.

Universal Collector microagent can collect any file with an [id] whose number of digits is between 1 and 9 inclusive.

For example, If you set 5, the following [id] will be taken into account: 1, 054, 586, 00599, 78945, etc.

File change notification

Click Yes or No to activate or deactivate the option. This option allows you to monitor file changes. If set Yes, a notification will be sent to LogLogic LMI through the uc.log file when the modified date of the specified file changes. The notification includes the changed content and time. A new log is recorded for the notification when Universal Collector microagent internal logs are forwarded to LogLogic LMI. The file changes are not monitored for rotated files. In this case, the File change notification option is disabled.

The specified file size must be less than the default size (10MB). If the file size is more than 10MB, the notification does not include changed content.

Before activating this monitoring option, ensure that you set the LMI Connection > Forwarding > Forward UC Internal Logs option is ON.

Multiline messages

Click Yes or No to activate or deactivate the option to define whether the single message has several lines.

(If Multiline messages is ON) Multiline Header Type

Select the type of multi-line logs.

For example, 'jboss', 'tomcat', 'weblogic', 'websphere' or 'custom'.

(If Multiline messages is ON) Custom Header regex

Set a regular expression matching the header of the first line of a log.

(If Multiline messages is ON) Custom Separator

Specify a custom delimiter to use as a separator for multiple lines. The default separator is \r\n. If the field is empty, a space is added in the message.

(If Multiline messages is ON) Send orphaned lines

Indicate whether you want Universal Collector microagent to send messages that do not match the Header Regexp.

(If Multiline messages is ON) Multiline timeout after detected header

Indicate the number of seconds after which the multi-line logs are ready to be sent.

 

(If Directory is selected) Directory path

If Directory is selected, enter the directory pathname. Ensure that you use the forward slash ( / ) and not the backward slash in the path.

(If Directory is selected) File(s) Include

Enter the files that must be included in the collection. The field supports the standard common wildcard characters for matching file names (* and ?).

(If Directory is selected) File(s) Exclude

Enter the files that must be excluded from the collection. The field supports the standard common wildcard characters for matching file names (* and ?).

Device type

Select the type of logs to be collected.

Test connection

Click this button to check if the connection to the remote log source is working.

Advanced

Log Source IP

Select an option:

Log Source IP - Remote file server: selected by default. The IP is grabbed from the host IP that you previously entered.

This option is not available when the file protocol is selected.

UC: IP address of the workstation where Hawk agent is running. You can change it as you want.

The IP address will be set as the host IP address when the file protocol is selected.

Delete inactive file

Click Yes or No to activate or deactivate the option. You can purge files that are older than certain time based on the modified time.

[If Delete inactive file is selected] Inactive Days

Enter the number of days after which the inactive file is deleted. The default is set to 7 days.

Schedule

Select the collection period, either per minute, hour, daily or weekly at a specific hour.