Editing a Remote File Log Source
You can modify the following fields of the Remote file log source:
Option |
Description |
General |
|
Log Source Enabled |
Click toggle button Yes or No to define whether the current Log Source is enabled or disabled. |
Name |
Name of the Log Source. |
Description |
Description of the Log Source. |
Forwarders |
|
Select Forwarder |
Select the Forwarding connection to which you want to forward collected RT File logs from dropdown list. |
Universal Collector Collection date |
Define whether the log message sent to the LogLogic LMI server remains in a local system time zone or is converted into UTC time zone. |
Collection |
|
Host IP/Name |
Enter the IP or name of the remote log source. |
Protocol |
Define whether the Log Source uses the FTP, SFTP, CIFS or file protocol. On Windows, Remote file collection by using file protocol is unavailable on network shared and Network File System (NFS) mounted drives. |
(If ftp is selected) Server Time Zone |
Select the time zone of the remote log source. |
User ID |
Enter the User ID to connect to the remote log source. |
User password |
Enter the user password. |
File Path |
Specify the path of the log file to be collected. If the log file is rotated, you may enter [id] or [date] or both in the file name and configure the File rotation parameters. For example, c:\temp\logFile[date].log to obtain file names such as logFile20170521.log |
File rotation |
Click Yes or No to activate or deactivate the option. |
(If File rotation is active) Date pattern |
Select check box and enter the date format you want to use for the [date] parameter. For example, yyyyMMdd for 20170421. |
(If File rotation is active) Max number of digits |
Select the check box and enter the maximum number of digits you want for the [id] parameter. Universal Collector microagent can collect any file with an [id] whose number of digits is between 1 and 9 inclusive. For example, If you set 5, the following [id] will be taken into account: 1, 054, 586, 00599, 78945, etc. |
File change notification |
Click Yes or No to activate or deactivate the option. This option allows you to monitor file changes. If set Yes, a notification will be sent to LogLogic LMI through the uc.log file when the modified date of the specified file changes. The notification includes the changed content and time. A new log is recorded for the notification when Universal Collector microagent internal logs are forwarded to LogLogic LMI. The file changes are not monitored for rotated files. In this case, the File change notification option is disabled. The specified file size must be less than the default size (10MB). If the file size is more than 10MB, the notification does not include changed content. Before activating this monitoring option, ensure that you set the LMI Connection > Forwarding > Forward UC Internal Logs option is ON. |
Multiline messages |
Click Yes or No to activate or deactivate the option to define whether the single message has several lines. |
(If Multiline messages is ON) Multiline Header Type |
Select the type of multi-line logs. For example, 'jboss', 'tomcat', 'weblogic', 'websphere' or 'custom'. |
(If Multiline messages is ON) Custom Header regex |
Set a regular expression matching the header of the first line of a log. |
(If Multiline messages is ON) Custom Separator |
Specify a custom delimiter to use as a separator for multiple lines. The default separator is \r\n. If the field is empty, a space is added in the message. |
(If Multiline messages is ON) Send orphaned lines |
Indicate whether you want Universal Collector microagent to send messages that do not match the Header Regexp. |
(If Multiline messages is ON) Multiline timeout after detected header |
Indicate the number of seconds after which the multi-line logs are ready to be sent.
|
(If Directory is selected) Directory path |
If Directory is selected, enter the directory pathname. Ensure that you use the forward slash ( / ) and not the backward slash in the path. |
(If Directory is selected) File(s) Include |
Enter the files that must be included in the collection. The field supports the standard common wildcard characters for matching file names (* and ?). |
(If Directory is selected) File(s) Exclude |
Enter the files that must be excluded from the collection. The field supports the standard common wildcard characters for matching file names (* and ?). |
Device type |
Select the type of logs to be collected. |
Test connection |
Click this button to check if the connection to the remote log source is working. |
Advanced |
|
Log Source IP |
Select an option: Log Source IP - Remote file server: selected by default. The IP is grabbed from the host IP that you previously entered. This option is not available when the file protocol is selected. UC: IP address of the workstation where Hawk agent is running. You can change it as you want. The IP address will be set as the host IP address when the file protocol is selected. |
Delete inactive file |
Click Yes or No to activate or deactivate the option. You can purge files that are older than certain time based on the modified time. |
[If Delete inactive file is selected] Inactive Days |
Enter the number of days after which the inactive file is deleted. The default is set to 7 days. |
Schedule |
Select the collection period, either per minute, hour, daily or weekly at a specific hour. |