Editing a Remote File Log Source

Procedure

  1. On the Collection tab, double-click the selected Log Source or just select it and click the Edit button.
    The Remote File Log Source Edition tab is displayed.
  2. In the General part of the screen, you can modify the following information:
    Option Description
    Log Source Enabled Click ON or OFF to define whether the current Log Source is enabled or disabled.
    Name Name of the Log Source.
    Description Description of the Log Source.
  3. In the Forwarding Connection part of the screen, you can modify the following information:
    Option Description
    Name Select the Forwarding connection to which you want to forward collected Remote File logs. See Editing the Forwarding Collection List to edit the forwarding collection list.
    Note: Remote File Collection is only supported by LogLogic LMI v5.6 or above and can only be forwarded to LogLogic LMI, not generic syslog servers.
  4. In the Collection part of the screen, you can modify the following information:
    Option Description
    Host IP/Name Enter the IP or name of the remote log source.
    Protocol Define whether the Log Source uses the ftp, sftp, cifs or file protocol.
    Note: On Windows, Remote file collection by using file protocol is unavailable on network shared and Network File System (NFS) mounted drives.
    [If ftp is selected] Server TimeZone Select the time zone of the remote log source.
    [If a non-local timezone is selected] File System Type Select the file system type.
    User ID Enter the User ID to connect to the remote log source.
    [If cifs is selected] Domain/User name Enter the domain or user name.
    [If sftp is selected] Password/Public key Select the authentication method.
    Note: Following authentication modes are supported:
    • Password only
    • Public key only
    • Password or public key
    User password Enter the user password.
    User key [If sftp protocol and public key is selected] Upload the private key file.
    [If cifs is selected] Share name Enter the cifs share name.
    File / Directory Select the source of the collection, either a file or the content of a directory.
    [If File is selected] File path If File is selected, enter the file path. This is the absolute path of the file system where the LogLogic® Universal Collector is installed. For example, on Windows: d:/myFolder/myLog.log. However, on Linux/UNIX systems it must be as /usr/myAccount/myLog.log.
    [If File is selected] File Rotation

    Click ON or OFF to activate or deactivate the option.

    Only available if File is selected.

    [If File is selected] File change notification Click ON or OFF to activate or deactivate the option. You can monitor a file changes. If set ON, a notification will be sent to LogLogic LMI through the uc.log file when the modified date of the specified file changes. The notification includes the changed content and time. A new log is recorded for the notification when LogLogic® Universal Collector internal logs are forwarded to LogLogic LMI. The file changes are not monitored for rotated files. In this case, the File change notification option is not available.
    The specified file size must be less than the default size (10MB). If the file size is more than 10MB, the notification does not include changed content.
    Note: Before activating this monitoring option, ensure that you set the LMI Connection > Forwarding > Forward UC Internal Logs option to ON.
    [If File Rotation is ON] Original name The file that is currently being written; it is usually the file without date or id tag.
    Note: Ensure that the original name is specified in a supported file name pattern. If the file with specified original name is not found in the source directory, the logs are written to the file name that matches the file rotation pattern. For more details, see Supported File Name Patterns.
    [Multiline messages] Activate this option to define several lines in a single message.
    [If Multiline messages is ON] Multiline header type Select the type of multi-line logs. For example, 'jboss', 'tomcat', 'weblogic', 'websphere' or 'custom'.
    [If Multiline messages is ON] Custom header regex Set a regular expression matching the header of the first line of a log
    [If Multiline messages is ON] Send orphaned lines Indicate whether you want LogLogic® Universal Collector to send messages that do not match the Header Regexp.
    [If Multiline messages is ON] Custom separator Specify a custom delimiter to use as a separator for multiple lines. The default separator is \r\n. A space is used as a separator if the field is empty.
    [If Multiline messages is OFF] Device type Defines the type of device of the collected remote file.
    [If File Rotation is ON] Date pattern

    Enter the date format you want to use for the [date] parameter.

    For example, yyyyMMdd for 20170421

    [If File Rotation is ON] Max number of digits Select the box and indicate the maximum number of digits you want for the [id] parameter. LogLogic® Universal Collector can collect any file with an [id] whose number of digits is between 1 and 9 inclusive. For example, If you set 5, the following [id] will be taken into account: 1, 054, 586, 00599, 78945, etc.
    [If Directory is selected] Directory path If Directory is selected, enter the directory pathname. Ensure that you use the forward slash ( / ) and not the backward slash in the path.
    [If Directory is selected] File(s) Include Enter the files that must be included in the collection. The field supports the standard common wildcard characters for matching file names (* and ?).
    [If Directory is selected] File(s) Exclude Enter the files that must be excluded from the collection. The field supports the standard common wildcard characters for matching file names (* and ?).
    Device type Select the type of logs to be collected.
    Test connection Click this button to check if the connection to the remote log source is working.

    [Advanced]

    Log Source IP

    Select an option:

    - Remote file server: selected by default. The IP is grabbed from the host IP that you previously entered.
    Note: This option is not available when the file protocol is selected.
    - UC: IP address of the workstation where LogLogic® Universal Collector is installed. You can change it as you want.
    Note: The IP address will be set as the host IP address when the file protocol is selected.
    Delete inactive file Click ON or OFF to activate or deactivate the option. You can purge files that are older than certain time based on the modified time.
    [If Delete inactive file is selected] Delete file remains unchanged more than Enter the number of days after which the inactive file is deleted. The default is set to 7 days.
    [Schedule] Select the collection period, either per minute, hour, daily or weekly at a specific hour.
  5. Click Apply to validate the changes.