Editing a Real-Time File Log Source

Procedure

  1. On the Collection tab, double-click the selected Log Source or just select it and click the Edit button.
    The RT File Edition tab is displayed.
  2. In the General part of the screen, you can modify the following information:
    Option Description
    Log Source Enabled Click ON or OFF to define whether the current Log Source is enabled or disabled.
    Name Name of the Log Source.
    Description Description of the Log Source.
  3. In the Forwarding Connection part of the screen, you can modify the following information:
    Option Description
    Name Select the Forwarding connection to which you want to forward collected RT File logs. See Editing the Forwarding Collection List to edit the forwarding collection list.
    LogLogic® Universal Collector Collection date Define whether the log message sent to the LogLogic LMI server remains in a local system time zone or is converted into UTC time zone.
  4. In the Message Filtering part of the screen, you can modify the following information:
    Note: LogLogic® Universal Collector supports Java regular expressions.
    Option Description
    [Filtering] Click ON or OFF to activate or deactivate the option.
    Collect messages Define whether you collect messages that:

    - match the regex (other logs are filtered)

    - do not match the regex (that is, filter the logs that match the regex)

    Filter Enter a case insensitive regular expression to specify the messages to be matched.

    For example, if “Not matching regex is selected”:

    "packet accepted" means that all the lines containing packet accepted are filtered.

    "^64\.242" means that all the lines that are beginning exactly with 64.242 are filtered

    "846$" means that all the lines that are ending exactly with 846 are filtered.

    For example, if “Matching regex is selected”:

    "packet accepted" means that only the lines containing packet accepted are kept.

    "^64\.242" means that only the lines that are beginning exactly with 64.242 are kept.

    "846$" means that only the lines that are ending exactly with 846 are kept.

  5. In the Collection part of the screen, you can modify the following information:
    Note: On Windows, Real-Time file collection is unavailable on network shared and Network File System (NFS) mounted drives.
    Option Description
    File Path Browse the log file to be collected.

    If the log file is rotated, you may enter [id] or [date] or both in the file name and configure the File rotation parameters.

    For example, c:\temp\logFile[date].log to obtain file names such as logFile20170521.log

    For example, c:\temp\logFile[id].log to obtain file names such as logFile1.log

    File rotation Click ON or OFF to activate or deactivate the option.
    [If File rotation is ON] Date pattern Enter the date format you want to use for the [date] parameter.

    For example, yyyyMMdd for 20170421.

    [If File rotation is ON] Max number of digits Check the box and indicate the maximum number of digits you want for the [id] parameter.

    LogLogic® Universal Collector can collect any file with an [id] whose number of digits is between 1 and 9 inclusive.

    For example, If you set 5, the following [id] will be taken into account: 1, 054, 586, 00599, 78945, etc.

    File change notification Click ON or OFF to activate or deactivate the option. This option allows you to monitor file changes. If set ON, a notification will be sent to LogLogic LMI through the uc.log file when the modified date of the specified file changes. The notification includes the changed content and time. A new log is recorded for the notification when LogLogic® Universal Collector internal logs are forwarded to LogLogic LMI. The file changes are not monitored for rotated files. In this case, the File change notification option is disabled.

    The specified file size must be less than the default size (10MB). If the file size is more than 10MB, the notification does not include changed content.

    Note: Before activating this monitoring option, ensure that you set the LMI Connection > Forwarding > Forward UC Internal Logs option to ON.
    [Multiline messages] Click ON or OFF to activate or deactivate the option to define whether the single message has several lines.
    [If Multiline messages is ON] Multiline header type Select the type of multi-line logs.

    For example, 'jboss', 'tomcat', 'weblogic', 'websphere' or 'custom'.

    [If Multiline messages is ON] Custom header regex Set a regular expression matching the header of the first line of a log.
    [If Multiline messages is ON] Custom separator Specify a custom delimiter to use as a separator for multiple lines. The default separator is \r\n. If the field is empty, a space is added in the message.
    [If Multiline messages is ON] Send orphaned lines Indicate whether you want LogLogic® Universal Collector to send messages that do not match the Header Regexp.
    [If Multiline messages is ON] Multiline timeout after detected header Indicate the number of seconds after which the multi-line logs are ready to be sent.
    [Advanced] Click the drop-down menu to display advanced parameters.
    Host name Enter the name of the host used to pair logs on the LogLogic LMI server.

    For example, customHostname.com

    If you enter an IPv4 / IPv6 address, the device to be displayed in LogLogic LMI will be referred with this IP address.

    Application name Enter the name of the application used to identify logs on the LogLogic LMI server.

    For example, customApplicationName

    Maximum message length Indicate the possible maximum length for the message (in bytes). The maximum supported value is 1048576.

    Default value: 64000

    Note: To specify a message length of more than 64000 bytes, ensure that you use LogLogic LMI 6.2.0 and later versions.

    [Collected file]

    Charset

    		Select the data format.

    Default value: Use local system charset

  6. Click Apply to validate the changes.