TIBCO® Operational Intelligence Agent Features
You can enable TIBCO OI Hawk RedTail to collect logs from various log sources such as Syslog, Windows events, real-time files, remote files and command-line output with the help of TIBCO OI Agent license. With the TIBCO OI Agent license, you can enable TIBCO OI Hawk RedTail to forward the logs to LogLogic LMI or other third-party applications for further analysis after the logs are collected. Using the TIBCO OI Hawk RedTail UI, you can configure and administer multiple TIBCO OI Agent instances.
You can collect the following logs once you have configured TIBCO OI Hawk RedTail with TIBCO OI Agent license:
| • | Real-Time File Logs |
| • | Windows Event Logs |
| • | Cmd Logs |
| • | Syslog Logs |
| • | Remote Files |
| • | OI Agent Component Internal Logs |
Real-Time File Logs
You can configure TIBCO OI Hawk RedTail to read real-time logs from local files that are generated on the machine where the OI Agent component is installed and forward them to LogLogic LMI or a Syslog server. The OI Agent component can collect single-line and multiline messages.
Windows Event Logs
The OI Agent component collects Windows event logs on Windows systems. The supported Windows versions for remote collection are Windows 2008 R2 (32 bit / 64 bit), Windows 10, Windows 2012 R2, Windows server 2016, and Windows server 2019.
Cmd Logs
You can configure TIBCO OI Hawk RedTail to read cmd logs from the command line after executing a command. The command is executed and the logs are generated on the machine where the OI Agent component is installed and forward them to LogLogic LMI or a Syslog server. You can specify the number of times that the command must be executed for and also specify the time interval after which the command is executed automatically.
Syslog Logs
The OI Agent component reads logs sent over Syslog. The Syslog logs are collected by using TCP or UDP. The OI Agent component does not start a Syslog listener on a port until at least one Syslog collector is detected.
Remote Files
The OI Agent component can collect files remotely and forward them to LogLogic LMI.
By default, the OI Agent component pulls logs in every 1 hour, but it can also pull logs in every X minutes, after every X hours, daily at X time, or weekly on Y day at X time. The OI Agent component supports FTP, SFTP, CIFS, and file protocol for remote file collection. In the OI Agent component, SMB 2.1 support is added for CIFS protocol. Ensure that you use forward slash in the file path for CIFS and file protocol.
OI Agent Component Internal Logs
OI Agent component generates its own logs when it is subjected to changes or errors. The internal logs can be used for repair or troubleshooting purposes. When internal logs are sent to LogLogic LMI, they are mapped to the LogLogic Universal Collector data model.
console.log or agent.log are not forwarded to LogLogic LMI. You must use the real-time file collector for the events.See the following tables to understand more about the collectors and forwarders that can be configured with the TIBCO OI Agent license based on the platform on which the Hawk agent is deployed.
Hawk Agent deployed in an on-premises environment
| Configuration of collectors and forwarders | TIBCO OI Hawk RedTail configured without the TIBCO OI Agent license | TIBCO OI Hawk RedTail configured with the TIBCO OI Agent license |
|---|---|---|
|
Collectors |
Real Time File collector | Windows Events Collector (Applicable only if the agent is deployed on the Microsoft Windows platform) |
| Real Time File collector | ||
| Remote Files | ||
| Syslog collector | ||
| Cmd collector | ||
| Forwarders | ULDP | ULDP |
| Syslog (TCP and UDP) |
Hawk Agent deployed on the Docker platform
| Configuration of collectors and forwarders | TIBCO OI Hawk RedTail configured without the TIBCO OI Agent license | TIBCO OI Hawk RedTail configured with the TIBCO OI Agent license |
|---|---|---|
|
Collectors |
Docker logs collector | Docker logs collector |
| Forwarders | ULDP | ULDP |
| Syslog (TCP and UDP) |
Hawk Agent deployed in a Kubernetes cluster
| Configuration of collectors and forwarders | TIBCO OI Hawk RedTail configured without the TIBCO OI Agent license | TIBCO OI Hawk RedTail configured with the TIBCO OI Agent license |
|---|---|---|
|
Collectors |
Kubernetes logs collector | Kubernetes logs collector |
| Forwarders | ULDP | ULDP |
| Syslog (TCP and UDP) |
For more information about TIBCO OI Agent features and configuration, see OIAG Documentation.