eG Help

Agents Administration - Tests

Default Parameters for EgSyslogFilterSvrTest

This test periodically checks the Syslog file for a specific rule set by administrator and reports the number of messages that match each rule. This way, administrator is alerted to the errors/warnings triggered at any level of the system, and enabled to initiate the remedial measures before anything untoward happens.

This page depicts the default parameters that need to be configured for EgSyslogFilterSvrTest .

The TEST PERIOD list box helps the user to decide how often this test needs to be executed.

By default, the syslog file contains logs relating to multiple of host systems that are installed in your environment. In order to obtain the log information of your interest, you can define a set of rules according to which the messages should be read from the syslog file in the RULE NAME text box. The format of your rule should be: rule1: str1|str2|str3|str4|str5, where rule1 refers to the unique name that you assign to every rule, which will appear as the descriptor of this test, and str1, str2, str3, str4 and str5 refer to the strings to be searched in the syslog file. Using these strings, the information in the syslog file may be parsed and metrics may be collected. When you want to define more than one rule, you can do so by setting multiple rules in the following format: rule1=str1|str2|str3|str4|str5^#^rule2=str1|str2|str3. For example: rule1:session closed|session close|session fail^#^rule2=logon fail|login failed|login failure.

The FACILITY parameter is set to all indicating that all the facilities will be monitored by default for the rule specified in the RULE NAME text box. If you wish to filter the messages received from specific parts/processes of the host system, then, you can enter the facilities corresponding to those parts/processes against this parameter. For example: rule1=UNKNOWN,MAIL. When more than one rules are defined, you have to provide the facilities in the following format: rule1=UNKNOWN,MAIL^#^rule2=all.

In the FILTER HOST tex box, specify the IP addresses of the host systems for which the messages collected should be filtered from the syslog file. Multiple host systems can be given in a comma-separtated list. For instance: rule1=192.168.10.1,192.168.10.2,192.168.10.5^#^rule2=all. By default, this parameter is set to all which indicates that all the hosts systems will be monitored.

The error/warning messages logged in the syslog file have various degrees of criticality. In the LEVEL text box, indicate the LEVEL to check the error/warning messages with particular degree of criticality in the syslog file. This parameter is set to all, which indicates that all messages in the syslog file will be monitored, by default. Multiple levels can be included as a comma-separated list in the following format: rule1=Error, critical.

Provide the logic based on which this test should monitor the messages from the syslog file in the FILTER LOGIC text box. This logic is derived based on the strings provided in the RULE NAME text box. The logic can be provided as follows: rule1=(str1 and str2) or str3^#^rule2=str1 or (str2 and str3).

In the EXCLUDE PATTERNS text box, specify a comma-separated list of error or warning message patterns to exclude from monitoring. Your pattern specification can be of any of the following formats: *error or warning messages*. This parameter is set to none by default, which indicates that no message will be excluded from monitoring.

This test reports metrics by parsing the syslog file. Specify the full path to the syslog file in the SYSLOGFILE text box. For instance: C:\eGurkha\agent\syslog\syslog.

By default, the ROTATINGFILE parameter is set to No. To instruct the eG Enterprise system to monitor newer log files also, set this parameter to Yes. Otherwise, set it to No.

The DD FREQUENCY refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD FREQUENCY.

Once the necessary values have been provided, clicking on the UPDATE button will register the changes made.

When changing default configurations of tests, the values with "$" indicate variables that will be replaced by the eG system according to the specific server being managed - for instance, $hostName is the host/nickname of the target host, $port is the port number of the server being monitored. E.g., for a server xyz:80, $hostName will be changed automatically by the eG manager to "xyz" and $port will be changed to "80" when configuring a test.