1. White Star Software
  2. Advanced Alerting Configuration

Log File Monitor

Log File Monitor

ProTop has built-in monitoring for database log files and can additionally monitor any generic log file such as admserv.log, ubroker logs or any custom application logs.

The log file monitor includes self-monitoring of tmp/*.debug files by default. Uncomment the logmon.sh scheduled task in etc/schedule.cfg to enable. If you are already using logmon, simply add the lines from the latest etc/logmon.cfg to your localized configuration file.

Included Monitor Types

Protop is installed with 3 types of log monitor. See below how to add new types or customize these ones.

Log Monitor Type Description
Log_txt This is a generic text file monitor. It contains rules to find specific strings or patterns inside a line. It does not expect any specific structure. You can use it for any kind of text file.
Log_ubrk This type is a specialized version of the generic text monitor. It searches for specific strings or patterns inside ubroker logs (appservers, webspeed).
Log_oedb Scans OpenEdge database log files for specific errors, and monitors logins and logouts. This monitor only works with OE db log files as it expects the log to be structured accordingly.

Configuring the Monitor : etc/logmon.cfg

In order to have protop monitor log files, you need to edit the etc/logmon.cfg to specify what files you want to monitor and with what type of monitor. Each line of this configuration file contains the following 4 fields separated by spaces.

Note: Log files for databases monitored with ProTop are already scanned by default and do not need to be configured.

Field Purpose
Id This is a unique identifier for the monitoring instance. Each line has a unique id.
Type Indicates what type of monitor Protop will use to scan your file. This code will be used to match the associated configuration file in etc and the special program in util.
Pathname This is the fully qualified path to the log or text file you want to monitor. You can indicate a wildcard if you want to scan multiple files.
Backup This is a positive number indicating the number or character to backup up from the previous scanned position, to read in the log file. For example, 5000 would mean, if the last read position was 50,000, start reading at position 45,000. A value of 0 means that it will scan scanning from the last position minus 2048 characters.

Schedule the Log Monitor to Run

Once etc/logmon.cfg is customized you need to add logmon.sh to the system scheduler (cron on Unix, task scheduler on Windows), to run at the desired interval. You can also:

# enable the following in etc/schedule.cfg: 
# 5,20,35,50 * * * * logmon.sh >> ${PTTMP}/logmon.err 2>&1 [NOALERT]

Linux cron example to run logmon.sh every 15 minutes:

15 * * * * $PROTOP/bin/logmon.sh >> $LOGDIR/logmon.log 2>&1

Understanding the Monitor Type Configuration File

Each monitor type is composed of two files:

File Purpose
etc/log_xxxx.cfg Contains the set of rules and alert type for this kind of log file.
util/log_xxxx.p The 4GL procedure supporting the logic of scanning the log file lines.

“xxxx” being the monitor type, as specified in etc/logmon.cfg.

The syntax of the config files can be different for each monitor type. The 4GL procedure (.p) is responsible for implementing the necessary logic to parse these rules and applying an action.

For example, the default generic text monitor config file (etc/log_text.cfg) uses the following structure:

Field Purpose
id# Unique id for the rule.
startPos Starts searching for a line from this position.
operation Method of locating the pattern. Possible values: begins, index, contains, end.
target Pattern to search for.
action Action to perform when a match occurs. See table below for possible actions.
nag frequency Number of seconds between reports of this match.

Possible Actions

Action Description
script runs a specific script located in the protop script directory, named as the alert metric.
info Sends an alert of type “info”.
notify Sends an alert of type “notify”
alert Sends an alert of type “alert”
alarm Sends an alert of type “alarm”
page Sends an alarm of type “page”
Ignore This rule will not generate any alert, but can be used for debugging.

Sample Content for etc/log_test.cfg

001 17 begins trax alert 3600 # starting at position 17 if the line begins "trax"
002 0 index "audit " alert 3600 # starting at position 0 if the line contains "audit "
003 0 contains " 2*rhsmd" alert 3600 # starting at position 0 if the line matches "* 2*rhsmd*"
903 0 ends "batch." alert 0 # starting at position 0 if the line ends with "batch."

Note: If you want the monitor to receive and report alerts on the Protop dashboard, you need to add a resource named “logmon” and specify -1 as the database path, since this is not a monitored database.

Creating a New Simple Log Monitor Type

It is a good practice to logically separate rule sets for a specific topic in different monitor types. You can create a custom log type simply by following these steps:

  1. Choose a name for your new monitor type. It should be a short word with no spaces. It will represent a new monitor type. Example: “edi”.
  2. Make a copy etc/log_text.cfg and util/log_text.p in their respective folder, renaming the files by replacing “text” with your new name. e.g. etc/log_edi.cfg and util/log_edi.p
  3. Edit log_edi.cfg to add your own rules.
  4. Register your new type by adding a line in util/logmon.p at the end of the existing section containing these lines:

    run util/log_oedb.p persistent. run util/log_ubrk.p persistent. run util/log_text.p persistent. run util/log_edi.p persistent.

  5. Enable the new log monitor by editing etc/logmon.cfg. Add a line specifying the filename that you want to monitor and your new monitor type name:

    10 edi /edi/outgoing/logs/out.log 0

Sample custom monitor for Database Logs

There is a custom database log named etc/log_oedb.cfg that can be used or extended to scan OpenEdge database log files. It takes advantage of the structured log format to scan for specific message number and perform an action. In addition to matching a message number, it records the full message text, the process id and the user number. This monitor is a starting point to perform more complex processing when scanning database logs.

Note: Log files for databases monitored by ProTop are already scanned. You can use this monitor for other databases not registered with Protop.

Note: If you want the monitor to receive and report alerts on the Protop dashboard, you need to add a resource named “logmon” and specify -1 as the database path, since this is not a monitored database.

The configuration file structure is described below:

Field Purpose
msg# Represents the OpenEdge message number found in the log file
action Executes one of the following action:
  login: Registers a user login on the database.
  logout: Registers a user logout from the database.
  ignore: Take no actions.
  unknown: Placeholder for custom code.
nag frequency Number of seconds between reports of this occurence.

Sample content of etc/log_oedb.cfg

# etc/log_oedb.cfg
# msg# action nagFrequency

452 login 0
453 logout 60
7129 ignore 0