ProTop has built-in monitoring for database log files and can additionally monitor any generic log file such as admserv.log, ubroker logs or any custom application logs. Follow the three simple steps below. [UNIX/Linux only]
NOTE:
- The log file monitor includes self-monitoring of tmp/*.debug files by default. Uncomment the logmon.sh scheduled task in your etc/schedule.*.cfg to enable, you don't have to do anything else. If you are already using logmon, simply add the lines from the latest etc/logmon.cfg to your localized (etc/logmon.*.cfg) configuration file to enable monitoring of tmp/*.debug.
- Log files for databases monitored with ProTop are already scanned by default and do not need to be configured in your etc/logmon.*.cfg file.
Included monitor types
Protop is installed with 3 types of log monitor. See below how to add new types or customize these ones.
| Log Monitor Type | Description |
| Log_txt | This is a generic text file monitor. It contains rules to find specific strings or patterns inside a line. It does not expect any specific structure. You can use it for any kind of text file. |
| Log_ubrk | This type is a specialized version of the generic text monitor. It searches for specific strings or patterns inside ubroker logs (appservers, webspeed). |
| Log_oedb | Scans OpenEdge database log files for specific errors, and monitors logins and logouts. This monitor only works with OE db log files as it expects the log to be structured accordingly. |
1. Configure the log monitor: etc/logmon.*.cfg
In order to have protop monitor log files, you need to edit your etc/logmon.*.cfg to specify which files you want to monitor and with what type of monitor. Each line of this configuration file contains four fields separated by spaces explained in the table below.
By way of example, here is the current default etc/logmon.cfg:
# etc/logmon.cfg
#
# log files to monitor
#
# id# type pathname backup
#
# 01 ubrk /u1/wrk/asesb/logs/restbroker1.broker.*.log 0
#
# 51 ubrk /u1/wrk/asesb/logs/restbroker1.server.*.log 0
# text example that looks for errors in $PROTOP/tmp/*.debug files
#
# enable the following in etc/schedule.cfg:
#
# 5,20,35,50 * * * * logmon.sh >> ${PTTMP}/logmon.err 2>&1 [NOALERT]
990 text tmp/pt3agent.*.debug 0
999 text tmp/dbmonitor.debug 0
| Field | Purpose |
| Id | This is a unique identifier for the monitoring instance. Each line has a unique id. |
| Type | Indicates what type of monitor Protop will use to scan your file. This code will be used to match the associated configuration file in etc and the special program in util. |
| Pathname | This is the fully qualified path to the log or text file you want to monitor. You can indicate a wildcard if you want to scan multiple files. |
| Backup | This is a positive number indicating the number or character to backup up from the previous scanned position, to read in the log file. For example, 5000 would mean, if the last read position was 50,000, start reading at position 45,000. A value of 0 means that it will scan scanning from the last position minus 2048 characters. |
Understanding the log monitor type configuration file
Each monitor type is composed of two files:
| File | Purpose |
| etc/log_xxxx.cfg | Contains the set of rules and alert type for this kind of log file. |
| util/log_xxxx.p | The 4GL procedure scans the log file lines. |
“xxxx” being the monitor type, as specified in etc/logmon.cfg above.
The syntax of the config files can be different for each monitor type. The 4GL procedure (.p) is responsible for implementing the necessary logic to parse these rules and apply an action.
For example, here is the default generic text monitor config file, etc/log_text.cfg. The only active line in this file is the one that begins 4glerr:
# etc/log_text.cfg
#
# uniqId startPos operation target action nagFrequency
#
# mixing radically different rule sets is a bad idea
# - think about it, i'm sure you will agree.
# - if a set of rules go together then that is probably a log file "type"
# - so clone the text monitor and create a new "type" specific to those rules
#
#001 17 begins trax alert 3600 # starting at position 17 if the line begins "trax"
#002 0 index "audit " alert 3600 # starting at position 0 if the line contains "audit "
#003 0 contains " 2*rhsmd" alert 3600 # starting at position 0 if the line matches "* 2*rhsmd*"
#
#
#900 0 contains "abl*(453)" alert 300
#901 32 begins "P" alert 60
#902 0 index "(7129)" alert 3600
#903 0 ends "batch." alert 0
# an example for detecting errors in protrace or *.debug files
#
4glerr 0 index " --> " alert 0 # starting at position 0 if the line contains " --> " throw a "4glerr" alert
# make sure that we end the file with a linefeed
log_text.cfg expects these columns:
| Field | Purpose |
| uniqId | Unique id for the rule |
| startPos | Starts searching in a line from this position |
| operation | 4GL method of locating the pattern in the line. Possible values: begins, index, contains, ends |
| target | Pattern to search for. Double quote strings that contain spaces. |
| action | Action to perform when a match occurs. See table below for possible actions. |
| nag frequency | Number of seconds between reports of this match. |
Possible actions
| Action | Description |
| script | runs a specific script located in the protop bin directory, named the same as the uniqId in the log_*.*.cfg file |
| info | Sends an alert of type “info” |
| notify | Sends an alert of type “notify” |
| alert | Sends an alert of type “alert” |
| alarm | Sends an alert of type “alarm” |
| page | Sends an alarm of type “page” |
| Ignore | This rule will not generate any alert, but can be used for debugging. |
Here are some examples of etc/log_text.cfg entries
001 17 begins trax alert 3600 # starting at position 17 if the line begins "trax"
002 0 index "audit " alert 3600 # starting at position 0 if the line contains "audit "
003 0 contains " 2*rhsmd" alert 3600 # starting at position 0 if the line matches "* 2*rhsmd*"
903 0 ends "batch." alert 0 # starting at position 0 if the line ends with "batch."
2. Edit your etc/log_text.cfg
Add entries constructed as above and according to your needs and save the file.
3. Schedule the log monitor to run
Once your etc/logmon.*.cfg and etc/log_text.cfg files are customized, enable logmon.sh in your ProTop scheduler by removing the # at the beginning of this line in your etc/schedule.*.cfg:
#
# 5,20,35,50 * * * * logmon.sh >> ${PTTMP}/logmon.err 2>&1 [NOALERT]
Or, add this line to your crontab on Linux or Unix to run logmon.sh every 15 minutes. Replace [PROTOPDIR] with your ProTop installation directory e.g. /usr/var/protop:
*/15 * * * * [PROTOPDIR]/bin/logmon.sh >> [PROTOPDIR]/log/logmon.log 2>&1
Logmon alerts on the ProTop Portal
Logmon sends alerts to the ProTop Portal are assigned to the "server" resource and can be seen when you click anywhere in the Site column in the Resources window except directly on the site name. 
This shows all alerts for the site, including the server level alerts (logmon alerts are server level alerts), not just those for one resource:
Creating a new simple log monitor type
It is a good practice to logically separate rule sets for a specific topic in different monitor types. You can create a custom log type simply by following these steps:
- Choose a name for your new monitor type. It should be a short word with no spaces. It will represent a new monitor type. Example: “edi”.
- Make a copy etc/log_text.cfg and util/log_text.p in their respective folder, renaming the files by replacing “text” with your new name. e.g. etc/log_edi.cfg and util/log_edi.p
- Edit log_edi.cfg to add your own rules.
-
Register your new type by adding a line in util/logmon.p at the end of the existing section containing these lines:
run util/log_oedb.p persistent. run util/log_ubrk.p persistent. run util/log_text.p persistent. run util/log_edi.p persistent.
-
Enable the new log monitor by editing etc/logmon.cfg. Add a line specifying the filename that you want to monitor and your new monitor type name:
10 edi /edi/outgoing/logs/out.log 0
Sample custom monitor for database Logs
Note: Log files for databases monitored by ProTop are already scanned. You can use this monitor for other OpenEdge databases not registered with ProTop.
There is a custom database log named etc/log_oedb.cfg that can be used or extended to scan OpenEdge database log files. It takes advantage of the structured log format to scan for specific message number and perform an action. In addition to matching a message number, it records the full message text, the process id and the user number. This monitor is a starting point to perform more complex processing when scanning database logs.
The configuration file structure is described below:
| Field | Purpose |
| msg# | Represents the OpenEdge message number found in the log file |
| action | Executes one of the following action: |
| login: Registers a user login on the database. | |
| logout: Registers a user logout from the database. | |
| ignore: Take no actions. | |
| unknown: Placeholder for custom code. | |
| nag frequency | Number of seconds between reports of this occurence. |
Sample content of etc/log_oedb.cfg
# etc/log_oedb.cfg
#
# msg# action nagFrequency
452 login 0
453 logout 60
7129 ignore 0