How do I enable Log Analytics?

Enable access to log content

To enable existing instances of Dynatrace OneAgent to access log content, log into the monitored host and set:

AppLogContentAccess = true

On Linux:

  • Dynatrace OneAgent versions 103 and later:
    /var/lib/dynatrace/oneagent/agent/config/ruxitagentloganalytics.conf

  • Dynatrace OneAgent versions 102 and earlier:
    /var/lib/ruxit/agent/config/ruxitagentloganalytics.conf

On Windows:

  • Dynatrace OneAgent versions 103 and later:
    C:\ProgramData\dynatrace\oneagent\agent\config\ruxitagentloganalytics.conf

  • Dynatrace OneAgent versions 102 and earlier:
    C:\ProgramData\ruxit\agent\config\ruxitagentloganalytics.conf

Dynatrace OneAgent restart is not required.

New installations

By default, Log Analytics is enabled by your Dynatrace administrator during Dynatrace OneAgent installation. If you don't want to allow access to log files on a particular host, you can disable Log Analytics for that host during Dynatrace OneAgent installation. In the Linux installation example below, note the Enable access to monitored processes log files content on this host switch. Disable this setting to turn off log access for this host. The Dynatrace OneAgent installer for Windows provides the same option.

For both operating systems, Dynatrace OneAgent installation provides support for the APP_LOG_CONTENT_ACCESS parameter, which sets log access to either enabled or disabled based on the state of this switch.

Enable or disable Log Analytics

Dynatrace Log Analytics is enabled by default.

To enable/disable Log Analytics globally:

  1. Open the navigation menu and select Settings.
  2. Select Monitoring > Monitored technologies.
  3. Set the Log Analytics switch to the On position for enable or to the Off position for disable.

By default, Dynatrace auto-discovers, analyzes, and stores logs every 60 seconds. You can modify this frequency in the Log Analytics configuration file.

User rights for Log Analytics

Logs often contain sensitive information that may not be appropriate for all users to see. For this reason, your Dynatrace administrator must enable the View logs account-security permission by adding these users to the Log viewer group. Non-admin users are NOT part of this group by default. To access log contents, they must be explicitly added.

Auto-discovery of log content

By default, Dynatrace auto-discovers all new log files. While some of the log files are valid and auto-discovered by default, other log files must meet certain requirements to be auto-discovered.

Default auto-discovery

By default, log files are auto-discovered and analyzed if they are in:

  • Windows System Log
  • Windows Security Log
  • Windows Application Log
  • /var/log/syslog
  • /var/log/messages

Auto-discovery requirement

A log file must meet all of the following requirements in order to be auto-discovered:

  • The log file must be opened by an important process. See, Which are the most important processes?

  • The log file must exist for a minimum of one minute.

  • The log file must contain a supported time stamp.

    Binary logs and unsupported time stamp

    Binary log files and log files that contain an unsupported time stamp will be detected automatically but will not be analyzed and will not be stored (only the file status will be reported). See, Log Analytics configuration file.

  • The log file must be at least 0.5 kb in size.

  • The log file must have been updated (written to) in the last 7 days.

  • The log file must be in a root or in a sub folder of a log or logs folder:

    • Valid path examples:
      c:\log\log_file.txt
      c:\logs\NewFolder\log_file.txt
    • Invalid path example:
      c:\log\NewFolder\NewFolder\log_file.txt

    or the log filename must contain a log string preceded or followed by the period (.) or underscore (_) character:

    • Valid filename examples:
      c:\NewFolder\0865842.log.txt
      c:\NewFolder\log_file.txt
    • Invalid filename example:
      c:\NewFolder\logfile.txt
No auto-discovery

If you don't want Dynatrace to automatically discover new log files on a specific monitored host, set:

AppLogAutoDetection = false

On Linux:

  • Dynatrace OneAgent versions 103 and later:
    /var/lib/dynatrace/oneagent/agent/config/ruxitagentloganalytics.conf

  • Dynatrace OneAgent versions 102 and earlier:
    /var/lib/ruxit/agent/config/ruxitagentloganalytics.conf

On Windows:

  • Dynatrace OneAgent versions 103 and later:
    C:\ProgramData\dynatrace\oneagent\agent\config\ruxitagentloganalytics.conf

  • Dynatrace OneAgent versions 102 and earlier:
    C:\ProgramData\ruxit\agent\config\ruxitagentloganalytics.conf

OneAgent restart is not required.

Add log files manually

Dynatrace allows you to add specific log files manually in instances where the files aren't discovered automatically. You only need to add one log path at the process-group level to cover all processes within the group across all monitored hosts.

To manually add a log file to a process group:

  1. Open the left-hand navigation menu and select Hosts.
  2. Select a host.
  3. From the Processes section of the page, select the process for which you want to add a new log file.
  4. In the Log files section of the page, click the Configure more log files link.
    Alternatively, look for the No log files section if no log files are associated with the process.
  5. On the Process group settings page, click Add new log file for monitoring.
  6. Type the file path of the log file to be associated with this process group. Only absolute paths are allowed.
  7. Click Save.

Considerations for adding log files manually

Dynatrace supports log files that meet at least one of the following criteria:

  • Files are located in a directory called log or logs (limited up to 2 levels) or /var/log/.

OK:
C:\Program Files\MyApp\logs\aaa.txt
/var/log/app/other/out/bbb.out

NOT OK:
C:\Program Files\MyApp\logs\other\out\ccc.txt

  • Files have the extension .log or .evt (for example, apache.log).
  • File names end with [.-_]log (for example, apache_log.txt, apache.log.txt, or apache-log.txt).

Additionally:

  • Only absolute file paths are supported:

    • Unix: Path must begin with /.
      Paths within the following folders are not supported:
      etc
      boot
      proc
      dev
      bin
      sbin
      lib
      usr
      .ssh
      
    • Windows: Path must begin with drive letter (for example, C:\).
      Paths within the following folders are not supported:
      windows
      winnt
      
  • Manually added log files affect all processes on all hosts belonging to the configured process group.

  • To add log files located in a container:

    1. Configure the container so that the log file within the container is written to a disk.
    2. Point the OneAgent to this location by defining the absolute path to where the container is to write the log files.
  • You can add a set of files in the folder by using a wildcard.
    For example, /var/log/apache/access-*.log will report all files separately.

  • You can add numbered rotating-log filesets by using the hash character (#).
    For example, /var/log/error-#.log will match error-1.log, error-2.log, etc., and report the fileset as a single error-#.log file.

  • You can globally disable the option to configure custom log files by setting:
    AppLogRemoteConfiguration = false
    On Linux:

    • Dynatrace OneAgent versions 103 and later:
      /var/lib/dynatrace/oneagent/agent/config/ruxitagentloganalytics.conf

    • Dynatrace OneAgent versions 102 and earlier:
      /var/lib/ruxit/agent/config/ruxitagentloganalytics.conf

    On Windows:

    • Dynatrace OneAgent versions 103 and later:
      C:\ProgramData\dynatrace\oneagent\agent\config\ruxitagentloganalytics.conf

    • Dynatrace OneAgent versions 102 and earlier:
      C:\ProgramData\ruxit\agent\config\ruxitagentloganalytics.conf