Log Monitoring configuration file
Each OneAgent provides a ruxitagentloganalytics.conf
file where you can set configuration options.
If your OneAgent installation, freshly installed or upgraded, does not have the ruxitagentloganalytics.conf
file, use ruxitagentloganalytics.conf.template
as a template and create your own ruxitagentloganalytics.conf
file. Next, copy the ruxitagentloganalytics.conf
file to the following directory:
- Linux:
/var/lib/dynatrace/oneagent/agent/config/
- Windows:
%PROGRAMDATA%\dynatrace\oneagent\agent\config\
AppLogContentAccess
Enables access to the log file content on this host. If set tofalse
, the log file will be displayed in the user interface, but the content won't be accessible. Note that the OneAgent will still auto-detect log files unless the flagAppLogAutoDetection
is set tofalse
.
AppLogContentAccess=false
AppLogRemoteConfiguration
Enables the manual configuration of logs to be accessed and monitored. If set tofalse
, it won't be possible to add logs manually using the settings interface.
AppLogRemoteConfiguration=true
AppLogAutoDetection
Enables auto-detection of log files on this host. If set tofalse
, logs won't be auto-detected.
AppLogAutoDetection=true
FilesInGroup
Defines how many files can be open by the specified process group.
Syntax:FilesInGroup=[process_group_ID], [warning_number_of_files], [maximum_number_of_files]
FilesInGroup=0x0, 150, 200
EntryFilter
Defines the filter for a log entry. A matching definition for process group, log path, and line prefix will make this entry available on storage.
Syntax:EntryFilter=[process_group_ID], [log_path], [LAQL]
EntryFilter=0x0,Windows Application Log,INFO======
EntryFilter=0x201744FC09941B85,%PROGRAMDATA%\CrashPlan\log\service.log.#,not INFO======
LogEntryPrefix
Defines the prefix of the log entry. If a match is found, the log line will be considered a log entry.
LogEntryPrefix=/var/ossec/logs/alerts/alerts.log,** Alert
-
MainLoopInterval
Sets the time interval (in seconds) of OneAgent log operations. Defines how often the OneAgent will detect, analyze, and store logs.By decreasing this value:
- You can configure the OneAgent to react faster to events happening on the monitored host.
- You might negatively affect performance as the
LogAgent
then requires more CPU cycles and performs more disk operations. - There will be more writes to storage disks and a worse compression ratio. Data latency will however be lower.
In case the server doesn't keep up with writing, the server will increase the interval to achieve an IOPS rate that the storage is able to handle.
By increasing this value:
- You can increase OneAgent performance. The OneAgent would then use less CPU and perform fewer disk operations. This might be beneficial if you monitor applications that write a small number of logs at short intervals.
- You could increase the latency on the UI. For example, the results of log analysis performed on stored data would not contain data from the last (up to)
MainLoopInterval
seconds.
MainLoopInterval=60
-
AutomaticFile
Defines which files will be included in or excluded from the log analysis and storage.
AutomaticFile=Path, Include|Exclude
You can use the wildcard (
*
) to indicate specify all directories and subdirectories.
For example:AutomaticFile= */log/*/*, Exclude
Configuration
AutomaticFile= */log/*/*, Exclude
would exclude the/dir1/dir2/log/dir3/test1.log
file, but it would NOT exclude the/dir1/dir2/log/test2.log
file. In this example, thetest2.log
file is not located at the directory depth indicated in the configuration. As a result, the condition set in the configuration is not met.
JSONTimestampFieldNames
Defines a list of fields in a JSON-formatted log entry that will be used as a time stamp for automatic JSON parsing. This is a global configuration for all JSON log files. If more than one field is found, the first one will be used.
JSONTimestampFieldNames=time,timestamp