Each OneAgent provides a
ruxitagentloganalytics.conf file where you can set configuration options.
If your OneAgent installation, freshly installed or upgraded, does not have the
ruxitagentloganalytics.conf file, use
ruxitagentloganalytics.conf.template as a template and create your own
ruxitagentloganalytics.conf file. Next, copy the
ruxitagentloganalytics.conf file to the following directory:
Enables access to the log file content on this host. If set to
false, the log file will be displayed in the user interface, but the content won't be accessible. Note that the OneAgent will still auto-detect log files unless the flag
AppLogAutoDetectionis set to
Enables the manual configuration of logs to be accessed and monitored. If set to
false, it won't be possible to add logs manually using the settings interface.
Enables auto-detection of log files on this host. If set to
false, logs won't be auto-detected.
Defines how many files can be open by the specified process group.
FilesInGroup=[process_group_ID], [warning_number_of_files], [maximum_number_of_files]
FilesInGroup=0x0, 150, 200
Defines the filter for a log entry. A matching definition for process group, log path, and line prefix will make this entry available on storage.
EntryFilter=[process_group_ID], [log_path], [LAQL]
EntryFilter=0x0,Windows Application Log,INFO====== EntryFilter=0x201744FC09941B85,%PROGRAMDATA%\CrashPlan\log\service.log.#,not INFO======
Defines the prefix of the log entry. If a match is found, the log line will be considered a log entry.
Sets the time interval (in seconds) of OneAgent log operations. Defines how often the OneAgent will detect, analyze, and store logs.
By decreasing this value:
- You can configure the OneAgent to react faster to events happening on the monitored host.
- You might negatively affect performance as the
LogAgentthen requires more CPU cycles and performs more disk operations.
- There will be more writes to storage disks and a worse compression ratio. Data latency will however be lower.
In case the server doesn't keep up with writing, the server will increase the interval to achieve an IOPS rate that the storage is able to handle.
By increasing this value:
- You can increase OneAgent performance. The OneAgent would then use less CPU and perform fewer disk operations. This might be beneficial if you monitor applications that write a small number of logs at short intervals.
- You could increase the latency on the UI. For example, the results of log analysis performed on stored data would not contain data from the last (up to)
Defines which files will be included in or excluded from the log analysis and storage.
You can use the wildcard (
*) to indicate specify all directories and subdirectories.
AutomaticFile= */log/*/*, Exclude
AutomaticFile= */log/*/*, Excludewould exclude the
/dir1/dir2/log/dir3/test1.logfile, but it would NOT exclude the
/dir1/dir2/log/test2.logfile. In this example, the
test2.logfile is not located at the directory depth indicated in the configuration. As a result, the condition set in the configuration is not met.
AutomaticFile = /problemdir/*, Exclude
AutomaticFile= /nightly/ * / *, Exclude
Defines a list of fields in a JSON-formatted log entry that will be used as a time stamp for automatic JSON parsing. This is a global configuration for all JSON log files. If more than one field is found, the first one will be used.
The following properties are still available, but they are deprecated and replaced by the
AutomaticFile property in version 1.155.
Listed name patterns of log files that will be auto-detected for monitoring. You can add multiple name patterns for additional log file name matching.
AllowedLogs=*[.\-_]log[.\-_]* AllowedLogs=*[.\-_]log AllowedLogs=catalina.out
Listed name patterns of directories for log files that will be auto-detected for monitoring. If a log file is discovered in a directory containing the defined string, it will be auto-detected for monitoring. You can add multiple name patterns for additional log directory matching.
Log directory depth. Logs found in directories defined in the
AllowedDirLogsproperty will be added for monitoring only if found on the level defined in
Allows log directories with defined prefix. If a log file is found in a directory path starting with what you define in
AllowedDirPrefixes, it will be auto-detected for monitoring. You can add multiple directory name prefixes for allowing additional directories.