Log Monitoring configuration

By default, Log Monitoring is activated in your Dynatrace environment. You can confirm Log Monitoring is enabled or you can enable it globally or on a host level but, checking the status and enabling or disabling Log Monitoring is optional in most cases. If you plan to use Log Monitoring, you can focus on OneAgent settings that directly affect how Log Monitoring is operating. See OneAgent settings.

Check Log Monitoring status

optional

You can check if Log Monitoring is enabled in your Dynatrace environment globally (Dynatrace web UI), or you can check if Log Monitoring is enabled on a host level (OneAgent CLI).

To check if Dynatrace Log Monitoring is enabled globally:
1. In the Dynatrace menu, go to Settings > Monitoring > Monitored technologies.
2. Find Log Monitoring in the list of supported technologies, and select Edit (pencil icon).
3. Check if Monitor Log Monitoring on every host option is enabled.
To check if Dynatrace Log Monitoring is enabled on a host level:
Use OneAgent CLI and execute the oneagentctl command with the --get-app-log-content-access parameter to check whether Log Monitoring is enabled:
- Linux: ./oneagentctl --get-app-log-content-access
- Windows: .\oneagentctl.exe --get-app-log-content-access

Enable or disable Log Monitoring

optional

Similarly to checking Log Monitoring status, you can enable or disable Log Monitoring in your Dynatrace environment globally (Dynatrace web UI), or on a host level (OneAgent CLI).

To activate Dynatrace Log Monitoring globally:
1. In the Dynatrace menu, go to Settings > Monitoring > Monitored technologies.
2. Find Log Monitoring in the list of supported technologies, and select Edit (pencil icon).
3. Turn on Monitor Log Monitoring on every host.
To enable or disable Dynatrace Log Monitoring on a host level:
Use OneAgent CLI and execute the oneagentctl command-line interface to execute the following command at the individual host level.
Set the --set-app-log-content-access parameter to true or false to disable or enable Log Monitoring:
- Linux: ./oneagentctl --set-app-log-content-access=true
- Windows: .\oneagentctl.exe --set-app-log-content-access=true
Restart OneAgent service to apply changes.

OneAgent Settings

Dynatrace Log Monitoring uses OneAgent log module enabled by default with all OneAgent installations. While Log Monitoring does not require any specific configuration, you can modify some of the options available for OneAgent log module.

You can adjust:

Enable and disable automatic log detection for different technologies.
Define default timezone in containers.
Enable defining the storage configuration by a configuration file on the host.
Define specific location where the timestamp and severity occur in your incoming log data.
Define the maximum number of log group instances per entity.

Global OneAgent settings for Log Monitoring

From the Dynatrace menu, select Settings > Log Monitoring > OneAgent settings.
Adjust settings and Save changes.

Host-specific OneAgent settings for Log Monitoring

In the Dynatrace menu, go to Hosts and select your Linux host.
On the host overview page, select More (…) > Settings in the upper-right corner of the page.
On the Host settings page, select Log Monitoring and OneAgent settings.
Adjust settings and Save changes.

Default OneAgent settings

Setting	Default
Detect IIS logs	enabled
Detect system logs	enabled
Detect logs on NFS	disabled
Monitor OneAgent logs	disabled
Detect logs inside containers	enabled
Set UTC as default timezone in containers	enabled
Timestamp search limit	`64` bytes
Severity search chars limit	`100` bytes
Severity search lines limit	`2`
Maximum of log group instances per entity limit - count	`200`

Configuration File optional

The configuration file located on each OneAgent is used to set three options. For security reasons, these options can only be set on the host level and are available only by creating a JSON file in a specific location:

Linux: /var/lib/dynatrace/oneagent/agent/config/
Windows: %PROGRAMDATA%\dynatrace\oneagent\agent\config\

The configuration file name must have the json extension; the file name is otherwise unrestricted.

By default, these options are set for the OneAgent log module to operate properly and to auto-detect log files on the specific host. Modifying this configuration file is not required.

Multiple configuration files

You can have multiple JSON configuration files in the configuration folder. Files are evaluated in alphabetical order. Options from the last evaluated file takes priority.

Preexisting configuration files

If your OneAgent installation is upgraded, you may find a _migratedloganalytics.conf.json file that contains your configuration migrated from the ruxitagentloganalytics.conf on your host.

During installation, the OneAgent installer may create _loganalyticsconf.ctl.json, which will contain options used during the installation. The same file will be used to store relevant options set by the OneAgentCtl tool.

Available options

AppLogContentAccess
Enables access to the log file content on this host. If set to false, the log file will be displayed in the user interface, but the content won't be accessible. Note that the OneAgent will still auto-detect log files unless the flag AppLogAutoDetection is set to false.
AppLogRemoteConfiguration
Enables the manual configuration of logs to be accessed and monitored. If set to false, it won't be possible to add logs manually using the settings interface.
AppLogAutoDetection
Enables auto-detection of log files on this host. If set to false, logs won't be auto-detected.

Example

json
{
  "agent-configuration": [
    {
      "AppLogRemoteConfiguration": true,
      "AppLogContentAccess": true,
      "AppLogAutoDetection": true
    }
  ]
}