Monitoring Policy Wizard: Specify the data capturing options
Use this page in the wizard to further customize the way the log data is filtered and captured.
Capture n lines before the match
When selected, you can specify the number of lines that must be captured before the log event. The log event is the line that matches the monitoring criteria.
Capture n lines after the match
When selected, you can specify the number of lines that must be captured after the log event. The log event is the line that matches the monitoring criteria.
Capture entire log file
When selected, captures the entire log file when a log event matches the monitoring criteria. The log file can be sent in an email as an attachment or uploaded to an FTP site.
- As Attachment
Sends the log file in an email as an attachment. You must have an email server already configured. For more information, see Configuring an E-Mail Server.
Uploads the log file to the FTP site. You must have the FTP site already configured. For more information, see Setting Up an FTP Location for Monitoring Policies to Upload Log Files.
Capture log file header (Top 10 lines in log file)
When selected, captures the top 10 lines in the log file each time a log event matches the monitoring criteria.
Skip files with modification time older than n days
When selected, the monitoring policy is configured to log files as follows:
- For Text Log Files and SysLogs templates, skips log files that did not change in seven or more days. You can change the number of days.
- For the Windows Event template, skip events that took place seven or more days ago. You can change the number of days.
Start monitoring from today onwards
When selected, the log data that was generated before the monitoring policy creation is excluded from the monitoring process. When the policy runs for the first time, only the meta data information (such as current line number, offset, and file unique ID) are collected.
When not selected, the policy monitors the old log data based on the specified monitoring criteria.
Enable Content Indexing
When selected, the Analytics engine indexes the log data, allowing you to search the data from the Log Monitoring dashboard in the Web Console. If you did not set up the dashboard, see Setting Up the Log Monitoring Dashboard.
- Select Content Indexing Engine
Lists the Analytics engines that you configured for log monitoring. The engine is configured during the setup of the Log Monitoring dashboard.
- Age Content Indexing data after n days
When selected, you can specify the number of days that you want to retain the content indexed log data. The data that is older than the specified number of days will be aged, and subsequently pruned.