Planning for Your Log Monitoring Policy

Before you run the Monitoring Policy wizard, you must collect the information that is required during the policy creation.

Use the following checklist as preliminary steps to consider before creating the monitoring policy:

Decide what type of template you want to use

The monitoring policy uses a template to define the type of log to be monitored. Use the following process to help you decide:

  1. Analyze your CommCell environment and identify the type of log that you want to monitor. For example, NetApp logs.

    If you have different types of logs, consider creating separate policies for each log type.

  2. Review the list of predefined templates and their properties. For more information, see Monitoring Policy Templates.

    If none of the predefined templates meets your log properties, you can create your own template. For instructions, see Creating a Monitoring Policy Template.

Identify the log files you want to monitor

Based on the template that you plan to use, gather the following log details:

Selected Template Required Information (Log location and associated clients)
Text Log Files and SysLogs
  • Collect the name of the client computers and/or client groups that contain the logs to be monitored.
  • Record the location of the log file. Take the following into consideration:
    • For NetApp Logs, the SnapProtect log directory is already provided in the wizard.
    • If the logs reside in a UNC path or in a NetApp file server, determine the computer from which you want to access the network path, and collect the user credentials to access the network path.
Database N/A

The location of the CommServe database logs is automatically retrieved by the monitoring policy.

Windows Events Collect the name of client computers and client groups where you want to monitor Windows events.
On Demand When you upload log files using the Log Monitoring application, the Web Console distributes the files across clients to balance the log indexing workload.
  • Collect the name of the client computers where you want the log files to be uploaded.
  • Determine the staging location on each client (that is, the folder to which the files are uploaded).
Global Monitoring N/A

A global monitoring policy is created for one CommCell and is used to monitor and index data from other CommCells.

Determine the monitoring criteria

Decide which monitoring approach you want to use:

  • Define monitoring criteria to track specific events in the logs

    Templates provide a predefined set of filtering attributes to track data on specific types of logs. To check the filtering attributes that are supported for each predefined template, see the Create/Edit Criteria online help page.

  • Index all the lines in the log files without defining monitoring criteria

    Use this option to capture all the events that occur in the logs.

Note: Monitoring criteria is not available for global monitoring policies.

Gather information for the data capturing options

The Monitoring Policy wizard provides options to further customize the way the log data is captured. The following table displays the options that require some preconfiguration:

Option Required Information Applicable Templates
Upload the entire log file to FTP

The log is uploaded when a log event matching the monitoring criteria occurs.

Note: The FTP option is not available if you index all lines in the log without defining monitoring criteria.

If you plan to upload the file to the FTP site, you must configure the FTP. For instructions, see Setting Up an FTP Location for Monitoring Policies to Upload Log Files. Text Log Files, SysLogs
Select Analytics Engine Decide which Analytics engine you want to use. The engine is configured during the setup of the Log Monitoring application. For instructions, see Configuring the Analytics Engine for Log Monitoring. Text Log Files, Database, Windows Events, SysLogs, On Demand
Use Cloud Policy Decide which global monitoring policy you want to use. Use this option if you want the analytics engine defined in the global monitoring policy to index the data captured by the current monitoring policy.

A global monitoring policy must exist in another CommCell and must be made available to the current CommCell.

Text Log Files, Database, Windows Events, SysLogs, On Demand
Select OnePass subclient If you want to archive aged analytics data, you must have a OnePass subclient on the MediaAgent configured as the Analytics Engine. For information on archiving aged analytics data, see Archiving Aged Analytics Data in Log Monitoring. Text Log Files, Database, Windows Events, SysLogs, On Demand

Determine the matching pattern to search for indexed log data

To help you analyze log data in the Log Monitoring application, you can configure the monitoring policy to use matching patterns to perform the following actions:

  • Extract specific log data and add the data as facets in the search page of the application

    Facets are search filters based on the monitoring policy properties, such as policy name, associated clients, and filtering attributes.

    Gather the following details to determine the matching pattern:

    • Which regular expression to use for searching the log event
    • Which data type in the log event to extract (integer, float, or string).
  • Find specific log data and modify the data before it is displayed in the application

    This is useful for users who want to change a complex piece of log data with a simple expression.

    Determine the matching pattern (regular expression to find the log data) as well as the expression that will replace the log data found by the matching pattern.