Planning for Your Log Monitoring Policy
Before you run the Monitoring Policy wizard, you must collect the information that is required during the policy creation.
Use the following checklist as preliminary steps to consider before creating the monitoring policy:
Decide what type of template you want to use
The monitoring policy uses a template to define the type of log to be monitored. Use the following process to help you decide:
- Analyze your CommCell environment and identify the type of log that you want to monitor. For example, NetApp logs.
If you have different types of logs, consider creating separate policies for each log type.
- Review the list of predefined templates and their properties. For more information, see Monitoring Policy Templates.
If none of the predefined templates meets your log properties, you can create your own template. For instructions, see Creating a Monitoring Policy Template.
Identify the log files you want to monitor
Based on the template that you plan to use, gather the following log details:
|Selected Template||Required Information (Log location and associated clients)|
|Text Log Files and SysLogs||
The location of the CommServe database logs is automatically retrieved by the monitoring policy.
|Windows Events||Collect the name of client computers and client groups where you want to monitor Windows events.|
|On Demand|| When you upload log files using the Log Monitoring application, the Web Console distributes the files across clients to balance the log indexing workload.
|Global Monitoring|| N/A
A global monitoring policy is created for one CommCell and is used to monitor and index data from other CommCells.
Determine the monitoring criteria
Decide which monitoring approach you want to use:
Define monitoring criteria to track specific events in the logs
Templates provide a predefined set of filtering attributes to track data on specific types of logs. To check the filtering attributes that are supported for each predefined template, see the Create/Edit Criteria online help page.
Index all the lines in the log files without defining monitoring criteria
Use this option to capture all the events that occur in the logs.
Note: Monitoring criteria is not available for global monitoring policies.
Gather information for the data capturing options
The Monitoring Policy wizard provides options to further customize the way the log data is captured. The following table displays the options that require some preconfiguration:
|Option||Required Information||Applicable Templates|
|Upload the entire log file to FTP
The log is uploaded when a log event matching the monitoring criteria occurs.
Note: The FTP option is not available if you index all lines in the log without defining monitoring criteria.
|If you plan to upload the file to the FTP site, you must configure the FTP. For instructions, see Setting Up an FTP Location for Monitoring Policies to Upload Log Files.||Text Log Files, SysLogs|
|Select Analytics Engine||Decide which Analytics engine you want to use. The engine is configured during the setup of the Log Monitoring application. For instructions, see Configuring the Analytics Engine for Log Monitoring.||Text Log Files, Database, Windows Events, SysLogs, On Demand|
|Use Cloud Policy|| Decide which global monitoring policy you want to use. Use this option if you want the analytics engine defined in the global monitoring policy to index the data captured by the current monitoring policy.
A global monitoring policy must exist in another CommCell and must be made available to the current CommCell.
|Text Log Files, Database, Windows Events, SysLogs, On Demand|
|Select OnePass subclient||If you want to archive aged analytics data, you must have a OnePass subclient on the MediaAgent configured as the Analytics Engine. For information on archiving aged analytics data, see Archiving Aged Analytics Data in Log Monitoring.||Text Log Files, Database, Windows Events, SysLogs, On Demand|
Determine the matching pattern to search for indexed log data
To help you analyze log data in the Log Monitoring application, you can configure the monitoring policy to use matching patterns to perform the following actions:
Extract specific log data and add the data as facets in the search page of the application
Facets are search filters based on the monitoring policy properties, such as policy name, associated clients, and filtering attributes.
Gather the following details to determine the matching pattern:
- Which regular expression to use for searching the log event
- Which data type in the log event to extract (integer, float, or string).
Find specific log data and modify the data before it is displayed in the application
This is useful for users who want to change a complex piece of log data with a simple expression.
Determine the matching pattern (regular expression to find the log data) as well as the expression that will replace the log data found by the matching pattern.