AIX Log File Monitor

The AIX Log File Monitor discovers and monitors log files. When criteria are added, the monitor searches the Unix Syslog configuration file (/etc/syslog.conf) and examines the /var/log/directory and its subdirectories for plain files. A typical discovery routine may include the following log files:

  • /var/log/daemon
  • /var/log/kern
  • /var/log/mail
  • /var/log/messages
  • /var/log/secure
  • /var/log/sudo
  • /var/log/syslog
  • /var/log/user

although many more log file examples are supplied as default.

Log File Monitors can raise alerts for each new line of text that is added to the file that matches both the comparison and Regular Expression criteria.

Adding AIX Log File rule criteria

  1. From the AIX system in the Systems panel of Central Configuration Manager, select AIX Log File Monitor and click Add Rule.
  2. From the Add Rule Detail dialog, click Criteria. Click Add Criteria to open the Log File Criteria dialog.

There are two pages to complete when adding AIX Log File rule criteria.

Log File Parameters section

This section is used to specify the Log File to be monitored and the Regular Expression criteria.

Log File

This field is used to define the Log File for the rule. Either type the directory path into the field or use the drop-down menu to select a log file from those already discovered on the AIX system. Click to open the Select File dialog which allows navigation to a directory path and log file.

Expression

Enter the expression against which this log file is checked. The default entry is '.+'.

Browse

Click Browse to view the most recent entries in each log file. Selecting an entry from within this dialog, automatically enters it as the Expression criteria for the current rule.

Criteria Alert Details section

Fields in this section define alert settings that override the settings made on the Alert page at Rule level. This provides a criteria specific alert message to be generated.

Override Rule Default

Click Override Rule Default to specify that the entries on this page override the default Alert page settings at Rule level. From the drop-down menu, select the alert warning level.

Alert Text

Enter the actual text of the alert or use the available Substitution Variables to construct the message text of the alert.

TIP: When Substitution Variables are used, click to display a list of textual and numeric parameters that can be used to amend the actual Substitution Variable value.
Alert Example

Displays an example of how the Alert Text will read using the selected Substitution Variables and user-entered text.

Click OK to define the entered parameters as criteria for this rule.

Related Topics