![]() |
![]() |
|
|
Creating Filters
The following sections describe how to define and assign filters:
Filters are defined and assigned in the Log Central messaging configuration file. For more information about this file, see Configuration Files. You can also use the Log Central Console to filter messages. For information about the Log Central Console, see the Log Central Online Help.
You can create filters that cause the Data Collection Agents to do the following:
Try to use filters as little as possible. Because each log message must go through all of the filters, throughput can be adversely affected. In particular, the COMMAND action is very time-consuming. To create a filter: The following sections explain how to define filters: To define a filter, create a DEFINE_FILTER entry in the Log Central messaging configuration file. The DEFINE_FILTER entry must precede the filter assignment statements in the messaging configuration file. A DEFINE_FILTER entry has the following syntax:
DEFINE_FILTER "filtername"
if condition
{
action_statement1
[action_statement2]
[action_statementN]
}
filtername cannot exceed eight characters. Each action statement must be of a different type. For example, a filter cannot include two COMMAND action statements. For information about action statements, see Defining an Action.
Note: The maximum number of filters that you can define is 50. If the messaging configuration file contains more than 50 filters, the Log Central behavior becomes unpredictable.
Defining a Condition
A condition can be simple or complex. The following example shows a filter that uses a simple condition:
DEFINE_FILTER "DropInfo"
if (MSGID == 8)
{
REMOTE = "NO"
}
This entry defines a filter named DropInfo. The filter specifies that if a message has a message ID of 8, it is dropped (not sent to the Central Collector). You can use a filter like this to drop messages that you do not want to monitor. By default, data collection agents send all messages to the Central Collector. In other words, the default value of REMOTE is YES.
To create a complex condition, use logical operators to combine simple conditions. The following table describes these logical operators.
The following example shows a filter that drops messages that have a message ID of 8 and are from subsystem NDB:DEFINE_FILTER "DropInfo"
if ((SUBSYSTEM == "NDB") && (MSGID == 8))
{
REMOTE = "NO"
}
In a filter condition, use enough parentheses in the if statement to preclude ambiguities in the evaluation, because precedence rules are not followed strictly during evaluation.
You can use the message body and message header fields to define filtering conditions. You cannot use message definition fields because the Central Collector adds these fields to the message, which means that they are not available to the data collection agents. The following table describes the keywords that you can use to define conditions. String values must be enclosed in quotes.
The following table describes the relations that you can use to define conditions.
Filtering Based on a Domain Domain-based filtering enables you to filter messages based on the Log Monitor entity name. For example, if a system has three managed nodes and each managed node has a Log Monitor with an entity name of LogMonWLE, these Log Monitors constitute a domain. You can create filters for Log Monitors based on the domain. For example:DEFINE_FILTER "DropInfoWLE"
if (MONITOR == "LogMonWLE" && MSGID == 8)
{
REMOTE = "NO"
}
To implement filtering based on a domain, define the Log Monitor entity names in one of the following places:
For information about the log_monitor command, see Commands. For information about the messaging configuration file, see Configuration Files. Defining an Action You can specify one or more actions for a Data Collection Agent to perform when a condition is true. The following table describes the types of action statements that are possible.
Suppressing an Action In addition to using a filter condition to determine whether or not to perform an action, you can also apply suppression criteria to actions. Suppression criteria are based on one or both of the following values:
You can apply suppression criteria to all actions in a filter or to a selected subset of actions in a filter. The following table describes the keywords for defining suppression criteria.
To use suppression criteria:
For example:
DEFINE_FILTER "fatal"
if (SUBSYSTEM == "KERNEL" && MSGBODY >= "fatal")
{
DO
{
COMMAND="/usr/mybin/page_admin"
TRAPID=123
REMOTE="YES"
}IGNORE_DUPLICATES_WITHIN (INTERVAL="00h:30m:00s" || OCCURRENCES=100)
LOCAL="/usr/local/logs/fatal"
}
In this example, the actions in the DO statement are suppressed (ignored) if the log message occurs within 30 minutes after the first duplicate log message or if the log message precedes the 100th occurrence of the same log message.
A REMOTE statement exhibits the following special behaviors when included in a filter that includes suppression criteria:
If a filter that includes suppression criteria does not include a REMOTE statement, then all messages are forwarded. Assigning Filters The following sections explain how to assign and turn off filters: Overview of Assigning Filters You can assign a filter globally or locally. A global filter affects the entire system. A local filter affects a managed node. The simplest approach is to use global filters for situations that apply to the greatest number of nodes, and specify any exceptions locally. Filters are assigned or turned off in the Log Central messaging configuration file. For information about this file, see Configuration Files. To assign a global filter, create a FILTER statement in the LC_GLOBAL entry in the Log Central messaging configuration file. You can use multiple FILTER statements to assign multiple global filters. The syntax for the FILTER statement is:
FILTER = "filtername"
where filtername cannot exceed eight characters.
For example:
LC_GLOBAL
{
CENTRAL_HOST = "quahog"
LOGPREFIX = "/usr/lclog"
BACKUP_HOST = "orca"
BACKUP_LOGPREFIX = "/usr/backuplog"
FILTER = "BankTrap"
}
To turn off the global filters for a particular managed node, use the GLOBAL_FILTER = "NO" statement in the MANAGED_NODE entry in the Log Central messaging configuration file. For example:
MANAGED_NODE
{
HOSTNAME = "bigiron"
GLOBAL_FILTER = "NO"
}
To assign a local filter, create a FILTER statement in a MANAGED_NODE entry in the Log Central messaging configuration file. You can use multiple FILTER statements to assign multiple local filters to a node. The syntax for the FILTER statement is:
FILTER = "filtername"
filtername cannot exceed eight characters.
For example:
MANAGED_NODE
{
HOSTNAME = "marmalade"
FILTER = "F2"
FILTER = "F3"
GLOBAL_FILTER = "NO"
}
![]() |
![]() |
![]() |
|
Copyright © 2000 BEA Systems, Inc. All rights reserved.
|