To use Log Central, you need to start a Central Collector on your central host and start the agents on the managed nodes.
This chapter discusses the following topics:
The procedures for starting Log Central described in this chapter assume that you have completed the initial configuration steps discussed in Chapter 2, "Getting Started."
The procedure for starting Log Central follows:
Starting the Log Central Data Collection System
start_messaging
command on the central host to start the Central
Collector.
After starting the Central Collector, the Because Log Central processes on the central host provide Log Central agents with their configuration information when they are started, the Central Collector must be started before any of the data collection agents are started
This is described under "Starting Log Central on a Central Host."
Note:
If you are using a backup Central Collector, start it at this time also.
start_messaging
process continues to run and acts as the server of the host and filter configuration to the start_messaging
process on managed nodes. The start_messaging
command also starts the Process Monitor (the proc_monitor
process). The Process Monitor monitors the start_messaging
process to ensure that it continues to run and restarts it if it dies. The start_messaging
process in turn monitors the proc_monitor
process and restarts it if it dies.
start_messaging
command to start the
Message Sender and Process Monitor.
This is described under "Starting Log Central on the Managed Nodes."
The start_messaging
command starts Log Central components on the central host. The minimum set of components started by the start_messaging
command on the central host are:
msg_receiver
)
msg_processor
)
To use the where:
start_messaging
command on the central host, enter the following command:
start_messaging [-f
config_file
] [-q] [-v] [-h] [central_host
]
[backup_central_host
]
-f
config_file
config_file
as the Log Central configuration file in place of the default (install_dir
/etc/messaging.conf
).
-q
-v
-h
central_host
backup_central_host
Note:
You need to specify a backup central host with the start_messaging
command only if you are starting a data collection agent on the central host in addition to a Central Collector.
Because Log Central processes on the central host provide Log Central agents with their configuration information when they are started, the Central Collector must be started before any of the data collection agents are started.
After being invoked, the start_messaging
process continues to run and can be used to stop the Central Collector (and other central host Log Central processes) by invoking the stop_messaging
command. Use of the stop_messaging
command is described in "Stopping the Log Central Data Collection System."
The start_messaging
process must be able to find the Log Central configuration file (messaging.conf
). The default location of this file is:
install_dir
/etc/messaging.conf
on UNIX systems
The If you want When starting a backup Central Collector, you must specify the Once the A managed node is any machine remote from the Central Collector that has log resources that you want to monitor. To start the Log Central processes on a managed node, do the following:
install_dir
variable is the directory under which you installed Log Central.
start_messaging
to use a configuration file that does not reside in the default location, invoke start_messaging
with the -f
option to provide a path to the file.
central_host
parameter. It is not necessary to specify the central_host
when starting the primary Central Collector because start_messaging
assumes that the machine it is invoked on is the central host if this parameter is not specified.
start_messaging
process is started on the central host, changes made to the Log Central configuration file will not take effect until the next time the Log Central processes are started using the start_messaging
command.
Starting Log Central on the Managed Nodes
start_messaging
command. The syntax for the start_messaging
command, when used on a
managed node, follows:
where:
start_messaging [-q] [-v] [-h] [
central_host
[backup_central_host
]]
-q
-v
-h
central_host
backup_central_host
Note:
You must have already invoked the start_messaging
command on the central host.
This is described under "Starting Log Monitor."
Note:
You must invoke the start_messaging
command on the managed node before starting the Log Monitor processes.
To start the Log Central subsystem on a managed node, you must supply the name of the central host to the start_messaging
process. The start_messaging
process on the managed node connects to the start_messaging
process running on the central host, using the udp
service defined by the environment variable BEA_LC_CONF_SERVICE
. The start_messaging
process on the managed node then downloads the local host's configuration. If BEA_LC_CONF_SERVICE
is not defined, a service called lc_conf
is used by default. The start_messaging
process then starts the Log Central subsystem according to the configuration received from the central host.
You must start a Log Monitor process for each log that you want to monitor on a managed node. The Log Monitor reads the logs generated by the managed resource, such as a computer system, a BEA TUXEDO application, or a relational database system. Log Monitor maps the attributes in the managed resource log messages to attributes in Log Central messages. Messages are then placed in the Message Sender's queue for forwarding to the Central Collector.
You can instruct Log Monitor to map log messages to Log Central message format for forwarding to the Central Collector in three ways:
Predefined mappings are available for integrating the following log resources into the Log Central system:
Starting Log Monitor with Predefined Mappings
TUXEDO
-Used for mapping BEA TUXEDO logs
NTEVENTLOG
-Windows NT event log
LC
-Log Central temporary log files
Note:
For usage of LC, see "Using the LC Predefined Mapping."
To invoke Log Monitor with a predefined mapping, use the following command:
where:
log_monitor -i filename -P
predefined_mapping
[ -t time
]
[ -p pattern
] [ -x pattern
] [ -e entityname
]
-i -
) to specify standard input.
-P
predefined_mapping
TUXEDO
LC
NTEVENTLOG
ORACLE
time
pattern
pattern
, which may simply be a string or it may use special characters. These are defined in Chapter 4, "Integrating Logs into Log Central."
pattern
pattern
, which may simply be a string or it may use special characters. These are defined in Chapter 4, "Integrating Logs into Log Central."
entityname
log_monitor
process to register to the proc_monitor
process. The default value is log_monitor
. All Log Monitors on one managed node must have unique entry names. If the log_monitor process is run as a daemon (with -t 0
), then the entity name option is not used.
The -p
option can be used to select only certain messages for forwarding. The -x
option can be used to select messages to be dropped. For more information, refer to Chapter 4, "Integrating Logs into Log Central."
For details about the predefined mappings, refer to Appendix G, "Predefined Log Mapping."
Log Central processes create temporary log files, which exhibit a common log file format. Normally the contents of these files make their way into the Log Central database through normal operation of the system. There are two abnormal situations where you might need to use Log Monitor to recover the contents of these files:
These are the only situations where you would start Log Monitor with the LC mapping.
A configuration file is simply a list of Log Monitor filters, each on a separate line. A log message will be forwarded by the Log Monitor if it is selected by at least one of the filters in the configuration file.
For information on constructing mappings in a Log Monitor configuration file, refer to Chapter 4, "Integrating Logs into Log Central."
The syntax for invoking Log Monitor with a configuration file follows:
where:
Starting Log Monitor with Mappings in a Configuration File
log_monitor -f
config_filename
-i filename
[-t time
] [-c]
[-e entityname
]
-f
config_filename
-i
filename
-i -
) to specify standard input.
-t
time
-c
For examples, see Chapter 4, "Integrating Logs into Log Central."
-e
entityname
log_monitor
process to register to the proc_monitor
process. The default value is log_monitor
. All Log Monitors on one managed node must have unique entry names. If the log_monitor
process is run as a daemon (with -t 0
), then the entity name option is not used.
The syntax for invoking Log Monitor by specifying all options on the command line follows:
log_monitor -ifilename
[-t time] [-Mlog_level
] [-msubsystem
]
[-dmsgid
] [-nfunction
] [-uuserID
] [-ohostname
] [-IprocessID
]
[-bbody
] [-Ddate
] [-ppattern
] [-xpattern
] [-TtransactionID
][-P
predefined_mapping
] [-eentityname
] [-S]
where:
-i
filename
-i -
) to specify standard input.
-t
time
-M
log_level
N
-A normal message
V
-A verbose message
D
-A debug message
S
-A special message
-m
subsystem
-d
msgid
1000
.
-n
function
-u
userID
log_monitor
process).
-o
hostname
-I
processID
-b
body
-D
date
%f"
format
"
-p
pattern
pattern
, which may simply be a string or it may use special characters. These are defined in Chapter 4, "Integrating Logs into Log Central."
-x
pattern
pattern
, which may simply be a string or it may use special characters. These are defined in Chapter 4, "Integrating Logs into Log Central."
-T
transactionID
-P
predefined_mapping
TUXEDO
LC
NTEVENTLOG
ORACLE
-e
entityname
log_monitor
process to register to the proc_monitor
process. The default value is log_monitor
. All Log Monitors on one managed node must have unique entry names. If the log_monitor
process is run as a daemon (with -t 0
), then the entity name option is not used.
-S
%F
specifiers on a command line. (The %F
format symbol is described in Chapter 4, "Integrating Logs into Log Central.")
If more than one separator is specified, all are used to count the fields. If a message starts with a separator, the text between the first and the second separator is counted as field number 1; fields are numbered starting with 1 (not 0). If a message does not start with a separator, the first field consists of the text up to the first separator.
For examples, see Chapter 4, "Integrating Logs into Log Central."
A number of these options refer to specific attributes in a Log Central log message, such as message ID or process ID. The Log Central message format is described in Appendix A, "Message Format."
For information on how to use these options to construct mappings, consult Chapter 4, "Integrating Logs into Log Central."
To stop the Log Central data collection system, you must issue the stop_messaging
command on each node where Log Central components are running.
The syntax of the stop_messaging
command follows:
stop_messaging [-q] [-v] [-h]
where:
-q
-v
-h
When Log Monitor starts, it registers with the proc_monitor
process. This enables the stop_messaging
process to stop the Log Monitor processes when you issue the stop_messaging
command to shut down the Log Central system. No separate command is required to shut down the Log Monitor processes.
Log Central includes a command, show_config
, that enables you to display the current state of your Log Central configuration file, compile the configuration file, or display Log Central shared memory information.
Depending upon the arguments or options you enter, the show_config
command compiles the configuration file or dumps the Log Central shared memory information to stdout
. You can use this command to see if all processes are up or what processes are no longer running and to check for other system maintenance indicators.
The syntax of the show_config
command follows:
show_config -c [-fconfig_file
] | -g | -p | -d | -eentity_name
[-h]
where:
-c
-f
config_filename
-c
option. If this option is not specified, install_dir
/etc/messaging.conf
is taken as the default. The install_dir
variable is the directory in which Log Central was installed.
-g
stdout
.
-p
proc_monitor
shared memory information about the processes being monitored to stdout
.
-d
stdout
. This option is equivalent to using both the -g
and -p
options.
-e
entityname
log_monitor
process to register to the proc_monitor
process. The default value is log_monitor
. All Log Monitors on one managed node must have unique entry names. If the log_monitor
process is run as a daemon (with -t 0
), then the entity name option is not used.
-h
Before using your configuration file at run time, you may wish to check for syntax errors. To validate your configuration file, run the following command:
show_config -c -fconfig_file
In the preceding command, if the -f
option is not specified, the file install_dir
/etc/messaging.conf
is used by default.
The show_config
command displays syntax errors to stdout
, showing line and character position.
Note: Avoid the use of tabs in your configuration file because they can cause the character positions reported to be inaccurate.