Versions Compared

Old Version 3

changes.mady.by.user Simon May

Saved on

compared with

New Version Current

changes.mady.by.user Krishna Devaraya

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

opEvents enables you to design a centralized logging system for the purposes of issue management, compliance, audit, etc. While designing the logging system, you can determine the devices and applications that can send the logs, the protocols that should be used for sending them, and the severity levels of the events that should be logged.

Similarly, you can also configure Archive Logging in opEvents to archive any specific log entries you require, for any length of time (to learn more about how to configure and activate purging policies, see Purging of old data in opEvents). 

This document describes how you can enable and configure the Archive Logging feature as well as view the archived logs on the opEvents page. 

Note

This feature works only with the

The Archive Logging feature enables you to archive log entries based on rules defined in the configuration file `/usr/local/omk/conf/EventListRules.json` under the key `archiveList`.

Archived logs can be accessed under Views → Archive Logs.

...

log files that opEvents is tailing from

...

`opevents_

...

logs` in

...

`opCommon.

...

json`. Logs created through the API or CLI will not be archived.

Enabling the

...

Feature

To enable the Archive Logging feature, open the `opCommon.json` file and set the configuration option `log_archive_enabled` to `true`.

Ensure the `log_archive_enabled` configuration option is set to `true` in the `opCommon.json` file. If the option is set to anything but `false``false`, the script will start archiving log entries.

...

Configuring the Archive Logs Rules

The feature reads from a list of archive rules named `archiveList` from `EventListRules.json`.

The list of rules is sorted by keys; for instance, rule 10 will run before rule 20.

...

To configure the Archive Logging feature -

  1. Open the configuration file `EventListRules.json` at `/usr/local/omk/conf/`
  2. Under the `archiveList` block, define the rules with two keys (see the illustration below):
    • archive - the name opEvents uses 

    • regex - a Perl-style regular expression used to match log entries

      Code Block
      languagejs
      title/usr/local/

...

    • omk/conf/EventListRules.json
       "archiveList" : {
      "30" : {
         "regex" : "Node (Up|Down)",
         "archive" : "NodeEvents"
      },
      "20" : {
         "archive" : "SoftwareErrorArchive",
         "regex" : "INVMEMINT|MALLOCFAIL"
      },
      "10" : {
         "archive" : "SyslogArchive",
         "regex" : "SYS-[0123]-\\w+"
      }
   }

In the archiveList block, we have two keys: archive, which will be the name opEvents uses, and regex, which is a Perl-style regular expression used to match log entries.


    • Info

      The list of rules is sorted by keys; for instance, rule 10 will run before rule 20.


  2. In the `opCommon.json`, specify the length of time you want to retain the archived logs.  

    Code Block
      "opevents_archivelogs_purge_older_than" : "365d"


  3. Save the files. 


The feature matches the log entry against the regex of each rule and if matched, adds it to a temporary list. The entries from this list are then inserted into the database. 

The matched log line will be The matched log line is then saved into the opEvents MongoDB database with the following keys:

  • time (Current time of the opEvents server)
  • type (Name of the log tailer from opevents_logs)
  • archive (Name of the rule that archived this log line)
  • entry (Raw one-line entry which the opEvents has read)archive (Name of the rule which archived this log line)
Note

Note here that a single log entry can be archived into multiple archives based on matching rules.

To view the archived logs, go to the opEvents page and click Views > Archive Logs.



Related Topics