You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

opEvents enables you to design a centralized logging system for the purposes of issue management, compliance, audit, etc. While designing the logging system, you can determine the devices and applications that can send the logs, the protocols that should be used for sending them, and the severity levels of the events that should be logged.

Similarly, you can also configure Archive Logging in opEvents to archive any specific log entries you require, for any length of time. This document describes how you can enable and configure the Archive Logging feature as well as view the archived logs on the opEvents page. 

This feature works only with the log files that opEvents is tailing from `opevents_logs` in `opCommon.json`. Logs created through the API or CLI will not be archived.

Enabling the Feature

To enable the Archive Loggin feature, open the `opCommon.json` file and set the configuration option `log_archive_enabled` to `true`.

If the option is set to anything but `false`, the script will start archiving log entries.

Configuring the Archive Rules

To configure the Archive Logging feature -

  1. Open the configuration file `EventListRules.json` at `/usr/local/omk/conf/`
  2. Under the `archiveList` block, define the rules with two keys (see the illustration below):
    • archive - the name opEvents uses 

    • regex - a Perl-style regular expression used to match log entries

      /usr/local/opmojo/conf/EventListRules.json
       "archiveList" : {
      "30" : {
         "regex" : "Node (Up|Down)",
         "archive" : "NodeEvents"
      },
      "20" : {
         "archive" : "SoftwareErrorArchive",
         "regex" : "INVMEMINT|MALLOCFAIL"
      },
      "10" : {
         "archive" : "SyslogArchive",
         "regex" : "SYS-[0123]-\\w+"
      }
   }

      The list of rules is sorted by keys; for instance, rule 10 will run before rule 20.

  3. In the `opCommon.json`, specify the length of time you want to retain the archived logs.  

      "opevents_archivelogs_purge_older_than" : "365d"

  4. Save the files. 

The feature matches the log entry against the regex of each rule and if matched, adds it to a temporary list. The entries from this list are then inserted into the database. 

The matched log line will be saved into the opEvents MongoDB database with the following keys:

  • time (Current time of the opEvents server)
  • type (Name of the log tailer from opevents_logs)
  • archive (Name of the rule that archived this log line)
  • entry (Raw one-line entry the opEvents has read)

Note here that a single log entry can be archived into multiple archives based on matching rules.

To view the archived logs, go to the opEvents page and click Views > Archive Logs.




  • No labels