Using CIAgent and DR-Web

Scenario A: Monitor Log Files

The Log File Monitor Subagent matches regular expressions against log file entries and determines the log file size for comparison with a set threshold. For example, Log File Monitor could be set up to monitor the /var/log/syslog log file to detect when the sendmail process is restarted. Whenever this process is restarted, Log File Monitor could send a notification to the management station.

Log File Monitor was configured with the DR-Web interface using the Log File Monitor Custom Page. Log File Monitor can also be configured using a SNMP-enabled manager. Each of the fields found on the Custom Page either configures a MIB object or creates a row in a table.

Polling Interval

The log files are monitored through polling. Polling occurs when the Subagent checks the log files for the requested information. The Subagent has two variations of polling: global and individual. Global polling checks all the log files entered in the siLogTable, while individual polling checks one specific log file. Both variations of polling can be set simultaneously, even if overlapping occurs, because one does not override the other.

Log File Monitor Entry Table

An entry could be created in this table so that when a log file entry starts with restarting lib/sendmail a trap will be sent to the configured manager. The file that is being monitored could be specified as /var/log/syslog. It doesn't matter how large the file entry is, the entire entry is included in the notification sent to the manager. This table would show the number of times that sendmail is restarted.

Add a Row

The Add a Row field lets you add an additional row to the Log File Monitor table. On a subsequent page, this row can be configured by naming a log file and entering a search string.

Next Topic: Scenario B: Observe Host Resources