SupportConsoleDevelopersStart a trialContact

C.6. LogAgent

The probes in this section monitor the log files on your systems. You can use them to query logs for certain expressions and track the sizes of files. For LogAgent probes to run, the nocpulse user must be granted read access to your log files.
Note that data from the first run of these probes is not measured against the thresholds to prevent spurious notifications caused by incomplete metric data. Measurements will begin on the second run.

C.6.1. LogAgent::Log Pattern Match

The LogAgent::Log Pattern Match probe uses regular expressions to match text located within the monitored log file and collects the following metrics:
  • Regular Expression Matches — The number of matches that have occurred since the probe last ran.
  • Regular Expression Match Rate — The number of matches per minute since the probe last ran.
Requirements — The Red Hat Network Monitoring Daemon (rhnmd) must be running on the monitored system to execute this probe. For this probe to run, the nocpulse user must be granted read access to your log files.
In addition to the name and location of the log file to be monitored, you must provide a regular expression to be matched against. The expression must be formatted for egrep, which is equivalent to grep -E and supports extended regular expressions. This is the regular expression set for egrep:
^ beginning of line
$ end of line
. match one char
* match zero or more chars
[] match one character set, e.g. '[Ff]oo'
[^] match not in set '[^A-F]oo'
+ match one or more of preceding chars
? match zero or one of preceding chars
| or, e.g. a|b
() groups chars, e.g., (foo|bar) or (foo)+

Warning

Do not include single quotation marks (') within the expression. Doing so causes egrep to fail silently and the probe to time out.
Table C.30. LogAgent::Log Pattern Match settings
Field Value
Log file* /var/log/messages
Basic regular expression*
Timeout* 45
Critical Maximum Matches
Warning Maximum Matches
Warning Minimum Matches
Critical Minimum Matches
Critical Maximum Match Rate
Warning Maximum Match Rate
Warning Minimum Match Rate
Critical Maximum Match Rate
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.