Logs Agent Installation

For Windows Servers:

To run Logs, you need to install Logs agents in every Windows server containing the log files you want to monitor. Logs agent will monitor and filter the log files then report your specific log messages back to Chroniker.

Chroniker Suite comes with a local Logs Agent which can monitor Windows events and log files in the server where Chroniker is installed.

If you need more Windows agents, please refer to the following link to download the Logs agent that is appropriate to your platform: http://www.nrgglobal.com/downloads/logwatch_agent_downloads.php

Follow the installer program. Specify the installation path and agent listener port when prompted.

For All other servers and network devices:

Logs will receive Syslog messages from all your other servers and syslog enabled devices. Therefore, you need to enable Syslog in the devices containing the log files you want to monitor. For detailed instructions on how to setup Syslog configuration, please refer to " Configuring Syslog Enabled Devices " section below.

Logs Configuration

After Logs Agents are installed, you need to set up the log files to be monitored in the Chroniker Logs monitor by:

1. Defining the Logs agent to enable Chroniker base to connect to the agent
2. Organizing your logs from all the agents into Facilities. A Facility is a set of one or more log files that share the following characteristics: agent, scan frequency, filters, and events. You can define multiple Facilities per agent. An example of how a Facility may be used is to group all the log files of a certain application.

1. Define the Logs Agent:

• In the Chroniker Logs Tools menu , click on “Log Agents”
• Once in the Logs Agents page, click on “Add New Agent” button
• Specify the agent type, hostname, IP address and port number.

2. Add a Facility:

A Facility is a logical grouping of multiple log files on one agent.  A Facility can have more than one log file, and an agent can have more than one Facility.  The purpose of a Facility is for simplicity in monitoring: so you can view all log messages in one place, apply the same filters and reactions to all the logs in the Facility, etc.  An example of how a Facility may be used is to group all the log files of a certain application.

• Click the Tools menu and then choose "Add New Monitor" to create a new Facility.

• New Monitor Form Opens:
  
  
  • Required Parameters
    
    
    1. File Alias: Specify a name for the Facility
    2. Agent: Select the agent from the drop-down list. If the Agent is running on Windows, then you will see a list of Windows events (Application, Security, and System). Select the ones you want to monitor
    3. Scan Frequency: Specify the frequency in seconds in which the logs will be checked.
    4. Save As Template: Check "Save As Template", if you want to save these parameters for future use.

                Note:  The template name will be automatically selected as <Facility Name>_template.

  • Windows Event Logs
    
    Check the Windows Events you need to monitor:
          Windows Application Events
          Windows Security Events
          Windows System Events
          DNS Server Events
          File Replication Events
          Directory Service Events
    
  • Log Files
    
    
    1. Click on Add Log File button
    2. Specify full path for this log file.
       Example: c:\tasklogs\logfile.log
  • Filters
    
    
    1. selecting the appropriate filter from the drop-down list for each filter type.
       • Filter identifies the regular expression, a string pattern, that the agent will use to scan the log files for the key events that you determine.
         
       • If you want to create a new filter, click on Tools then Log Filters.
         
    2. selecting the reactions from the drop-down list you want to assign to each alert type.
       • Reactions are enacted when the filters they are assigned to are met. You can assign up to two reactions to every Filter (Error, Warning, Information, and Dispaly) in a facility. Reactions types include: E-mail, SNMP Trap, Restart or Custom Reaction (a script).
         
       • If you want to create a new reaction , click on Tools then Reactions
         
  • Description: Add a meaningful description to this event
  
  
  Please click here for more information about Logs Monitor.