Hitachi

JP1 Version 13 JP1/Integrated Management 3 - Manager Command, Definition File and API Reference

Sample file of system log information monitoring definition file for SAP system (fluentd_sap_syslog_tail.conf)

Organization of this page

Format

This is similar to the format of Monitoring text-formatted log file definition file (fluentd_@@trapname@@_tail.conf.template).

A definition example for monitoring system log information of an SAP system using the monitor function of a log file in text format under the following conditions is provided as a sample file.

- Conditions

- Definition example

<worker 0>
## [Metric Settings]
  <source>
    @type exec
    command "echo {}"
    <parse>
      @type json
    </parse>
    run_interval 60s
    tag jpc_ima_metrics.tail.sap_syslog
  </source>
 
  <filter jpc_ima_metrics.tail.sap_syslog>
    @type record_transformer
    enable_ruby true
    auto_typecast false
    <record>
      __name__ fluentd_logtrap_running
      instance @@sap_instancename@@
      jp1_pc_nodelabel SAP Syslog
      jp1_pc_category enterprise
      jp1_pc_logtrap_defname sap_syslog_tail
      jp1_pc_trendname fluentd
      job jpc_fluentd
      jp1_pc_nodelabel_fluentd Log trapper(Fluentd)
      jp1_pc_addon_program JPC Fluentd
    </record>
  </filter>
</worker>
 
<worker 3>
## [Input Settings]
  <source>
    @type tail
    tag tail.sap_syslog
    path @@sap_logpath@@
    follow_inodes true
    refresh_interval 60
    skip_refresh_on_startup false
    read_from_head false
    encoding "UTF-8"
    from_encoding "Shift_JIS"
    read_lines_limit 1000
    read_bytes_limit_per_second -1
    pos_file ../data/fluentd/tail/sap_syslog.pos
    path_key tailed_path
    rotate_wait 5s
    enable_watch_timer false
    enable_stat_watcher true
    open_on_every_update false
    emit_unmatched_lines false
    ignore_repeated_permission_error false
    <parse>
      @type regexp
      expression /^(?<sap_time>.{8})(?<instance>.{20})(?<user>.{12})(?<program>.{8})(?<msgno>.{3})(?<message>.*)$/
      time_key time
      null_empty_string false
      estimate_current_event true
      keep_time_key false
      localtime true
      utc false
    </parse>
  </source>
 
## [Attributes Settings]
  <filter tail.sap_syslog>
    @type record_transformer
    enable_ruby true
    auto_typecast false
    renew_record true
    
    <record>
      ID 00007601
      MESSAGE ${record["message"]}
      JP1_SOURCEHOST @@sap_instancename@@
      JPC_LOG_TIME ${time.utc.to_i}
      PRODUCT_NAME /HITACHI/JP1/JPCCS2/LOGTRAP/SAP Syslog
      PPNAME /HITACHI/JP1/JPCCS2
      SEVERITY Notice
      PLATFORM ${ if RUBY_PLATFORM.downcase =~ /mswin(?!ce)|mingw|cygwin|bccwin/; 'NT'; else 'UNIX'; end }
      OBJECT_TYPE LOGFILE
      OBJECT_NAME ${record['tailed_path']}
      ROOT_OBJECT_TYPE LOGFILE
      ROOT_OBJECT_NAME ${record['tailed_path']}
      JP1_TRAP_NAME ${tag_parts[1]}
      JPC_NODELABEL SAP Syslog
    </record>
  </filter>
 
## [Inclusion Settings]
#<filter tail.sap_syslog>
#    @type grep
#    <regexp>
#      key nil
#      pattern nil
#    </regexp>
#  </filter>
 
## [Exclusion Settings]
#  <filter tail.sap_syslog>
#    @type grep
#    <exclude>
#      key nil
#      pattern nil
#    </exclude>
#  </filter>
 
## [Forward Settings]
  <match tail.sap_syslog>
    @type rewrite_tag_filter
    <rule>
      key SEVERITY
      pattern /Warning|Error|Critical|Alert|Emergency/
      tag ${tag}.jp1event
    </rule>
    <rule>
      key SEVERITY
      pattern /.*/
      tag ${tag}.outputlog
    </rule>
  </match>
 
  <filter /tail\.sap_syslog\.(jp1event|outputlog)/>
    @type record_transformer
    enable_ruby true
    auto_typecast true
    renew_record true
    <record>
      eventId ${record['ID']}
      xsystem true
      message ${record['MESSAGE']}
      attrs ${record}
    </record>
    remove_keys $.attrs.ID
    remove_keys $.attrs.MESSAGE
  </filter>
</worker>

To Page Top

File

fluentd_sap_syslog_tail.conf

To Page Top

Storage directory

- Integrated agent host

In Windows:

In Linux:

To Page Top

Description

Sample file of the definition file for monitoring system log information of SAP system.

Copy sample file (fluentd_sap_syslog_tail.conf) and change the file name of the copy destination to fluentd_log monitor name_tail.conf if required. For the location of the files, see Appendix A.4(3) Integrated agent host (Windows) and Appendix A.4(4) Integrated agent host (Linux) in the JP1/Integrated Management 3 - Manager Overview and System Design Guide. This definition file is created for each script specified by Script exporter configuration file (jpc_script_exporter.yml).

Lines that start with a "#" are treated as comments and do not affect program operation.

To Page Top

Character code

UTF-8 (without BOM)

To Page Top

Line feed code

In Windows: CR+LF

In Linux: LF

To Page Top

When the definitions are applied

When Fluentd service restarts, it is reflected in Fluentd operation.

When a definition file is added or deleted, or the value in the [Metric Settings] section is changed, the changes are reflected in integrated operation viewer tree view.

For details about how to import trees, see 1.21.2(16) Creation and import IM management node tree data (for Windows) (mandatory) in the JP1/Integrated Management 3 - Manager Configuration Guide.

To Page Top

Information that is specified

See the description of Information that is specified in Monitoring text-formatted log file definition file (fluentd_@@trapname@@_tail.conf.template).

If a user wants to use this sample file, the following settings must be changed according to the user environment.

Setting item

Initial value

Setting contents

Path of the monitored log file

@@sap_logpath@@

Specify the path of the text file specified by the user in the environment parameters file to output the results of extracting the system log information of the SAP system.

SAP instance name from which you want to extract system log information

@@sap_instancename@@

Specify the name of the SAP instance to output the results of extracting system log information from the SAP system.

In addition, JP1 event is issued when a match occurs when SEVERITY is greater than or equal to "Warning". In this sample, SEVERITY is always set to "Notice", so JP1 events are not emitted, but only output to the Fluentd log. When outputting log monitoring results as JP1 events, change the definition as shown in the underlined part below. 

## [Forward Settings]
<match tail.sap_syslog>
  @type rewrite_tag_filter
  <rule>
    key SEVERITY
    pattern /Notice|Warning|Error|Critical|Alert|Emergency/
    tag ${tag}.jp1event
  </rule>
  <rule>
    key SEVERITY
    pattern /.*/
    tag ${tag}.outputlog
  </rule>
</match>

To Page Top

Copyright (C) 2023, 2024 Hitachi, Ltd.

Copyright (C) 2023, 2024 Hitachi Solutions, Ltd.