Sample file of CCMS alert information monitoring definition file for SAP system (fluentd_sap_alertlog_tail.conf)

Organization of this page

Format

A definition example for monitoring CCMS alert information of an SAP system using the monitor function of a log file in text format under the following conditions is provided as a sample file.

- Conditions

Monitored log file
- Monitors the log file of the command that extracts CCMS alert information of SAP system.
- The language setting for the command execution environment is Japanese, and the character encoding is SJIS. If the character code of the log file to be monitored is not SJIS, change the character encoding specified in the from encoding of [Input Settings] (when operating in a Linux environment, it is necessary to change the character code specified to UTF-8).
Monitoring name

It is called "sap_alertlog".

Example log messages

Monitor the logs that are printed in CCMS alert record with the default layout.

The default layout is as follows: For details about the extractable fields and specifications of the command, see jr3alget.

<ALERT_DATE><ALERT_TIME><MTSYSID><MTMCNAME><OBJECTNAME><FIELDNAME><VALUE><SEVERITY><MSG>

The following is an example of the log message that is output.

20231219041721NWE     Background                              BackgroundService                       SystemWideFreeBPWP                      3          50         0 WPs > 2 WPs the current value exceeds the threshold  (omitted)

# The length of <MSG> is 255 bytes.

The above log message is structured for each field as follows.

Fielding ID	Field	Value
<ALERT_DATE>	Alerting Date (YYYYMMDD)	`20231219`
<ALERT_TIME>	Alerting time (HHMMSS)	`041721`
<MTSYSID>	Name of SAP system	`NWE`
<MTMCNAME>	Monitor context name	`Background`
<OBJECTNAME>	Monitor object name	`BackgroundService`
<FIELDNAME>	MTE abbreviation	`SystemWideFreeBPWP`
<VALUE>	Warning value	`3`
<SEVERITY>	Severity	`50`
<MSG>	Translated messages	`0 WPs > 2 WPs` the current value exceeds the threshold

Log messages to monitor

Monitor all logs. Excludes the message records in the system log field by field, and sets the translated message and warning value as the JP1 event message and severity, respectively. The correspondence between each field and the name when cropped by the regular expression named capture function and the extended attribute of the JP1 event is as follows.

Field ID	Name to cut with regular expression	JP1 event attributes	What to set
<ALERT_DATE>	alertdate	Not specified.	--
<ALERT_TIME>	alerttime
<MTSYSID>	mtsysid
<MTMCNAME>	mtmcname
<OBJECTNAME>	objectname
<FIELDNAME>	fieldname
<VALUE>	value	SEVERITY	`Stores the severity according to the <VALUE> setting.` If it is 0: Debug If it is 1: Information If it is 2: Warning If it is 3: Error Otherwise: Notice
<SEVERITY>	severity	Not specified.	--
<MSG>	message	MESSAGE	Stores the value of the field as-is.

Legend: -- : Not applicable

Log data to convert to JP1 events

Matches when SEVERITY is greater than or equal to Warning. If SEVERITY is specified as "Debug", "Information", or "Notice", no JP1 events are issued and only logged to Fluentd.

Label name of IM management node

SAP CCMS Alert

- Definition example

<worker 0>
## [Metric Settings]
  <source>
    @type exec
    command "echo {}"
    <parse>
      @type json
    </parse>
    run_interval 60s
    tag jpc_ima_metrics.tail.sap_alertlog
  </source>
 
  <filter jpc_ima_metrics.tail.sap_alertlog>
    @type record_transformer
    enable_ruby true
    auto_typecast false
    <record>
      __name__ fluentd_logtrap_running
      instance @@sap_instancename@@
      jp1_pc_nodelabel SAP CCMS Alert
      jp1_pc_category enterprise
      jp1_pc_logtrap_defname sap_alertlog_tail
      jp1_pc_trendname fluentd
      job jpc_fluentd
      jp1_pc_nodelabel_fluentd Log trapper(Fluentd)
      jp1_pc_addon_program JPC Fluentd
    </record>
  </filter>
</worker>
 
<worker 4>
## [Input Settings]
  <source>
    @type tail
    tag tail.sap_alertlog
    path @@sap_logpath@@
    follow_inodes true
    refresh_interval 60
    skip_refresh_on_startup false
    read_from_head false
    encoding "UTF-8"
    from_encoding "Shift_JIS"
    read_lines_limit 1000
    read_bytes_limit_per_second -1
    pos_file ../data/fluentd/tail/sap_alertlog.pos
    path_key tailed_path
    rotate_wait 5s
    enable_watch_timer false
    enable_stat_watcher true
    open_on_every_update false
    emit_unmatched_lines false
    ignore_repeated_permission_error false
    <parse>
      @type regexp
      expression /^(?<alert_date>.{8})(?<alert_time>.{6})(?<mtsysid>.{8})(?<mtmcname>.{40})(?<objectname>.{40})(?<fieldname>.{40})(?<value>.{11})(?<severity>.{11})(?<message>.*)$/
      time_key time
      null_empty_string false
      estimate_current_event true
      keep_time_key false
      localtime true
      utc false
    </parse>
  </source>
 
## [Attributes Settings]
  <filter tail.sap_alertlog>
    @type record_transformer
    enable_ruby true
    auto_typecast false
    renew_record true
    
    <record>
      ID 00007601
      MESSAGE ${record["message"]}
      JP1_SOURCEHOST @@sap_instancename@@
      JPC_LOG_TIME ${time.utc.to_i}
      PRODUCT_NAME /HITACHI/JP1/JPCCS2/LOGTRAP/SAP CCMS Alert
      PPNAME /HITACHI/JP1/JPCCS2
#      SEVERITY Notice
      SEVERITY "${
           if record['value'].match(/3/)
             'Error'
           elsif record['value'].match(/2/)
             'Warning'
           elsif record['value'].match(/1/)
             'Information'
           elsif record['value'].match(/0/)
             'Debug'
           else
             'Notice'
           end}"
      PLATFORM ${ if RUBY_PLATFORM.downcase =~ /mswin(?!ce)|mingw|cygwin|bccwin/; 'NT'; else 'UNIX'; end }
      OBJECT_TYPE LOGFILE
      OBJECT_NAME ${record['tailed_path']}
      ROOT_OBJECT_TYPE LOGFILE
      ROOT_OBJECT_NAME ${record['tailed_path']}
      JP1_TRAP_NAME ${tag_parts[1]}
      JPC_NODELABEL SAP CCMS Alert
    </record>
  </filter>
 
## [Inclusion Settings]
#<filter tail.sap_alertlog>
#    @type grep
#    <regexp>
#      key nil
#      pattern nil
#    </regexp>
#  </filter>
 
## [Exclusion Settings]
#  <filter tail.sap_alertlog>
#    @type grep
#    <exclude>
#      key nil
#      pattern nil
#    </exclude>
#  </filter>
 
## [Forward Settings]
  <match tail.sap_alertlog>
    @type rewrite_tag_filter
    <rule>
      key SEVERITY
      pattern /Warning|Error|Critical|Alert|Emergency/
      tag ${tag}.jp1event
    </rule>
    <rule>
      key SEVERITY
      pattern /.*/
      tag ${tag}.outputlog
    </rule>
  </match>
 
  <filter /tail\.sap_alertlog\.(jp1event|outputlog)/>
    @type record_transformer
    enable_ruby true
    auto_typecast true
    renew_record true
    <record>
      eventId ${record['ID']}
      xsystem true
      message ${record['MESSAGE']}
      attrs ${record}
    </record>
    remove_keys $.attrs.ID
    remove_keys $.attrs.MESSAGE
  </filter>
</worker>

To Page Top

File

fluentd_sap_alertlog_tail.conf

To Page Top

Storage directory

- Integrated agent host

In Windows

For a physical host

Agent-path\conf\sample\

In Linux:

For a physical host:

/opt/jp1ima/conf/sample/

To Page Top

Description

Sample file of the definition file used to monitor CCMS alerting for SAP system.

Copy sample file (fluentd_sap_alertlog_tail.conf) and change the file name of the copy destination to fluentd_Log monitoring name_tail.conf if required. For the location of the files, see Appendix A.4(3) Integrated agent host (Windows) and Appendix A.4(4) Integrated agent host (Linux) in the JP1/Integrated Management 3 - Manager Overview and System Design Guide. This definition file is created for each script specified by Script exporter configuration file (jpc_script_exporter.yml).

Lines that start with a "#" are treated as comments and do not affect program operation.

To Page Top

Character code

UTF-8 (without BOM)

To Page Top

Line feed code

In Windows: CR+LF

In Linux: LF

To Page Top

When the definitions are applied

When Fluentd service restarts, it is reflected in Fluentd operation.

When a definition file is added or deleted, or the value in the [Metric Settings] section is changed, the changes are reflected in integrated operation viewer tree view.

For the reflection method, see 1.21.2(19) Creation and import IM management node tree data (for Windows) (mandatory) in the JP1/Integrated Management 3 - Manager Configuration Guide.

To Page Top

Information that is specified

See the description of Information that is specified in Monitoring text-formatted log file definition file (fluentd_@@trapname@@_tail.conf.template).

If you want to use this sample file, you must modify the following settings to suit your needs.

Setting item	Initial value	Information that is specified
Path of the monitored log file	`@@sap_logpath@@`	Specify the path of the text file specified by the user in the environment parameter setting file to output the extraction result of CCMS alert information of the SAP system.
SAP instance name from which you want to extract CCMS alert information	`@@sap_instancename@@`	Specify the SAP instance name to output the extraction result of CCMS alert information of the SAP system.

In addition, JP1 event is issued when a match occurs when SEVERITY is greater than or equal to "Warning". If SEVERITY is specified as "Notice", "Debug", or "Information", no JP1 events are issued and only logged to Fluentd. If SEVERITY is "Notice", "Debug", or "Information" and log monitoring results are to be output as JP1 events, change the definition as shown in the underlined part below.

## [Forward Settings]
<match tail.sap_alertlog>
  @type rewrite_tag_filter
  <rule>
    key SEVERITY
    pattern /Notice|Debug|Information|Warning|Error|Critical|Alert|Emergency/
    tag ${tag}.jp1event
  </rule>
  <rule>
    key SEVERITY
    pattern /.*/
    tag ${tag}.outputlog
  </rule>
</match>

To Page Top