One of the lesser known features of Foglight the ability to monitor log files. One of our customers has a process that collects and prints documentation required for truck movement. Before a truck can leave the loading dock, the dispatcher requests a copy of the documentation be printed on a local printer. The data that makes up that documentation comes from several different systems in the enterprise. Occasionally, one of the systems would be unavailable, and so the dispatcher received an error message when requesting the document. Before Foglight, the dispatcher would then have to call the IT HelpDesk; and the HelpDesk would then have to resolve the issue and bring the system back on-line. Since trucks move 24 hours a day, 7 days a week; if the issue occurred in the middle of the night, or on a holiday, resolution could take several hours. These delays were costly, in terms of a driver and truck sitting idle, and shipment deadlines being missed.
By using Foglight’s Log Monitoring capabilities to detect error messages in the log files, the company was able to send an alarm to the HelpDesk as soon as a problem was detected, and also page the on-call analyst responsible for the failed system. Often, the problem was resolved before the dispatcher requested the documentation. The end result was fewer delayed shipments and happier customers.
Here’s how they did it.
Finding the Log Files
First, we need to find the log files. These can be either Windows Event logs, Linux/Unix System Logs, or any Unix/Linux “standard file”. For the example here, I’m going to use the Linux SYSLOG file; but, it could just as easily be a text file anywhere on my Linux server. Note that in this case we’re using a local Foglight Agent Manager. You can also find documentation on how to use a remote agent.
Once we have the log file name, we identify it to Foglight, as in these examples:
Set Up Monitoring
In this next screen, we select the host, the name of the log file, the patterns we’re going to look for and their severity, the file format, and the schedule for the collector.
Once we have the files and patterns configured, we need to tell Foglight how to connect to the server we’re monitoring.
We can use either existing credentials, or add new ones specific to this server. Clicking next will give us a summary of what we’ve selected, and then Finish will create the agent.
Shortly after the agent has been created, it will scan the log file, and, if a pattern match is discovered, you’ll see an alarm.
The Log Monitor dashboard also gives us a wealth of information about the size of the log file, which files were scanned, and, at the bottom of the screen, the actual strings that were matched.
The alarms generated are just like any other Foglight alarm, we can drill down and view history, notes and other detailed information.
I hope you’ve enjoyed learning about this feature. Download a Foglight free trial today to see how Foglight can help keep your business on the road.