VMware Cloud Community
jkstraw
Contributor
Contributor

Log Monitoring and Alerting

Hi I am just curious about how Hyperic functions in terms of log monitoring and alerting.

Are these both done in real time? For example is the agent parsing the logs in real time so that when it sees "ERROR" or something it is reflected in the GUI immediately? Or triggers an associated alert immediately?

Thanks
Reply
0 Kudos
3 Replies
staceyeschneide
Hot Shot
Hot Shot

Really good question! Made me think a bit about how all this gets together -- and made me also bug Doug before his morning coffee set in.

Log files work the same as performance data. It reports to the server and triggers alerts based on the collection interval. So, it looks like by default all of those metrics are collected in 5 minute intervals. Changing that behavior is a little buried. You can change this in the agent properties file by setting track.interval=1 (that changes it to one minute). If this is something more people want as default behavior - tell us! We can easily change this as default in a next rev of 3.1.
Reply
0 Kudos
jkstraw
Contributor
Contributor

Hi thank you for the response.

I will put my vote in for having this interval as small as possible. To accomplish any monitoring which is close to the holy grail of "proactive monitoring" really no interval on log parsing is needed. Is this possible (or realistic)? I am thinking of applications like swatch that watch a syslog (or other log) stream as it comes in and parses it real-time - sending an alert when X condition is met.

I will go through all my agent.properties files and reduce to "1" - but if a lower value is possible please let me know.

Cheers
Reply
0 Kudos
staceyeschneide
Hot Shot
Hot Shot

Another good question. The agent "checks in" with the server only once every minute, and the server is where all the alert logic is, not at the agent. So, while I don't even know if anyone has tested it to change the log tracking, regardless, it would just collect in the agent and post once a minute.

If you have access to JIRA you can always add an enhancement request. At least from what I've seen, you're the first to ask for this, but it makes sense.

Cheers,
-Stacey
Reply
0 Kudos