opclogi Documentation ===================== Steve Lemieux, Hewlett-Packard, 2003-2007 All right reserved Introduction ------------ What started as a TCP/IP interface for OVO agents became a generic sub-agent for collecting alarms through multiple protocols. All alarms received on the specified interfaces will be sent as opcmsg in OVO. The following interfaces are currently supported: - TCP/IP sockets - Serial ports - Pipe (or fifo) files - ASCII log files - Unix sockets - Device files - Executable in/out - SNMP Trap/inform v1/v2c/v3 - Event logs (Windows only) Features include: - Fully configurable - Integrate nicely as an OVO sub-agent - For TCP/IP, Unix sockets and serial interfaces a two way communication provides capabilities for answering and sending data - For device file and executable interfaces, the two way interface is also available but as an option - Complex multi-lines alarms are supported - Specifically for log files monitoring: support files greater than 2 gigabytes, store/retrieve file status to/from disk and prevent alarms loss when log files are recreated, moved or deleted - No limit in the number of interfaces it can connect simultaneously - Protocols can be used concurrently - Configuration file can be updated live. Changes are done immediately without losing connections - Interfaces can be enabled and disabled on the fly - Support line separator others than carriage return and line feed - Log file generated by the sub-agent has special entries for identifying problems with interfaces - Interface names can contain special variables for file patterns or dates. Currently supported configuration are OVO 7 and 8 on HPUX 11.XX and Solaris. There is also a Windows version provided "as-is". It requires files cygwin1.dll and cygcrypto-0.9.8.dll available at http://www.cygwin.com/. Install those DLL in the bin directory of the agent. Note: ROLL flag won't work since Windows doesn't have I-nodes. Linux version is also provided "as-is". It will only work with OVO 8. Installation ------------ - Rename the binary for the right architecture and call it opclogi. - Copy the opclogi binary to /var/opt/OV/bin/OpC. - Create file /var/opt/OV/conf/OpC/opclogi.cfg containing the configuration for all interfaces. See next section. - For OVO 7: - Modify if necessary provided registration file opclogi.reg - Register the subagent: opcagtreg -add opclogi.reg - Start the subagent: opcagt -id 41 -start - For OVO 8: - Modify if necessary provided registration file opclogi.xml - Register the subagent: ovcreg -add opclogi.xml - Start the subagent: ovc -start opclogi Note: This procedure must be adapted for the Windows version of the sub-agent. Note: Some Solaris systems don't have library libopc.so, if this file is not available in /opt/OV/lib, execute: ln -s /opt/OV/lib/libopc_r.so /opt/OV/lib/libopc.so Configuration ------------- The configuration file /var/opt/OV/conf/OpC/opclogi.cfg can be modified at anytime while opclogi is running. All changes will be effective in a few seconds after the configuration file is saved. Specify one parameter per line. Lines starting with # are comments. Parameters with spaces can be specified between double quotes. The following control characters can also be specified: \a write an alert character \b backspace \f form-feed \n new-line \r carriage return \t tab \v vertical tab \\ backslash \xXX where XX is the hexadecimal number of the character \%X where X is a letter for date parameter (see man date) The date parameter is only for data written to an interface or for interface names (file or hostname parameters). It will only be resolved when used. For interface file names, wildcards can also be used in order to monitor multiple log files with the same interface definition. See man glob. Global parameters: DEBUGLEVEL is an integer between 0 et 9. 0 means nothing is written to the log file. 9 is the most verbose level. Default is 1, only critical problems are logged. LOGFILE is the name of the log file. Default is stderr. It is recommended to set this parameter to /var/opt/OV/log/OpC/opclogi.log. A logfile encapsulator template with the following rules should be distributed to the agent running opclogi for detecting problems with interfaces: ^<@>ERROR:\[<@.host>\]<*.msg> ^<@>WARNING:\[<@.host>\]<*.msg> ^<@>SET:\[<@.host>\]<*.msg> ^<@>CLEAR:\[<@.host>\]<*.msg> ^<@>ERROR:<*.msg> ^<@>WARNING:<*.msg> ^<@>SET:<*.msg> ^<@>CLEAR:<*.msg> ERROR and WARNING identify events. SET and CLEAR identify alarms. A set indicates with a problem starts and a clear indicates with a problem ends. There are two problems sent as alarms: - opclogi running or not - Interface is working or not other problems are events. is the message text. If is specified, the problem affect a specific interface. These entries are added to the log file if debug level is at least set to 1. MAXLOGFILESIZE is the maximum logfile size in bytes. If maximum is reached, the logfile is renamed with a .old extension. If not specified, logfile will never be archived. TMPDIR is a fully qualified directory name where all temporary files for opclogi will be stored. This includes disk buffering and file position data. Default is /var/opt/OV/tmp/opclogi. DISKBUFFERING [delay] [checkdelay] If messages cannot be sent to the OVO agent, they will be buffered on disk. Default is no buffering. [delay] sets the expiring time in seconds of messages, default is 3600 seconds. Messages older than the expiring time will be deleted and never sent to OVO. Higher [delay] requires more disk space. [checkdelay] is the interval for checking the buffer file for possible buffered messages, default is 300 seconds. Buffering will be done in directory specified by TMPDIR parameter. Make sure enough disk space is available. This is the safest mode of operation. If monitoring log files, it is also recommended to specify SAVE and ROLL flags in order to prevent messages of being lost. USEPERLREGEX Use Perl regular expression instead of Posix extented regular expression in all other parameters using patterns or expressions. Those expressions are more powerfull than Posix ones. See: http://www.pcre.org/ Interface definition parameters: All parameters following these entries will be specific to this interface. The same interface combination should be avoided in order to prevent conflicts. TCPIP [hostname] [flags] HOST [hostname] [flags] (Obsolete syntax, do not use) is the port number or the service name of the TCP connection. is the name of the server. If is not specified, localhost is used. One [flags] is supported: SERVER When set, opclogi doesn't connect to a remote host. Instead, it waits for incoming connections on the specified . In this mode, set [hostname] to "" for binding to all available lan cards. Set [hostname] to an IP address of a specific lan card for binding to one card only. SERIAL [baud] [charlen][parity][stopbit] is the name of the device file accessing the serial port. The name must include the full path but may include patterns, usually /dev/something. Serial parameters are: [Baud]: Speed and the default is 9600 bauds. [charlen]: Length of each character and can be either 7 or 8. Default is 8. [parity]: Parity is the parity bit added to each character. Can be: O: Odd parity E: Even parity N: No parity Default is N. [stopbit]: Number of stop bits and can be either 1 or 2. Default is 1. PIPE [flags] is the name of a pipe (or fifo) file. The name must include the full path but may include patterns. This interface is read-only and connections will only be established on the pipe if another process is connected as write-only. One [flags] is supported: NODISC Prevent error messages to be generated everytime the pipe file is deleted or recreated. FILE [flags] is the name of an ASCII log file. The name must include the full path but may include patterns. This interface is read-only. This interface is different than others since polling is done in order detect log file changes. Polling interval is defined by the POLLINGINTERVAL parameter. Three [flags] are supported: SAVE Store file parameters to disk. This allows file position to be restored if opclogi process is restarted. Note: File parameters are only valid if not older than 24 hours. If parameters are not valid, file is read as a newly discovered one. Data will be stored in directory specified by TMPDIR parameter. ROLL Indicate a resetting log file (periodically, the log file is renamed and recreated). This flag activates a special handling where the renamed file will be read to the end before starting to read the newly created file. This feature works only if file is renamed in the same directory. NOBEGIN Never read a log file from the beginning, always from the end. This is to avoid being flooded with old messages in case a log file dissappear and then reappear. This might appear if the log file is on a shared partition in a cluster. The drawback of this flag is the first few alarms of a renamed log file might be lost. A better solution is to make sure the log file is emptied before the cluster makes the log file to reappear. NODISC Prevent error messages to be generated everytime the log file is deleted or recreated. This interface makes sure no alarms are lost in the following situations: - A newly discovered file is read from the last saved position (size of the file if SAVE flag is not specified). However, if file was created since last polling interval, file is read from beginning. - If file is no longer monitored (for example: at midnight and if file name is based on date), read the obsoleted file to the end before ignoring it. - Use Inode to locate a renamed file. Make sure this obsolete file is read to the end before ignoring it. EXEC [flags] is the name of an executable where the output (STDOUT) will be used as data for the collector. The name must include the full path but may include patterns. By default, this interface is read-only. Two [flags] are supported: WRITE Force the interface to be read-write. Data written to the interface is sent to STDIN of the process. NODISC Prevent error messages to be generated everytime the executable stop and restart. Useful when executable only runs for a short period of time. DEVICE [flags] is the name of a device file. The name must include the full path but may include patterns, usually /dev/something. Two [flags] are supported: WRITE Force the interface to be read-write. Be careful using this mode since some device files might crash the OS or destroy data. NODISC Prevent error messages to be generated everytime the device file is deleted or recreated. UXSOCKET is the name of a socket file. The name must include the full path but may include patterns. One [flags] is supported: NODISC Prevent error messages to be generated everytime the socket file is deleted or recreated. EVENTLOG Read Windows event log named . Only works on Windows operating system. Two [flags] are supported: SAVE Store file parameters to disk. This allows file position to be restored if opclogi process is restarted. Note: File parameters are only valid if not older than 24 hours. If parameters are not valid, file is read as a newly discovered one. Data will be stored in directory specified by TMPDIR parameter. NODISC Prevent error messages to be generated everytime the socket file is deleted or recreated. SNMPTRAP [portname] [flags] Enable SNMP traps or inform requests to be processed. Default port name is UPD 162. Syntax of port name is : where protocol can be udp or tcp and port is the actual port number. SNMP support is based on Net-SNMP library available at http://www.net-snmp.org/. Complete [portname] specification is available under at http://www.net-snmp.org/man/snmpcmd.html. One [flags] is supported: NODISC Prevent error messages to be generated everytime the socket file is deleted or recreated. Special parameters for SNMP interface: SNMP COMMUNITY [communityname] Then traps can use [communityname] for authentication. Default name is public. SNMP CREATEUSER [-e engineid] MD5 [DES ] For SNMP V3, necessary user names must be created. Name and password in V3 traps will be validated against all users listed. To list multiple users, add multiple SNMP CREATEUSER lines. Then traps can use [username] and [md5password] or [despassword] for authentication. Optional interfaces specific parameters: IFALIAS [flags] HOSTALIAS [flags] (Obsolete syntax, do not use) is used to set the object field. If not specified, the object field will be the name associated to the interface parameter (: for TCP/IP interfaces or for other interfaces). If interface name contains a pattern, the object field will have : added to it. Example of object field for interface monitoring ASCII file /tmp/test: /tmp/test (FILE /tmp/test with no IFALIAS) TEST (FILE /tmp/test with IFALIAS set to TEST) /tmp/tes*:/tmp/test (FILE /tmp/tes* with no IFALIAS) TEST:/tmp/test (FILE /tmp/tes* with IFALIAS set to TEST) CONNECTSTRING followed by a carriage return is sent to the interface right after connection. If is specified, the number specified of seconds will be waited before the connection string is sent. This parameter doesn't work on read-only interfaces. DISCONNECTSTRING followed by a carriage return is sent right before the connection is closed. This parameter doesn't work on read-only interfaces. OPCMSGGROUP will appear in the message group field of the opcmsg. Field is empty if not specified. OPCAPPLICATION will appear in the application field of the opcmsg. Field is opclogi if not specified. EXPECT [flags] If a line containing the regular expression is received, followed by a carriage return is sent. Those lines are not sent as alarms. Multiple EXPECT parameters are possible. This parameter doesn't work on read-only interfaces. Two [flags] are supported: ONCE can only be sent once if has matched. It is only after a disconnect and a reconnect where can be sent again. This option is useful when commands need to be sent after a prompt which is always the same. NOFLUSH Make the lines matched with regular expression to be sent as alarms. STARTREGEXP is a regular expression specifying the beginning of the multi-line alarm. If STARTREGEXP and ENDREGEXP are not specified, there is one alarm per line. If STARTREGEXP is not specified but ENDREGEXP is, the beginning of the alarm is the end of the previous one. Line containing STARTREGEXP is part of the alarm. ENDREGEXP is a regular expression specifying the end of the multi-line alarm. If ENDREGEXP is not specified but STARTREGEXP is, the end of the alarm is the line received before the next alarm or if no new lines are received for 5 seconds. This one second can be modified using the ENDOFALARMTIMEOUT parameter. Line containing ENDREGEXP is part of the alarm. ENDOFALARMTIMEOUT is the number of seconds before an alarm is declared as complete when no new lines are received. This parameter might be needed when STARTREGEXP is specified without ENDREGEXP. Default is 5 seconds. LINESEPARATOR is the character appearing in opcmsg between concatenated lines of a multi-line alarm. Default is a space. IDLETIMEOUT If nothing is received during seconds, the connection is immediately closed and reopened. If not specified, hung interfaces might not be detected. RECONNECTTIMEOUT POLLINGINTERVAL (alias) is the time waited in seconds before reconnection after a connection failure. For log files monitoring, this value represents the polling interval. Default is 120 seconds. PERIODICSTRING Send every seconds string . If not specified, no strings are sent at periodic intervals. This string is useful to send an heartbeat signal to the remote end. This parameter doesn't work on read-only interfaces. FAILUREREGEXP If a line matching is received the connection will be immediately disconnected. Reconnection will then be made after specified time. MULTIALARMLINEREGEXP Lines received between STARTREGEXP and ENDREGEXP contain multiple alarms. Lines matching are all part of different alarms. Lines not matching are global to all alarms. When used, multiple alarms will be generated containing all global lines and all specific lines. SOURCETIMEREGEXP [timestr] Extract time in alarm text. is an extended regular expression where each subexpressions represent a date parameter (month, day, year, hour, minute and second). After extraction, all subexpressions are extracted and concatenated with the slash (/) character. Finally the source time is extracted from the concatenated string using the [timestr] format string (see man strptime for available string parameters). Default [timestr] is %m/%d/%Y/%H/%M/%S. If time cannot be extracted, source time is set to time alarm is read. For Windows event log, the source time is set to the "generated time" of the event. Note: For this feature to work due to an OVO limitation, OPCMSGGROUP parameter must be set to OpC. Then, in template conditions, the message group can be changed to a different one. STRIPLINEREGEXP [repl] [flags] All characters matched by extended regular expression will be removed from the line read before been part of the alarm. Useful to remove characters which are not part of the real alarm. can contain subexpressions allowing to suppress multiple patterns. When subexpressions are used, characters matching patterns between parenthesis will be suppressed while characters matching other patterns will be kept. Multiple STRIPLINEREGEXP entries can be specified. This way, all specified will be suppressed in the same order as STRIPLINEREGEXP listed. If [repl] is specified, matching string will be replaced by [repl] instead of being removed. One [flags] is supported: GLOBAL Strip or replacement is done for every occurences of pattern in alarm. If not specified, replacement is done for first occurence only. Note: This operation is done on raw lines just before the alarm is formed. SUPPRESSALARMREGEXP [flags] Suppress alarms matching the extended regular expression . This option is similar to what can be achieved with the opcmsg conditions. Pattern is applied against the real alarm as sent to OVO. Multiple patterns can be listed. Suppression will be done in the same order SUPPRESSALARMREGEXP parameters are listed. Alarms are sent to OVO if they are not suppressed by all patterns listed. If no SUPPRESSALARMREGEXP parameters are listed, all alarms are sent to OVO. One [flags] is supported: KEEP Reverse the effect of the match. Alarms not matching will be suppressed. DISABLED The connection is disabled for the specified interface even if it is properly configured. ALTLINESPLITCHAR 0x [flags] ALTLINESPLITCHAR [flags] Specify an extra character to be used for extracting alarms. The carriage return character (0x0A) and NULL character (0x00) are always used, this setting will add a third one. If a character is specified either in hexadecimal or as is, lines can potentially be split into multiple alarms. One [flags] is supported: KEEP The specified split character is kept and will be part of the alarm if this flag is specified. NOSENDCRLF Prevent carriage return and line feed characters of being sent after each string sent to the remote interface. This parameter doesn't work on read-only interfaces. SEVERITYREGEXP If extended regular expression is found in alarm (before STRIPLINEREGEXP operation is applied), associate severity to OVO message. Valid severities are UNKNOWN, NORMAL, WARNING, MINOR, MAJOR, CRITICAL. Repeat SEVERITYREGEXP for each severity. Matches will be done in the specified order. Non matching alarms will have the default unknown severity. LOGINTERFACEDATA Write to alarms sent to OVO agent for the specific interface. Writing is independant of buffering feature, alarms are written to log file when being sent (or tried) the first time. Log file will be truncated if MAXLOGFILESIZE is specified. Format of log file is: date time: [interface]:[application,msggrp,severity]:alarmtext Configuration example for TCP/IP interface ------------------------------------------ DEBUGFILE 5 LOGFILE /var/opt/OV/log/OpC/opclogi.log MAXLOGFILESIZE 10000 TCPIP 1024 DISABLED TCPIP netsvc 192.168.1.1 IFALIAS "Port remote" CONNECTSTRING HELLO DISCONNECSTRING LOGOUT OPCMSGGROUP Network OPCAPPLICATION "Remote appl" EXPECT "HELLO Confirm" "GOTO ALARMMENU" EXPECT "ALARMMENU Confirm" "SEND ALARMS" EXPECT HEARTBEAT "HEARTBEAT Confirm" STARTREGEXP "^BEGIN ../../.." ENDREGEXP END$ LINESEPARATOR : IDLETIMEOUT 3600 RECONNECTTIMEOUT 300 ALTLINESPLITCHAR 0x01 Configuration example for Nortel TL1 interfaces ----------------------------------------------- LOGFILE /var/opt/OV/log/OpC/opclogi.log MAXLOGFILESIZE 100000 TCPIP 10001 192.168.1.2 IFALIAS OC12TBM OPCAPPLICATION Nortel CONNECTSTRING "rtrv-hdr:OPCM099P::0001;" 15 DISCONNECTSTRING "canc-user;" STARTREGEXP "..-..-.. ..:..:..$" ENDREGEXP "^;" FAILUREREGEXP "^M +[[:digit:]]+ DENY$" MULTIALARMLINEREGEXP "^ +\".*\"$" IDLETIMEOUT 3900 ENDOFALARMTIMEOUT 2 EXPECT "^;" "rtrv-alm-all:OPCM099P::0003::;" ONCE NOFLUSH EXPECT "^;" "rtrv-alm-all:NE4875::0004::;" ONCE NOFLUSH EXPECT "^;" "rtrv-alm-all:NE4876::0005::;" ONCE NOFLUSH EXPECT "^;" "rtrv-alm-all:NE4877::0006::;" ONCE NOFLUSH TCPIP 10001 192.168.1.3 IFALIAS OC3EXPRESS OPCAPPLICATION Nortel PERIODICSTRING "rtrv-hdr:NE4876X::0001; rtrv-hdr:NE4876NPX::0001;" 600 DISCONNECTSTRING "canc-user::hp:0002;" STARTREGEXP "..-..-.. ..:..:..$" ENDREGEXP "^;" FAILUREREGEXP "^M +[[:digit:]]+ DENY$" MULTIALARMLINEREGEXP "^ +\".*\"$" IDLETIMEOUT 3900 ENDOFALARMTIMEOUT 2 EXPECT "Hit any key to continue" "" EXPECT "^<" "act-user:NE4876NPX:hp:0003::hp2002;" ONCE EXPECT "^<" "act-user:NE4876X:hp:0004::hp2002;" ONCE EXPECT "^<" "rtrv-alm-all:NE4876X::0005::;" ONCE EXPECT "^<" "rtrv-alm-all:NE4876NPX::0006::;" ONCE Configuration example for Nortel EAI Preside interface ------------------------------------------------------ TCPIP 30005 OPCMSGGROUP Preside Configuration example for Alcatel IOO interface ----------------------------------------------- LOGFILE /var/opt/OV/log/OpC/opclogi.log MAXLOGFILESIZE 100000 DEBUGLEVEL 9 TCPIP 3001 a1353sh IFALIAS a1353sh OPCAPPLICATION 1353SH IDLETIMEOUT 500 NOSENDCRLF CONNECTSTRING "CON_REQ[KEY=alcatel]" 1 FAILUREREGEXP "CON_REJ|DISCON_CONF" DISCONNECTSTRING "DISCON_NOTIF[]" EXPECT "^HEARTBEAT_REQ" "HEARTBEAT_CONF[]" EXPECT "^CON_CONF" "START_UNSOL_ALARMS_REQ[]" EXPECT "^START_UNSOL_ALARMS_CONF" "LIST_CUR_ALARMS_REQ[]" EXPECT "^LIST_CUR_ALARMS_CONF" "" ALTLINESPLITCHAR ] KEEP Configuration example for log file ---------------------------------- LOGFILE /var/opt/OV/log/OpC/opclogi.log MAXLOGFILESIZE 100000 DEBUGLEVEL 9 FILE /tmp/testfile.log IFALIAS file OPCAPPLICATION file IDLETIMEOUT 600 RECONNECTTIMEOUT 5 STARTREGEXP alarmstart Configuration example for pipe file ----------------------------------- LOGFILE /var/opt/OV/log/OpC/opclogi.log MAXLOGFILESIZE 100000 DEBUGLEVEL 9 PIPE /tmp/pipe IFALIAS pipe OPCAPPLICATION pipe IDLETIMEOUT 500 Configuration example for Nortel SNM via serial port ---------------------------------------------------- LOGFILE /var/opt/OV/log/OpC/opclogi.log MAXLOGFILESIZE 100000 DEBUGLEVEL 9 SERIAL /dev/tty0p0 9600 8N1 IFALIAS SNMPC1 ENDREGEXP "^$" LINESEPARATOR | OPCAPPLICATION SNM IDLETIMEOUT 43200 RECONNECTTIMEOUT 60 SERIAL /dev/tty0p1 9600 8N1 IFALIAS SNMPC2 ENDREGEXP "^$" LINESEPARATOR | OPCAPPLICATION SNM IDLETIMEOUT 43200 RECONNECTTIMEOUT 60 Configuration example for Nortel Magellan NMS --------------------------------------------- MAXLOGFILESIZE 100000 LOGFILE /opt/ibamalarmd/ibamalarmd.log USEPERLREGEX FILE /opt/MagellanNMS/data/rtac/data/alarms.\%Y-\%m-\%d IFALIAS NMS OPCAPPLICATION NMS RECONNECTTIMEOUT 10 STRIPLINEREGEXP \\x7f ] GLOBAL SEVERITYREGEXP NORMAL \\x7fclear\\x7f SEVERITYREGEXP WARNING \\x7fdiagn\\x7f SEVERITYREGEXP WARNING \\x7fwarning\\x7f SEVERITYREGEXP MINOR \\x7fminor\\x7f SEVERITYREGEXP MAJOR \\x7fmajor\\x7f SEVERITYREGEXP CRITICAL \\x7fcritl\\x7f SEVERITYREGEXP CRITICAL \\x7fcritical\\x7f SEVERITYREGEXP NORMAL . Configuration example for Lucent AnyMedia ----------------------------------------- MAXLOGFILESIZE 100000 DEBUGLEVEL 9 FILE /opt/lucent/AnyMediaEM_R2.1/log/ALARMS/*/ALARMS_*\%m\%d\%Y IFALIAS NAM OPCAPPLICATION NAM POLLINGINTERVAL 60 Configuration example for Cisco Works RME ----------------------------------------- MAXLOGFILESIZE 100000 LOGFILE /opt/ibamalarmd/ibamalarmd.log FILE /var/log/syslog_info IFALIAS RME OPCAPPLICATION Cisco RECONNECTTIMEOUT 60 Configuration example for Alcatel AMS ------------------------------------- MAXLOGFILESIZE 100000 LOGFILE /opt/ibamalarmd/ibamalarmd.log FILE /var/opt/ALAams/log/alm.log IFALIAS AMS OPCAPPLICATION AMS STARTREGEXP "\\[.+\\]: " ENDREGEXP ";$" STRIPLINEREGEXP "^[[:alpha:]]+ +[[:digit:]]+ +..:..:.. +[[:graph:]]+ +" STRIPLINEREGEXP "\\^M$" RECONNECTTIMEOUT 60 Configuration example for Alcatel 5620 -------------------------------------- MAXLOGFILESIZE 100000 LOGFILE /opt/ibamalarmd/ibamalarmd.log FILE /opt/netmgt/interfaces/pathStatusLog IFALIAS path OPCAPPLICATION 5620 STARTREGEXP "^[[:digit:]]+/[[:digit:]]+/[[:digit:]]+ " RECONNECTTIMEOUT 15 FILE /opt/netmgt/bin/alarmfile IFALIAS alarm OPCAPPLICATION 5620 RECONNECTTIMEOUT 15 Configuration example for console output ---------------------------------------- MAXLOGFILESIZE 100000 DEBUGLEVEL 9 EXEC "dmesg -" NODISC IFALIAS exec OPCAPPLICATION exec RECONNECTTIMEOUT 60 Configuration example for cron log ---------------------------------- FILE /var/adm/cron/log ROLL SAVE OPCAPPLICATION Cron IFALIAS cron.log STARTREGEXP "^> +CMD" ENDREGEXP "^<" POLLINGINTERVAL 10 STRIPLINEREGEXP "cron started" Configuration example for Oracle alert log ------------------------------------------ FILE /app/oracle*/admin/*/bdump/alert_*.log ROLL SAVE OPCAPPLICATION Oracle IFALIAS alert.log STARTREGEXP "^... ... +.+ .+:.+:.+ .+$" POLLINGINTERVAL 10 SOURCETIMEREGEXP "^.+ (.+) (.+) (..):(..):(..) (....)" "%b/%d/%H/%M/%S/%Y" OPCMSGGROUP OpC Configuration example for Windows application event log ------------------------------------------------------- EVENTLOG Application POLLINGINTERVAL 5 Configuration example for Nokia Netact -------------------------------------- DEBUGLEVEL 1 LOGFILE /var/opt/OV/log/OpC/opclogi.log MAXLOGFILESIZE 10000 TCPIP 20000 "" SERVER IFALIAS "NetAct" STARTREGEXP "\#S\#" ENDREGEXP "\#E\#" OPCMSGGROUP "OS" OPCAPPLICATION "NetAct" History ------- 1.01: - Added SEVERITYREGEXP parameter 1.02: - New algorithm for processing newly discovered log files: - If file discovered right after opclogi starts (or if interface just added), read from last position. - If file discovered at any other time, read from beginning. - Added OVO 8 installation procedure. 1.03: - Fixed Solaris port - Roll over was not working when the log file was not recreated quickly 1.04: - Changed default message group from Misc to NULL - Added note in documentation about missing libopc.so on Solaris - Added USEPERLREGEX and LOGINTERFACEDATA options - Added GLOBAL flag to STRIPLINEREGEXP - Fixed SEVERITYREGEXP documentation 1.05: - Fixed object field so HOSTALIAS is correctly used - Updated documentation of HOSTALIAS parameter 1.06: - Fixed default application field. Now is opclogi as documented - Added SNMPTRAP interface type - HOSTALIAS parameter is now renamed IFALIAS - Possible core dump when subinterfaces were deleted - Fixed "End of file timeout" occuring under heavy load - Fixed IDLETIMEOUT parameter causing log files to be reprocessed 1.07: - Fixed possible corruption when buffering messages - Added check delay parameter to DISKBUFFERING - SNMP options are now in opclogi configuration file - Added SUPPRESSALARMREGEXP option - Fixed problem with removed global parameters in configuration file - Support for \xXX syntax and don't strip spaces between double quotes 1.08: - Added SOURCETIMEREGEXP parameter - Now set creation time on managed node - Added NOBEGIN flag in order to support reappearing log files - Support event log collection on Windows - Now also check ctime in order to detect if reading log files from the beginning - Fixed memory leak when using file names with patterns - Log files are read from the end after removing DISABLED flag 1.09: - Default SNMP port is now always 162 - Time is now extracted from full alarm - Fixed SNMP v3 on Solaris - TCPIP interface can now be used in server mode - Added Itanium support - SNMP is now supported on all platforms