Example: Creating a Monitoring Policy Template for IIS Logs
To create a template for Internet Information Services (IIS) logs, you must first gather the properties for the template and then create the template in the CommCell Console.
Gathering the Properties for the Template
Consider that the IIS log has the following structure:
2014-08-14 13:26:10 172.xx.xxx.xx POST /SearchSvc/CVWebService.svc/getDomains - 81 - 172.xx.xxx.xx Apache-HttpClient/4.3.1+(java+1.5) - 200 0 0 320
Based on the sample log line, you can determine that there are 13 columns:
- 2014-08-14 is the date in YYYY-MM-DD format.
- 13:26:10 is the time in HH:MM:SS format.
- 172.xx.xxx.xx is the Web Server IP address as a string value.
- POST is the HTTP method as a string value.
- /SearchSvc/CVWebService.svc/getDomains is the URL as a string value.
- 81 is the port, which we can define as a string or number.
- Between the URL and port, you might see a query string. In the sample log line, there is none ('-').
- 172.xx.xxx.xx is the IP address of the remote host as a string value.
- Between the port and the remote host, you might see the remote user. In the sample log line, there is none ('-').
- Apache-HttpClient/4.3.1+(java+1.5) is the browser as a string value.
- 200 is the error code as a number in decimal format.
- Between the browser and the error code, you might see a referral link as a string value. In the sample log line, there is none ('-').
- 0 0 320 is the extended error code as a string value with spaces.
You can also determine that there is a single delimiting character (a single space) separating each column.
To create the template by automatically discovering the log columns:
- From the CommCell Browser, expand Policies.
- Right-click Monitoring Policies and then click Manage Templates.
- In the Manage Templates dialog box, click Add.
Follow the instructions in the Create Template wizard.
- On the Please select template type page, select Delimited to easily discover the columns in the log.
- On the Template Discovery page, do the following:
- In the File Path box, specify the IIS log file.
- In the Read Lines boxes, specify the lines that you want to read from the log file.
Make sure that the lines that you specify contain the structure that you want to define in the template. For example, do not include the lines in the header.
- Under the Delimiters section, select the Space check box.
- Select the Treat consecutive delimiters check box. For example, if two consecutive spaces are encountered, they are treated as a single space.
- In the Type of log file to be monitored list, select *.log.
The IIS log file uses the .log file extension.
- On the Columns Discovered page, using the Ctrl key, select the columns that are related to the extended error code and click Merge to merge the columns into a single column.
- On the Please define discovered columns page, edit each column to properly define the properties. For example, select the date column and click Edit. Make sure that the Column Name is "IIS date" (or any other proper name), that Column Datatype displays Date, and that Column Type Format displays "YYYY-MM-DD".
Optional: Select the Facet check box for those columns that you want to show as search filters in the Log Monitoring application.
Last modified: 11/8/2018 11:53:34 AM