Planning for Your Log Monitoring Policy

Before you run the Monitoring Policy wizard, you must collect the information that is required during the policy creation.

Use the following checklist as preliminary steps to consider before creating the monitoring policy:

Decide what type of template you want to use

The monitoring policy uses a template to define the type of log to be monitored. Use the following process to help you decide:

  1. Analyze your CommCell environment and identify the type of log that you want to monitor. For example, Commvault logs.

    If you have different types of logs, consider creating separate policies for each log type.

  2. Review the list of predefined templates and their properties. For more information, see Monitoring Policy Templates.

    If none of the predefined templates meets your log properties, you can create your own template. For instructions, see Creating a Monitoring Policy Template.

  3. To create a monitoring policy to monitor the MiFID logs in your environment, select Text Log Files type and choose the discovered template created to track the MiFID logs. For instructions to create an MiFID monitoring policy template, see Creating an MiFID Monitoring Policy Template.

Identify the log files you want to monitor

Based on the template that you plan to use, gather the following log details:

Selected Template

Required Information (Log location and associated clients)

Text Log Files and SysLogs

  • Collect the name of the client computers and/or client groups that contain the logs to be monitored.

  • Record the location of the log file. Take the following into consideration:

    • For Commvault Logs, the Commvault log directory is already provided in the wizard.

    • For recall logs, the RecalledItems directory in the Commvault log directory is monitored.

    • For Hyper-V logs, the Hyper-V log folder in the Commvault log directory is monitored.

    • If the logs reside in a UNC path or in a NetApp file server, determine the computer from which you want to access the network path, and collect the user credentials to access the network path.

    • For the MiFID logs, the MiFID logs that are located in the subclient to which the monitoring policy will be associated are monitored.

Database

N/A

The location of the CommServe database logs is automatically retrieved by the monitoring policy.

Windows Events

Collect the name of client computers and client groups where you want to monitor Windows events.

On Demand

When you upload log files using the Log Monitoring application, the Web Console distributes the files across clients to balance the log indexing workload.

  • Collect the name of the client computers where you want the log files to be uploaded.

  • Determine the staging location on each client (that is, the folder to which the files are uploaded).

Global Monitoring

N/A

A global monitoring policy is created for one CommCell and is used to monitor and index data from other CommCells.

Determine the monitoring criteria

Decide which monitoring approach you want to use:

  • Define monitoring criteria to track specific events in the logs

    Templates provide a predefined set of filtering attributes to track data on specific types of logs. To check the filtering attributes that are supported for each predefined template, see the Create/Edit Criteria online help page.

  • Index all the lines in the log files without defining monitoring criteria

    Use this option to capture all the events that occur in the logs.

Note: Monitoring criteria is not available for the global and MiFID monitoring policies.

Gather information for the data capturing options

The Monitoring Policy wizard provides options to further customize the way the log data is captured. The following table displays the options that require some preconfiguration:

Option

Required Information

Applicable Templates

Select the data capturing type

Select how the data can be captured for monitoring.

  • Index server: Index the data in the index server based on the criteria defined in the policy. You can perform searches on the data using the monitoring application.

  • Event Raiser: Monitor the logs based on the criteria defined by the user, and then create an event in the Event Viewer.

Text Log Files, Database, Windows Events, SysLogs, On Demand

Upload the entire log file to FTP

The log is uploaded when a log event matching the monitoring criteria occurs.

Note: The FTP option is not available if you index all lines in the log without defining monitoring criteria.

If you plan to upload the file to the FTP site, you must configure the FTP. For instructions, see Setting Up an FTP Location for Monitoring Policies to Upload Log Files.

Text Log Files, SysLogs

Select Analytics Engine

Decide which Index Server you want to use. The Index Server is configured during the setup of the Log Monitoring application. For instructions, see Configuring the Index Server for Log Monitoring.

Text Log Files, Database, Windows Events, SysLogs, On Demand

Use Cloud Policy

Decide which global monitoring policy you want to use. Use this option if you want the analytics engine defined in the global monitoring policy to index the data captured by the current monitoring policy.

A global monitoring policy must exist in another CommCell and must be made available to the current CommCell.

Text Log Files, Database, Windows Events, SysLogs, On Demand

Enable Archive

If you want to archive aged analytics data, you must have a OnePass subclient on the Index Server. For information on archiving aged analytics data, see Archiving Aged Analytics Data in Log Monitoring.

Text Log Files, Database, Windows Events, SysLogs, On Demand

Determine the matching pattern to search for indexed log data

To help you analyze log data in the Log Monitoring application, you can configure the monitoring policy to use matching patterns to perform the following actions:

  • Extract specific log data and add the data as facets in the search page of the application

    Facets are search filters based on the monitoring policy properties, such as policy name, associated clients, and filtering attributes.

    Gather the following details to determine the matching pattern:

    • Which regular expression to use for searching the log event

    • Which data type in the log event to extract (integer, float, or string).

  • Find specific log data and modify the data before it is displayed in the application

    This is useful for users who want to change a complex piece of log data with a simple expression.

    Determine the matching pattern (regular expression to find the log data) as well as the expression that will replace the log data found by the matching pattern.

Note

Matching patterns is not available for the MiFID monitoring policies.

Loading...