Server
To collect logs by your server application, check the following:
Agent Update
It is available from Server agent 2.1.2. For more information about update, see the following.
Checking the agent settings
Home > Select Project > Log > Log Setting
Select a project in the initial screen of the WhaTap monitoring service, and then select Log > Log Setting under Project Menu. In the OS selection tab at the top of Check Agent CONF., select a server OS (Linux (shell), Windows (Powershell)). See Basic Installation or Install with Category for the process.
The following configuration requires restart of the agent.
Linux Shell
-
Basic installation
Linux Shellexport LOGFILES=/some/path/file1,/some/other/file2
echo "logsink.files=$LOGFILES" | sudo tee -a /usr/whatap/infra/conf/whatap.conf -
Install with Category
Linux Shellcd /usr/whatap/infra
sudo mkdir extension
cat <<EOL | sudo tee extension/logsink.conf > /dev/null
[[inputs.logsink]]
category = "serverlog"
## Whether or not to send the data with separate log generation statistics
stats_enabled = true
## Category for log generation statistics
stats_category = "logsink_stats"
## Set the log non-target file names to be excluded with asterisk (*) in the log file path
excludeNames = [ ".gz",".zip" ]
[[inputs.logsink.file]]
## When setting a log file, you can set the date pattern (strftime.org).
path = "/some/path/%Y-%m-%d/.log"
disabled = false
encoding = "utf-8"
[[inputs.logsink.file]]
path = "/some/other/log"
disabled = false
encoding = "utf-8"
[[inputs.logsink.file]]
## When searching for the keyword in the line-by-line log, merge it with the previous log.
nowrap_keywords = ["Caused by:", "Test"]
EOL
sudo service whatap-infra restart
Windows Powershell
-
Basic installation
Windows Powershell$LOGFILES="c:\\whatap\\logs\\%Y-%m-%d\\*.log,c:\\whatap\\logs\\*.log"
Add-Content "c:\Program Files\WhatapInfra\whatap.conf" -Value "logsink.files=$LOGFILES" -
Install with Category
Windows Powershell# Require an Administarotr role
New-Item -type "Directory" -Path "C:\Program Files\WhatapInfra\extension"
$contentToAdd = @"
[[inputs.logsink]]
category = "serverlog"
## Whether or not to send the data with separate log generation statistics
stats_enabled = true
## Category for log generation statistics
stats_category = "logsink_stats"
## Set the log non-target file names to be excluded with asterisk (*) in the log file path
excludeNames = [ ".gz",".zip" ]
[[inputs.logsink.file]]
## When setting a log file, you can set the date pattern (strftime.org).
path = "c:\\whatap\\logs%Y-%m-%d_.log"
disabled = false
encoding = "utf-8"
[[inputs.logsink.file]]
## When searching for the keyword in the line-by-line log, merge it with the previous log.
nowrap_keywords = ["Caused by:", "Test"]
"@
New-Item -path "C:\Program Files\WhatapInfra\extension" -name "logsink.conf" -type "file" -value $contentToAdd -Force
Restart-Service "Whatap Infra"
Configuring options
-
stats_enabled: Set whether or not to collect the collection status data. The default value isfalse. The value must be set totrue. If set totrue, statistical data is generated in the category (logsink_stats) set in the followingstats_category. -
stats_category: Set the metrics category to store the collection status data in. The value must be set tologsink_stats. Statistical data fields are as follows:filecheckIntervalencodingfileposcheckedLocalTimelastupdatedLocalTimefileSizeerrorfirstChecktransferBytes
-
excludeNames: By including asterisks (*) in the log file path, you can set the file name to exclude non log files. You can set multiple values using comma (,) as the delimiter.ExampleexcludeNames = [ ".gz",".zip" ] -
nowrap_keywords: While searching logs by line, if any keyword is detected by a specified option value, it is merged with the previous log.
Configuring the log options for Windows events
When collecting Windows event logs, you can set the options as follows:
# Require an Administarotr role
New-Item -type "Directory" -Path "C:\Program Files\WhatapInfra\extension"
$contentToAdd = @"
[[inputs.win_eventlog]]
category = "win_event_log"
stats_category = "win_event_log_stats"
stats_enabled = true
enabled = true
[[inputs.win_eventlog.file]]
#true | false
enabled = true
# Application, Security, Setup, System, Forwarded
file = "Application"
#1: Information, 2: Warning 3: Critical 4: Audit Success 5 Audit Fail
#event_type =
#event id
#event_id =
#event source name
#source_name = ""
"@
New-Item -path "C:\Program Files\WhatapInfra\extension" -name "win_eventlog.conf" -type "file" -value $contentToAdd -Force
Restart-Service "Whatap Infra"
-
Support version 2.5.2
-
OS: Windows
-
It is required to specify the
category.e.g.
win_event_log -
It is required to specify the statistics category (
stats_category).e.g.
win_event_log_stats -
The statistics category On/Off (
stats_enabled) is required.e.g.
trueorfalse -
The collection On/Off (
enabled) is required.e.g.
trueorfalse -
The file-based collection On/Off (
enabled) is required.e.g.
trueorfalse -
The file (
file) is required.e.g.
Application,Security,Setup,System,Forwarded -
The event type (
event_type) is optional.e.g.
1,2,3,4,5NoteEvent type
-
Information
-
Warning
-
Critical
-
Audit Success
-
Audit Fail
-
-
The event ID (
event_id) is optional. -
The event source name (
source_name) is optional.
Specifying and separating multiple files
Specifying multiple files
To categorize multiple log files under the same category, add each log file path into the [[inputs.logsink.file]] entry and specify the file path by using the path setting. Additionally, you can configure additional settings, such as log generation statistics and options such as category, stats_enabled, and stats_category. The example is where the /root/test1 and /root/test2 files are assigned the same category (serverlog).
[[inputs.logsink]]
category = "serverlog"
stats_enabled = true
stats_category = "logsink_stats"
excludeNames = [ ".gz",".zip" ]
[[inputs.logsink.file]]
path = "/root/test1"
disabled = false
encoding = "utf-8"
[[inputs.logsink.file]]
path = "/root/test2"
disabled = false
encoding = "utf-8"
For information about options such as category, stats_enabled, stats_category, and nowrap_keywords, see the guidance above.
In this example, you can see the following in Live Tail.
File separation
To specify different categories for log files, create separate logsink{number}.conf files and then set different category values in each file. The following example shows how to set different log categories through logsink.conf and logsink1.conf.
# cat logsink.conf
[[inputs.logsink]]
category = "serverlog1"
stats_enabled = true
stats_category = "logsink_stats"
excludeNames = [ ".gz",".zip" ]
[[inputs.logsink.file]]
path = "/root/test1"
disabled = false
encoding = "utf-8"
#cat logsink1.conf
[[inputs.logsink]]
category = "serverlog2"
stats_enabled = true
stats_category = "logsink_stats"
excludeNames = [ ".gz",".zip" ]
[[inputs.logsink.file]]
path = "/root/test2"
disabled = false
encoding = "utf-8"
For information about options such as category, stats_enabled, stats_category, and nowrap_keywords, see the guidance above.
In this example, you can see the following in Live Tail.
Enabling the log monitoring
Home > Select Project > Log > Log Setting
You can enable or disable the WhaTap log monitoring with the toggle button in the Activate log monitoring tab of the Starting the log monitoring section.
- If you turn on
, the log monitoring is enabled. You can try for free for 15 days from the activation date. - If you turn off
, the log monitoring is disabled. Logs are no longer saved.
Role
After agent installation, you can enable the log monitoring settings only when you have the edit permission on the project. For more information about the roles, see the following.