Log Monitoring configuration file v1
You are viewing documentation for Log Monitoring v1. Dynatrace Log Monitoring v1, is considered a legacy solution.
Log Monitoring v1 will reach the end of life and will be switched off in November 2023.
SaaS environments will be automatically upgraded to LMA or LMC.
We strongly encourage you to switch to the latest Dynatrace Log Monitoring version.
If you are currently using Dynatrace SaaS, upgrade to the latest version of Dynatrace log monitoring.
Each OneAgent provides a ruxitagentloganalytics.conf file where you can set configuration options.
If your OneAgent installation, freshly installed or upgraded, does not have the ruxitagentloganalytics.conf file, use ruxitagentloganalytics.conf.template as a template and create your own ruxitagentloganalytics.conf file. Next, copy the ruxitagentloganalytics.conf file to the following directory:
- Linux:
/var/lib/dynatrace/oneagent/agent/config/ - Windows:
%PROGRAMDATA%\dynatrace\oneagent\agent\config\
AppLogContentAccess
Enables access to the log file content on this host. If set tofalse, the log file will be displayed in the user interface, but the content won't be accessible. Note that the OneAgent will still auto-detect log files unless the flagAppLogAutoDetectionis set tofalse.
AppLogContentAccess=false
AppLogRemoteConfiguration
Enables the manual configuration of logs to be accessed and monitored. If set tofalse, it won't be possible to add logs manually using the settings interface.
AppLogRemoteConfiguration=true
AppLogAutoDetection
Enables auto-detection of log files on this host. If set tofalse, logs won't be auto-detected.
AppLogAutoDetection=true
FilesInGroup
Defines how many files can be open by the specified process group.
Syntax:FilesInGroup=[process_group_ID], [warning_number_of_files], [maximum_number_of_files]
FilesInGroup=0x0, 150, 200
EntryFilter
Defines the filter for a log entry. A matching definition for process group, log path, and line prefix will make this entry available on storage.
Syntax:EntryFilter=[process_group_ID], [log_path], [LAQL]
EntryFilter=0x0,Windows Application Log,INFO======EntryFilter=0x201744FC09941B85,%PROGRAMDATA%\CrashPlan\log\service.log.#,not INFO======
LogEntryPrefix
Defines the prefix of the log entry. If a match is found, the log line will be considered a log entry.
LogEntryPrefix=/var/ossec/logs/alerts/alerts.log,** Alert
-
MainLoopInterval
Sets the time interval (in seconds) of OneAgent log operations. Defines how often the OneAgent will detect, analyze, and store logs.By decreasing this value:
- You can configure the OneAgent to react faster to events happening on the monitored host.
- You might negatively affect performance as the
LogAgentthen requires more CPU cycles and performs more disk operations. - There will be more writes to storage disks and a worse compression ratio. Data latency will however be lower.
In case the server doesn't keep up with writing, the server will increase the interval to achieve an IOPS rate that the storage is able to handle.
By increasing this value:
- You can increase OneAgent performance. The OneAgent would then use less CPU and perform fewer disk operations. This might be beneficial if you monitor applications that write a small number of logs at short intervals.
- You could increase the latency on the UI. For example, the results of log analysis performed on stored data would not contain data from the last (up to)
MainLoopIntervalseconds.
MainLoopInterval=60
-
AutomaticFile
Defines which files will be included in or excluded from the log analysis and storage.
AutomaticFile=Path, Include|ExcludeYou can use the wildcard (
*) to indicate specify all directories and subdirectories.
For example:AutomaticFile= */log/*/*, ExcludeConfiguration
AutomaticFile= */log/*/*, Excludewould exclude the/dir1/dir2/log/dir3/test1.logfile, but it would NOT exclude the/dir1/dir2/log/test2.logfile. In this example, thetest2.logfile is not located at the directory depth indicated in the configuration. As a result, the condition set in the configuration is not met.
Configuration
Result
AutomaticFile= /log/*/*, Exclude
/dir1/dir2/log/dir3/test.logwill NOT be excluded/dir1/dir2/log/test.logwill NOT be excluded/log/test.logwill NOT be excluded/log/dir3/test.logwill be excluded
Path
Configuration
/var/log/
AutomaticFile=/var/log/*, Include
/var/log/
AutomaticFile=/var/log/*, Exclude
Path
Configuration
c:\problemdir\file.log
AutomaticFile = /problemdir/*, Exclude
d:\nightly\sub\r16.0.0_sp12_nbld_win_64_daily.log
AutomaticFile= /nightly/ * / *, Exclude
JSONTimestampFieldNames
Defines a list of fields in a JSON-formatted log entry that will be used as a timestamp for automatic JSON parsing. This is a global configuration for all JSON log files. If more than one field is found, the first one will be used.
JSONTimestampFieldNames=time,timestamp
The following properties are still available, but they are deprecated and replaced by the AutomaticFile property in version 1.155.
AllowedLogs
Listed name patterns of log files that will be auto-detected for monitoring. You can add multiple name patterns for additional log file name matching.
AllowedLogs=*[.\-_]log[.\-_]*AllowedLogs=*[.\-_]logAllowedLogs=catalina.out
AllowedDirLogs
Listed name patterns of directories for log files that will be auto-detected for monitoring. If a log file is discovered in a directory containing the defined string, it will be auto-detected for monitoring. You can add multiple name patterns for additional log directory matching.
AllowedDirLogs=logAllowedDirLogs=logs
LogSearchLevel
Log directory depth. Logs found in directories defined in theAllowedDirLogsproperty will be added for monitoring only if found on the level defined inLogSearchLevelor below.
LogSearchLevel=2
AllowedDirPrefixes
Allows log directories with defined prefix. If a log file is found in a directory path starting with what you define inAllowedDirPrefixes, it will be auto-detected for monitoring. You can add multiple directory name prefixes for allowing additional directories.
AllowedDirPrefixes=/var/log/