Home

Forums
       Operations Manager
       MP Development
       Config Manager
       CP Development
       Data Protection Mgr
       Essentials (SCE)
       Hyper-V
       SCVMM
       Service Manager
       Cross-Platform

Articles
       Operations Manager
       MP Development
       Config Manager
       CP Development
       Data Protection Mgr
       Essentials (SCE)
       SCVMM
       Hyper-V
       Virtualization
       Service Manager
       Cross-Platform

Downloads
       Operations Manager
       Config Manager
       Data Protection Mgr
       Essentials (SCE)
       SCVMM
       Scripts
          Samples (SCOM 2007)
       Service Manager
       Cross-Platform

Pack Catalog
       MP Catalog
       CP Catalog

WIKI

Community
       Blogs
       Community Feedback

User Groups
       Arizona Systems Management User Group
       Atlanta Systems Management User Group
       Microsoft Enterprise Management User Group (Denver
       System Center Professional's User Group of Jax (Fl
       New York System Center User Group
       Portland EPG System Center User Group
       Northwest System Center User Group (Seattle)
       System Center User Group (Netherlands)
       System Center User Group (Belgium)
       System Center User Group (Malaysia)
       System Center Virtual User Group
       Powershell Virtual User Group

RSS Feeds

Web/Podcasts
       Virtualization
       Essentials (SCE)
       SCVMM
       Hyper-V
       Data Protection Mgr
       Operations Manager
       Config Manager

Events
Unix/Linux Log File Monitoring - How does it work?
Home  » Operations Manager  » Unix/Linux Log File Monitoring - How does it work?

Unix/Linux Log File Monitoring - How does it work?
Posted: Wed, Dec 23, 2009 10:47 PM :: Rank: 0
Author
Points: 270
Level: System Center Hero

I am setting up linux log file monitoring, but I want to understand how it functionally works.  I cannot find a good explanation anywhere.  My concern is large log files.  Is there a recommended log file size limit for most efficient operation?

Once the monitor is set up,  how is it actually monitored by the cross plat agent.  Does the agent scan the entire file every "X" amount of time?  Does it maintain a tail on the log watching for the regex coming through?  If the agent scans the log every so often I would anticipate increased overhead due to large log files.

Anyone have a good explanation for me?  What can I expect as way of performance for large log files?
Reply  
Report Abuse
Re: Unix/Linux Log File Monitoring - How does it work?
Posted: Thu, Dec 24, 2009 1:23 AM :: Rank: 2
Author
Points: 3920
Level: System Center Specialist
I am not sure how large your log files is but, agent is not scanning whole log file over and over. It puts the check mark after each scanning so, it maintains tails. In our environment we have almost 40 AIX and Solaris server and we are monitoring log files, for example; Hardware errors, authentication failure, some custom script outputs, backups and etc. only issue so we have seen on Solaris Sparc5.9 average 10-15% CPU usage on a very busy DB server. Except that everything is pretty stable.
Reply  
Report Abuse

Home  » Operations Manager  » Unix/Linux Log File Monitoring - How does it work?
Tag Cloud
Quick Links
Top Contributors
Pete Zerger
Points: 29040
Level: System Center Expert
Simon Skinner
Points: 24253
Level: System Center Expert
Tommy Gunn
Points: 20637
Level: System Center Expert
Stefan Koell
Points: 12484
Level: System Center Expert
MadHatter
Points: 11676
Level: System Center Expert
    
Copyright 2009 by System Center Central