Appendix C. Probes 159
C.6. LogAgent
The probes in this section monitor the log files on your systems. You can use them to query logs for
certain expressions and track the sizes of files. For LogAgent probes to run, the nocpulse user must
be granted read access to your log files.
Note that data from the first run of these probes will not be measured against the thresholds to prevent
spurious notifications caused by incomplete metric data. Measurements will begin on the second run.
C.6.1. LogAgent::Log Pattern Match
The LogAgent::Log Pattern Match probe uses regular expressions to match text located within the log
file being monitored and collects the following metrics:
• Regular Expression Matches — The number of matches that have occurred since the probe last ran.
• Regular Expression Match Rate — The number of matches per minute since the probe last ran.
Requirements — The Red Hat Network Monitoring Daemon (rhnmd) must be running on the moni-
tored system to execute this probe. For this probe to run, the nocpulse user must be granted read
access to your log files.
In addition to the name and location of the log file to be monitored, you must provide a regular
expression to be matched against in regex format for egrep, which is equivalent to grep -E in
support for extended regular expressions. This is the regex set for egrep:
^ beginning of line
$ end of line
. match one char
* match zero or more chars
[] match one character set, e.g. ’[Ff]oo’
[^] match not in set ’[^A-F]oo’
+ match one or more of preceding chars
? match zero or one of preceding chars
| or, e.g. a|b
() groups chars, e.g., (foo|bar) or (foo)+
Warning
Do not include single quotation marks (’) within the expression. Doing so will cause egrep to fail
silently and the probe to time out.
Field Value
Log file* /var/log/messages
Basic regular expression*
Timeout* 45
Critical Maximum Matches
Warning Maximum Matches
Warning Minimum Matches
Critical Minimum Matches
