Administration GuideIntegrations and ConnectorsHow to Create an Integration › Set File Log Configurations

Previous Topic: Set Default Configurations

Next Topic: How to Create a Syslog Listener

Set File Log Configurations

You can control data access settings for integrations using the file log sensor. You can use the CA-provided default settings for most event collection purposes, but you may want to alter these settings for custom integrations.

To set file log configurations

  1. Open the integration wizard, select the File Log sensor type, and advance to the Default Configurations step.
  2. Set or edit the anchor rate for the integration:
    UpdateAnchorRate

    Defines the threshold, in events, at which an anchor value is created. If event processing is interrupted, the agent refers to the latest anchor to begin reprocessing. Setting a lower anchor rate reduces the chance of lost events, but affects performance since the anchor value is created more often. Setting a very high anchor rate increases workload, since many events would be reprocessed in the event of a processing interruption.

    Default: 4

    Read from beginning

    Controls whether the agent will begin reading the file from the beginning if event processing is interrupted. If the check box is not selected, the agent will resume reading events using the anchor rate. If the check box is selected the sensor reads the log file from the beginning when you deploy a connector for the first time. Depending on the size of the database and the rate of event generation, the CA Enterprise Log Manager log sensor may take some time to synchronize with real-time events.

  3. Set or edit the following configuration values for the targeted event source:
    File archive directory

    Defines the path where the log file is saved after rotation. The archive directory and the directory name can be the same.

    File mask

    Sets a text string used to identify the event source log file. The file mask can use wildcards. For example, to identify a log file named "messages.txt", you could enter the mask messages* .

    File rotation type

    Sets the integration to correspond with the file rotation type used by the product from which it receives events. The actual rotation type is set by that product. The following settings are supported by CA Enterprise Log Manager integrations:

    • NewFile - used when the integration target is rotated by a utility such as logrotate.
    • FileSize - used when the integration target is based on a preset size threshold.
    • FileAge - used when the integration target is based on a preset time period. The update generally takes place at or near midnight.
    Directory Name

    Defines the path for the event source log file.

    Event Delimiter

    Defines the regular expression that separates individual log entries in a multi-line log file. Each time the log sensor locates the specified delimiter, it begins reading for new events. This allows CA Enterprise Log Manager to receive multiple event entries from a single log file. For example, if each log file entry contains a unique time/date stamp, you could use the regular expression for that timestamp format as the delimiter.

  4. (Optional) To add additional event source values, click Repeat: Integration value repeat button

    An additional set of configuration value fields appear, allowing you to enter values for event collection from a different event source.

  5. Click the appropriate arrow to advance to the wizard step you want to complete next, or click Save and Close.

    If you click Save and Close, the new integration appears in the user folder list, otherwise the step you choose appears.