The Event Management information is logged to the following file:
SOI_HOME\log\EventMgmt.log
By default, the log level in the file is INFO. You can change this level to pinpoint errors if your event searches or policies are not performing as expected.
Follow these steps:
SOI_HOME\resources\eventManager-log4j.xml
<root> <priority value="DEBUG"> </priority> <appender-ref ref="stdout" /> </root>
The EventMgmt.log file now produces more detailed debug messages.
The logging change is applied.
Consider an example search on the Universal connector that unexpectedly returned no events. After configuring a DEBUG log level and running the search again, you can see the search details:
INFO | jvm 1 | 2011/04/05 10:02:51 | 10:02:51,063 INFO SDOFactory:208 - com.ca.eventmanager.operations.EventManagerImpl.getEvents: Incoming Map:key=(Connectors) Value=(CA:09997_server01.ca.com@server01.ca.com)
INFO | jvm 1 | 2011/04/05 10:02:51 | 10:02:51,063 INFO SDOFactory:208 - com.ca.eventmanager.operations.EventManagerImpl.getEvents: Incoming Map:key=(MdrProduct) Value=(CA:09997)
INFO | jvm 1 | 2011/04/05 10:02:51 | 10:02:51,063 INFO SDOFactory:208 - com.ca.eventmanager.operations.EventManagerImpl.getEvents: Incoming Map:key=(scope.query.operator) Value=(OR)
INFO | jvm 1 | 2011/04/05 10:02:51 | 10:02:51,063 INFO SDOFactory:208 - com.ca.eventmanager.operations.EventManagerImpl.getEvents: Incoming Map:key=(scope.query.timelast) Value=(1)
...
INFO | jvm 1 | 2011/04/05 10:02:51 | 10:02:51,141 DEBUG XQueryHelper:95 - com.ca.eventmanager.common.XQueryHelper.setTimeLast: timelast=1 qp.timestart=1302008571 qp.timeend=1302012171
INFO | jvm 1 | 2011/04/05 10:02:51 | 10:02:51,141 DEBUG XQueryHelper:96 - com.ca.eventmanager.common.XQueryHelper.setTimeLast: qp.timestart.epoch=Apr 5, 2011 9:02:51 AM qp.timeend.epoch=Apr 5, 2011 10:02:51 AM
INFO | jvm 1 | 2011/04/05 10:02:51 | total reccount=0
INFO | jvm 1 | 2011/04/05 10:02:51 | timescoped files: 0
INFO | jvm 1 | 2011/04/05 10:02:51 | recordscoped files:
INFO | jvm 1 | 2011/04/05 10:02:51 | final-query: let $a := doc('file:/C:/Program%20Files/CA/SOI/resources/Core/EventStore/temp/results27890.xml0.xml')/results/normal return if (count($a)>0) then (<group id='0'>{$a}</group>) else ()
INFO | jvm 1 | 2011/04/05 10:02:51 | resultsfile: C:\Program Files\CA\SOI\resources\Core\EventStore\temp\results27890.xml
...
INFO | jvm 1 | 2011/04/05 10:02:52 | 10:02:52,219 INFO SDOFactory:208 - com.ca.eventmanager.operations.EventManagerImpl.getEvents: Returning from DataSource:SSA key=(Result) Value=(<results scopedeventcount='0' returnedeventcount='0' warning='' error='pattern_not_matched'> set log4j level to TRACE to log entire result set.)
The initial lines define the Universal connector MdrProduct value (CA:00097), the server name (server01.ca.com), and a defined scope to search on events for the last hour. The DEBUG message writes the start and end time of the search (qp.timestart.epoch=Apr 5, 2011 9:02:51 AM qp.timeend.epoch=Apr 5, 2011 10:02:51 AM), which is helpful for determining the files that were searched. Finally, the following message shows that no events were found in the scoped time:
INFO | jvm 1 | 2011/04/05 10:02:51 | timescoped files: 0
Using this information, you can change the scoped time period and rerun the search.
|
Copyright © 2013 CA.
All rights reserved.
|
|