SiteScope log monitor for reading symboli links

There is an old post asking this question about SiteScope log monitor capability in reading symbolic links in linux but couldnt find a confirmation whether this is possible or not.

 

I see below entry in 11.24 release note,

 

**********************************************

QCCR1I39836

Log File monitor.

The Log File monitor is unable to monitor a file through symbolic links on Linux.

********************************************************

 

The above ER is in completed state but i still dont see SiteScope monitoring symbolic links. I tested it out today and found these entries in debug log,

********************************************************

(LogMonitorBase.java:589) DEBUG - Log file/home/hpov/mon.log exists. It could be link on file. Check it.
2015-02-11 11:00:46,156 [[Linux][My Monitoring][vlwlk928][LogFile][SS][/home/hpov/mon.log][SiSExclude](1044320527/128) ] (LogMonitorBase.java:744) DEBUG - Can't find "fileStatus" property in template.os config file for RHEL Fidelity remote OS, so we don't support monitoring of log file by symbolic link for this OS. Verification on symbolic link was skipped.

***********************************************************

 

Am i missing something in template.os or is this functionality still not there in SiteScope?

 

Tags:

  • Hi,

     

    AFAIK this doensn't work as Java has issues with symlinks.

  • I'm pretty sure I was one of the guys submitting/requesting this as ER - our main SiS is still 11.23 - but we fixed this by modifying the template.os if I recall correctly.

    I can check at work tomorrow if you need the file(I think it was just modifying an "ls" though.

     

    regards

  • That would be a great help if you can send the os template entry.

  • I've checked - my request back then was from the Multi-Log Monitor and seems to have been adapted in 11.23 or 11.24

    id=find_recursive
    command=find -L <file> -type f -ls 2>/dev/null | egrep '<contentmatch>'

     

    it should be enough for you to edit your template at

    id=find
    command=find '<file>' -maxdepth 1 -type f -ls 2>/dev/null | egrep '<contentmatch>'

     

    To make 100% sure you are looking at the right command, you can setup the monitor - log into your Linux server with the monitoring user, check the history and identify the exact command he uses - and then modify that. But I am quite certain that it will be the "id=find".

     

    hope that helps

  • Logfile monitor do not use find command, i think function wise it is not required to,

     

    echo sitescope-command-begin; test /var/log/messages; echo $?; echo sitescope-command-end
    echo sitescope-command-begin; ls -l /var/log/messages; echo sitescope-command-end
    echo sitescope-command-begin; tail -c 401218 /var/log/messages; echo sitescope-command-end

     

    These are the three commands it uses test, ls -l, and tail.

  • I just opened up a Log File monitor to check since it got me curious.

    DEBUG Log says that the first command is the following

     

    command=/usr/bin/test -r <file>; echo $?

     

    Could you check if, run locally, this command returns "0" for your file/link in question?

    If this, in fact returns "0" I'd suggest you open up a support case and see if they can figure this one out - if it returns anything other than "0" - you can try the commandline parameters (I think -L follows links also here).

     

    best regards