Sentinel Log Parser

Sentinel Log Parser

Sentinel 7 writes Performance Snapshots to the server0.0.log file every 15 minutes with information that can be useful for diagnosing performance issues and planning expansions of the solution. This should show as something like:

**************************** Performance Snapshot ****************************
For the last 15.00 min:

[EventStoreService] Utilization is at 2% for the past 14.93 min.
Relative processing time of system components:
1% (15.37 sec) Security Intelligence
0% (3.40 sec) Correlation
0% (3.35 sec) Event Indexing and Storage
0% (945 ms) Active Views
0% (139 ms) com.netiq.sentinel.eventutils.consumers.EventConsumerDispatch

[RawDataStoreService] Utilization is at 0% for the past 14.93 min.

[EventRouterServer] Utilization is at 4% for the past 14.87 min.
Relative processing time of system components:
2% (24.98 sec) Direct Event Store Routing
0% (5.95 sec) Raw Data Routing
0% (4.24 sec) Mapping
0% (1.97 sec) Tagging
0% (599 ms) Routing Rules and Actions
0% (91 ms) Batched Event Store Routing

[Novell Identity Manager] Utilization is at 1% for the past 14.78 min.

[NetIQ eDirectory] Utilization is at 8% for the past 14.78 min.

[NetIQ iManager] Utilization is at 0% for the past 14.77 min.

[SUSE Linux Enterprise Server] Utilization is at 0% for the past 14.77 min.

[Microsoft Active Directory and Windows] Utilization is at 0% for the past 14.77 min.

Uptime 15.64 min
System load average last minute 296% across 2 processors
Current number of file handles this process has open 7,372/65,536 (11%)
Memory utilization 1489.34 MB/3000.00 MB (49%)
ActiveMQ broker memory utilization 0%, rt channel 0%, db channel 0%
ActiveMQ rt channel queue size = 0, in flight = 0, avg time queued = 0 ms
ActiveMQ db channel queue size = 0, in flight = 0, avg time queued = 0 ms
Correlation result queue size = 0/10,000 (0%)
EventRouterServer: Number of files currently in the buffer file (database_and_gui) = 0
EventRouterServer: Number of files currently in the buffer file (database) = 0
EventRouter: Number of files currently in the buffer file (database_and_gui) = 0
Number of raw data message files buffered on disk for retry = 0
The collector manager Internal Audit SubSystem sent 121 event(s) with an avg real-time delay of 888 ms.
The collector manager SENTINEL:server.domain.com (C76D2820-C395-1029-BB86-001321B5C0B3) sent 32,697 event(s) with an avg real-time delay of 1.15 sec.
Number of event message files buffered on disk for retry = 0
Events received over last 14.93 min = 36.624 eps, total events = 32,818
Events sent to and accepted by the storage component over last 14.93 min = 36.624 eps, total events = 32,818
Events buffered for retry (not yet sent to storage) over last 14.93 min = 0 eps, total events = 0
Events stored over last 15.00 min = 36.462 eps, total events = 32,818
Events indexed over last 15.00 min = 36.462 eps, total events = 32,818
Events currently in log queue 0/50,000 (0%), Events currently in index queue 0/50,000 (0%)
Events fetched from store instead of RAM for indexing 0/32,818 (0%)
Current number of search jobs = 4

Event time relative to processing time stats observed at IndexedLogComponent:
Grouped by event source.  32,697 events total, only showing event sources with an event time versus processing time greater than 10.00 minms.
Name|      Max (ms)*|       Min (ms)|       Avg (ms)|     Count
None to display.

******************************************************************************

This PHP: Hypertext Preprocessor file will parse the server logs for these Performance Snapshots and output a CSV file that will allow you to create pretty graphs.

It can also be scheduled to run, as the output file will be added to based on the date/time stamps of the Performance Snapshots.

For a one-time-run of the logs, its easier to concatenate the server logs into one, i.e.:

:~ # cd /var/opt/novell/sentinel/log/
:~ # cat server0.9.log server0.8.log server0.7.log server0.6.log server0.5.log server0.4.log server0.3.log server0.2.log server0.1.log server0.0.log > ~/server.log

Note: The order of the cat files, oldest to newest.

There are several parameters to adjust in the sentinellogparser.php file:

  • Set Date/Time format - the timezone of the sentinel server (see PHP: List of Supported Timezones - Manual for options)
  • $in_file - the input log file
  • $out_file - the CSV output file
  • $field_array - the fields of the Performance Snapshots to capture

You'll obviously need the php binary available to run the script:

:~ # php -f sentinellogparser.php

Labels (1)
Tags (2)
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2019-10-08 22:20
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.