INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login

HANDLE


PASSWORD
Remember Me
Forgot Password?

Navigation

Join Us!
Keyword Search
Browse Forums
Jobs
Start A Group
Tell A Friend
Donate
Whitepapers

Come Join Us!

  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
E-mail*
Handle

Password
Verify P'word
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Member Feedback

"...Congratulations on a brilliant idea and a great site..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!
Home > Forums > MIS/IT > Management Tools > Tivoli/IBM: TME10 > FAQs

Tivoli/IBM: TME10 FAQ

Logfile Adapters

How do I create a logfile adapter to read UNIX application logfiles?
faq29-3418
Posted: 8 Apr 03

First, create a format file for your application.  Note that you must have a default Sun syslog or AIX errpt logfile adapter deployed before you can do this, and you will need to do some scripting to install your application LFA in a different location. If you fail to do this, the application LFA will break your syslog adapter.

Define a base event class if you have multiple event formats with common attributes:

FORMAT Nortel_IVR_Base
%s %t <%s> %s %s*
hostname "HSTNAME"
sub_origin "N/A"
adapter_host "EPLABEL"
date $2
origin DEFAULT
sub_system $3
error_code $4
msg $5
END

Then begin defining your events:

// Sat Aug 17 10:55:56 <KmnPin> 91003 Line 25 Host 1 Severity 8 Vps 1
FORMAT Nortel_IVR_Error FOLLOWS Nortel_IVR_Base
%s %t <%s> %s Line %s Host %s Severity 8 %s*
-line_number $5
-host_number $6
vps_number $7
msg PRINTF("<%s> %s Line %s %s", sub_system, error_code, line_number, vps_number)
END

Note the dashes "-" before some of the slots.  These signify event slots that are used locally and are not present in the BAROC file.

Create your Adapter Configuration Profile
Select the adapter type - a default AIX or Solaris type will do.

In the "Filters" tab, create your event filters.

000 Class=Nortel_IVR_Base
001 Class=Nortel_IVR_Error

In the "Environment" tab, set your keywords

AdapterErrorFile=/usr/Tivoli/lcf/bin/solaris2/TME/TEC/adapters/IVR_Logfile/etc/tecad_logfile.err
BufEvtPath=/usr/Tivoli/lcf/bin/solaris2/TME/TEC/adapters/IVR_Logfile/tecad_logfile.cache
BufferEvents=YES
MaxEventSize=4096
FilterMode=IN
LogSources=/opt/vps/vps33/log/alarm.log
PollInterval=30
ServerLocation=@EventServer

Note the use of the FilterMode keyword.  FilterMode=IN will only process events are present in the event classes in the "Filters" tab.  The default behavior is FilterMode=OUT.

If you have multiple logs, you must specify the full path to each logfile, separated by commas with no spaces in between.

In the "Actions" tab for the "Before" actions I do a little scripting in the adapter to create the LFA install directory and copy the necessary LFA binaries to the new LFA install directory.

TECADHOME=/usr/Tivoli/lcf/bin/solaris2/TME/TEC/adapters/IVR_Logfile
export TECADHOME
mkdir -p $TECADHOME/etc
mkdir -p $TECADHOME/bin
unset CHILD_OF_OSERV
cp $LCF_DATDIR/../../bin/solaris2/TME/TEC/adapters/bin/* $TECADHOME/bin
$TECADHOME/bin/init.tecad_logfile -s stop IVR_Logfile

Note:
You must use the "-s" switch in the adapter stop command to let the adapter know NOT to create a pipe to syslogd!  If you don't, you'll break your syslog adapter.

Ok, here's where it gets tricky.  In the "After" actions, we define some variables, then use sed to insert those variables into a temporary format file, then compile the temp format file and the finished format file:

TECADHOME=/usr/Tivoli/lcf/bin/solaris2/TME/TEC/adapters/IVR_Logfile
export TECADHOME
unset CHILD_OF_OSERV
REALNAME=`hostname`
export REALNAME
/usr/bin/sed -e "s/HSTNAME/$REALNAME/g" $TECADHOME/etc/tecad_logfile_IVR.fmt > $TECADHOME/etc/tecad_logfile.fmt.tmp
/usr/bin/sed -e "s/EPLABEL/${ACPEP_NAME}/g" $TECADHOME/etc/tecad_logfile.fmt.tmp > $TECADHOME/etc/tecad_logfile.fmt
logfile_gencds $TECADHOME/etc/tecad_logfile.fmt > $TECADHOME/etc/tecad_logfile.cds
$TECADHOME/bin/init.tecad_logfile -s start IVR_Logfile

Again, make sure you're using the "-s" switch on the adapter start command.

The reason for all of this scripting is to ensure that if the hostname differs from the endpoint lable, we can tell that when we look at the event.  This is helpful in clustered or HACMP configurations where you may have multiple endpoints installed.

In the "Distribution" tab, tell the adapter where it's going to get its format and error files from:

tecad_logfile.err=FQDN:/usr/Tivoli/bin/generic_unix/TME/ACF_REP/tecad_logfile.err
tecad_logfile_IVR.fmt=FQDN:/usr/easm/dev/adapter/IVR_Logfile/tecad_logfile_IVR.fmt

In the "General" tab, set the install location for the adapter's configuration files:

Install dir: /usr/Tivoli/lcf/bin/solaris2/TME/TEC/adapters/IVR_Logfile/etc

Config file: tecad_logfile.conf

Make sure your event class is added to a new or existing BAROC file.  Compile your rulebase and bounce the TEC server.

Save your adapter and distribute.  That is, after you've added your subscribers.

Back to Tivoli/IBM: TME10 FAQ Index
Back to Tivoli/IBM: TME10 Forum
My FAQ Archive
Email This FAQ To A Friend

My Archive