How does the CA SystemEDGE agent work in monitoring logfiles?
The SystemEDGE Agent includes a Log Monitoring capability that allows the agent to continuously monitor log files for the appearance of user-specified regular expressions. Whenever a match for the regular-expression is written out to the log file, the Agent notifies the Manager(s) with a Trap message.
The agent maintains an SNMP table in its MIB, the logMonitorTable, that allows for dynamic configuration of the agent to monitor a log file for the regular-expression that is specified. Each entry in the logMonitorTable represents the monitoring of a single log file for a particular regular-expression.
Upon initialization of the agent, (or after log monitor row addition), the Agent stats each log file for its current length and last access time. Thereafter, the agent periodically stats the file, looking for a change in the file's size. If the file has increased in size, the agent will read the file from the first byte added since the last stat of the file looking for the user-specified regular expression. If the file has decreased in size, the agent starts over from the beginning of the file under the assumption that the file has been truncated or deleted and has been re-written.
If a match is found for the user-specified regular expression, the Agent sends a logMonMatchTrap enterprise-specific SNMP Trap message to the configured Manager(s) and executes the row's logMonAction if it is non-null (and if actions are enabled).