How to configure the Log Analytics Probes

Document ID : KB000010696
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

In order to use Log Analytics there are several probes that must be deployed and configured.

This can be quite confusing at first glance and this document is intended to reduce that confusion and help you to begin leveraging Log Analytics in your environment

Background:

There are 3 probes that need to be deployed

Log_forwarder

  • Probe Documentation
  •  Probe that scans the configured log files and publishes the log file content to a specific UIM Queue (Default Subject: LOG_ANALYTICS_LOGS)
  •  Deployed on the systems who’s logs you wish to monitor
  • AC or MCS
    • MCS templates recommended
    •  IM not supported

 

Axa_log_gateway

  • Probe Documentation
  • Probe that reads data from queue on hub (Default Subject: LOG_ANALYTICS_LOGS), and writes the data to the CA App Experience Analytics (AXA) Kafka topic (Default: logAnalyticsLogs).
  • Must be deployed on a hub
    •  Either on primary hub or multiple secondary hubs
      • Must not mix secondary and primary hubs!
  • MCS only
    • AC and IM not supported

 

Log_monitoring_service

  • Probe Documentation
  • Probe that queries log data stored in AXA and raises notification based on predefined queries
  • Each instance of probe can only monitor single tenant ID in AXA
  • Probe should be deployed in same region as AXA Datastore with good network connectivity as it queries the datastore directly
  •  AC or MCS
    • MCS templates recommended
    • IM Not supported
    • Must not mix AC and MCS

Below is a simple diagram showing how these would be deployed

 

LA.png

Instructions:

1.  Install AXA for Log Analytics.

  • AXA install instructions for Log Analytics can be found here

2.  Deploy “Setup axa_log_service” MCS template to Hub.

  • The only setting that needs to be changed is “AXA Kafka Broker(S)”
  • Change the value of localhost:9092 to the correct address and port of your AXA Kafka (default port is 9092)

log_service.png

3. Deploy “Setup log_forwarder” MCS template to Robot you wish to monitor.

  • You must define the correct value for “AXA Tenant ID” to enable the gateway to write the data into the correct tenant.

log_forward.png

  • The Tenant ID is not the friendly text you entered when creating the tenant in AXA, rather it is a UUID
  • Follow these steps to obtain the TenantID
    1. Login to the desired AXA Tenant
    2. Select the AXA tab
    3. Select Manage App
      • If you have an app in AXA open its properties and go to step 6, otherwise continue to step 4
    4. Select NEW APP
    5. Enter anything in the name field, we are just creating a dummy app, and click next.
    6. Select the WEB APP tab.
    7. You will see the TenantID in the code snippet

tenantid.png

4. Deploy the specific “Log Forwarding MCS template” for the type of log you wish to monitor

  • The only required fields for basic configuration are
    • Profile name – user defined name for this probe profile
    • File – full path to the log file on the robot you wish to monitor

5. Deploy the “Setup log_monitoring_ser” MCS template to robot that will run this probe

  • Define all 3 fields
    • AXA Tenant ID – same tenant ID as in “Setup log_forwarder”
    • AXA Elasticsearch Host – hostname or IP of AXA server
    • AXA Elasticsearch port – default is 9200

6. Deploy the "Log Monitoring Service" MCS Template

  • Define the following
    • Profile name – user defined name for this probe profile
    • Log Type – select the log type to monitor
    • Query String – enter the query string that will trigger QoS and Alarm
    • Enable alarm if desired and define the thresholds