Using the Anturis Console, you can set up monitoring of log files on any hardware component (a server computer) in your infrastructure by adding the Log File monitor to the component.
A log file is used to record events that occur while a program is running. For example, server software maintains log files to keep track of all client requests. Besides the request itself, such logs usually record the time when the request was made, the origin of the request, and so on. This data can then be analysed to understand the workloads of the server, what kind of data is requested most often, and which clients send more requests.
The depth of analysis depends on the amount of data that is logged. Most software enables you to select the level of detail for log files. The standard for logging on Unix and Unix-like servers is syslog, although some applications provide their own logging systems. Syslog enables you to have separate software that generates messages, software that stores them, and software that analyzes them. Syslog is not supported on Windows servers. However, there are tools that can forward Windows Event Log data to a syslog server.
When analyzing log files, you are generally looking for a specific expression (such as an error code or name) to see how often it occurs. For example, if there is one failed request on a server per day, it may not be a problem, but if there are hundreds of request failures from clients every minute, this is a serious issue. Or you might maintain a log of requests to a number of large files on your server, and see if some of them are accessed too rarely to justify keeping them.
Another reason to analyze a log file is to look for a specific message. For example, you want to be notified of a certain error as soon as it is logged, even once.
A log file can be continuous (when new events are constantly added to the end), but more often it is rolling (meaning that it is regularly cleared, with previously logged events archived to another file). You may want to monitor the whole file from the beginning, or only those events that are recorded after you set up monitoring.