LogWatch

FAQ

Frequently Asked Questions

What is LogWatch?

LogWatch helps you prevent extended outage because of undetected issues. LogWatch is a tool that monitors log files for anomalies and alerts you as soon as they are detected. It runs in Guardian space, but can monitor OSS and Guardian files, in addition to VHS and EMS logs.

What are LogWatch's benefits?
  • Prevents production outage by minimizing your down time as errors are detected by LogWatch and acted upon immediately
  • Helps Operation monitor OSS log files for errors without having to learn OSS
  • Facilitates QA team in testing new code by detecting log file patterns
  • Allows Developers to be notified of program problems in QA or production environments
I already have MOMI or Prognosis, why do I need LogWatch?

MOMI and Prognosis are great tools to monitor system resources, but they are not designed for monitor application disk log files. In contrast, LogWatch is designed to monitor log files for error patterns and is a great complementary tool to MOMI and Prognosis.

Is LogWatch scalable?

Yes, you can have multiple instances of LogWatch running at the same time, monitoring different log files.

How does LogWatch monitor for new log entry?

For Guardian files, LogWatch uses CONTROL 27. For OSS files, it uses a timer to wake and check the EOF entry to detect if there is new data.

How many files can one LogWatch instance monitor?

LogWatch allows you to configure multiple files to monitor, as many as you want to. The best practice for the number of files to be monitored by one instance depends on how "busy" the file is, i.e. what is the new data arrival rate of the file. This is similar to the standard best practice in scaling servers according to the expected transaction rate. So, if you are monitoring very busy file(s), you would want to have a dedicated LogWatch instance to process the entries. Likewise, for files with infrequent insertion, a single instance of LogWatch will be able to handle many of them.

How can LogWatch help me monitor my iTP Web Server environment?
  • Discover missing web pages by monitoring httpd.log or access.log
  • Detect application errors by monitoring access.log for error 500
  • Capture servlet errors by monitoring servlet.log
  • Upon catching any of these errors, LogWatch can raise an alert by:
    • Sending a message to EMS (optionally routed via SNMP to an external Enterprise Manager)
    • Sending an email to Operation or Support
    • Writing the errors to a Guardian error file
How quickly can I set up LogWatch?

LogWatch can be installed in 30 minutes.

You can set up a configuration to monitor OSS or Guardian files in about 10 minutes.

Is LogWatch available for free evaluation?

Absolutely! Contact us for a FREE trial copy by sending an email to 📧 sales-support@ticsoftware.com