Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

OMi Management Pack for Infrastructure2.00

Administer > Configure Streaming of Logs

Configure Streaming of Logs

This section includes overview and configuration for streaming the system logs. OMi MP for Infrastructure enables data collection from system log file. The log data is structured in a specific format to provide information about timestamp, host, and message. The structured data is further processed by Operations Agent and forwarded to required targets (example, Operations Bridge Analytics). Operations Bridge Analytics can use these logs to predict trends and pinpoint issues in your IT environment.

OMi MP for Infrastructure provides System Log Collection aspect that enables the streaming of structured logs for both Linux-based and Windows event logs. The System Log Collection Aspect and the related policies are available as OMi MP for Infrastructure AddOn 02.10.000 package.

Note Log streaming for Linux based system logs is supported from Operations Manager i 10.61 (or later) and Operations Agent 12.03 (or later) versions and Windows based system logs is supported from Operations Manager i 10.62 (or later) and Operations Agent 12.04 (or later) versions.

System Log Collection Aspect contains Log Streaming and Data Forwarding policies that must be configured prior to deploying the aspect. Data from the log file is converted to structured data based on the mapping and conditions defined in the Log Streaming policy. Operations Agent processes the data and forwards it to the target specified in the Data forwarding policy. Hence, before deploying the data collection aspect, make sure that the policies are configured.

Policy template	System	Supported mode	Operations Manager i	Operations Agent
Sys_SyslogStreaming	Linux	Normal mode	10.61 (or later)	12.03 (or later)
Sys_ApplicationlogStreaming	Windows	Raw mode	10.62 (or later)	12.04 (or later)
Sys_SecuritylogStreaming	Windows	Raw mode	10.62 (or later)	12.04 (or later)
Sys_SystemlogStreaming	Windows	Raw mode	10.62 (or later)	10.62 (or later)
Sys_DataForwarding	Linux and Windows	Normal mode	10.61 (or later)	12.03 (or later)
Sys_CustomlogStreaming	Windows	Raw mode	10.62 (or later)	10.62 (or later)

For more information on policy templates of System Log Collection Aspect, see Systems Infrastructure Aspects.

Custom logs for windows

On your windows system, you may have define custom logs. The Sys_CustomlogStreaming policy template helps you stream these custom logs to the required target for further analysis. The Sys_CustomlogStreaming takes Log Name, mentioned in your windows custom log, as parameter.

You can define as many custom logs as required. However, ensure to duplicate the Sys_CustomlogStreaming policy template for each of the log types, and then provide the log file path as parameter. On your windows system, if you have defined custom logs for hardware events, application events and services, duplicate the Sys_CustomlogStreaming policy template for each of these custom logs, and then provide the Log Name in Custom_logpath of Sys_CustomlogStreaming policy template.

For example, on your windows system, you may have defined custom logs for Microsoft PowerShell with Log Name as Microsoft-Windows-PowerShell/Operational. Mention the Microsoft-Windows-PowerShell/Operational in Custom_logpath of Sys_CustomlogStreaming policy template.

To provide the log name path, follow these steps:

Go to Administration > Monitoring > Policy Template > Generic > Generic output from Windows Event Log.

The list of all the policy templates are displayed in the Policy Template pane.
Duplicate the Sys_CustomlogStreaming policy template for the custom logs.
Select the custom log policy template and click . The Assign and Deploy wizard is displayed.
Click Next to display Required Parameter tab.
Click to edit the Value for Custom_logpath. The Edit Parameter window is displayed.
In the Value, enter the Log Name and save the changes. For example, if the Log Name in the Event Viewer is Microsoft-Windows-PowerShell/Operational.

Once all the custom logs are configured, you can proceed to deploy Infrastructure System Log Collection Aspect.

Deploy Infrastructure System Log Collection Aspect

To deploy the aspect, follow these steps:

On Linux-based system

To load historic data, configure Sys_SyslogStreaming policy. Else, go to step 2.

For more information about configuring, see Configure Structured Log Streaming Policy.
To specify the target and filter conditions, configure Sys_DataForwarding policy.

For more information about configuring, see Configure Data Forwarding policy.
Edit the System Log Collection aspect to include the latest version of Sys_SyslogStreaming and Sys_DataForwarding policies and click Save.
Deploy the latest version of System Log Collection Aspect.

On Windows-based system

To load historic data, configure Sys_ApplicationlogStreaming, Sys_SecuritylogStreaming, or Sys_SystemlogStreaming policy. Else, go to step 2.

For more information about configuring, see Configure Structured Log Streaming Policy.
To specify the target and filter conditions, configure Sys_DataForwarding policy.

For more information about configuring, see Configure Data Forwarding policy.
Edit the System Log Collection aspect to include the latest version of Sys_ApplicationlogStreaming, Sys_SecuritylogStreaming, Sys_SystemlogStreaming and Sys_DataForwarding policies and click Save.
Deploy the latest version of System Log Collection Aspect.

Send Help Center feedback