Linux log monitoring default checks and policies

Australia IT Operations Management

Release

australia

ft:locale

ja-JP

ft:publication_title

Australia IT Operations Management

ft:clusterId

itom

bundleId

itom

workflow

Technology

Linux log monitoring default checks and policies

リリースバージョン: Australia

更新日 2026年03月12日

所要時間：5分

Agent Client Collector provides the following policy for Linux log monitoring.


Type	Check	Description	Usage and Usage Example	Output
Event	util.check-logs	Enables monitoring log files owned by a regular user.	Usage: -i --icase: Run a case insensitive match. -c, --crit N: Critical level (if pattern has a group). --encode-utf16u: Encode line with utf16 before matching. -e, --encoding ENCODING-PAGE: Specific encoding page to read log file with. -E, --exclude PAT: Pattern to exclude from matching. -F, --filepattern FILE: Check a pattern of files, instead of one file. For REGEX, first test it on https://rubular.com/ to get the expected outcomes and then pass it inside quotes as a parameter. For example, to get all .log extension files, pass "(.)*\.log$" as REGEX. -f, --log-file FILE: Path to log file. -l, --log-pattern PAT: Log format of each log entry: -o, --warn-only Warn instead of critical on match. -q, --pattern PAT Pattern to search for.To search for multiple patterns, separate each pattern with pipe(\|) and put inside quotes (For example: "SEVERE\|404"). -r, --return: Return matched line. -L, --return-length N: Matched line length. -M, --return-error-limit N: Max number of returned matched lines(log entries). -n, --name NAME Set state file dir automatically using name. -s, --state_dir DIR Dir to keep state files under. -w, --warn N: Warning level if pattern has a groupWarning level if pattern has a group. Usage example: `command: check-log.rb -c 2 -w 1 -q "SEVERE\|Exception" -s /tmp/cache/check-log -f /var/log/servicenow/agent-client-collector/acc.log`	CheckLog CRITICAL: 0 warnings, 8 criticals for pattern SEVERE\|Exception in log file /var/log/servicenow/agent-client-collector/acc.log
Event	util.check-logs-sudo	Enables monitoring log files owned by a root user.	Usage: -i --icase: Run a case insensitive match -c, --crit N: Critical level (if pattern has a group) --encode-utf16u: Encode line with utf16 before matching -e, --encoding ENCODING-PAGE: Specific encoding page to read log file with. -E, --exclude PAT Pattern to exclude from matching -F, --filepattern FILE: Check a pattern of files, instead of one file. For REGEX, first test it on https://rubular.com/ to get the expected outcomes and then pass it inside quotes as a parameter. For example, to get all .log extension files, pass "(.)*\.log$" as REGEX. -f, --log-file FILE: Path to log file. -l, --log-pattern PAT: Log format of each log entry: -o, --warn-only Warn instead of critical on match -q, --pattern PAT Pattern to search for.To search for multiple patterns, separate each pattern with pipe(\|) and put inside quotes (for example: "SEVERE\|404") -r, --return: Return matched line. -L, --return-length N: Matched line length. -M, --return-error-limit N: Max number of returned matched lines(log entries). -n, --name NAME: Set state file dir automatically using name. -s, --state_dir DIR: Dir to keep state files under -w, --warn N: Warning level if pattern has a groupWarning level if pattern has a group. Usage example: `command: check-log.rb -c 2 -w 1 -q "SEVERE\|Exception" -s /tmp/cache/check-log -f /var/log/servicenow/agent-client-collector/acc.log`	CheckLog CRITICAL: 0 warnings, 8 criticals for pattern SEVERE\|Exception in log file /var/log/servicenow/agent-client-collector/acc.log