$('a[name]').remove(); $('#ic-homepage__footer').before('

'); $("#tabs").tabs({ selected: 1 }); $("#ic-homepage__ic-tips").append( quickTipHTML() ); unhideOneProductTip(); $("#ic-homepage__product-tips").wrapInner('

'); $("#ic-homepage__feed-tips").wrapInner('

'); });

IBM Tivoli Monitoring > Version 6.3 > User's Guides > Log File Agent User's Guide IBM Tivoli Monitoring, Version 6.3

Format file

The Tivoli Log File Agent extracts information from system log messages and then matches different log messages to event classes. A format file serves as a lookup file for matching log messages to event classes, telling the event class what to read, what to match, and how to format the data.

When the format file is used as a lookup file, all format specifications in the file are compared from the beginning to the end of the file. When two classes match or there are multiple matching classes for a message, the first expression from the end that matches is used. If no match is found, the event is discarded. A discarded event is written to the unmatch log if it is defined in the .conf file.

In this chapter, the regular expression syntax that you use to create patterns to match log messages and events is described. Regular expression-filtering support is provided using the International Components for Unicode (ICU) libraries to check whether the attribute value examined matches the specified pattern.

For more information about using regular expressions, see http://userguide.icu-project.org/strings/regexp.

For compatibility purposes, the syntax used by the Tivoli Enterprise Console log file adapter is still supported. Any new formats added to existing files are also supported. However, for any new format files that you create, use the syntax described here. If you require more information about the syntax used by the Tivoli Enterprise Console log file adapter, see Format file reference

Related reference:

Configuration Files

+

Search Tips   |   Advanced Search