The Archive Logging feature enables you to archive log entries based on rules defined in the configuration file `/usr/local/opmojo/conf/EventListRules.json` under the key `archiveList`.
Archived logs can be accessed under Views → Archive Logs.
Please note that this feature only works with log files that opEvents is tailing from `opevents_logs` in `opCommon.json`. Logs created through the API or CLI will not be archived.
Enabling the feature
Ensure the `log_archive_enabled` configuration option is set to `true` in the `opCommon.json` file. If the option is set to anything but `false`, the script will start archiving log entries.
Applying Archive Rules
The feature reads from a list of archive rules named `archiveList` from `EventListRules.json`.
The list of rules is sorted by keys; for instance, rule 10 will run before rule 20.
The featurr matches the log entry against the regex of each rule and if matched, adds it to a temporary list. The entries from this list are then inserted into the database. A single log entry can be archived into multiple archives based on matching rules.
"archiveList" : { "30" : { "regex" : "Node (Up|Down)", "archive" : "NodeEvents" }, "20" : { "archive" : "SoftwareErrorArchive", "regex" : "INVMEMINT|MALLOCFAIL" }, "10" : { "archive" : "SyslogArchive", "regex" : "SYS-[0123]-\\w+" } }
In the archiveList
block, we have two keys: archive
, which will be the name opEvents uses, and regex
, which is a Perl-style regular expression used to match log entries.
The matched log line is then saved into the opEvents MongoDB database with the following keys:
time
(Current time of the opEvents server)type
(Name of the log tailer fromopevents_logs
)entry
(Raw one-line entry which opEvents has read)archive
(Name of the rule which archived this log line)