The Archive Logging feature enables you to archive log entries based on rules defined in the configuration file `/usr/local/omk/conf/EventListRules.json` under the key `archiveList`.
Archived logs can be accessed under Views → Archive Logs.
Please note that this feature only works with log files that opEvents is tailing from `opevents_logs` in `opCommon.json`. Logs created through the API or CLI will not be archived.
Enabling the feature
Ensure the `log_archive_enabled` configuration option is set to `true` in the `opCommon.json` file. If the option is set to anything but `false`, the script will start archiving log entries.
Applying Archive Rules
The feature reads from a list of archive rules named `archiveList` from `EventListRules.json`.
The list of rules is sorted by keys; for instance, rule 10 will run before rule 20.
The feature matches the log entry against the regex of each rule and if matched, adds it to a temporary list. The entries from this list are then inserted into the database. A single log entry can be archived into multiple archives based on matching rules.
"archiveList" : {
"30" : {
"regex" : "Node (Up|Down)",
"archive" : "NodeEvents"
},
"20" : {
"archive" : "SoftwareErrorArchive",
"regex" : "INVMEMINT|MALLOCFAIL"
},
"10" : {
"archive" : "SyslogArchive",
"regex" : "SYS-[0123]-\\w+"
}
}
In the archiveList block, we have two keys: archive, which will be the name opEvents uses, and regex, which is a Perl-style regular expression used to match log entries.
The matched log line is then saved into the opEvents MongoDB database with the following keys:
time(Current time of the opEvents server)type(Name of the log tailer fromopevents_logs)entry(Raw one-line entry which opEvents has read)archive(Name of the rule which archived this log line)