This chapter provides information about running the log monitor and using the log monitor configuration file.
To be alerted to a severe problem, you should monitor the system error log file produced by the server and agent components.
The Log Monitor program periodically activates and examines the log file for new entries. The filter criteria qualify any new messages defined to the log monitor in its configuration file. The program then sends qualified messages through system e-mail to a list of recipients defined in the configuration file.
If you set the IWM_LOGMON environment variable, the iwm start-up program starts the log monitor when it starts the server processes. The control program also stops the log monitor when the server processes stop. The IWM_LOGMON environment variable must be set to the path name of the configuration file.
To start the log monitor outside iwm, execute the following command:
iwm_logmon -c configuration_file
After initialization, the log monitor becomes a background process. To stop the log monitor, use an operating system command to stop the process.
The log monitor configuration file must contain one or more configuration command lines. These commands define the log file to be monitored, the wake-up interval, the list of message recipients, and the filter criteria.
Each line in the configuration file may be empty or may contain a comment or configuration command. Comment lines start with a pound sign (#). One or more white space characters can precede the comment indicator or the first character in the configuration command. You can also enter comments at the end of each configuration command line when preceded by a pound sign.
Syntax:
>>-INTERVAL----seconds-----------------------------------------><
The INTERVAL command accepts one parameter: the number of seconds that the log monitor should wait between checking the log file for new messages. If you do not specify an INTERVAL command, the parameter defaults to 30 seconds. If you specify multiple INTERVAL commands, log monitor uses the last-specified command.
Syntax:
>>-LOGFILE----+-file_name--+---+-+-----------+-+---------------><
'-*----------' | '-TRUNCATE--' |
'-+-----------+-'
'-CONTINUE--'
The LOGFILE command defines the log file name and the action that should be taken when the log monitor starts. You must first specify the log file name parameter, which may be specified as an asterisk (*) if you want to use the default log file name. If you set the IWMLOG environment variable, the default log file name is $IWMLOG/syserr.log. If you do not set the IWMLOG environment variable, the default log file name is $IWM_RUNTIME/log/syserr.log.
The action to take is specified by TRUNCATE, CONTINUE, or by omitting the parameter altogether. If you specify TRUNCATE, DB2 Query Patroller removes all messages from the log file when the log monitor initializes. If you specify CONTINUE, DB2 Query Patroller sends only messages added to the log file after the log monitor starts. If you omit the action parameter, DB2 Query Patroller sends all messages already in the log file, as well as any new messages.
If you specify multiple LOGFILE commands, DB2 Query Patroller uses the last command. If you do not specify a LOGFILE command, the log monitor monitors the default log file and any messages already in the log file at start-up are sent.
Syntax:
>>-MAILTO----address-------------------------------------------><
The MAILTO command defines the recipients of messages. Each MAILTO command must include one or more e-mail addresses. You must specify at least one MAILTO command.
Syntax:
>>-+-INCLUDE--+---test1--+--------------------+----------------><
'-EXCLUDE--' '-test2--+--------+--'
'-test3--'
Each test is one of: SEV[!]=code, NUM[!]=number[:number], PGM[!]=program, or ALL.
The INCLUDE and EXCLUDE commands define the message filtering criteria. The log monitor tests each new message against the filter commands. Recipients receive those messages that match an INCLUDE command or do not match any filter commands. The log monitor tests each message against the filter commands in the order specified in the configuration file. The first command that matches the message on all tests specified causes the message to be included or excluded.
You cannot specify the ALL test with any other test. It should appear only on the last INCLUDE or EXCLUDE command in the configuration file because it matches all messages, causing all subsequent filter commands to be ignored.
Of the other tests (SEV, NUM, and PGM), you can specify up to three on each filter command, but you can only specify one of each type on each command. If you specify more than one test on a command, all tests must match the message for the command to apply. A comparison operator and comparison value must follow each test type name. The operator must either be the equal sign (=) or an exclamation mark followed by an equal sign (!=). The equal sign means that in order to match, the test must be equal to the value. The exclamation mark and equal sign specifies that the test must not be equal to the value. The following list explains the filter test types.
The severity comparison value must be one of the following letters: V (Verbose), W (Warning), I (Informational), or E (Error). For example, to test for error messages, use SEV=E; to test for non-verbose messages use SEV!=V. For additional information about severity codes, see Appendix C, DB2 Query Patroller Messages.
The message number comparison value must either be a single one to five digit number or a range of message numbers specified by two numbers separated by a colon (:). The values correspond to the message numbers described in Appendix C, DB2 Query Patroller Messages. For example, to test for message 100, use NUM=100; to test for all messages greater than 100, specify NUM!=0:100.
The program name comparison must be the name of the program that generated the message. For example, to test for messages generated by the iwm_analyze program, use PGM=iwm_analyze; to test for messages not generated by the iwm_sqlexec program, use PGM!=iwm_sqlexec.