WebLogic

Background

The Weblogic Servers logs analysis App automatically Collect - Read - Parse - Analyzes - Reports all machine generated log data of the server and presents a comprehensive set of graphs and reports to analyze machine generated data. Use a predefined set of dashboards and gadgets to visualize and address the system software, code written, and infrastructure during development, testing, and production. This Weblogic logs analysis App helps measure, troubleshoot, and optimize your servers integrity, stability and quality with the several visualization and investigation dashboards.

Steps:

The Linux App is running on messages/syslog, auth/secure, mail, kern and cron standard logs.
When adding/editing the logs to XpoLog it is mandatory to apply the correct log type(s) to each of the logs:
1. weblogic - all logs that the application will analyze must have weblogic as a log type.
2. base_domain - only the messages/syslog logs must also be configured to have domain as a log type.
3. admin_server - only the auth/secure logs must also be configured to have admin as a log type.
4. access - only the cron log must also be configured to have access,w3 as a log type.
5. default_recorder - only the mail log must also be configured to have audit as a log type.
Once the required information is set, on each log click next and edit the log pattern, this step is crucial to the accuracy and deployment of the Linux App. Use the following patterns for each of the logs:
1. Base_Domain:
  ####<{date:Date,MMM dd, yyyy hh:mm:ss a z}> <{priority:Severity,ftype=status;,TRACE;DEBUG;INFO;NOTICE;WARNING;ERROR;CRITICAL;ALERT;EMERGENCY}> <{text:Subsystem,ftype=subsystem}> <{text:Server_Name,ftype=source;,}> <{text:Machine_Name,ftype=machinename}> <{text:ThreadID,ftype=thread}> <{text:UserID,ftype=username;,}> <{text:Transaction_ID,ftype=transaction}> <{text:Diagnostic_Context_ID,ftype=diagcontext}> <{text:Raw_Time_Value,ftype=rawtime}> <{text:Message_ID,ftype=messageid}> <{string:Message,ftype=message}>{text}
2. Admin_Server:
  ####<{date:Date,MMM dd, yyyy hh:mm:ss a z}> <{priority:Severity,ftype=status;,TRACE;DEBUG;INFO;NOTICE;WARNING;ERROR;CRITICAL;ALERT;EMERGENCY}> <{text:Subsystem,ftype=subsystem}> <{text:Server_Name,ftype=source;,}> <{text:Machine_Name,ftype=machinename}> <{text:ThreadID,ftype=thread}> <{text:UserID,ftype=username;,}> <{text:Transaction_ID,ftype=transaction}> <{text:Diagnostic_Context_ID,ftype=diagcontext}> <{text:Raw_Time_Value,ftype=rawtime}> <{text:Message_ID,ftype=messageid}> <{string:Message,ftype=message}>{text}
3. Access:
  {ip:Client IP,ftype=remoteip;type=;,} {string:Remote Log Name,ftype=remotelog;,} {string:Remote User,ftype=remoteuser;,} [{date:Date,locale=en,dd/MMM/yyyy:HH:mm:ss z}] "{choice:Method,ftype=reqmethod;,GET;POST} {string:URL,ftype=requrl;,}{block,start,emptiness=true}?{string:Query,ftype=querystring;,}{block,end,emptiness=true} {string:reqprotocol,ftype=reqprotocol;,}" {number:Status,ftype=respstatus;,} {number:Bytes Sent,ftype=bytesent;,}{eoe}
4. Default_Recorder:
  #### Audit Record Begin <{date:Date,MMM dd, yyyy hh:mm:ss a}>{regexp:Severity,ftype=status;refName=Record,<Severity\s=(\w+)}{regexp:EventSource,ftype=eventSource;refName=Record,<<<Event Type\s=\s([^>]*)}{regexp:Username,ftype=username;refName=Record,Authentication Audit Event><([^>]*)}{regexp:EventName,ftype=eventName;refName=Record,t><\w+><([^>>>]*)}{regexp:Failure_Message,ftype=message;refName=Record,<FailureException =(^>]*)}{regexp:Subject,refName=Record, Subject:\s(\d)}{regexp:Prinicipal,refName=Record,Principal\s=\s([^\u0028]*)}{regexp:Operation,ftype=operation;refName=Record,<Operation\s=\s([^>]\w+)}{regexp:Type,refName=Record,type=<([^>]*)}{regexp:URI,ftype=uri;refName=Record,uri=/jsp/common/([^.jsp]*)}{regexp:Path,refName=Record,path=\u007B([^\u007D]*)}{regexp:Action,refName=Record,action=([^>]*)}{regexp:Application,refName=Record,application=(\w+)}{regexp:Server,refName=Record,server=(\w+)} {string:Record} Audit Record End ####