We put a lot of effort into making uberAgent a product that just works. Install it on your endpoints, point it to your Splunk backend and the dashboards immediately populate with these great metrics. That is just the way any (enterprise) software should work.
Sometimes, however, you might get to a point where you want to dig deeper and need more information about the product’s inner workings. In such a case, of course, uberAgent’s log file is your first stop.
uberAgent’s Log File Explained
uberAgent logs all of its actions and a great number of relevant system events (e.g., process starts, or logons). That gives you the opportunity to easily identify the root causes of problems (side note: those are most often caused by configuration issues that are typically very easy to spot in the log file).
To turn detailed logging on make sure you have the following option in uberAgent’s configuration (it is on by default):
[Miscellaneous] debugMode = true
Log entries always have the same structure, explained in the following table:
|Timestamp in the machine’s time zone||Possible entries:
DEBUG, INFO, WARN, ERROR
|The computer’s Active Directory domain||The name of the computer account||The ID of the thread that logged the message||Message source. For example LicenseCheck or ReceiverStatistics||Actual message to be logged|
Here is an example:
2018-10-04 11:19:51.076 +0100,INFO ,VASTLIMITS,PC1$,4432,ReceiverStatistics,Splunk; localhost:19500 - Events in queue: 11961, queue size: 3073.1 KB, sent: 0, added to queue: 361, rejected from queue: 0 Timestamp = 2018-10-04 11:19:51.076 +0100 Severity = INFO Domain = VASTLIMITS Machine = PC1 Thread ID = 4432 Source = ReceiverStatistics Message = Splunk; localhost:19500 - Events in queue: 11961, queue size: 3073.1 KB, sent: 0, added to queue: 361, rejected from queue: 0
Finding The Cause More Easily
Even though we take great care to optimize the log for readability it is sometimes hard to find the needle in the haystack. That is why we created an uberAgent log syntax highlighter for Notepad++, our preferred text editor on Windows. It highlights the key information, making it easier to find what you are searching for.
Installing The Highlighter
- Download the highlighter and unpack it.
- Open Notepad++ and go to Language -> Define your language…
- Click on Import… and select the unpacked XML file.
- Restart Notepad++
- The uberAgent Log Syntax highlighter is now available as a language in Notepad++
Using The Highlighter
The new language does the following things:
- It highlights the different severities in different colors
- DEBUG = blue
- INFO = green
- WARNING = yellow
- ERROR = red
- It colors the separators comma and equal in grey
- It highlights values enclosed in <> in red-brown
This should make troubleshooting with uberAgent’s log file a lot more convenient. Enjoy!