Blog

uberAgent Log Syntax Highlighter for Notepad++

We put a lot of effort into making uberAgent a product that just works. Install it on your endpoints, point it to your Splunk backend and the dashboards immediately populate with these great metrics. That is just the way any (enterprise) software should work.

Sometimes, however, you might get to a point where you want to dig deeper and need more information about the product’s inner workings. In such a case, of course, uberAgent’s log file is your first stop.

uberAgent’s Log File Explained

uberAgent logs all of its actions and a great number of relevant system events (e.g., process starts, or logons). That gives you the opportunity to easily identify the root causes of problems (side note: those are most often caused by configuration issues that are typically very easy to spot in the log file).

To turn detailed logging on make sure you have the following option in uberAgent’s configuration (it is on by default):

[Miscellaneous]
debugMode = true

Log entries always have the same structure, explained in the following table:

Timestamp Severity Domain Machine Thread ID Source Message
Timestamp in the machine’s time zone Possible entries:
DEBUG, INFO, WARN, ERROR
The computer’s Active Directory domain The name of the computer account The ID of the thread that logged the message Message source. For example LicenseCheck or ReceiverStatistics Actual message to be logged

Here is an example:

2018-10-04 11:19:51.076 +0100,INFO ,VASTLIMITS,PC1$,4432,ReceiverStatistics,Splunk; localhost:19500 - Events in queue: 11961, queue size: 3073.1 KB, sent: 0, added to queue: 361, rejected from queue: 0

Timestamp = 2018-10-04 11:19:51.076 +0100
Severity  = INFO
Domain    = VASTLIMITS
Machine   = PC1
Thread ID = 4432
Source    = ReceiverStatistics
Message   = Splunk; localhost:19500 - Events in queue: 11961, queue size: 3073.1 KB, sent: 0, added to queue: 361, rejected from queue: 0

Finding The Cause More Easily

Even though we take great care to optimize the log for readability it is sometimes hard to find the needle in the haystack. That is why we created an uberAgent log syntax highlighter for Notepad++, our preferred text editor on Windows. It highlights the key information, making it easier to find what you are searching for.

Installing The Highlighter

  1. Download the highlighter and unpack it.
  2. Open Notepad++ and go to Language -> Define your language…
  3. Click on Import… and select the unpacked XML file.
  4. Restart Notepad++
  5. The uberAgent Log Syntax highlighter is now available as a language in Notepad++

Using The Highlighter

The new language does the following things:

  • It highlights the different severities in different colors
    • DEBUG = blue
    • INFO = green
    • WARNING = yellow
    • ERROR = red
  • It colors the separators comma and equal in grey
  • It highlights values enclosed in <> in red-brown

This should make troubleshooting with uberAgent’s log file a lot more convenient. Enjoy!

Leave a Reply

Your email address will not be published. Required fields are marked *