Skip to main content

Collector best practices

APEX AIOps Incident Management offers a number of different collectors and collector plugins that make it easier to ingest data from a variety of sources. When you install the APEX AIOps Incident Management Collector, you can optimize your installation by implementing the following best practice.

Rotate Incident Management Collector logs

Linux activities are logged in various log folders, typically in /var/log. Because these logs can grow very large, it is a good practice to rotate the logs on a regular schedule to manage how much space they use. On Linux systems, you can rotate the Incident Management Collector logs using the Linux logrotate command.

Note

We recommend that you modify the settings based on your disk space tolerances and log retention needs.

Create a logrotate configuration file

To rotate Incident Management Collector logs, you can create a configuration file for logrotate to consume. This configuration file works for CentOS systems and any system where logrotate is configured to include /etc/logrotate.d/ in its configuration directives.

To automatically rotate collector logs, place your logrotate configuration file in one of the following locations:

  • When installing as root, the moog-collector directory location typically defaults to /opt/ on most Linux systems, but if you cannot use /opt, the installation places the log file in another location such as /usr/local/ or the value of $HOME.

  • You may also place the directory in /etc/logrotate.d/moog-collector.

For the collector logs, you can define a basic logrotate configuration file as follows:

/opt/collector/logs/collector.log {
2
3    rotate 30
4
5    daily
6
7    size 500M
8
9    compress
10
11    delaycompress
12
13    copytruncate
14
15    dateext
16
17    endscript
18
19}

This configuration file example will rotate the logs once daily if they are above 500mb and keeping 30 gzip compressed copies with date extensions.

Note

Refer to your specific Linux OS documentation for information about using logrotate. For example, you can find “Setting up logrotate in Linux” topic in RedHat Linux documentation.

In this section: