6 Replies Latest reply on Jan 2, 2018 8:26 AM by John Messinger

    Forwarding or collecting PI message logs

    martin.mertens

      Hi,

       

      there are plenty of possibilities to analyse PI message logs, which are described well in this blog article:

      How to deal with PI Message Logs

       

      However, I am interested in having PI message logs stored in a third party system, for example a syslog server. There are multiple reasons for that idea: events from several systems can be correlated, events from PI interface nodes and servers could simply be put together in overviews, and advanced search and mining algorithms that some log analysis systems offer could also be applied to PI message logs.

       

      I am wondering which technical approach could be taken to collect or forward emerging PI message logs to a third party system. For example, stopping the PI message subsystem would result in using the Windows application event log, which could be read be most log agents. But in my opinion, it would be better to also keep the original PI message logs.

       

      Is there any other approach I could take?

       

      Thank you.

        • Re: Forwarding or collecting PI message logs
          Dan Fishman

          I don't believe the AF SDK supports this feature yet.  A few ways to access the PI Data Historian message logs are describe here: Looking for a way to access the PiServer Message Log ...

          Looking for a way to access the PiServer Message Log ...

           

          Also, you might in interested in PI OLEDB Provider since you can use it to to issue a SQL query to retrieve the PI Server Messages log.  Check out the pilog..pimessage log table with columns such as time, source, id, message, category, orihost and pid.    With this, you have many options on how how to move the message logs to another server.

          2 of 2 people found this helpful
          • Re: Forwarding or collecting PI message logs
            afink

            Hi Martin,

             

            Unfortunately, exporting PI Message logs to a Syslog server is not currently officially supported.  There is a PI Interface for Syslog, however, obviously this would be for pulling information from Syslog into PI, which is not the goal here.

             

            The workaround you mentioned of stopping PI Message Subsystem such that PI Message logs are instead written to Windows Application Log would work, since from here the messages could be forwarded to the Syslog server.  However, it is important to note that the logs cannot be streamed both to Windows Application log and the PI Message log.  This means that if this workaround was applied, it would not be possible to view the PI Message logs via PI Message Subsystem, such as with pigetmsg, PI SMT, etc.

             

            We do have an internal work item to support redirecting PI Message logs to other logs such as Syslog, etc.  However, I do not see a request on the OSIsoft UserVoice.  I would recommend you create a new idea here and post your use case so that we can better prioritize the work item.  Also, feel free to let me know and I can create the idea for you.

             

            EDIT: As Dan mentioned, AFSDK does not currently support getting PI Message Logs, however, the PowerShell Tools for the PI System do (included in PI SMT install kit 2015+), using Get-PIMessage cmdlet.  However, I am guessing this would require some additional work to coerce the logs into a format that Syslog would accept.

             

            - Adam Fink

            7 of 7 people found this helpful
            • Re: Forwarding or collecting PI message logs
              John Messinger

              Hi Martin,

               

              Have you considered using Splunk for your log file analysis and correlation? I've been working with this for a little while, and am in fact currently preparing a blog post about this subject. My approach has been to use Splunk's PowerShell modular input and the PowerShell Tools for the PI System to bring PI Message logs into Splunk. Other log sources such as Windows Event logs, and text file based pipc.log files are also pretty straight forward to ingest into Splunk.

               

              If your company isn't already using Splunk for IT data, then you can start with the free version - 500MB per day, which should be more than sufficient for your PI system logs.

               

              Look out for my blog post next week on this subject.

               

              Hope this helps.

               

              John

              1 of 1 people found this helpful