Monitoring Syslog Messages Data

A range of pre-packaged Displays are provided specifically designed to present collected Syslog message data. These pre-packaged Displays can be accessed from the Web Application by clicking on the 'Syslog' item located at the bottom of the first (Group) navigation pane.

Syslog Messages Overview

The initial Display is the Syslog Messages - Overview Display. At the top left of this Display is a graph showing the number of Syslog messages received by all monitored devices over the past 10 minutes. The window on the top right shows the number of messages received by each configured customer and the window at the bottom shows the number of messages received by each device broken up into message types, i.e. Emergency, Alert, Critical, Error, Warning, Notice, Information and Debug.

Emergency

System is unusable. A condition usually affecting multiple apps/servers/sites.

Alert

Action must be taken immediately.

Critical

A situation that should be corrected immediately, usually a failure in a secondary system.

Error

A non-urgent failure.

Warning

An indication that an error will occur if action is not taken.

Notice

Normal but significant condition.

Informational

Normal operating Information messages.

Debug

Debug-level messages that are useful to developers but not particularly to operations.

Syslog Messages by Customer

Drilling-down on a customer name in the top right window of the Syslog Messages - Overview Display will open the Syslog Messages by Customer Display. This Display shows the number of Syslog messages that have been received by all monitored devices for the selected customer. Clicking on a Device name in the bottom window will open the Syslog Messages by Facility Display.

Syslog Messages by Facility

Drilling-down on a device name in the bottom window of the Syslog Messages - Overview Display or the Syslog Messages by Customer Display will open the Syslog Messages by Facility Display. For Cisco devices this Display will include the 'Syslog Messages by Mnemonic panel which identifies messages by a device specific code.



This Display shows Syslog messages for the selected device with messages categorized by facility type. For Cisco devices the facility type will be a free-form identifier, for non-Cisco devices the available facility types are shown in the following table:

kern

kernel messages

user

user-level messages

mail

mail system messages

daemon

system daemons

auth

security/authorization messages

syslog

messages generated internally by Syslog

lpr

line printer subsystem

news

network news subsystem

uucp

UUCP subsystem

cron

clock daemon

authpriv

security/authorization messages

ftp

FTP daemon

ntp

NTP subsystem

security

security/authorization messages

console

security/authorization messages

solaris-cron

clock daemon

local0..local7

local use 0 - 7

Syslog History Database Replay

Clicking on the Syslog History link at the top right of the Syslog Messages by Facility Display will open Syslog Messages on Device Database Replay. A control in the top right corner can be used to replay the data in order to locate the required time period in the database.

Drilling-down on an item in the Facility column will open the Syslog Messages Database Replay.

SysLog Messages Database Replay

Drilling down on a facility name in the bottom window of the Syslog Messages by Facility Display or the Syslog History Database Replay will open the Syslog Messages Database Replay. A control in the top right corner can be used to replay the data in order to locate the required time period in the database.

Provide feedback on this article