Monitoring Syslog Messages Data
A range of pre-packaged Displays are provided specifically designed to present collected Syslog message data. These pre-packaged Displays can be accessed from the Web Application by clicking on the 'Syslog' item located at the bottom of the first (Group) navigation pane.
Syslog Messages Overview
The initial Display is the Syslog Messages - Overview Display. At the top left of this Display is a graph showing the number of Syslog messages received by all monitored devices over the past 10 minutes. The window on the top right shows the number of messages received by each configured customer and the window at the bottom shows the number of messages received by each device broken up into message types, i.e. Emergency, Alert, Critical, Error, Warning, Notice, Information and Debug.
Emergency | System is unusable. A condition usually affecting multiple apps/servers/sites. |
Alert | Action must be taken immediately. |
Critical | A situation that should be corrected immediately, usually a failure in a secondary system. |
Error | A non-urgent failure. |
Warning | An indication that an error will occur if action is not taken. |
Notice | Normal but significant condition. |
Informational | Normal operating Information messages. |
Debug | Debug-level messages that are useful to developers but not particularly to operations. |
Syslog Messages by Customer
Drilling-down on a customer name in the top right window of the Syslog Messages - Overview Display will open the Syslog Messages by Customer Display. This Display shows the number of Syslog messages that have been received by all monitored devices for the selected customer. Clicking on a Device name in the bottom window will open the Syslog Messages by Facility Display.
Syslog Messages by Facility
Drilling-down on a device name in the bottom window of the Syslog Messages - Overview Display or the Syslog Messages by Customer Display will open the Syslog Messages by Facility Display. For Cisco devices this Display will include the 'Syslog Messages by Mnemonic panel which identifies messages by a device specific code.
This Display shows Syslog messages for the selected device with messages categorized by facility type. For Cisco devices the facility type will be a free-form identifier, for non-Cisco devices the available facility types are shown in the following table:
kern | kernel messages |
user | user-level messages |
mail system messages | |
daemon | system daemons |
auth | security/authorization messages |
syslog | messages generated internally by Syslog |
lpr | line printer subsystem |
news | network news subsystem |
uucp | UUCP subsystem |
cron | clock daemon |
authpriv | security/authorization messages |
ftp | FTP daemon |
ntp | NTP subsystem |
security | security/authorization messages |
console | security/authorization messages |
solaris-cron | clock daemon |
local0..local7 | local use 0 - 7 |
Syslog History Database Replay
Clicking on the Syslog History link at the top right of the Syslog Messages by Facility Display will open Syslog Messages on Device Database Replay. A control in the top right corner can be used to replay the data in order to locate the required time period in the database.
Drilling-down on an item in the Facility column will open the Syslog Messages Database Replay.
SysLog Messages Database Replay
Drilling down on a facility name in the bottom window of the Syslog Messages by Facility Display or the Syslog History Database Replay will open the Syslog Messages Database Replay. A control in the top right corner can be used to replay the data in order to locate the required time period in the database.
