Centralized Syslog Monitoring

IT-Conductor central Syslog Monitoring architecture leverages IT-Conductor gateways that are already deployed to on-premises/in-cloud environment and enable consolidated collection, monitoring, management, notification, and auditing of Syslog messages

In the context of IT-Conductor "Site" construct multiple Syslog servers and the messages they captured can be dedicated to geographically or organizationally separated environments with separate monitoring and notification policies (For example QA/Development vs. Production etc.)

Please make sure when you are configuring new Syslog servers - you assign it to a desired Site, correspondingly make sure the Linux hosts and devices that forward Syslog messages belong to the intended grouping.

When Syslog servers are configured they will show up in IT-Conductor service tree under the corresponding Site:

The grid incorporates all related Syslog servers where you can monitor their status and logs as well as provides management interfaces:

Syslog Search

This is interactive search facility for Syslog messages, clicking on it will open the query interface:

You can search by multiple columns, all unrestricted values support Regex expressions so relevant messages can be found quickly. While time-search is not supported, sorting by time and filtering by other fields let you quickly and efficiently locate the issues and understand the sequences of events.

Monitoring

IT-Conductor makes it very easy to watch for certain messages and alert on their occurrence. Clicking on Monitoring link will open a list of defined monitors:

You can edit and create new monitors either from scratch by clicking :

... or from pre-configured templates by clicking :

Click on the template name to create a new Syslog monitor - same as "from-scratch" form but some of the values are pre-set.

After the new Monitor is created it will show on the grid in a few minutes when the periodic discovery is complete.

Clicking on a monitor in the grid will open an interactive chart:

In the chart, the data-points are interactive, clicking on them will popup a list of Syslog messages for the interval:

You can navigate intervals back and forth with < and > controls.

While in the chart if an icon shows at the bottom this indicates that alerts were generated for the interval, clicking on that icon will show the list of alerts

The default monitoring "overrides" are preconfigured causing an alert to be generated for each instance of matching Syslog message, however, if required more fine-tuned/complex scenarios can be configured as required. The Override facility is the same as any other IT-Conductor monitor and can trigger customized alerts or recovery actions. Please contact the IT-Conductor Support team for guidance.

Alerts

Click on Alerts will show all recently generated alerts in chronological order:

Notifications

The notification mechanism is the standard IT-Conductor subscription-based approach, you can have individuals or groups of individuals subscribe to specific monitors or sites, etc., and based on the subscription the relevant alert will be sent to the e-mails addresses or SMS numbers as configured.

PreviousLinux System Monitoring NextCloud Monitoring

Last updated 1 year ago