Centralized Syslog Monitoring
Last updated
Last updated
IT-Conductor central Syslog Monitoring architecture leverages IT-Conductor gateways that are already deployed to on-premises/in-cloud environment and enable consolidated collection, monitoring, management, notification, and auditing of Syslog messages
In the context of IT-Conductor "Site" construct multiple Syslog servers and the messages they captured can be dedicated to geographically or organizationally separated environments with separate monitoring and notification policies (For example QA/Development vs. Production etc.)
Please make sure when you are configuring new Syslog servers - you assign it to a desired Site, correspondingly make sure the Linux hosts and devices that forward Syslog messages belong to the intended grouping.
When Syslog servers are configured they will show up in IT-Conductor service tree under the corresponding Site:
The grid incorporates all related Syslog servers where you can monitor their status and logs as well as provides management interfaces:
This is interactive search facility for Syslog messages, clicking on it will open the query interface:
You can search by multiple columns, all unrestricted values support Regex expressions so relevant messages can be found quickly. While time-search is not supported, sorting by time and filtering by other fields let you quickly and efficiently locate the issues and understand the sequences of events.
IT-Conductor makes it very easy to watch for certain messages and alert on their occurrence. Clicking on Monitoring link will open a list of defined monitors:
Click on the template name to create a new Syslog monitor - same as "from-scratch" form but some of the values are pre-set.
After the new Monitor is created it will show on the grid in a few minutes when the periodic discovery is complete.
Clicking on a monitor in the grid will open an interactive chart:
In the chart, the data-points are interactive, clicking on them will popup a list of Syslog messages for the interval:
You can navigate intervals back and forth with < and > controls.
The default monitoring "overrides" are preconfigured causing an alert to be generated for each instance of matching Syslog message, however, if required more fine-tuned/complex scenarios can be configured as required. The Override facility is the same as any other IT-Conductor monitor and can trigger customized alerts or recovery actions. Please contact the IT-Conductor Support team for guidance.
Click on Alerts will show all recently generated alerts in chronological order:
The notification mechanism is the standard IT-Conductor subscription-based approach, you can have individuals or groups of individuals subscribe to specific monitors or sites, etc., and based on the subscription the relevant alert will be sent to the e-mails addresses or SMS numbers as configured.
You can edit and create new monitors either from scratch by clicking :
... or from pre-configured templates by clicking :
While in the chart if an icon shows at the bottom this indicates that alerts were generated for the interval, clicking on that icon will show the list of alerts
