Monitoring logs tab

The Monitoring logs tab displays the monitoring logs from the selected appliance(s).

Click Logs and then select Monitoring logs from the pull-down menu to access the monitoring logs page.

Use appliance selector widget to select appliances to monitor. Initially no appliances are selected. Click the Appliance: None Selected server link and select one or more appliances from the pop-up. You can also set a Time range and the Time zone.

Filters

Click the plus icon to expand the Filters widget.

Note:

The use of filters is optional.

Select an item to Filter on from the pull-down menu. Select from Appliance type, Component, Identifiers, Impact level, Message contains, or Minimum impact.

  • Select the Appliance type from the pull-down menu. Select from ANALYST, ENGINE, MANAGER, PINBOX, or SENSOR.

  • Select the Component from the pull-down menu. The menu contents are prepopulated depending on the version of the appliance.

  • Enter Identifiers in the textbox. Identifiers are similar to the following: llmail.queues.shard_upload.utilization, llwatchdog.suricata.status, or pull_llkb_rule_matches.subscriber.download_matches.

  • Select the Impact level from the pull-down menu. Select from OK, Warning, or Error.

  • Enter a Message contains string in the textbox. This filter matches on any string of text.

  • Enter the Minimum impact in the textbox. The allowed range is 1 to 100. You can also use the sort icon to scroll through the accepted values.

Click Apply reload to apply the selected filters.

The quick search field above the list provides fast, as-you-type search. It filters the rows in the list, displaying only those rows that have text, in any field, that matches the query string.

At any time, you can click the Update now reload icon to refresh the list of appliances.

The columns to be displayed in the list can be customized by clicking the additional content icon.

Each row is a summary of a log message. Click the plus icon (or anywhere on an entry row) to access a detailed view of this log.

The monitoring log contains the following columns:

Timestamp

Indicates the time the log was sent. The time is shown in the currently selected timezone.

The list is sorted by timestamp, by default in decreasing order (latest log at the top). Click the angle up icon to sort the list in increasing order (oldest log at the top). To toggle back to the default, click the angle down icon.

Appliance

The appliance that sent the log, listed by its name or a combination of the appliance type and its license key.

Click the sort icon to sort the list by the appliance name. Appliances are sorted in alphabetical order.

Component

The component running on the appliance that sent the log, listed by its name.

Click the sort icon to sort the list by the component name. Components are sorted in alphabetical order.

Type

The sub-component running on the appliance that sent the log, listed by its name.

Click the sort icon to sort the list by the type name. The type are sorted in alphabetical order.

Level

The level indicates the severity of the condition that triggered the log. It is listed by the impact level from 1 to 100. The level indicators are OK, Warning, or Error.

Click the sort icon to sort the list by the impact level.

Message

The message text of the log.

Click the sort icon to sort the list by message. The messages are sorted in alphanumeric order.

You can customize the number of rows to be displayed. By default, 20 entries are shown. Use the left arrow (back) and right arrow (forward) icons to navigate through multiple pages.

Monitoring logs details

The log details view is expanded within the monitoring logs list. It displays the following data for the selected log entry:

  • Component The component running on the appliance that sent the log.

  • Type The sub-component running on the appliance that sent the log.

  • Identifier A string identifying the component/type. Click the filter icon to filter the list by this identifier.

  • Impact The severity of the condition that triggered the log. The impact level (a number from 1 to 100) and a level indicator are displayed.

  • Timestamp Indicates the time the log was sent. For multiple occurrences, the first and last timestamp are displayed.

  • Occurrences The number of times this log has been generated.

  • Appliance type Indicates the type of appliance: ANALYST, ENGINE, MANAGER, PINBOX, or SENSOR.

  • License key The license key supporting the appliance.

  • Sensor key Sensor only: the system key.

  • Sensor name Sensor only: the system name.

  • Appliance UUID The universal unique identifier for the appliance.

  • The full text of the Message is displayed in a color-coded box that matches its impact level.

Select appliances pop-up

Use the Select appliances pop-up to select one or more appliances.

The quick search field above the list provides fast, as-you-type search. It filters the rows in the list, displaying only those rows that have text, in any field, that matches the query string.

Use the Select pull-down menu to fine-tune your selection. Its options allow you to select All visible, All pages, or to Clear selection. You can also select a specific type of appliance: Analysts, Engines, Managers, or Sensors.

Note:

You can click the checkbox icon in the title row to select all visible appliances.

Customize the number of rows to be displayed. By default, 20 entries are shown. Use the left arrow (back) and right arrow (forward) icons to navigate through multiple pages.

The appliance list contains the following columns:

Name

The name of the appliance. Typically the name is a combination of the appliance Type and its License.

Click the sort icon in the list header to sort the appliances by name.

Click the checkbox icon beside the Name to select an appliance.

Status

The connection status of the appliance.

Click the sort icon in the list header to sort the appliances by connection.

Type

The type of appliance.

Click the sort icon in the list header to sort the appliances by type.

IP

The IP address of the appliance.

License

Click the sort icon in the list header to sort the appliances by license.

The license of appliance.

Click the plus icon (or anywhere on an entry row) to display the Appliance summary. The summary contains the following entries:

  • Name
  • UUID
  • Type
  • Status
  • License
  • IP

Click the Select appliances button to enable your selection and dismiss the pop-up. Otherwise, click the Close button.