Agents Administration - Tests
 

Default Parameters for DeviceSyslogMsgs

This test auto-discovers the network nodes that are connected to the Syslog server, and for each network node, this test periodically checks the Syslog file of the Syslog server for a specific rule set by the administrator and reports the number of messages that match each rule. This way, administrators can be alerted to the errors/warnings triggered at each network node, and can initiate remedial measures before anything untoward happens.

This page depicts the default parameters that need to be configured for the DeviceSyslogMsgs test.

  • The TEST PERIOD list box helps the user to decide how often this test needs to be executed.

  • By default, the syslog file contains log messages relating to multiple network nodes that have been connected with the Syslog server in your environment. Sometimes, you may want to retrieve the log information that is logged by a particular node alone. In such cases, you can define a set of rules according to which the log messages should be read from the syslog file. To create a new rule of your choice, click on the icon. The CONFIGURE RULES window that appears will provide you the options for creating a new rule. Specify the following details in the CONFIGURE RULES window:

    • Specify a name for the rule which will appear as the descriptor in the test, in the Rule Name text box.

    • By default, the Facility Filter is set to all indicating that all the facilities will be monitored by default. If you wish to filter the messages from any particular facility, specify the name of that particular facility in this text box. For example: kern. In this case, the messages belong to the kernal level will only be monitored. Besides, you can also filter the messages from multiple facilities of your choice by specifying the names of those facilities in a comma-separated list. For instance, kern,user,mail.

    • In the Host Filter, specify the IP address of the host system for which the log messages collected should be filtered from the syslog file. By default, this is set to all indicating that messages from all the host systems will be tracked. Multiple host systems of your choice can also be given in a comma-separtated list. Your specification should be of the following format: 192.168.10.1,192.168.8.202

    • The error/warning messages logged in the syslog file have various degrees of severity. In the Level Filter text box, indicate a severity level to check for the error/warning messages with particular degree of severity in the syslog file. By default, this is set to all indicating that all the messages will be monitored regardless of their degree of severity. You can also specify multiple severity levels as a comma-separated list in the following format: Critical,Major.

    • Specify one or more keywords to be monitored from the syslog file in the Include Keywords Filter section. By default, this section would be provided with one field wherein you will have to specify a keyword to be monitored. However, to add more keywords, click on the button and specify the keywords in the fields that are added. For instance, if you want to search for the failure related messages, then you can specify the keywords as fail,failure,failed. Using the button, you can remove the keywords that you have added.

    • In the Filter Logic text box, you can define a logic on how to filter out the messages from the syslog file. This logic is derived using the keywords that you have provided in the Include Keywords Filter section. For instance, assume that the Filter Logic is 1 and 2. Here, the messages will be filtered only if the messages contain the keyword 1 and the keyword 2. Likewise, you can define any filter logic according to your need.

    • Specify a comma-separated list of keywords to be excluded from monitoring in the Exclude Keywords text box. The format of your specification should be: error,warning. By default, this is set to none indicating that no messages will be excluded from monitoring.

      • Once you clicked the Update button after defining all the values, you will return to the test configuration page. To add more rules, click on the Add More button in CONFIGURE RULES window. If you want to clear the values that you have entered and define the new values, you can do so by using the Clear button. You can also remove a specific rule that you have added, using the encircled hypen button.

  • In the EXCLUDE PATTERNS text box, specify a comma-separated list of error or warning message patterns to exclude from monitoring. Your pattern specification can be of any of the following formats: *error or warning messages*. This parameter is set to none by default, which indicates that no message will be excluded from monitoring.

  • This test reports metrics by parsing the syslog file. Specify the full path to the syslog file in the SYSLOG FILE text box. For instance: C:\eGurkha\agent\syslog\syslog.

  • The DD FREQUENCY refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD FREQUENCY.

  • Once the above values are provided, click on the UPDATE button to register the changes made.

When changing the configuration for specific servers, a “*” beside the text box corresponding to the parameter signifies that these values have to be manually configured by the user. The parameter values that require to be configured will typically be prefixed with a “$” or contain a series of “*”. A value of “none” in the parameter value indicates that the corresponding parameter value can be changed if required.