Syslog Messages by Facility Test

eG Syslog server consolidates error/warning messages that are received from multiple systems in your environment into a single location. These error/warning messages are generated by any part/process of the system and are logged in the syslog file. The error/warning messages are broadly categorized on the basis of which process/part of the system generated the messages. This categorization is done using the concept called Facilities that are components of the systems and are represented by decimal integers. By referring to the values corresponding to these facilities, administrator can easily determine the part/process of the system that created the error/warning messages. Sometimes, administrator may only want to receive the messages from certain parts/processes of the system that are critical for the purpose of tracking performance of the system and for troubleshooting. In such cases, administrator can use the Syslog Messages by Facility test to filter out the messages of his/her interest. For that purpose, this test enables administrator to configure specific patterns of the error or warning messages based on which the messages should be filtered.

This test periodically mines the Syslog file for specific patterns of error/warning messages configured by administrator and reports the number of messages that match each configured pattern. This way, administrator is alerted to the errors/warnings at the systems and enabled to initiate the necessary remedial actions swiftly.

Target of the test : eG Syslog

Agent deploying the test : An internal agent

Outputs of the test : One set of results for the every patternName configured in the Include Patterns text box

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed

Host

The IP address of the host for which the test is being configured.

Port

The port at which the specified host listens. By default, this is NULL.

Exclude Patterns

Here, specify a comma-separated list of error or warning message patterns to exclude from monitoring. Your pattern specification can be of any of the following formats: *error or warning messages*. This parameter is set to none by default, which indicates that no message will be excluded from monitoring.

Include Patterns

Here, specify a comma-separated list of error or warning message patterns to be monitored. The format of your specification should be: patternName:Pattern, where patternName refers to the unique name that you assign to every pattern configuration, which will appear as the descriptor of this test, and Pattern refers to any message pattern of the form *error or warning messages*. Multiple pattern specifications can be provided as: patternName1:Pattern1,patternName2:pattern2. This parameter is set to all:all by default, which indicates that all error/warning messages will be monitored by default.

SyslogFile

This test reports metrics by parsing a Syslog file. Specify the full path to the Syslog file here. For instance: C:\eGurkha\agent\syslog\syslog.

RotatingFile

By default, the RotatingFile parameter is set to No. To instruct the eG Enterprise system to monitor newer log files also, set this parameter to Yes. Otherwise, set it to No.

DD frequency

Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Number of Messages

Indicates the number of messages in the specified Syslog file that matched this pattern.

Number

The detailed diagnosis of this measure reveals the host IP, the time stamp and the log message.