User Tools

Site Tools


Sidebar

Chapters

Advanced Use

chapter5:quickstart

Quick Start

Event Log Manager (ELM) provides super fast access to log files it receives from the network. It can be used to centralize all log files and events from all your network servers and devices.

The first step is to have your network components send logs and events to ELM. The manner in which this is done differs for different types of devices.

BLËSK uses the standard syslog port 514, and accepts incoming messages using either udp or tcp

Windows

On Windows machines you will need to install an application that allows EventLog events and other Windows application logs to be sent to a syslog server such as BLËSK. There are several applications capable of doing this, such as Datagram SyslogAgent, which is available for download from the BLËSK website.

You can also find instructions on how to install Datagaram SyslogAgent here.

Unix / Linux

Unix based operating systems can send logs to a remote log collector by using native and already installed applications such as rsyslog or slyslog-ng.

For example,if you are using rsyslog and you wish to send all logs to BLËSK, you can do so by editing the rsyslog.conf file on the servers you wish to monitor. Usually, this file is located at /etc/rsyslog.conf.

Add the following two lines (highlighted in red) to the bottom of the rsyslog.conf file, replacing the ip address with the address of your BLËSK server.


When done, you will need to restart the rsyslog service.

Other network devices

Devices such as switches, routers, and printers can also send logs to ELM. They must be configured to send data to BLËSK using the standard syslog port 514 (udp or tcp). Here a document that can help you to do it on major manufacturers devices.

Using the Dashboard to view logs

Once the logs and events begin to arrive, you can visualize them using the dashboard. The default view provides a time picker, a search field and two views (panels) for viewing information.

The time picker is configured to show logs for the past 24 hours. This can be changed by clicking the arrow next the the words “a day ago to a few seconds ago

The search field loads with an asterisk by default, which means search all logs for the specified date.

The first panel shows the events over time, for the period indicated above the graph. Each graph bar represents a 10 minute interval. In this graph, we can see that something interesting happened at approximately 16:00, or 4:00 pm. To find out more about this, we can simply zoom into this time period on the graph. The events will be refreshed and listed below.

Below the graph is a list of events over the specified time period. Next to the events list are fields that can be selected, such as timestamp, type, message, etc. All fields are shown by default, but this can be narrowed down by clicking the checkboxes on the left.

In the example below, we chose to view only the contents of the timestamp, program, and message fields by clicking their checkboxes on the left.

Clicking on an item in the list of events will display a table of information for that particular event

chapter5/quickstart.txt · Last modified: 2014/06/27 13:00 by admin