I'm looking at what we need to monitor to ensure that Kiwi Syslog Server is actually running OK.
The obvious metrics are :-
- "Kiwi Syslog Server" service is "Running"
- Process Syslogd_Service exists
- Is searching for "error" in the errorlog.txt a valid check?
We also plan to email an alert if we receive less than X messages in 60 mins, but if Kiwi Syslog Server is not running correctly,
we won't get this message!
Do we really? need to check if no logfiles have been updated in say the last 5 minutes ? (if log files are generally created at least every minute)
Any thoughts on how we can determine that KSS is actually running OK?
The email for less than X messages is useful for other issues not necessarily direct KSS errors. If you normally get 1000 messages in 5 minutes and only got 10 there may be an issue(network, sending hosts, FW, etc).
The service and/or process monitor are the most important. Then the log file. Most errors will end up crashing/stopping the service. Some will leave it in a running state but not processing(rare). We don't alert on just "error" anymore since some errors don't have an impact.
Our current strings are:
FlushCacheLines <Encoding Failed>
Out of String Space
INTERNAL PROGRAM ERROR
Unable to determine remaining space on drive C:
Unable to open
Unable to bind
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.