1 Reply Latest reply on Jun 12, 2019 9:50 AM by kstone

    How to monitor Syslog Server

    gsw5700

      Hi Folks,

       

      I'm looking at what we need to monitor to ensure that Kiwi Syslog Server is actually  running OK.

       

      The obvious metrics are :-

      -   "Kiwi Syslog Server" service is "Running"

      -   Process Syslogd_Service exists

      -   Is searching for "error" in the errorlog.txt a valid check?

       

      We also plan to email an alert if we receive less than X messages in 60 mins, but if Kiwi Syslog Server is not running correctly,

      we won't get this message!

       

      Do we really? need to check if no logfiles have been updated in say the last 5 minutes ?  (if log files are generally  created at least every minute)

       

      Any thoughts on how we can determine that KSS is actually running OK?

       

      Many Thanks,

        • Re: How to monitor Syslog Server
          kstone

          The email for less than X messages is useful for other issues not necessarily direct KSS errors.  If you normally get 1000 messages in 5 minutes and only got 10 there may be an issue(network, sending hosts, FW, etc).

           

          The service and/or process monitor are the most important.  Then the log file.  Most errors will end up crashing/stopping the service.  Some will leave it in a running state but not processing(rare).  We don't alert on just "error" anymore since some errors don't have an impact. 

           

          Our current strings are:

          FlushCacheLines <Encoding Failed>

          Out of String Space

          INTERNAL PROGRAM ERROR

          Automation Error

          Unspecified Error

          mswinsck.ocx Error

          Unable to determine remaining space on drive C:

          Unable to open

          Unable to bind