Collect and store system logs (Syslog) from Unix/Linux servers and network devices or event logs (Eventlog) from Windows series, facilitating debugging or querying historical data of the host for system personnel. By setting up an alert mechanism for instant notifications, operations personnel can grasp server and network device alerts and subsequent issue investigations in real time.
System Specifications for Monitoring System and Event Logs
Detection Purpose: Real-time collection of system logs or event logs
➢ Response Criteria
➢ Use level classification or message content filtering to issue alerts
➢ Post-issue investigation
Monitoring Targets: Hosts and devices with specified system logs or event logs
Alert Conditions: Set alert criteria based on level classification or message content filtering
Real-time Information: Normal/alert publication
Information Collection: Message, alert publication/clearance time points
Emergency Handling: Notification, execution of predefined programs
Alert Threshold: Define alert values according to application
Alert Methods for System and Event Logs Include:
➢ Use and, or, not methods to compare strings in logs. If conditions are met, handle according to the alert mechanism
➢ Directly issue alert messages by specifying message type levels
For a more comprehensive understanding and practical application of "System Logs - Syslog", please explore the related details through the 【System Logs Syslog - Detailed Function Description】 link.
※Extended Function
The above "System Logs - Syslog" is for collecting and analyzing overall system event logs, and issuing alerts based on specific event levels or conditions.
For certain specific needs, such as:
➢ Situations requiring the collection of specific event IDs,
e.g., to monitor event IDs 4625 and 4727 on 100 Windows computers.
➢ Collect specific event IDs for hosts with specific IP addresses,
e.g., only collect event IDs 4625, 4627, 4724 on the host with IP 192.168.5.66.
The above specific needs can be achieved through the WATCHDOG system's 【Scheduled Information Function】.
Specific operation methods can be referenced in the 【Scheduled Information - Collecting Specified Event ID】
