• General information: info@netmechanica.com
  • Sales: sales@netmechanica.com
  • Support: support@netmechanica.com


NetDecision LogVision


NetDecision LogVision

NetDecision LogVision is a general purpose log mediation application that allows users to receive, visualize and handle syslog and Windows event log messages in various ways. The application architecture combines RFC 3164 syslog server and Windows event log monitoring server in one in order to unify customization and handling procedures. Due to its flexible message handling capabilities, LogVision can be used together with other network management applications to provide distributed and structured log handling. LogVision supports most enterprise firewalls including Check Point, Cisco PIX, SonicWALL, NetScreen, WatchGuard, and more.

The picture below demonstrates the conceptual architecture of the LogVision:

Features

  • LogVision can receive syslog messages and monitor local event log;
  • The LogVision"s main window acts as a console viewer displaying real-time information about received messages;
  • LogVision allows the user to create filtering and processing rules based on originator IP address, syslog facility, syslog severity, syslog process name, message text, event type, event source, etc.;
  • LogVision provides a set of preconfigured message handlers enabling the following actions to be automatically executed upon message receiving:
    • send e-mail to one or more recipients;
    • log message data to a log file;
    • store message data in a database via ODBC;
    • execute any external application or command;
    • enable audible alarm;
    • send SNMP Trap to one ore more destinations (each specified by IP address and port);
    • send syslog message to one or more syslog servers;
    • create task in MS Outlook;
    • send SMS via GSM mobile phone;
    • send SMS via SMPP protocol;
    • invoke web service;
    • write to Windows Event log;
    • place text or voice message via Skype;
    • speak text using Text-To-Speech engine.
  • LogVision automatically clears aged (outdated) messages/records based on user defined rules;
  • LogVision supports technical outages (maintenance mode);
  • LogVision allows the user to view web reports;
  • Quick Reports window provides user with a simple pie chart representing a summary information about messages currently listed in the main view.
  • LogVision allows the user to create and view web reports (integration with NetDecision Anywhere Launchpad);
  • LogVision can be managed remotely using NetDecision Anywhere Launchpad;
  • LogVision allows the user to create new message handlers or modify existing ones to implement custom handling procedures.
  • LogVision allows the user to assign troubleshooting information for incoming syslog/eventlog messages;
  • LogVision allows the user to configure and execute custom tools to manage remote devices (like ssh and telnet clients, etc);

Due to its unique message handling capability, LogVision is an ideal tool for the first-stage handling of the syslog or event log traffic. LogVision can manage syslog or event log messages at remote sites, forwarding only the important messages to the high-level management console application, possibly minimizing the traffic.

Message Handlers

Syslog and Windows Event Log handlers in LogVision can be considered as definitions containing information on how to manage incoming syslog messages and Windows events. In other words, handlers contain information on what to do when a specified message arrives or when the user acknowledges/deletes selected message/record using LogVision graphical interface.

Defining matching criteria

In order to provide the most flexible logic when analyzing and matching syslog message or event data message handler is built as multi-level hierarchal structure consisting of unlimited number logical operators and data comparators.

Comparator

Comparator defines what data parameter of incoming message must be looked at in order to make a decision what action to perform next.

Filter

Based on the result of logical comparison (matched or not) the message can be either rejected or passed. If syslog message or event is passed it will not appear in the message window but corresponding record (about message being rejected) would be added to the application log. Even if a message is rejected it is still possible to execute Handler Action in order to have more handling options.

Auto acknowledgement

This option automatically acknowledges message/event.

Aging

Specifies the lifespan of message/event in the datastore (internal + ODBC database if Database Handler is used). Message/Event will be deleted if the attribute "Receive Time" of the message/event is older than this value in the datastore. This value has an impact on the amount of storage required and affects system performance. Use Interval parameter to specify lifespan. You can also define whether you need (or don"t need) to execute action for aged traps by using Execute Delete Action option. Please note that Action execution significantly affects application performance.

Action

In LogVision handler actions are executed using NetDecision script language which makes it highly flexible and customizable. An action in LogVision is performed by NetDecision script. Handler configuration includes specifying script template to be used as action executer. Specific handler parameters are being passed to a script at runtime as script variables. These variables can be easily addressed within a script by name.

Troubleshooting syslog/eventlog messages

LogVision allows the administrator/user to specify the detailed instructions included in alarm notifications ensure that system operators, without extra training, will know precisely what to do and who to call/contact if an alarm happens.

The troubleshooting information includes:

  • Linked Document - any document (doc, docx, pdf, html) that contains detailed troubleshooting instructions;
  • Instructions - troubleshooting instructions;
  • Contact Name - the person to contact;
  • Contact Email - email address of contact person;
  • Conact Work Phone - work phone of contact person;
  • Contact Mobile Phone - mobile phone of contact person;
  • Contact Skype ID - skypeID of contact person;
  • Linked Trouble Ticket ID/URL - trouble ticket linked to the problem.

In LogVision the user is able to assign troubleshooting information manually or automatically. The automatic troubleshooting information assignment is implemented via standard message handling mechanism.

Developed by WebMechanica Copyright 2001-2016 NetMechanica