The new WhatsUp Gold Log Management add-on allows you to collect Windows Event Log and Syslog events from any available device configured as a log data source. In addition to simply collecting log data, you can customize WhatsUp Gold to collect events which fit your specific needs by defining search criteria and applying several common and/or format-specific filters when viewing corresponding reports and dashboard views.
While applicable log management configuration settings are maintained in the WhatsUp Gold database, the actual log data collected by WhatsUp Gold Log Management is stored in a dedicated instance of Elasticsearch to ensure you can retrieve the information you're looking for quickly and easily. You also have the option of using WhatsUp Gold Log Management with an existing Elasticsearch installation. To do so, simply specify the URL and valid access credentials when prompted during installation.
Before you can successfully collect log data, you must configure one or more monitored devices to serve as log data sources. Follow the procedure steps presented in Configure a Log Source to set up a device to make either Windows Event or Syslog data available to WhatsUp Gold. Please note, to successfully collect Syslog data, you must configure WhatsUp Gold AND the actual Syslog server. For the Syslog server, configure and enable the push of log data to WhatsUp Gold using IP Address, hostname, etc. One port is dedicated to listening for Syslog data all the time. Additionally, if you have set up any passive monitors for Syslog or Windows Event Logs, we recommend disabling them due to duplicate collection of data.
Once log data is actively being collected, you have the option to use the Advanced Filter Builder create and save sets of filter criteria in a dedicated library for use in several interfaces applicable to log management inside WhatsUp Gold. It's important to note that, depending on how you configure log data collection, WhatsUp Gold has the potential to collect enormous amounts of data and possibly fill your storage database to capacity. Proper use of advanced filters in concert with the conservative use of applicable settings and/or configuration will help prevent this from occurring. Refer to Creating Filters for step-by-step information on how to populate your log management filter library.
One of the most versatile and commonly-used features of WhatsUp Gold is its robust and customizable reporting views. The application now offers an additional dashboard view as well as individual reports dedicated to presenting data collected by WhatsUp Gold from log sources. The Log Management Dashboard view can be found by selecting ANALYZE > Log Management > Log Management Dashboard. Using the same menu path, you can also access the Log Viewer full page report which allows you to search for log data based on user-defined critera and/or a saved filter selected from the Log Filter Library. You also have the option to launch the advanced filter builder dialog directly from the Log Viewer interface where you can create a new set of filter criteria to apply to the report which can also be saved to the Log Management filter library.
Important: Any Syslog or Windows Event Log reports from previous versions of WhatsUp Gold will NOT show Log Management-specific data.
Alert Center now offers a new threshold exclusive to WhatsUp Gold's new Log Management functionality called Log Management Filter Frequency. This threshold monitors either the absence or the presence of logs based on a saved filter selected from the Log Filter Library. It can be used just like any other threshold in Alert Center in that you have the ability to apply a notification policy so you can be alerted when certain log data is collected as well as view related activity in the Alert Center full-page reports which can be found by selecting of the options under ANALYZE > Alerts and Actions.