WhatsUp Gold Log Management offers effortless visibility and control over device log data, seamlessly integrated into a top-tier interface. With this tool, you can effortlessly monitor, filter, search, and set alerts for logs from every device in your network, while also keeping an eye on overarching trends like log volume fluctuations. Additionally, you have the flexibility to filter and archive logs to various storage locations for any desired retention period, ensuring compliance with regulatory standards and the preservation of historical data. The outcome is a comprehensive network monitoring experience coupled with robust log management capabilities, all within a user-friendly solution.
How the Log Management Add-on Works
Easily visualize and manage your logs with WhatsUp Gold. Take immediate control through the intuitive WhatsUp Gold interface, which offers features such as mapping, customizable dashboards, alerting, and reporting. Save valuable time by diagnosing and addressing issues seamlessly within the same interface used for your network monitoring tasks.
Utilize WhatsUp Gold’s robust alerting functionalities to trigger notifications based on tailored conditions. Benefit from the flexibility to customize which log events, conditions, or trends prompt alerts. Monitor meta trends such as changes in log volume and receive notifications when thresholds are reached.
Ensure regulatory compliance and preserve historical data effortlessly by archiving logs with WhatsUp Gold. Customize retention periods, storage locations, and filtering criteria for archived logs without compromising performance. Seamlessly search, purge, or restore archived logs directly within the WhatsUp Gold interface.
Collect and filter Windows Event Logs & Syslogs from all devices across your network. Utilize pre-built and customizable filters to refine the results, focusing on the logs that are relevant. Streamline the influx of log data to concentrate on specific logs of interest or those needing tracking for compliance adherence.
Set up tailored log searches with options to refine parameters such as machine name, log type, dates, and log field values. Save these customized searches for future use and automatically export the results or do so on-demand.
Display log status and events using customizable dashboards within WhatsUp Gold. Showcase critical events, log volumes, disk space usage, and other pertinent information in a familiar format. Tailor these dashboards to exhibit essential log details independently or alongside other network monitoring data, facilitating swift diagnoses.
The new WhatsUp Gold Log Management add-on allows you to collect Windows Event Log and Syslog events from any available device configured as a log data source. In addition to simply collecting log data, you can customize WhatsUp Gold to collect events which fit your specific needs by defining search criteria and applying several common and/or format-specific filters when viewing corresponding reports and dashboard views.
While applicable log management configuration settings are maintained in the WhatsUp Gold database, the actual log data collected by WhatsUp Gold Log Management is stored in a dedicated instance of Elasticsearch to ensure you can retrieve the information you’re looking for quickly and easily. You also have the option of using WhatsUp Gold Log Management with an existing Elasticsearch installation. To do so, simply specify the URL and valid access credentials when prompted during installation.
Before you can successfully collect log data, you must configure one or more monitored devices to serve as log data sources. Follow the procedure steps presented in Configure a Log Source to set up a device to make either Windows Event or Syslog data available to WhatsUp Gold. Please note, to successfully collect Syslog data, you must configure WhatsUp Gold AND the actual Syslog server. For the Syslog server, configure and enable the push of log data to WhatsUp Gold using IP Address, hostname, etc. One port is dedicated to listening for Syslog data all the time. Additionally, if you have set up any passive monitors for Syslog or Windows Event Logs, we recommend disabling them due to duplicate collection of data.
Once log data is actively being collected, you have the option to use the Advanced Filter Builder create and save sets of filter criteria in a dedicated library for use in several interfaces applicable to log management inside WhatsUp Gold. It’s important to note that, depending on how you configure log data collection, WhatsUp Gold has the potential to collect enormous amounts of data and possibly fill your storage database to capacity. Proper use of advanced filters in concert with the conservative use of applicable settings and/or configuration will help prevent this from occurring. Refer to Creating Filters for step-by-step information on how to populate your log management filter library.
One of the most versatile and commonly-used features of WhatsUp Gold is its robust and customizable reporting views. The application now offers an additional dashboard view as well as individual reports dedicated to presenting data collected by WhatsUp Gold from log sources. The Log Management Dashboard view can be found by selecting ANALYZE > Log Management > Log Management Dashboard. Using the same menu path, you can also access the Log Viewer full page report which allows you to search for log data based on user-defined critera and/or a saved filter selected from the Log Filter Library. You also have the option to launch the advanced filter builder dialog directly from the Log Viewer interface where you can create a new set of filter criteria to apply to the report which can also be saved to the Log Management filter library.
Alert Center now offers a new threshold exclusive to WhatsUp Gold’s new Log Management functionality called Log Management Filter Frequency. This threshold monitors either the absence or the presence of logs based on a saved filter selected from the Log Filter Library. It can be used just like any other threshold in Alert Center in that you have the ability to apply a notification policy so you can be alerted when certain log data is collected as well as view related activity in the Alert Center full-page reports which can be found by selecting of the options under ANALYZE > Alerts and Actions.
Installing WhatsUp Gold with Log Management features
If your license includes Log Management features, you’ll be prompted to designate a database instance designated solely for log data collection during your initial WhatsUp Gold installation. All data collected by and/or sent to WhatsUp Gold from log data sources is stored in an Elasticsearch database. You have the option to either install a dedicated instance of Elasticsearch directly from the WhatsUp Gold installer or configure a connection to an existing Elasticsearch instance you install external of WhatsUp Gold.
Important: If you plan on deploying WhatsUp Gold Agents to assist with log data collection, we highly recommend connecting to an existing Elasticsearch instance.
Warning: When prompted by the installer, review the IMPORTANT information about available options and recommendations for using Elasticsearch with WhatsUp Gold before proceeding. Your selection must reflect the needs of your specific network environment, how you intend to collect log data from sources, and any security limitations under which you may be operating.
Warning: If you do not plan to use Log Management features and as such do not need to install or use an Elasticsearch database, please enable the applicable checkbox at the bottom of the IMPORTANT Log Management Information dialog, then click Next.
If your license includes Log Management features and you would like to use a secure Elasticsearch instance:
- Select Point to a secure installation of Elasticsearch, then click Next.
Important: This option should be selected if you require a secure Log Management data store and/or if you plan to deploy WhatsUp Gold Agents on your network. We strongly recommend pointing to an existing, secure instance of Elasticsearch. If you do not have a secure Elasticsearch database available for use with WhatsUp Gold, please see the Knowledge Base article.
- Enter name of the Elasticsearch host, applicable port number, and username and password combination (if using a secure connection), then click Next.
If your license includes Log Management features and you would like to use the local Elasticsearch instance included with WhatsUp Gold:
- Select Install an open-source version of Elasticsearch with WhatsUp Gold, then click Next.
Note: Please ensure your WhatsUp Gold server meets the minimum recommended hardware specifications to adequately support Log Management.
- Select the destination folders for the ElasticSearch instance and data files, then click Next.
Note: Please ensure the selected drive contains the minimum recommended free space to store log data.
Enter the HTTP and Transport port numbers for WhatsUp Gold to use for communication with Elasticsearch, then click Next. The default and recommended port numbers are 9200 and 9300, respectively.
Log Management Settings
Configure the following to enable WhatsUp Gold to successfully ingest data from log sources:
- Elasticsearch Address. Enter the IP address WhatsUp Gold should use to communicate with Elasticsearch.
- Port. Enter the port number WhatsUp Gold should use to communicate with Elasticsearch. The default port number is 9200.
- Credential. Enter the username and password required to access the specified Elasticsearch instance if required.
- Use SSL. Enable this option to secure communication between WhatsUp Gold and Elasticsearch using Secure Socket Layer encryption (https).
Tip: If you would like to upload your own SSL certificate, please disable the Ignore Certification Error option, then click Upload. Browse to and select the desired Certificate Authority file in PEM container format (.crt).
Log Collection Settings
- Online Data Retention. Specify the number of days log data should be retained before WhatsUp Gold begins deletion of older logs.
- Total Disk Space Usage Limit. Use the slider control to indicate the maximum percentage of the total storage to be consumed before WhatsUp Gold begins deletion of older logs.
Important: When the total disk space usage on disks where Elasticsearch stores its data reaches the usage limit, a web alarm is automatically triggered. This alarm advises users to take appropriate actions to address the impending problem before indexes are deleted. The notification can be dismissed or temporarily snoozed just like any other web alarm, however it does not need to be created or configured in the Actions Library. Instead, users can select a corrective action directly from the notification dialog, when applicable.
Tip: Maximum Disk Space Usage Limit refers to the point at which Elasticsearch will stop accepting more data.
Tip: Current Elasticsearch Node Disk Space Usage Information refers to the Elasticsearch instance WhatsUp Gold Log Management is using.
- Enable Archive Logs. Select this option to enable archiving of Log Management data.
- Archive Location. Enter the UNC path/network folder location where Log Management data should be stored. Please note, this should not be the same drive as the Elasticsearch database used for online Log Management data.
- Windows Credential. Select the Windows credential required to access and write to the Archive Location.
- Archive Data Retention. Use the controls provided to specify how long archived Log Management data should be kept.
- Archive Compression. Indicate if you would like to compress archived log management data and if so, in what format. Please note, if Log Management archive data is not compressed, the resulting file will be much larger.
Note: Log Management archive files are generated once per day for each index type resulting in a maximum of two new archive files per day.
Important: Log Management data is moved to the specified Archive Location after the retention period configured in the Elasticsearch database has ended. If archiving is not enabled, Log Management data is deleted from Elasticsearch once the retention period has ended.
Syslog Server Settings
- Enable Syslog server. Select this option to enable the Syslog server in WhatsUp Gold Log Management to allow devices to connect and send Syslog data to Log Management. Please note, this option must be enabled if you want to collect Syslog data from log sources.
Important: If you plan to enable this option, you must first disable the Listen for messages option under the Syslog Settings section of the Passive Monitor Listener dialog which can be accessed by selecting SETTINGS > System Settings > Passive Monitor Listeners.
- Syslog Server IPv4 Address. Enter the IPv4 address on which WhatsUp Gold should listen for Syslog messages.
- Syslog Server IPv4 Port. Enter the port number on which WhatsUp Gold should listen for Syslog messages.
- Syslog Server IPv6 Address. Enter the IPv6 address of your Syslog server if you are collecting IPv6 Syslog data.
- Syslog Server IPv6 Port. Enter the port number on which WhatsUp Gold should listen for Syslog messages if you are collecting IPv6 Syslog data.
Please note, clicking Save automatically tests the Elasticsearch connection. If a successful connection cannot be established, the Log Management settings you’ve configured will not be saved.