Documentation forKiwi Syslog Server

View syslog statistics — Legacy

This snippet is used for legacy 9.8.3 topics that link to a KSS NG topic of the same name.
  1. To view syslog statistics, select View > View Syslog Statistics.

    The Syslog Statistics dialog opens.

    Syslog Statistics are updated every 10 seconds. Press the Refresh button or F5 to cause the statistics to be recalculated and displayed immediately.

  2. Click any of the following tabs.

    1 Hour history Displays a bar chart of the last 60 minutes of traffic. Each bar in the chart shows the number of messages received during that minute. The chart scrolls from right to left. The left side of the chart shows traffic an hour ago, the right most bar (0) indicates the current traffic.
    24 Hour history Displays a bar chart of the last 24 hours’ of traffic. Each bar in the chart shows the number of messages received during that hour. The chart scrolls from right to left. The left side of the chart shows traffic 24 hours ago, the right most bar (0) indicates the current traffic.
    Severity

    The Severity table shows the breakdown of messages by priority level. 0-Emergency has the highest severity all the way down to 7-Debug type messages which are used for troubleshooting.

    The message count and percentage of total traffic is shown in the table.

    Click on any header to sort the table by that column. Click again to reverse the sort order.

    Top 20 Hosts

    The hosts table shows the breakdown of messages by sending host. The message count per host and percentage of total traffic is shown in the table.

    Click on any header to sort the table by that column. Click again to reverse the sort order.

    If a particular host is generating a lot of the traffic or the pattern changes, it could indicate a problem on that device.

    Counters

    The counters show the traffic and error statistics for the program. The average messages counter can help you set maximum thresholds for alarm notification and to get a feel for the amount of syslog traffic being generated.

    Some counters show values for the interval period, and some are from the last 24-hour period (from the current time of display). Others show values since Midnight (0:00).

    The intervals start at 00 from the time the program starts rather than being related to the actual MM/DD/YYY HH: MM:SS time. To see how long the program has been running, check the Program uptime counter, see the duration of the interval period, and check the start and end date & time.

    Messages - Total:

    This counter value shows the number of messages received since the program starts. To reset this value, you must restart the program or service.

    Messages - Last 24 hours:

    This counter value shows the number of messages received during the last 24-hour period (from the current time of display). This value is a rolling count of the messages received in the last 23 hours, plus the messages received in the last hour. At the turn of each hour, the value will drop as the last 23 hours are shuffled. The value will then build again as more messages are received during the current hour. The value is represented by the formula: LastHours(1 to 23) + messages this hour.

    Messages - Last Interval (Hours/Days/Weeks/Months):

    This counter value shows the numbers of messages received during the last interval period. The counter is reset once the statistics report is emailed out.

    Messages - Since Midnight:

    This counter value shows the number of messages received since midnight (00:00 - 23:59). This counter automatically resets at 00:00 every day.

    Messages - Last hour:

    This counter value shows the number of messages received in the last full hour. The hours are counted from the time the program was started. If the program has been running less than 60 minutes, this value will be 0. Once an hour has completed, the value will contain the total number of messages received for the last hour. The value will remain constant until the next hour rolls over.

    Messages - This hour:

    This counter value shows the number of messages received since the last hour roll over. The hours are counted from the time the program was started. This value will reset to 0 each hour and will be incremented as each new message arrives.

    Messages - Average:

    This counter value shows the average number of messages received per hour over the last 24-hour period. At the turn of each hour, the value will be recalculated as the last 24 hours are shuffled. After the first hour has elapsed, the value is only updated once per hour.

    Messages - Average Last Interval (Hours/Days/Weeks/Months):

    This counter value shows the average number of messages received per hour over the last interval period.

    Messages - Forwarded:

    This counter value shows the number of messages that have been forwarded to other syslog collectors or relays using the "Forward message" action. This counter is reset immediately after the stats report have been emailed out. The stats are usually sent based on the interval set. The value being displayed is based on the interval duration.

    Messages - logged to disk:

    This counter value shows the number of messages that have been logged to disk using the "Log to file" action. This counter is reset immediately after the stats report have been emailed out. The stats are usually sent based on the interval set. The value being displayed is based on the interval duration.

    Errors - logged to disk:

    This counter value shows the number of internal program errors that have been logged to disk. Errors are usually caused when the log file cannot be accessed or if an internal program error has occurred. If the value is not 0, check the error log (View | Error log menu) for more details on the error.

    Disk space remaining:

    This counter value shows the amount of disk space remaining in MB. The drive being watched can be set from the Alarms | Disk space monitor setup option. By default, drive C: is monitored.

    Breakdown of messages by sending host in Stats:

    The host table shows the breakdown of messages by sending the host. The message count per host and percentage of total traffic is show in the table.

    Total number of hosts that can be listed depends on the total number set in More options > Number of host. Value should be within 1 to 999.

    CustomStats:

    The custom statistics values can be viewed from the Counters tab. These values can be modified by using the Run Script action. These statistics counters can be used to count and display any values you like.

    To set the counter name to something more meaningful, use Scripting custom statistics fields to set the counter name and initial values