Documentation forKiwi Syslog Server
Legacy KSS will reach its End of Service Life on March 28, 2026. Legacy customers should migrate to KSS NG before this date. See the KSS NG Getting Started Guide.

View statistics in the KSS NG Dashboard

You can use the Dashboard in the Kiwi Syslog Server NG (KSS NG) web console to view syslog data such as severity distribution, message volume, stacked message volume, top hosts, events, and counters. KSS NG uses widgets to display the syslog data and statistics in the Dashboard.

You can add, edit, and customize the widgets that are displayed in the Dashboard. See Add and customize widgets for details.

Severity distribution

The Severity distribution widget contains a chart that displays the number of messages received for each severity level. The default severity levels include Emergency, Alert, Critical, Error, Warning, Notice, Info, and Debug values. The legend displays severity levels in order of priority, starting with Emergency as the highest severity level and descending to Debug, which are messages used for troubleshooting.

The number of messages is determined by the last time the KSS NG service was started. You can restart the service to reset the number of messages.

Message volume

The Message volume widget contains a chart that displays the total volume of collected syslog messages and their corresponding severity levels over a period of time. The default severity levels include Alert, Critical, Error, Warning, Notice, and Emergency values.

Stacked message volume

The Stacked message volume widget contains the same data and customization options as the Message volume widget. Additionally, the Stacked message volume widget displays message count data "stacked" on top of each other in the chart, sorted by severity level. This additional visual makes it easier to compare the number of messages between each severity level and trends over time.

Top hosts

The Top hosts widget contains a chart that displays the number of messages received for each host. This widget assists in identifying potential issues with devices if a particular host is generating a lot of traffic.

Events

The Events widget contains a customizable table that displays stored Event data. The Event table can be customized with columns from any of the default set of values included in KSS NG: Time, Message, Host Name, Host Address, Local Address, Inputsource, Facility, and RFC Hostname. See the table below for details.

Values in the Events widget

Name of value Description
Time The Time value shows the time the log message was forwarded to KSS NG.
Message The Message value shows the message text contained in the log message.
Host Name The Host Name value shows the name of the server that receives log messages, or the destination server.
Host Address The Host Address value shows the IP address of the server that receives log messages.
Local Address

The Local Address value shows the IP address of the server that forwards messages.

The local address may change if you forward messages to another host.
Inputsource The Inputsource value shows the source of the log message sent to KSS NG. The input source includes protocols such as UDP, TCP, and TLS.
Facility The Facility value shows the Facility, a specific way of determining which server process created the syslog message. See Syslog Facilities for more information about Facilities.
RFC Hostname The RFC Hostname value shows the hostname as defined by the RFC 3164 standard. See Syslog RFC 3164 header format for more information about RFC hostnames.

Counters

The Counters widget contains customizable tiles that display traffic and error statistics. The traffic and error statistics are based on a default set of values included in KSS NG: Total, Total1hour, Total24hour, Forwarded, Loggedtodisk, Loggedtodiskerrors, and Uptime. See the table below for details.

In KSS NG, the Counters widget does not currently clear all syslog data when restarting the service.

Values in the Counters widget

Name of value Description
Total The Total value shows the number of messages received since KSS NG started. To reset this value, you must restart KSS NG or service.
Total1hour The Total1hour value shows the number of messages received in the last full hour. The hours are counted from the time KSS NG was started. If the program has been running less than 60 minutes, this value will be 0. Once an hour has completed, the value will contain the total number of messages received for the last hour. The value will remain constant until the next hour rolls over.
Total24hour The Total24hour value shows the number of messages received during the last 24-hour period (from the current time of display). This value is a rolling count of the messages received in the last 23 hours, plus the messages received in the last hour. At the turn of each hour, the value will drop as the last 23 hours are shuffled.
Forwarded The Forwarded value shows the number of messages that have been forwarded to other syslog collectors or relays using the Forward message action. This counter is reset immediately after the stats report have been emailed out.
Loggedtodisk The Loggedtodisk value shows the number of messages that have been logged to disk using the Log to file action. This counter is reset immediately after the stats report have been emailed out.
Loggedtodiskerrors The Loggedtodiskerrors value shows the number of internal program errors that have been logged to disk. Errors are usually caused when the log file cannot be accessed or if an internal program error has occurred. If the value is not 0, check the error logs for more details.
Uptime The Uptime value shows the number of hours KSS NG has been running without interruption since the service was last restarted.