E-mail
Overview
This section reviews the GroundWork Monitor Event Console application.
CONTENTS | RELATED RESOURCES | WAS THIS ARTICLE HELPFUL? |
1.0 About Event Console
The Event Console shows a unified view of event data from all monitoring data sources including virtual environments, devices monitored by Cacti, servers monitored by Nagios, and Syslog and Trap feeds. Color coded threshold breaches and related message details let you correlate event details with real time status screens to determine the likely cause of an issue and allow certain actions to be taken on the messages. Since, Foundation supports the integration of multiple data types, with a little configuring you can also integrate other application types such as JMX messages, and JMS. The GroundWork Monitor Status page also displays an embedded view of the Event Console where you can view logged events for host groups and hosts. While using the application you may notice the different event screens will automatically update as Event Console uses a push technology where log messages are actually pushed (server initiated rendering) to the console as opposed to browser polling.
The console window consists of basically two frames. The left frame allows a user to select the type of events to view within the right frame. The right frame displays the list of events with dynamic columns and rows based on the selected filters. The right pane also allows for search parameters to be entered to display specific events. Referencing the image above, the Event Console features are outline in the table below.
1.1 Screen Layout
Figure: Event Console Screen Layout
1.2 Feature Descriptions
Table: Event Console features
| Feature | Description | ||
|---|---|---|---|
| Filters | When entering the Event Console the most recent events will be displayed. There are 20 events listed per page with pagination controls displayed at the bottom of the screen. Specific events can be displayed by using defined System or Public filters. System Filters branch nodes include Applications, Host Groups, (including Custom Groups), Service Groups, and Operation Status. The branch nodes expand to sub-branch nodes whose labels are populated dynamically from the server. Public Filters include All Open Events, Critical, Warning, Nagios Warning, Last 5 SNMPTRAP Warning, Last 10 Minutes NAGIOS Critical, and Current Troubled Open Events. Public filter are predefined. Developers may add additional public filters, see Configuring Event Console. The columns of the data table are driven by the data displayed in the page, if messages in the table are specific to one application type (e.g. Nagios) then columns specific to that application type are shown. If messages in the table are of mixed application types (e.g. Nagios, SNMP etc) then only columns common to all application type are shown. |
||
| New Events Tab | The New tab option enables multiple event lists to be displayed each with their own filtered data so a user can easily access and switch between multiple defined lists. The tab title can be changed using the Update Label box. To remove a tab select the X, that will be shown on the tab when multiple tabs are in use. | ||
| Search | Search Events options enable the filtering of events in addition to any applied filter from the side panels. A user can indicate a Host name and/or Message content to be searched (e.g. Foundation). A date and time range can be set to search only those events matching an indicated preset time (e.g. Last 10 Minutes) or a selected calendar date range. In addition, a user can search by Severity, OpStatus (Operation Status), and MonStatus (Monitor Status) by selecting the desired search values from the drop-down menus.
|
||
| Collapse-able | The side filters and top search pane arrow icons are used to hide and re-display these panels. This allows more event data to be displayed. | ||
| Select Events/Apply Actions | The event control buttons allow users to perform actions on selected events. To select events to apply actions to, use Select All to include all events or select each event individually. Pause/Resume Incoming Events is used to freeze active updating of events, the Alarm/Silence Alarm button allows you to toggle the setting between audible and silent alarm for new incoming messages. The Actions button enables a user to change the identified log messages to a selected operation status (based on associated applications), these include; Accept Log Message, Notify Log Message, Nagios Acknowledge, Close Log Message, Open Log Message, and Submit Passive Check (SNMPTRAP specific). Short-cut buttons for standard actions include Open (Orange), Notify (Yellow), Accept (Green), Acknowledge (Purple), and Close (Black). Once actions have been applied the events will be relocated to the Operation Status folder. Developers can configure additional actions; see Developer Reference > Configuring Event Console. |
||
| Sort By/Resize Columns | Sorting and filtering functions within Event Console allow users to focus on events of given types, time periods, or sources. Each column can be sorted in ascending and descending order by clicking on a column title. By default events are sorted by the Received by GW column in descending order. Columns are re-sizable by clicking and dragging the area in between columns. | ||
| Open Status Host View/Service View | Device links can be opened within Status in host or service view for access to more detail. | ||
| Additional Event Information | In Event Console when showing views across application types only common fields are shown. The + icon will display all fields for the event. If an icon is not displayed the event message does not contain additional columns. | ||
| State of Services | The Event Console application provides cross links to the corresponding Status pages. When a device name in the Host column is selected the device host page will be displayed in Status. If no host for that device exists (snmptrap) the link will be in-active (not click-able). If application type Nagios is selected, any services in the Service column link to the Status service page. Additionally, to display device details select the icon present next to the device name. | ||
| View Entire Message |
The Message column's entire contents can be viewed by hovering over the message. See Developer Reference > Configuring Event Console to change the message default column width. | ||
| Events Tile | Displays monitoring status in graphs by host group. |
1.3 Event Descriptions
Table: Data field descriptions
| Field Name | Field Description |
|---|---|
| Received by GW | Monitoring system date and time the event was initially reported and received by GroundWork Monitor. |
| Message Count | Count of occurrences of one particular message - many messages are very similar and are consolidated into one event message. This consolidation feature reduces the number of similar messages in the LogMessage table. For each insert the consolidation criteria will be applied to the incoming message, then the First Inserted and Last Inserted date/time is tracked. Consolidation of events is built in to the adapter module for each source of data, so depending on the adapter settings, messages may be individually recorded, or displayed as the same message record with an incrementing count. |
| Host | The host where the event was reported. The host column device names are actual links to monitors in the Status application. |
| Service | The name of the Service for the Service Alert. This is a Nagios specific displayed column in Event Console. |
| Status | Current status mapped internal to Nagios state. Color coding matches the status. OK is color coded in green indicating that a device is OK and that it is up; CRITICAL is red indicating the device is in a critical, fatal, down or unreachable state depending on the application type, and WARNING is color coded in yellow indicating that an event is in a warning state and although not critical should eventually be looked into. There is also a PENDING status which is color coded in orange indicating an unknown state. |
| Message | The event message indicating status and a brief description of the event. Hover over this message to read the entire contents. |
| Application Type | The application type of the event. This can be system level errors, Nagios monitoring type events, SNMP Trap, or Syslog. |
| Severity | Application severity. Severity type will depend on what type of events are being viewed. |
| Last Detected | Date and time the last message came in for this event. |
| First Detected | Date and time the first message came in for this event. |
| Acknowledged By | Displayed only when viewing Nagios application type events. The Event Console has incorporated a User Acknowledgment feature which indicates who acknowledged a Nagios application type event (problem with a Host or Service), by listing the system user login ID in the Acknowledged By column. A problem with a Host or Service can be Acknowledged through Nagios or Status. If the Acknowledge By Column contains N/A, this indicates there is no user name associated with the acknowledged event. A blank indicates that the event has not been acknowledged. |
| Comments | Displayed only when viewing Nagios application type events. The Comments column displays comments entered by the user when acknowledging a problem via Status. |
| Application Code | Displayed only when viewing Nagios application type events. |
| Application Name | Displayed only when viewing Nagios application type events. |
| Error Type | Displayed only when viewing Nagios and Syslog application type events. Error Type indicates type of event error (e.g. Service Alert). |
| Logger Name | Displayed only when viewing Nagios application type events. |
| Sub Component | Displayed only when viewing Nagios and Syslog application type events. Sub component indicates a description of the event device. |
| Category | Displayed only when viewing SNMPtrap application type events. |
| Event Name | Displayed only when viewing SNMPtrap application type events. |
| Event OID Numeric | Displayed only when viewing SNMPtrap application type events. |
| Event OID Symbolic | Displayed only when viewing SNMPtrap application type events. |
| IP Address | The IP Address of the originator of the SNMP Trap event. Displayed only when viewing SNMPtrap and Syslog application type events. |
| Variable Binding | Displayed only when viewing SNMPtrap application type events. |