NetDecision
Traffic Grapher
SNMP Agent Simulator
Roadmap
Login
Password
  • Register
    		•
  • Edit account
    		•
  • Forgot password?
    		•
    Home / Products / NetDecision Applications / NetDecision LogVision print version

    Products
    NetDecision Applications
    List of the products

    NetDecision LogVision

    NetDecision LogVision

    NetDecision LogVision is a general purpose log mediation application that allows users to receive, visualize and handle syslog and Windows event log messages in various ways. The application architecture combines RFC 3164 syslog server and Windows event log monitoring server in one in order to unify customization and handling procedures. Due to its flexible message handling capabilities, LogVision can be used together with other network management applications to provide distributed and structured log handling. LogVision supports most enterprise firewalls including Check Point, Cisco PIX, SonicWALL, NetScreen, WatchGuard, and more.

    The picture below demonstrates the conceptual architecture of the LogVision:

    Features

    • LogVision can receive syslog messages and monitor local event log;
    • The LogVision"s main window acts as a console viewer displaying real-time information about received messages;
    • LogVision allows the user to create filtering and processing rules based on originator IP address, syslog facility, syslog severity, syslog process name, message text, event type, event source, etc.;
    • LogVision provides a set of preconfigured message handlers enabling the following actions to be automatically executed upon message receiving:
      • send e-mail to one or more recipients;
      • log message data to a log file;
      • store message data in a database via ODBC;
      • execute any external application or command;
      • enable audible alarm;
      • send SNMP Trap to one ore more destinations (each specified by IP address and port);
      • send syslog message to one or more syslog servers;
      • create task in MS Outlook;
      • send SMS via GSM mobile phone;
      • invoke web service;
      • write to Windows Event log.
    • LogVision automatically clears aged (outdated) messages/records based on user defined rules;
    • LogVision allows the user to view web reports;
    • Quick Reports window provides user with a simple pie chart representing a summary information about messages currently listed in the main view.
    • LogVision allows the user to create and view web reports (integration with Remote Management Console);
    • LogVision can be managed remotely using Remote Management Console;
    • LogVision allows the user to create new message handlers or modify existing ones to implement custom handling procedures.

    Due to its unique message handling capability, LogVision is an ideal tool for the first-stage handling of the syslog or event log traffic. LogVision can manage syslog or event log messages at remote sites, forwarding only the important messages to the high-level management console application, possibly minimizing the traffic.

    Message Handlers

    Syslog and Windows Event Log handlers in LogVision can be considered as definitions containing information on how to manage incoming syslog messages and Windows events. In other words, handlers contain information on what to do when a specified message arrives or when the user acknowledges/deletes selected message/record using LogVision graphical interface.

    Defining matching criteria

    In order to provide the most flexible logic when analyzing and matching syslog message or event data message handler is built as multi-level hierarchal structure consisting of unlimited number logical operators and data comparators.

    Comparator

    Comparator defines what data parameter of incoming message must be looked at in order to make a decision what action to perform next.

    Filter

    Based on the result of logical comparison (matched or not) the message can be either rejected or passed. If syslog message or event is passed it will not appear in the message window but corresponding record (about message being rejected) would be added to the application log. Even if a message is rejected it is still possible to execute Handler Action in order to have more handling options.

    Auto acknowledgement

    This option automatically acknowledges message/event.

    Aging

    Specifies the lifespan of message/event in the datastore (internal + ODBC database if Database Handler is used). Message/Event will be deleted if the attribute "Receive Time" of the message/event is older than this value in the datastore. This value has an impact on the amount of storage required and affects system performance. Use Interval parameter to specify lifespan. You can also define whether you need (or don"t need) to execute action for aged traps by using Execute Delete Action option. Please note that Action execution significantly affects application performance.

    Action

    In LogVision handler actions are executed using NetDecision script language which makes it highly flexible and customizable. An action in LogVision is performed by NetDecision script. Handler configuration includes specifying script template to be used as action executer. Specific handler parameters are being passed to a script at runtime as script variables. These variables can be easily addressed within a script by name.

    Developed by WebMechanica Copyright © 2001-2010 NetMechanica e-mail