Chatee ahora con Soporte
Chat con el soporte

syslog-ng Premium Edition 7.0.34 - Windows Event Collector Administration Guide

Log messages and why the WEC sends them

This section describes the possible log messages you may get while using Windows Event Collector (WEC) clustering with syslog-ng Premium Edition (syslog-ng PE), and why the WEC sends them.

  • If Redis is not available during startup, the WEC instance cannot start. In this case, you will get a similar log message:

    2020-11-16T21:24:03.843Z        FATAL   state/redisstate.go:17  RedisConn: Error connecting to Redis    {"error": "RedisConn: connection failure: dial tcp 192.168.0.14:6379: connect: connection refused"}

  • If Redis is disconnected, you will get a similar log message: 

    2020-11-16T21:11:12.818Z        ERROR   state/redisconn.go:55   RedisConn: dial failed  {"error": "dial tcp 192.168.0.14:6379: connect: connection refused"}

  • If you are trying to ping Redis periodically (in this case, the ping period is 1 second), you will get a similar log message:

    2020-11-16T21:11:12.818Z        DEBUG   state/redisconn.go:115  RedisConn is still disconnected
2020-11-16T21:11:13.819Z        ERROR   state/redisconn.go:55   RedisConn: dial failed  {"error": "dial tcp 192.168.0.14:6379: connect: connection refused"}

  • I Redis eventually becomes available, you will get a similar log message:

    2020-11-16T21:13:59.829Z        DEBUG   state/redisconn.go:136  RedisConn is connected
2020-11-16T21:13:59.829Z        INFO    wec/main.go:120 Redis connection restored, starting server...
2020-11-16T21:13:59.830Z        INFO    eventstorage/datagrameventstorage.go:34 Trying to connect to unix datagram socket       {"unix-datagram": "/home/vagrant/wec_unix_dgram"}
2020-11-16T21:13:59.830Z        INFO    eventstorage/datagrameventstorage.go:44 Connected to unix datagram socket       {"unix-datagram": "/home/vagrant/wec_unix_dgram"}

Checking data stored in Redis

You can use the following commands to check your data stored in Redis.

NOTE: The following commands must be run from the CLI tool within Redis.

  • Listing subscription IDs for an event source (or host):

    127.0.0.1:6379> HKEYS win1
1) "FE14EC9A-A667-5375-B0B5-C4C4A9A6F745"

    The command lists the available subscriptions (in this case, FE14EC9A-A667-5375-B0B5-C4C4A9A6F745 is the only one available) for the event source or host (in this case, win1).

  • Getting bookmarks for a subscription ID:

    127.0.0.1:6379> HGET win1 FE14EC9A-A667-5375-B0B5-C4C4A9A6F745
"<BookmarkList><Bookmark Channel=\"Application\" RecordId=\"11098\" IsCurrent=\"true\"/></BookmarkList>"

    The command lists the bookmark value (RecordId=\"11098\") from the FE14EC9A-A667-5375-B0B5-C4C4A9A6F745 subscription ID within the win1 event source.

Timers on the WEC side

This section describes the predefined timers on the Windows Event Collector (WEC) side, and how they affect the interactions of syslog-ng PE and Redis during WEC clustering.

NOTE: The timers described in this section are not user-configurable in version 7.0.23 of syslog-ng PE.

In version 7.0.23 of syslog-ng PE, the following predefined timers are used during WEC clustering:

Timer

Description

healthCheckInterval (periodical PING): 1 second

When Redis is disconnected, the WEC instance is trying to PING Redis periodically. The period length is 1 second.

connectTimeout: 10 seconds

Connect operation fails when a connection to Redis cannot be established within 10 seconds.

readTimeout: 5 seconds

Redis is disconnected when a read operation cannot be finished within 5 seconds.

writeTimeout: 5 seconds

Redis is disconnected when a write operation cannot be finished within 5 seconds.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación