지금 지원 담당자와 채팅
지원 담당자와 채팅

syslog-ng Store Box 7.0.4 LTS - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Monitoring SSB's disk

SNMP object: HOST-RESOURCES-MIB::hrStorageTable

Community (v2c) /

Context (v3)

Data and system

This section describes monitoring syslog-ng Store Box(SSB)'s disk usage. Disk usage is measured per mountpoint (that is, partition).

Data partition
Mountpoint /mnt/firmware
Partition data partition
Community

<community-of-extended-node> (Basic Settings > Monitoring > SNMP agent settings > Community)

Context "" (empty string)

Free disk space that can be acquired by your main production system (for example, logspaces).

To make sure that you have the free disk space you are comfortable with, monitor the free disk space. This partition can fill up with for example the following:

  • received logs

  • generated reports

  • collected statistics

  • core dumps

If you cannot keep your free disk space in your comfortable interval (with scheduled cleanups) you probably need to purchase more SSB appliances. For assistance, contact our Support Team.

NOTE: If you have configured Basic Settings > Management > Disk space fill up prevention, be aware that SSB will stop receiving log after reaching the configured threshold. By default, clients are disconnected when disks are 90 percent full. For details, see Preventing disk space fill up.

For which systems and configurations is it applicable? Applicable for all configurations and systems.
Value change frequency The file system's available space is continuously decreasing, depending on logspaces, reports, statistics, and core files.
Related issues and issue indicators The monitored values may indicate that the used storage space has reached the level configured under Basic Settings > Management > Disk space fill up prevention. In this case, archiving starts (if archiving is configured), and incoming logs are rejected. Note that if the disk fill up prevention level is reached too often and too soon, it indicates a serious issue.

Caution:

Hazard of data loss If the used storage space of the file system under /mnt/firmware exceeds the allowed rate configured under Basic Settings > Management > Disk space fill up prevention, SSB will stop receiving log messages. To avoid data loss, archive your logs or store them in some other way (for example, forward your log messages to different logstores). Alternatively, reconsider your configuration settings, upgrading the capacity of your SSB appliance, or purchasing more SSB appliances.

Solution:

  • Consider upgrading the capacity of your SSB appliance or purchasing more SSB appliances (for more information, see Hardware specifications or contact our Sales Team).

  • Reconsider your configuration settings.
  • Archive your logs from your logspaces to clean up logstores on your SSB appliance.
System partition
Mountpoint /initrd/mnt
Partition system partition (if SSB is in HA mode, the system firmware partition of both nodes)
Community <id-of-the-node>
Context <id-of-the-node>

The space on this mountpoint is required only by the system. Generally, this is independent from how you use SSB. The only important thing here to have some free space on the mountpoint.

Make sure that you have some free space on this mountpoint. As a recommended threshold, set a trigger to 80% in your monitoring system. If there is only about 20% free space left on this mountpoint, contact our Support Team.

NOTE: Monitoring the size of specific logspaces is not possible this way. If you are interested in the size of a specific logspace, you can configure a size limit alert for that logspace on the SSB web interface. For details on configuring a disk size alert for a specific logspace, see Creating logstores.

For which systems and configurations is it applicable? Applicable for all configurations and systems.
Value change frequency The available storage space is not supposed to decrease significantly.
Related issues and issue indicators The monitored values may indicate that the system is out of storage space, or that the available storage space is running very low.

Caution:

Hazard of data loss If the used storage space of the file system under /mnt/firmware exceeds the allowed rate configured under Basic Settings > Management > Disk space fill up prevention, SSB will stop receiving log messages. To avoid data loss, archive your logs or store them in some other way (for example, forward your log messages to different logstores). Alternatively, reconsider your configuration settings, upgrading the capacity of your SSB appliance, or purchasing more SSB appliances.

Solution:

If you encounter an issue related to the file system under /initrd/mnt, contact our Support Team.

Monitoring SSB's memory

Swap usage
SNMP object:
  • UCD-SNMP-MIB::memTotalSwap

  • UCD-SNMP-MIB::memAvailSwap

Community (v2c) /

Context (v3)

Data and system

The syslog-ng Store Box(SSB) appliance is using swap (except on Azure) as part of its normal operation.

You can receive swap usage alerts by configuring an alert on Basic Settings > Alerting. For details, see Configuring system monitoring on SSB.

For which systems and configurations is it applicable? Applicable for all configurations and systems.
Value change frequency Its value is continuously changing.
Related issues and issue indicators If the computed returned value is close to 0, memory usage is too high.

Solution:

  • Decrease load.
  • Purchase a new SSB appliance.

Memory usage
SNMP object:
  • UCD-SNMP-MIB::memTotalReal

  • UCD-SNMP-MIB::memAvailReal

Community (v2c) /

Context (v3)

Data and system

If SSB's memory and swap usage are both above 90%, fine-tune your configuration or purchase more SSB appliances to balance the load. For assistance, contact our Support Team.

For which systems and configurations is it applicable? Applicable for all configurations and systems.
Value change frequency Its value is continuously changing.
Related issues and issue indicators If the computed returned value is close to 0, memory usage is too high.

Solution:

  • Decrease load.
  • Purchase a new SSB appliance.

Monitoring SSB's CPU

This section describes monitoring syslog-ng Store Box(SSB)'s CPU.

NOTE: This document uses the concept of 'logical CPU' used by the Linux kernel. In this section, 'logical CPU' will be abbreviated as 'CPU'. To determine the number of CPUs in your SSB machine, enter the lscpu command in your console, or send an SNMP request.

Monitoring CPU load

SNMP object: HOST-RESOURCES-MIB::hrProcessorLoad

Community (v2c) /

Context (v3)

Data and system

CPU load shows the availability of a CPU. Its value is a rational number ranging from 0.0 or 0% to 1.0 or 100%. If the CPU load is 0.0 or 0%, then the measured CPU is idle. If the value is 1.0 or 100%, then the CPU is fully loaded.

If the load of one CPU is above 90% and other threads are significantly less loaded for a longer time period, fine-tune your configuration or purchase more syslog-ng Store Box(SSB) appliances. For assistance, contact our Support Team.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택