|
|
The following sections are presented in this chapter:
For additional information about Syslog Analysis, refer to the online help.
Scenario: You want to configure a custom report to monitor several alert types.
To configure a custom report, perform the following steps:
Step 1 Select Admin > Syslog Analysis > Define Custom Report.
The Define Custom Report dialog box appears. (See Figure 7-1.)
Step 2 Click Add.
The Define Custom Report dialog box is modified to include message types. (See Figure 7-2.)
Step 3 Enter a name for the report, up to 64 characters long.
Step 5 Select the 24-Hour Report check box to add the report to the 24-Hour Reports task folder. The report will be generated when you select Tasks > 24-Hour Reports > Syslog Messages.
Step 6 Click Advanced to set more options, such as facility and severity codes.
Step 7 Click Finish.
A confirmation message appears.
Scenario: You want to determine which routers on your network have changed running configurations over a specified period.
To view a custom report, perform the following steps:
Step 1 Select Tasks > Syslog Analysis > Custom Reports.
The Custom Reports dialog box appears. (See Figure 7-3.)
Step 2 Select System Views from the Views column, then click All.
Step 3 Click Next.
The Select Report Name and Dates dialog box appears. (See Figure 7-4.)
Step 4 Select the report name and the date, then click Finish.
The Configuration Changes Report appears. Print the report and save it as a CSV or plain text file.
Use 24-hour reports to identify the syslog messages generated over the last 24 hours.
You can add 24-hour reports by performing the procedure for Configuring a Custom Report.
Scenario: You just came in from the field or arrived for your shift and you want a status report for the most recent syslog messages.
Step 1 Select Tasks > 24-Hour Reports > Syslog Messages.
The Syslog 24-Hour Report appears. (See Figure 7-5.)
Step 2 Click on a report name to view details. The example is using Reload Report. (See Figure 7-6.)
Step 3 Click Close to close the report.
Scenario: You want to obtain a snapshot of the error-message severity levels for the routers on your network.
To view the severity-level summary, perform the following steps:
Step 1 Select Tasks > Syslog Analysis > Severity Level Summary.
The Severity Level Summary dialog box appears. (See Figure 7-7.)
Step 2 Select System Views > All Routers from the Views column, click All, then click Next.
The Select Dates dialog box appears. (See Figure 7-8.)
Step 3 Select Today to see the Severity Level Summary for the current day, then click Finish.
The Severity Level Summary appears. (See Figure 7-9.)
Step 4 Print the report and save it as a CSV or plain text file.
Step 5 Click on the links to display messages logged by the device. (See Figure 7-10.)
Step 6 Click Close to close the report.
Scenario: You want Essentials to automatically send e-mail to a group of employees whenever certain syslog messages are filtered.
To define an automatic action, perform the following steps:
Step 1 Select Admin > Syslog Analysis > Define Automated Action.
The Define Automated Action dialog box appears.
Step 2 Click Add.
The Define Automated Action dialog box appears. (See Figure 7-11.)
Step 3 Enter a name for the action.
Step 4 Add the types of messages to filter by selecting them from the list, then click Add. To remove message types, select them in the left column, then click Delete. You can modify message types by selecting them, then clicking Advanced.
Step 5 Select the Enable Action check box.
Step 6 Enter the script name in the Command Line field, or click Browse to select the script on your hard drive or network.
Step 7 Click Finish.
A confirmation message appears.
Scenario: You want to view messages for new devices that have been added to the network but are not yet managed by Essentials. You will use this report to determine which unexpected devices you need to add to your inventory.
To generate an unexpected device report, perform the following steps:
Step 1 Select Tasks > Syslog Analysis > Unexpected Device Report.
The Select Dates dialog box appears. (See Figure 7-12.)
Step 2 Select All, then click Finish.
The Unexpected Device Report appears. (See Figure 7-13.)
Step 3 Print the report or save it as a CSV file.
Step 4 Click Close to close the report.
Scenario: You want to store network syslog information for 7 days to use in the reports.
To set syslog storage options, perform the following steps:
Step 1 Select Admin > Syslog Analysis > Change Storage Options.
The Change Storage Options dialog box appears. (See Figure 7-14.)
Step 2 Enter information in the fields as required. The default values are shown in Figure 7-14.
Step 3 Click Finish.
A confirmation message appears.
Scenario: You want to view messages that pertain to firewall status and filter out other types of messages.
To define message filters, perform the following steps:
Step 1 Select Admin > Syslog Analysis > Define Message Filter.
The Define Message Filter dialog box appears. (See Figure 7-15.)
Step 2 Select the message types to filter, then click Add.
The Define Message Filter Dialog Box again appears. (See Figure 7-16.)
Step 3 Select Enable Filter.
Step 4 Name the filter name, select the message types, then click Add to add them to the Filtered Messages column.
Step 5 Click Finish.
A confirmation message appears.
To view syslog collection information, perform the following steps:
Step 1 Select Admin > Syslog Analysis > Syslog Collector Status.
The Syslog Collector Status window appears. (See Figure 7-17.)
Step 2 Click Close to close the window.
This completes the chapter on Syslog Analysis.
Posted: Wed Oct 6 12:08:34 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.