About Event Console

Content

This page reviews the GroundWork Monitor application Event Console.

1.0 About Log Messages

The Event Console shows a unified view of all log messages for all applications with details about the most recent events impacting your IT infrastructure. Color coded threshold breaches and related message details let you correlate event details with real time status screens to determine the likely cause of an issue and allow certain actions to be taken on messages. Within the console , you not only get data from active or passive polling but also from different monitoring types for example SNMP Traps and Syslog files.

Since, Foundation supports the integration of multiple data types, with a little configuring, you can also integrate other application types such as JMX messages, and JMS. The GroundWork Monitor Status page displays an embedded view of the Event Console where you can view logged events for host groups and hosts.

While using the application you may notice the different event screens will automatically update. The Event Console uses a push technology where log messages are actually pushed (server initiated rendering) to the console as opposed to browser polling.

2.0 Screen Layout

The Event Console window consists of basically two frames. The left frame allows a user to select the type of events to view within the right frame. The right frame displays the list of events with dynamic columns and rows based on the selected filters. The right pane also allows for search parameters to be entered to display only those filtered events that match the search criteria.

Figure: Event Console Screen Layout

  • Event Filters - This panel lists filters used to display specific events. System Filters are automatically generated for objects and groups in the system. Public Filters are predefined. Public Filters can be reloaded by selecting Reload next to Filter Events. This loads the filters from XML.
  • Event Console Tabs - This area contains the selected filtered events by tab (e.g. All Open Events). The New tab enables additional groups of filtered events to be displayed (e.g. NAGIOS). To remove a tab select red X symbol on the tab to be removed.
  • Search Events, Date-Time Range, and Update Label - These parameters enable users to search a list of events by Device, Messages, Severity, OpStatus, and MonStatus. Users can show specific date ranges by using either a _Preset option or specifying a Custom date range. The Update Label option is used to edit the default tab name to better match its contents.
    Event Control Options: Allows users to perform options on events: The Select All button selects all events (click each event to select individually) to be able to apply actions to a all events. The various actions are displayed that can be applied to selected events, the Pause/Resume Incoming Events button is used to freeze active updating of events, and the Alarm/Silence Alarm button toggles from Alarm (audible alarm sound) to Silence Alarm (stops alarm sound) for new messages coming into the Event Console.
  • Sort by and Resize Columns, and Viewing the Message Column - Events can be organized in ascending or descending order by each column. The Received by GW column is the default sorted column. To sort a column simply click the column title. Columns are re-sizable by clicking and dragging the area in between columns, and the Message column's entire contents can be viewed by hovering over the message. See Developer Reference>Configuring Event Console to change the message default column width.
  • Additional Columns for an Event - In Event Console when showing views across application types only common field are shown. However, the folder icon when clicked will display all fields for the event. If an icon is not displayed here the event message does not contain additional columns.
  • Status Cross Links and Device Details - The Event Console application provides cross links to the corresponding Status pages. When a device name in the Device column is selected the device host page will be displayed in Status. If no host for that device exists (snmptrap) the link will be in-active (not click-able). If application type Nagios is selected, any services in the Service column link to the Status service page. Additionally, to display Device Details select the icon present next to the device name.
  • Collapse-able Panes - The left filters pane and the top search pane are collapse-able by selecting each area arrow. This allows for more data to be displayed.
  • Page Navigation - To go to additional pages select the pagination controls at the bottom of the event list. In some instances you may need to scroll to the right to view additional columns. Controls include; First Page, Fast Rewind, Previous Page, Specific page numbers, Next page, Fast Forward, and Last Page. (Not shown in figure)

3.0 Viewing Events

The Event Console package offers a view of monitoring from the standpoint of an event stream. This is important for some installations, particularly those where NOC staff will require access to detailed asynchronous messages for incident management. After launching the Event Console, the default view will be All Open Events which displays the most recent open events. This section covers how to display specific events, using multiple tabs for multiple filtered lists, collapsing panels for more space, and sorting event lists. Depending on the filter being used, specific columns will be displayed. See the table below for a comprehensive list of all data field descriptions.

Table: Field Descriptions

Field Name Field Description
Received by GW Monitoring system date and time the event was initially reported and received by GroundWork Monitor.
Message Count Count of occurrences of one particular message - many messages are very similar and they are consolidated into one event message. This consolidation feature reduces the number of similar messages in the LogMessage table. For each insert the consolidation criteria will be applied to the incoming message. Then the First Inserted and Last Inserted date/time is tracked. Consolidation of events is built in to the adapter module for each source of data, so depending on the adapter settings, messages may be individually recorded, or displayed as the same message record with incrementing counts.
Device Device where the event was reported. The Device column device names are actual links to monitors in the Status application.
Status Current status mapped internal to Nagios state. Color coding matches the status. OK is color coded in green indicating that a device is OK and that it is up; CRITICAL is red indicating the device is in a critical, fatal, down or unreachable state depending on the application type, and WARNING is color coded in yellow indicating that an event is in a warning state and although not critical should eventually be looked into. There is also a PENDING status which is color coded in orange indicating an unknown state.
Message The event message indicating status and a brief description of the event.
Application Type The application type of the event. This can be system level errors, Nagios monitoring type events, SNMP Trap, or Syslog.
Severity Application severity. Severity type will depend on what type of events are being viewed.
Last Detected Date and time the last message came in for this event.
First Detected Date and time the first message came in for this event.
Service The name of the Service for the Service Alert. This is a Nagios specific displayed column in Event Console.
Acknowledge Comment Displayed only when viewing Nagios application type events. The Acknowledge Comment column displays comments entered by the user when acknowledging a problem via Status.
Acknowledged By Displayed only when viewing Nagios application type events. The Event Console has incorporated a User Acknowledgment feature which indicates who acknowledged a Nagios application type event (problem with a Host or Service), by listing the system user login ID in the Acknowledged By column. A problem with a Host or Service can be Acknowledged through Nagios or Status. If the Acknowledge By Column contains N/A, this indicates there is no user name associated with the acknowledged event. A blank indicates that the event has not been acknowledged.
Application Code Displayed only when viewing Nagios application type events.
Application Name Displayed only when viewing Nagios application type events.
Error Type Displayed only when viewing Nagios and Syslog application type events. Error Type indicates type of event error (e.g. Service Alert).
Logger Name Displayed only when viewing Nagios application type events.
Sub Component Displayed only when viewing Nagios and Syslog application type events. Sub component indicates a description of the event device.
Category Displayed only when viewing SNMPtrap application type events.
Event Name Displayed only when viewing SNMPtrap application type events.
Event OID Numeric Displayed only when viewing SNMPtrap application type events.
Event OID Symbolic Displayed only when viewing SNMPtrap application type events.
IP Address The IP Address of the originator of the SNMP Trap event. Displayed only when viewing SNMPtrap and Syslog application type events.
Variable Binding Displayed only when viewing SNMPtrap application type events.
3.1 Using Filters to Display Specific Events

The Event Console provides viewing options for different monitoring data types. When entering the Event Console application the most recent open events (All Open Events) will be displayed in descending order by the column titled Received By GW, with the most recent event displayed first. There are 20 events listed per page with pagination controls displayed at the bottom of the screen. Specific events can be displayed by using defined System or Public filters. System filters are automatically generated for objects and groups in the system and Public filters are pre-defined.

  • The Device Column in the Event Console is the Host name if a Host name exists. If the Host name does not exist then the Device display name is used.
  • The columns of the data table are driven by the data in the page. If messages in the table are specific to one application type (e.g. Nagios), then columns specific to that application type are shown in addition to columns common to all application types. If messages in the table are of mixed application types (e.g. Nagios, SNMP etc) then only columns common to all application type are shown.
  • Developers may add additional public filters; see Developer Reference>Event Console.
3.1.1 System Filters

The System and Public Filters panel is a tree-based navigation structure which expands and collapses when selected.

The System Filters figure below shows all system filters in the expanded display. It consists of All Open Events which shows all open log message events. Root node for the system filter tree is Filter Events. Branch nodes are Applications, Host Groups, (which include the new [Custom Groups]), Service Groups, and Operation Status. The branch nodes expand to sub-branch nodes whose labels are populated dynamically from the server. The events shown in this example are filtered by the Application Type VEMA.

Figure: System Filters

3.1.2 Public Filters

The Public Filters filters include; All Events, Critical, Warning, Nagios Warning, Last 5 SNMPTRAP Warning, Last 10 Minutes NAGIOS Critical, and Current Troubled Open Events. The events shown in this example are filtered by the status Critical.

Figure: Public Filters

3.2 Using Multiple Tabs and Collapsing Panels
3.2.1 New tab

The New tab option enables multiple event lists to be displayed each with their own filtered data so a user can easily access and switch between multiple defined lists. The tab title can be changed using the Update Label box. To remove a tab select the X, that will be shown on the tab when multiple tabs are in use. The new tab shown in our example is VEMA Warning which also has the filter VEMA and monitor status of WARNING.

Figure: Applying a Filter, Adding a New Tab, and Updating Label

3.2.2 Collapsing panels

Collapsing panels in Event Console allows more event data to be displayed. The side filters and top search pane arrows can be selected to hide and redisplay these panels.

Figure: View of Console before Collapsing

4.0 Sorting, Searching, and Applying Actions

4.1 Sorting Events

Sorting and filtering functions within Event Console allow users to focus on events of given types, time periods, or sources. Each column can be sorted in ascending and descending order by clicking on a  column title. By default, events are sorted by the  Received by GW column in descending order. The events shown in this example are sorted by Status in descending order (as indicated by the arrow symbol within the title).

Figure: Sorting Events

4.2 Searching Events

Search Events options enable the filtering of events in addition to any applied filter from the side panels. A user can indicate a Device name and/or Message content to be searched (e.g. Foundation). A date and time range can be set to search only those events matching an indicated preset time (e.g. Last 10 Minutes) or a selected calendar date range. In addition, a user can search by Severity, Operation Status (OpStatus), and Monitor Status (MonStatus) by selecting the desired search values from the drop-down menus. The figure below displays an All Open Events with a search criteria set as: Messages: Foundation and MonStatus: WARNING.

Figure: Searching in the Event Console

4.3 Applying Actions to Events

The Event Console enables users to select messages and apply various actions including Open Log Message, Close Log Message, Accept Log Message, and other application type specific actions. Once actions have been applied to the events the events will be relocated to the Operation Status folder. A pop-up notification of failure will be displayed on the screen if the action execution fails and does not complete. Developers can configure additional actions; see Developer Reference >Configuring Event Console for detailed information.

Figure: Applying Actions

The list of actions displayed is driven by the message(s) that are selected. There are two sets of action types. Standard System Actions which include OPEN, CLOSED, NOTIFIED, and ACCEPTED; and Application Actions which include Nagios Acknowledge, and Submit Passive Check. If the message(s) selected belong to a single application type, the action list will consist of Standard System Actions plus the specific Application Actions. If the message(s) selected belong to multiple application types then only Standard System Actions will be listed. Refer to the table below for action definition descriptions. Non GW actions display a dialog box for user input of additional information.

Table: Action Definitions

Accept Log Message A Standard System Action. This action changes the identified log messages to an ACCEPTED operation status.
Notify Log Message A Standard System Action. This action changes the identified log messages to an NOTIFIED operation status.
Nagios Acknowledge An Application Action type action. This action runs a shell script that notifies Nagios of log messages acknowledgment. Nagios specific.
Close Log Message A Standard System Action. This action changes the identified log messages to an CLOSED operation status.
Open Log Message A Standard System Action. This action changes the identified log messages to an OPEN operation status.
Submit Passive Check An Application Action type action. This action runs a shell script that submits passive check. SNMPTRAP specific.
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.