loglogic management appliance guide

LogLogic, Inc. Proprietary and Confidential

LogLogic

Management Appliance Guide

Software Release: 4.9.1

Document release: March 2012

Part No: LL20004-00E0491000

This manual supports LogLogic software release 4.9.1 until replaced by a newer edition.

LogLogic, Inc. Proprietary and Confidential

LogLogic, Inc.

110 Rose Orchard Way Ste 200

San Jose, CA 95134

Tel: +1 408 215 5900

Fax: +1 408 774 1752

U.S. Toll Free: 888 347 3883

Email: [email protected]

www.loglogic.com

© 2004 — 2012 LogLogic, Inc.

Proprietary Information

This document contains proprietary and confidential information of LogLogic, Inc. and its licensors. In accordance with the license, this document may not be copied, disclosed, modified, transmitted, or translated except as permitted in writing by LogLogic, Inc.

Trademarks

"LogLogic" and the LogLogic logo are trademarks of LogLogic, Inc. in the United States and/or foreign countries. All other company product names are trademarks or registered trademarks of their respective owners.

Notice

The information contained in this document is subject to change at any time without notice. All warranties with respect to the software and accompanying documentation are set our exclusively in the Software License Agreement or in the Product Purchase Agreement that covers the documentation.

www.loglogic.com

mailto:[email protected]

Management Appliance

Contents

Preface: About This Guide

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Documentation Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 1 Management Appliance Overview

Introducing the Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Management Appliance Administrator Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Management Appliance Features and Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Management Appliance High-Level Task Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Management Appliance Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Management Appliance Task Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 2 Configuring the Management Appliance

Setting Up the Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Configuring the Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Logging in to the Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Setting the Management Appliance IP on Remote Products. . . . . . . . . . . . . . . . . . . . 17

Setting Up Distributed Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Adding Monitored Products on the MA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Editing Monitored Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Removing Monitored Products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Setting Up Local System Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Viewing the Local MA System Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Editing the Local MA System Alerts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Setting Up Remote Product Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Managing Authentication and SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Management Appliance and Remote Product Authentication . . . . . . . . . . . . . . . . . . . 21

Managing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Chapter 3 Monitoring and Controlling Remote Products

Introduction to Remote Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Setting Up Alerts on Remote Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Monitoring Capabilities by Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Monitoring Procedure Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Checking the Health and Status of Remote Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Getting the High-Level Product Status View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Status Monitoring Color Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Organizing the Monitoring Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Data Collection Intervals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Guide 3

CONTENTS

Changing the MPS, CPU, and Alert Intervals . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Changing the Product Status Refresh Rate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Getting the Product Status Detailed View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Checking for Alerts on Remote Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Alert Color Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Getting Details on Alerts per Product. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Checking for Critical Notifications on Remote Products . . . . . . . . . . . . . . . . . . . . . . . 32

Getting the Aggregate Status of Remote Products . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Customizing the Monitoring Table View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Pre-defined Custom Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Defining and Saving a Custom View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Filtering Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Performing Remote Control Operations on Managed Products . . . . . . . . . . . . . . . . . . . . 34

Remote Control to the Product System Status Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Monitoring LogLogic High Availability Product Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Viewing HA Pairs Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Chapter 4 Administering the Local Management Appliance

Introduction to the Local Management Appliance Administration . . . . . . . . . . . . . . . . . . . 37

Performing Immediate Maintenance Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Restarting the Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Rebooting the Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Shutting Down the Management Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Performing Routine Administrative and Maintenance Tasks. . . . . . . . . . . . . . . . . . . . . . . 39

Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Backup Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Managing SSL Certificates on the MA and on Remote Products . . . . . . . . . . . . . . . . 40

Manage Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

System Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Upgrading the Local Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

RAID Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Chapter 5 Troubleshooting the Local Management Appliance

Troubleshooting Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Getting Local Critical Notifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Getting Critical Notifications on the Local MA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Viewing the Local MA Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

System Restart, Reboot, and Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Checking the Local MA System Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Index

4 Management Appliance Guide

Preface

About This Guide

The LogLogic Management Appliance Guide is a guide for the LogLogic Management Appliance (MA). It covers the initialization, configuration, and setup for distributed monitoring and how to administer, monitor, manage, and troubleshoot remote Appliances (products).

Related DocumentsThe LogLogic documentation is available on the Solutions CD or on the LogLogic Technical Support website — http://www.loglogic.com/services/support. The documentation includes Portable Document Format (PDF) files and Online Help accessible from the LogLogic user interface.

To read the PDF documentation, you need a PDF file viewer such as Adobe Acrobat Reader. You can download the Adobe Acrobat Reader at http://www.adobe.com.

The following documents contain information about the LogLogic Appliances:

LogLogic Release Notes — Provides information specific to the release including product information, new features and functionality, resolved issues, known issues and any late-breaking information. Check the LogLogic support web site periodically for further updates.

LogLogic Hardware Installation Guide — Describes how to get started with your LogLogic Appliance. In addition, the guide includes details about the Appliance hardware for all models.

LogLogic Installation and Upgrade Guide — Describes how to install and upgrade the LogLogic Appliance software.

LogLogic User Guide — Describes how to use the LogLogic solution, viewing dashboard, managing reports, managing alerts, and performing searches.

LogLogic Administration Guide — Describes how to administer the LogLogic solution including all Management and Administration menu options.

LogLogic Log Source Configuration Guides — Describe how to support log data from various log sources. There is a separate manual for each supported log source. These documents include documentation on LogLogic Collectors as well as documentation on how to configure log sources to work with the LogLogic solution.

LogLogic Collector Guides — Describe how to implement support for using a LogLogic Collector for specific log sources such as IBM i5/OS and ISS Site Protector.

Management Appliance Guide 5

http://www.loglogic.com/services/support

Technical Support

LogLogic Web Services API Implementation Guide — Describes how to implement the LogLogic Web Services APIs to manage reports, manage alerts, perform searches, and administrate the system.

LogLogic Syslog Alert Message Format Quick Reference Guide — Describes the LogLogic Syslog alert message format.

LogLogic Online Help — Describes the Appliance user interface, including descriptions for each screen, tab, and element in the Appliance.

Technical SupportAt LogLogic, we are committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although LogLogic products are easy to use and maintain, occasional assistance may be necessary. LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable, experienced engineers who can help you maximize the performance of your LogLogic Appliances.

To reach our experienced support team:

Telephone:

Toll Free — 1-800-957-LOGS

Local —1-408-834-7480

Europe, Middle East, Africa (EMEA) or Asia Pacific (APAC): + 44 (0) 207 1170075 or +44 (0) 8000 669970

Email: [email protected].

Support Web site — http://www.loglogic.com/services/support

When contacting Customer Support, be prepared to provide the following information:

Your name, e-mail address, phone number, and fax number

Your company name and company address

Your machine type and release version

Serial number located on the back of the Appliance or the eth0 MAC address

A description of the problem and the content of pertinent error messages (if any)

Documentation SupportYour feedback on LogLogic documentation is important to us. Send us e-mail at [email protected] if you have questions or comments. Your comments will be reviewed directly by the LogLogic professionals who create and update the documentation.


mailto:[email protected]

http://www.loglogic.com/services/support

About This Guide

In your e-mail message, please indicate the software name and version you are using, as well as the title and document date of your documentation.

ConventionsLogLogic documentation uses the following conventions to highlight code and command-line elements:

Monospace is used for programming elements (such as code fragments, objects, methods, parameters, and HTML tags) and system elements (such as file names, directories, paths, and URLs).

Monospace bold is used to distinguish system prompts or screen output from user responses, as in this example:

username: system

home directory: home\app

Monospace italic is used for placeholders, which are general names that you replace with names specific to your site, as in this example:

LogLogic_home_directory\upgrade\

Straight brackets signal options in command-line syntax.

ls [-AabCcdFfgiLlmnopqRrstux1] [-X attr] [path ...]


Conventions


CHAPTER 1

Management Appliance Overview

Contents

Introducing the Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Management Appliance Administrator Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Management Appliance Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Management Appliance Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Introducing the Management Appliance The Management Appliance (MA) is a LogLogic Appliance that lets you monitor and manage remote LogLogic products. As the number of LogLogic products grows on distributed networks, so does the need to effectively monitor, control, and manage these distributed products.

The MA provides a common entry point into the distributed architecture of these products enabling the enterprise to meet compliance mandates, security considerations, distributed monitoring, and remote control requirements for all managed products while satisfying IT best practices.

Figure 1 on page 10 shows a simple distributed MA deployment scenario. This scenario shows a data center with multiple LX Appliances, an ST Appliance for log storage, an existing database attached to the network with raw logs, two remote offices with several LX Appliances, and a disaster recovery site.


Management Appliance Administrator Role

Figure 1 Simple MA Distributed Deployment Scenario

Data Center

ST 2010raw logs

LX 2010

metalogs

raw logs

ST 2010raw logs

Disaster Recovery Site

raw logs

LX 2010

metalogs

Remote Office

LXmetalogs

LXmetalogs

Remote Office 1

metalogsLX

Remote Office

LXmetalogs

Remote Office 2

LXmetalogs

MA Web Interface

This scenario can be significantly expanded upon to include additional data centers and many more remote offices all with their own products, servers, network attached storage, and compressed raw logs. When you have scaled your architecture to include several remote sites, it is easy to see how important it is to have the concept of managed products.

Management Appliance Administrator RoleMA system administrators set up, initialize, configure, and install products such as LogLogic Appliances on a network. All MA administrators have full administrative privileges so they can:

Manage the local MA administrator account.

Run, view, create, and modify reports (summary and real-time reports) on remote products and search on the log data captured on the MA itself.

Perform configuration and administration tasks on the MA itself and gather diagnostic data on the status and health of the remote products it manages.

Perform remote control operations such as running reports and performing searches on managed products to troubleshoot and fix problems.

Perform routine maintenance on the MA; for example: updates of the MA software and license, and operations such as restart, reboot, and shutdown.


CHAPTER 1 Management Appliance Overview

Management Appliance Features and BenefitsThe MA has several features and benefits letting you:

Get high-level health and status information on remote products at a glance from the monitoring dashboard and perform tasks on remote products to address health and status items as needed.

Get alert statistics on remotely managed products by their high, medium, and low priority status.

Get critical notifications on the local MA upon log in—one-time events that are under your control to fix at your discretion.

Management Appliance High-Level Task FlowAfter the initial setup and configuration for distributed monitoring, you can begin to monitor and manage remote products. Figure 2 shows the high-level MA task flow.

Figure 2 High-level Application Task Flow

Login LogoutMonitoringOne-time

EULA Reporting MA Admin

Management Appliance TasksThe MA tasks are similar to those of the LX, ST, and MX Appliances. In addition to the System Status and Log Source Status dashboards, the MA includes a monitoring dashboard (Monitored Products).

Figure 3 on page 12 shows the fully expanded MA default navigational menu with no add-on products.


Management Appliance Task Map

Figure 3 Management Appliance Default Navigational Menu

Management Appliance Task MapTable 1 maps the MA navigational menu to the MA administrative tasks.

Table 1 MA Navigational Menu Task Map (Fully Expanded)

Menu Item Description

+Dashboards

Monitored Products Monitor and manage the health and status of remote products

System Status Monitor the status of the local MA

Log Source Status Monitor the local MA-attached log sources

Real-Time Viewer View the local MA log messages in real time

+Local Search

Index Report Generate index reports

Index Search Perform index searches on the local MA

Regular Expression Search

Search logs using regular expressions

Search Filters Use pre-defined filters to view saved search patterns for the Real-Time Viewer and alerts

View Data Files View archived local log data

+Local Alerts


CHAPTER 1 Management Appliance Overview

Alert Receivers Define SNMP trap or Syslog receivers

Alert Viewer Display all local MA alerts

Manage Alerts Manage, edit, and create local MA alerts

+Preferences

Change Password Change MA password

Personal Preferences Set MA display preferences

+Administration

Access Control Define network access rules for accessing the MA

Backup Configuration Manage Backup configuration for maintaing data

Manage SSL Certificate Manage MA SSL certificates

Manage Users Manage the local MA administrative account

System Settings Manage key system-wide configuration settings, remote server SMTP and authentication settings, network interface settings, time settings, and logins

+Maintenance

File Update Update the MA software using the file update facility

License Update Update the MA license

Online Update Update the MA software using an Internet connection to download applicable files on the MA

RAID Status Update the RAID status

System Get statistics on MA processes, view configuration settings, available database tables, and perform routine MA administration

Menu Item Description


Management Appliance Task Map


CHAPTER 2

Configuring the Management Appliance

Contents

Setting Up the Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Setting Up Distributed Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Setting Up Local System Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Managing Authentication and SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Setting Up the Management ApplianceLike all LogLogic products, the MA comes with the LogLogic Web-based software pre-installed on the Appliance and its own:

default IP address (10.0.0.11)

default administrator username and password for browser access (admin/admin)

pre-defined root user and password (root/logapp) for command-line interface (CLI) access

During the MA configuration process, you update these settings by defining your own network and login settings.

Configuring the Management Appliance

Because the MA is the common entry point for distributed monitoring and the remote control of managed products on the network, it is important to assign a stable network IP address to the MA during its initial setup.

IMPORTANT! While you can change the MA IP address when the network topology requires it, doing so will require re-running the set mip command to register this new address on all the remote products that the MA manages (see Setting the Management Appliance IP on Remote Products on page 17).

The next procedure shows how to perform the MA configuration steps using the CLI. To configure the MA using the Web browser, see the LogLogic Quick Start Guide.


Setting Up the Management Appliance

To configure the MA

1. Open a terminal window and log in to the MA as root/logapp.

2. Configure the MA IP address and network interface settings (netmask, broadcast address, gateway, and ethernet bond) with the set ip command.

Note: You can get help at the LogLogic command-line. For example, to get help on the set command, type: set ?

# set ip <IP-address> <netmask> <gateway> [ifdev] [defaultgw]

If you are bonding two interfaces together, use interface-name to indicate bond0 or bond1.

Example:

set ip 10.9.3.250 255.255.255.0 10.9.3.255 bond0

3. Set the domain name server (DNS) with the set dns command. For example:

set dns 10.1.1.5

4. Save your network settings with the save command:

save

You are prompted to save your network settings. You are also prompted if you want to create a Blue Coat certificate, although this is not necessary unless you intend to run Blue Coat in your environment.

5. Initialize the rc startup and secure shell daemons by restarting the MA with the network restart command.

network restart

At this point, the new MA new settings effect.

6. (Optional) To verify your current MA network settings, type:

show current

These network tasks are the same for all products. For more information on how to perform these common product configuration tasks, see the LogLogic Quick Start Guide.

Logging in to the Management Appliance

After configuring the MA network interface settings, you can test your MA configuration by opening a Web browser and pointing to the new MA IP address.

At this point, there are some first-time MA administrative tasks to perform:

accept the one-time end-user license agreement

change the default administrator password

set up the NTP server for network time settings synchronization

enable SSH network settings if desired (optional)


CHAPTER 2 Configuring the Management Appliance

1. Open a Web browser and point to the Management Appliance IP address. For example:

https://10.9.3.250

2. Log in to the MA as admin/admin and accept the first-time end-user license agreement.

At this point you are prompted to change your administrative password.

3. On the Change Password tab, change the administrative user name and password.

4. Set up SSH and the NTP server.

a. Go to Administration > System Settings.

b. (Optional) On the General tab, click Yes next to the Enable SSH Daemon at Startup field. This allows SSH access to the MA.

c. Click the Time tab and select NTP Server to enter a Hostname or IP address for your NTP server. This is the time server by which you want to synchronize your local time.

d. Reboot the MA.

For more information on enabling other general settings on the local MA, for example, SNMP daemon, DNS, system performance settings, and SNMP Trap Sink, and other system settings, see the LogLogic Administration Guide.

Setting the Management Appliance IP on Remote Products

On all remote products that you want to monitor and manage, you must configure the remote product with the set mip (set Management Appliance IP) command. This manual configuration step is required on the remote products so they know what MA on which to send monitoring data.

Each remote product IP address must also be known to the MA; this step is part of the distributed monitoring setup (see Setting Up Distributed Monitoring on page 18).

Note: You cannot have multiple MAs managing remote products. Therefore, you can assign only one Management Appliance IP address to managed products.

To set the MA IP address on the remote product

1. Open a terminal window and log in to the remote product using the root/logapp user name and password.

2. Set the MA IP address using the set mip command. The syntax is as follows:

set mip MA-ip-address

For example, to set the MA IP address to 10.0.25.12, type:

set mip 10.0.25.12

3. (Optional) To verify the setting, type the show mip command:

show mip


Setting Up Distributed Monitoring

Setting Up Distributed MonitoringThe MA distributed monitoring dashboard lets you monitor the health and status of remotely managed LogLogic products. All remote products provide health updates every five minutes to let the MA know whether the remote product is alive and functional.

For this remote two-way communication to occur, there is a one-time configuration step on the MA to make the monitored product’s IP address known, which is done via the User Interface (UI).

Adding Monitored Products on the MA

To set up distributed monitoring, you must know the IP address of the remote products to add them to the list of monitored products.

Because you can set up hundreds of remote products to monitor and manage, the monitoring UI lets you hide products from the monitoring table to control the display contents.

Note: All monitored products must be at the 4.5 software revision level.

To add a monitored product

1. On Dashboards > Monitored Products > Product Status, click Add at the bottom of the table.

The Add Remote Product dialog box opens.

2. In the Remote Product Name field, type the name of the remote product that you want to monitor.

The name you provide must be unique and can be up to 50 characters long. Use a descriptive name for easy reference particularly when you have a large number of remote products to manage at different sites.

3. In the IP Address field, type the IP address for the remote product you want to manage.



Figure 4 Add Remote Product Dialog Box

4. (Optional) Click Hide this remote product checkbox to hide the monitored product.

When checked, the UI hides the monitored product from the monitoring table list view and excludes it from Summary page calculations.

5. Repeat this process for all additional products that you want to monitor.

After you set up distributed monitoring, you can get high level status on all remote products at a glance from the Monitored Products dashboard.

Editing Monitored Products

When setting up monitored products, you might need to go back a make a name change or fix a typo in the IP address. To do so, use the Modify Product dialog box.

To edit a monitored product

1. Click on the product name in the monitoring table and then select Edit from pop-up menu.

Figure 5 Name Pop-up Menu

This opens the Modify Product dialog box.

2. Type your edits and click Update.

Removing Monitored Products

When you no longer need to monitor a particular product, you can remove the product from the monitoring table by deleting it.


Setting Up Local System Alerts

Note: There is no undo capability; therefore, if you remove a product needlessly, you must add the product again.

To delete a monitored product

1. Click on the product name in the monitoring table and then select Delete.

A confirmation message box asks you to confirm the deletion.

2. Click OK to confirm the deletion.

Setting Up Local System AlertsThe LogLogic software generates System Alerts for monitored products based on Appliance hardware and software events, for example, when the Appliance disk is full or when a certain temperature threshold is met. All other events are related to information derived from message content, for example, a failed login attempt.

As with all LogLogic products, the MA has its own local alert mechanism with several pre-defined System Alerts already enabled with default values that cover a range of conditions that warrant monitoring.

The local MA triggers these alerts when a certain threshold is reached or a certain event condition is satisfied.

Viewing the Local MA System Alerts

Table 2 MA Local System Alerts

System Alert Name Alert Type

CPU Temperature Alerts you when the MA CPU exceeds a 65o Celsius temperature threshold.

Data Migration Complete Alerts you when the data migration is completed.

Disk Usage Alerts you when the MA disk usage exceeds a 90% disk usage threshold.

Dropped Message Alerts you when there are MAdropped messages.

Network Connection Speed Alerts you when the MA network connection line speed falls below the selected speed. By default, the MA sets this value to 10-Half. You can choose 100-Half, 100-Full, and 1000-Full as your alert criteria.

Network Interface Alerts you when any one of the three MA network interface cards (NICs) are down.

RAID Disk Failure Alerts you when the primary system has failed and the standby has taken over (failover) has occurred on one of the HA pairs.

To view the list of pre-defined alerts, go to Local Alerts > Manage Alerts. Table 2 lists the pre-defined MA local System Alerts.



Editing the Local MA System Alerts

While the local MA System Alerts provide sensible defaults for most network configurations, you might want to:

change one or more System Alert thresholds or its priority

add a new local MA System Alert

disable a System Alert that does not apply to your network configuration

To edit the local MA System Alerts, go to Local Alerts > Manage Alerts and click on the System Alert whose threshold you want to change. In the General tab, you can enter a new threshold value and/or click the Enable No radio button to disable the local system alert as well as change the priority status from high to medium or low.

Setting Up Remote Product Alerts

After adding monitored products, you might want to create, manage, and edit alerts on the managed remote products. The alerts you can set up on remote products can include alerts for routers, firewalls, and other networked devices and vary according to your monitoring and network needs.

For more information on creating, managing, and editing alerts on remote products, see the LogLogic User Guide. For information on configuring traps or supported SNMP Object IDs (OIDs), see the LogLogic Administration Guide.

Managing Authentication and SSL CertificatesTo allow the MA and the remote product to communicate securely across the network, LogLogic uses a Secure Sockets Layer (SSL) protocol and digital certificates to prevent tampering and message forgery.

Management Appliance and Remote Product Authentication

The MA and remote products use a mutual SSL authentication scheme to authenticate each other. By default, they use LogLogic-generated certificates for this authentication process.

This means there is no need to provide a user ID and password to manage the transmission of technical data.

Managing Certificates

When you set up the MA and remote LogLogic products, LogLogic manages the certificates for you. LogLogic signs its own certificates by default. The root certificate is the LogLogic root and is the same on all appliances.

This means that authentication and authorization occurs without having to use passphrases or passwords to verify the identify of each remotely managed product. For information on importing your own root certificates, see the LogLogic Administration Guide.


Managing Authentication and SSL Certificates


CHAPTER 3

Monitoring and Controlling Remote Products

Contents

Introduction to Remote Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Monitoring Procedure Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Checking the Health and Status of Remote Products. . . . . . . . . . . . . . . . . . . . . . . . . . 25

Checking for Alerts on Remote Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Customizing the Monitoring Table View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Performing Remote Control Operations on Managed Products . . . . . . . . . . . . . . . . . . 34

Monitoring LogLogic High Availability Product Pairs. . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Introduction to Remote MonitoringThe MA monitoring dashboard lets you monitor the health and status of remote LogLogic products at a glance. Depending on the monitored product, you see slightly different health and status information. This is because each monitored product has different capabilities in terms of what it supports for:

maximum Messages Per Second (MPS) counts

whether high availability (HA) pairs are available

the number of supported network interface cards

whether RAID failure system alerts occur

Setting Up Alerts on Remote Products

For all remote products that you want to monitor and manage, LogLogic recommends that you keep the pre-defined System Alerts in the Manage Alerts tab enabled. You can also set up additional device alert types and set their priority status by high, medium, and low. This allows the remote products to send alert status to the MA when a particular alert event triggers

For example, assuming that the system network interface alert is enabled on an LX 1010 as a high priority alert, and that either eth0 or eth1 is down, the LX 1010 triggers the network interface alert. The MA then receives the LX1010 high priority alert and updates the monitoring dashboard accordingly.


Monitoring Procedure Overview

Monitoring Capabilities by Platform

Table 3 System Monitoring Capabilities by Platform

Capability LX 510 LX 1010 LX 2010 ST 2010 ST 2020-SAN ST 3010 MX 2010

Maximum MPS 500 1,500 4,000 7,500 7,500 7,500 1,000

Number of Network Interface Cards (NICs)

2 2 3 5 4 5 3

Fibre Channel n/a n/a n/a n/a 2 n/a n/a

HA Support Yes Yes Yes Yes Yes Yes Yes

RAID Failure Alerts No No Yes Yes Yes Yes Yes

Removable disk drives No No Yes No No No Yes

All remote products provide health and status updates every 5 minutes to let the MA know how the monitored products are functioning.

The Messages per second (MPS) rate varies depending on the LogLogic model and is an approximate measure of the LogLogic Appliance’s ability to collect, parse, and index real-time logs. The MPS capability depends on the Appliance model’s CPU speed, amount of disk space, and RAM.

Monitoring Procedure OverviewYou can use the default monitoring dashboard display as is, or you can tailor the display view using any table auto-sort functions, the advanced options, and the view filter options. You can also create and save custom views.

The next procedure assumes you have already set up the MA for distributed monitoring. If you have not already done so, see Configuring the Management Appliance on page 15.

To monitor and perform remote control operations on managed products

1. Go to Dashboards > Monitored Products.

2. Check the health and status of remote products.

a. Use the Product Status monitoring table to get information on all monitored products (see Getting the High-Level Product Status View on page 25).

b. (Optional) Use any one or a combination of the auto-sort functions on table heads in the monitoring table to organize the remote product status information (see Organizing the Monitoring Display on page 27).

c. Check the product detailed status in the monitoring table (see Getting the Product Status Detailed View on page 29).

d. Check the number of critical notifications and alerts in the Alerts column on the monitoring table (see Getting Details on Alerts per Product on page 31).

e. (Optional) Use any one of the advanced options to create a custom view for the monitored remote products (see Customizing the Monitoring Table View on page 33).

f. (Optional) Apply a filter to a table column (see Filtering Products on page 34).


CHAPTER 3 Monitoring and Controlling Remote Products

3. To perform remote control operations on managed products, click the remote product’s name in the table and then select Remote Control from the pop-up window (see Performing Remote Control Operations on Managed Products on page 34).

4. To view the overall status on all remote products in a summary format, click the Summary tab (see Getting the Aggregate Status of Remote Products on page 32).

Checking the Health and Status of Remote Products

At its most basic level, the MA monitoring dashboard lets you monitor the health and status of all remote products. The Product Status tab organizes remote product status information in a monitoring table. The monitoring table provides numerous ways to view the status of remote products at a glance and at a more detailed level.

As the MA detects critical issues within the products it monitors, the monitoring table updates the display for each monitored product in a separate row. The table displays remote product status using red, yellow, green, and grey status icons, letting you know at a glance what products need attention.

In addition, it displays MPS, CPU, and Disk Usage load statistics in color-coded bar charts. The Alerts column displays critical notifications and all alerts by high, medium, and low priority.

To find overall aggregate statistics on remote products, click the Status tab.

Note: The monitoring table does not provide monitoring status on the MA itself. To get monitoring status on the local MA, go to Dashboards > System Status.

Getting the High-Level Product Status View

The default monitoring table view displays numbered rows for all red, yellow, green, and grey products. Each row in the monitoring table displays the status for one monitored product. The default view shows the current status for all remote products.



Figure 6 Product Monitoring Status - Default Monitoring Table View

Status Monitoring Color Key

Table 4 Status Monitoring Color Key

Icon Color Monitored Product Meaning/Scenario

Red Severely degraded:

System alert occurred

CPU exceeds 80% for more than 15 minutes

No status update for five minutes

HA peer is out of cluster

Yellow Degraded mode:

MPS exceeds the maximum recommended specified rate for the remote product

No status update for five minutes

Grey No status is available. The managed product’s status has never been received by the MA. Possible causes include:

The remote product has not been configured with the MA IP address

The remote product IP address changed

Network connectivity issues

The remote product is down

For more information on configuring remote products and the MA, see Setting the Management Appliance IP on Remote Products on page 17 and Adding Monitored Products on the MA on page 18.

Green Indicates a healthy product.

The monitoring table uses round colored status icons in the Status column to indicate the current health state of all remote products.



Organizing the Monitoring Display

In the monitoring table, you can use the auto-sort functions on the monitoring columns to organize how the monitoring table displays status information. For example, with one click on the Status column head, you can sort and then view all monitored products in ascending order (healthy status) or descending order (degraded status) at the top of the list.

On the MPS, CPU, and Alerts column heads, you can sort information in ascending (least used) or descending (most used) order.

Table 5 Monitoring Table Columns and Auto-sort Functions

Column Description

Status Displays the current status of remote products with color-coded icons. Clicking on Status sorts products in ascending (healthy status) or descending order (degraded status).

Model Displays the LogLogic model number of the monitored product. Clicking on Model sorts all models using an alpha-numeric order, for example, LX510 before LX1010, and LX1010 before LX2010.

The remote product sends the model information to the MA as part of its status.

Name The name of the monitored product. This is the name you provide in the Add Product dialog box.

Clicking on Name sorts all names in an alpha-numeric order, for example, San Jose-LX1010-1 before LX1010.

Clicking on a product name in the table provides a pop-up menu from which you can select to:

view details (see Getting the Product Status Detailed View on page 29)

remote control (see Performing Remote Control Operations on Managed Products on page 34)

edit the product (see Editing Monitored Products on page 19)

delete the product (see Removing Monitored Products on page 19)

Product IP The IP address of the monitored product. This IP is the IP address provided in the Add Product dialog box (see Adding Monitored Products on the MA on page 18).

Clicking on Product IP sorts all IP addresses in ascending (smallest number first) or descending (largest number first) order.

HA Shared IP Displays HA pairs by their separate IP addresses.

Clicking on HA Shared IP sorts the view such that all primary and secondary pairs display consecutively in row. As a separate view option, you can choose to group HA pairs together in the monitoring table.

MPS Displays messages per second. By hovering the mouse over the bar chart, you can see the actual percentage number in a tooltip.

Clicking MPS displays a pop-up menu where you can choose to sort by ascending (least used) or descending (most) order. You can also refresh the interval range (see Changing the MPS, CPU, and Alert Intervals on page 28).



Data Collection Intervals

The MA provides pre-defined remote product data collection intervals for the following statistics:

Alert count (the default is one hour)

MPS count (the default is one minute)

CPU usage (the default is one minute)

Table 6 Interval Selections

Monitored Items Collection Intervals

Alert count by high, medium, and low 1 hour, 6 hours, 12 hours

CPU and MPS usage 1 minute, 5 minutes, 15 minutes

All remote products collect and send these statistics to the MA. Table 6 lists the update intervals that you can set for these statistics.

Changing the MPS, CPU, and Alert Intervals

You can change the display time intervals for the MPS, CPU, and Alerts by clicking on the appropriate column head once and then specifying a new interval from the pop-up menu.

For example, with MPS and CPU usage, the remote product collects usage statistics in increments by one minute, five minutes, and 15 minutes and then sends this number to the MA. You can then choose to sort the display view based on these time intervals.

The procedure for changing the MPS, CPU, and alert intervals is the same. The next procedure describes how to change the MPS interval.

To change the MPS interval

1. Click the MPS column head.

This opens the MPS pop-up.

CPU Displays CPU usage. By hovering the mouse over the bar chart, you can see the actual percentage of disk used in a tooltip.

Clicking CPU displays a pop-up menu where you can choose to sort by ascending (least CPU used) or descending (most CPU used) order (see Changing the MPS, CPU, and Alert Intervals on page 28).

Disk Usage Displays disk usage; the actual number is displayed in a tooltip.

Clicking Disk Usage sorts usage by ascending (least disk space used) or descending (most disk space used) order. Unlike the MPS and CPU columns there is no interval to choose. This is due to the fact that the remote product takes a snapshot of the disk usage and sends it to the MA every five minutes.

Alert Displays critical notifications and high, medium, and low alerts.

Clicking Alerts lets you change the default update interval from a pop-up menu (see Data Collection Intervals).

Table 5 Monitoring Table Columns and Auto-sort Functions

Column Description



2. From the MPS pop-up, select the desired time interval to refresh the display view accordingly.

This action the organizes and updates the MPS display view for the interval you select.

Changing the Product Status Refresh Rate

You can change the product status refresh rate by going to Preferences > Personal Preferences and specifying a new value in seconds in the Page Refresh Rate field. By default, the MA sets this value to 30 seconds. The refresh rate you specify here also applies to the refresh rate on the System Status tab.

Getting the Product Status Detailed View

You can select a Name in the monitoring table to get more detailed status information on a particular monitored product.

To get the product detailed status view

1. Click on the name of the monitored product whose detailed status you want to view in the Name column.

2. From the pop-up menu, select Detail.

This opens a detailed status pop-up window, which includes:

Table 7 Detailed Status View Information

Item Description

Product IP The IP Address for the monitored product

Product Name The name for the monitored product

Product Model The model name for the monitored product

Software Version The software version running on the monitored product

LSP Version The LSP version installed on the monitored product

Alert Count System The total number of alerts found on the monitored product

Alert Count High The number of high alerts found on the monitored product

Alert Count Medium The number of medium alerts found on the monitored product

Alert Count Low The number of low alerts found on the monitored product


Checking for Alerts on Remote Products

Checking for Alerts on Remote ProductsCritical notifications and alerts serve as an early warning detection system to provide you with the intelligence to act on conditions that warrant your attention before they become serious problems.

The monitoring table includes four columns for checking remote product critical notifications and alerts.

Alert Color Key

The MA indicates the severity and type of alert it finds on remote products based on its color codes (red, yellow, and green). You can click on the status icon to get additional information pertaining to the root cause for the critical notification and/or particular alert condition.

Note: Unlike system alerts, critical notifications are not assigned a high, medium, or low priority and are tracked separately in the monitoring table.

Table 8 Alert Color Key

Icon Color Description

Purple The critical notifications found on the monitored products

Red The alerts with high priority found on the monitored products

Yellow The alerts with medium priority found on the monitored products

Green The alerts with low priority found on the monitored products

The Summary tab also displays these alert icons with aggregate status information.

Disk Used The amount of disk space used in gigabytes

Disk Free The amount of free disk space in gigabytes

Messages Received The number of messages received on the monitored product

Messages Processed The number of messages processed on the monitored product

Messages Unapproved The number of unapproved messages found on the monitored product

CPU Load The CPU load displayed as a percentage on the monitored product

Table 7 Detailed Status View Information

Item Description



Getting Details on Alerts per Product

You can get more detailed alert information on a per product basis by clicking on the alert icon. This is particularly useful when you want to:

focus in on alerts by their high, medium, or low priority status

perform a remote control operation and troubleshoot the condition

For example, you might want to sort the monitoring table by all high alerts and then click on a high alert condition to find out what triggered the alert. The number appears next to the alert icon indicating the number of occurrences for the alert.

To sort by high alerts and to get the details on a particular alert

1. In the monitoring table, click the red icon to sort the display by high priority alerts.

2. Click on the alert whose detailed status you want to view in the Alert column.

This action performs a remote control operation and links you to the remote product’s Aggregated Alert Log where you can troubleshoot the alert condition occurrences on the remote product.

The UI lets you know that you are now on a remotely managed product, by displaying a grey banner with the remote IP number.

Figure 7 Show Triggered Alerts

On the remote product Show Triggered Alerts tab, you can check the high alert messages, their frequency, and the types of alerts.

While on the remote product, you can perform administrative and reporting tasks to troubleshoot or act on these alert conditions. For more information on performing administrative and other user tasks, see the LogLogic Administration Guide and the LogLogic User Guide respectively.

3. (Optional) To return to the MA, click the red X icon on the grey banner.


Checking for Alerts on Remote Products

Checking for Critical Notifications on Remote Products

The monitoring table alerts you to any critical notifications on remote products using a purple icon in the Alerts column. You can use the column auto-sort function to view all critical notifications at the top of the monitoring table.

To view all critical notifications at the top of the list

1. In the monitoring table, click the purple alert icon in the column head to sort the display by critical notifications.

This action places all critical notifications at the top of the monitoring table.

2. To get additional information on the critical notification, click the status icon.

A pop-up window appears with the reason for the critical notification.

Getting the Aggregate Status of Remote Products

You can get the overall aggregate status of all monitored remote products at a glance by going to Monitored Products > Summary.

The Status Summary tab displays the aggregated status of all monitored products in tabular format in three panes:

Status Counts — displays the status counts on all monitored products by their category: Severely Degraded, Degraded, Normal, and No Status. For a description of these categories, see Status Monitoring Color Key on page 26.

Average/Maximum Messages — displays the average number of messages across all currently displayed products. The maximum message displays the highest percentage of messages across all currently displayed products based on received, processed, unapproved, skipped, and dropped categories on the monitored products.

Average/Maximum Status — displays the average load percentage across all products during the indicated timespan and the maximum load percentage on the one product with the highest load during the indicted timespan.

When the MA has no status information to report on a monitored product, for example, the product is being staged or is otherwise unreachable due to configuration or network connectivity issues, its status is not included in the average or maximum counts.

The MA calculates average and maximum values based on the list of products it finds in the current view option and that have status in the Product Status tab.



Figure 8 Aggregate Status View - Summary tab

Customizing the Monitoring Table ViewThe View Options section at the bottom of the Product Status tab lets you customize the monitoring table view. For example, you might want to see the log counts for all monitored products. In this case, you can go to the Advanced Options section and click the appropriate display checkboxes for the type of message counts you want to see.

Pre-defined Custom Views

The monitoring table includes two pre-defined custom views:

the Default View (see Getting the High-Level Product Status View on page 25)

the Show All Products view — displays all monitored products including hidden products sorted by their status.

Defining and Saving a Custom View

There are numerous ways to customize the monitoring table display view, for example, you can:

set advanced options

change the view sort order (ascending or descending)

add (check) or remove (uncheck) an item for display

apply a filter on a particular item

specify that HA pairs be displayed together in the monitoring table

You can change the view on a one-time basis or you can choose to save the view and make it accessible from the View drop-down menu. After creating and saving a custom view, you can subsequently select between the default and custom views.

Note: You can change the view options on both the Product Status tab and on the Summary tab.


Performing Remote Control Operations on Managed Products

To define and save a custom view

1. On the Product Status or Summary tab, click the expand icon next to View Options label.

2. Select an advanced option, change the time interval for load statistics or alerts, and apply a filter to an item.

The filtering options are the same as those used on reports (see the online help or LogLogic User Guide for more information on advanced option filter operators).

3. In the Select Advanced Options section, specify your column sorting options (Product Status tab only) and/or column filtering options and then click Filter.

4. Choose the Show Hidden Products or Group HA Pairs together (Product Status tab only) checkboxes.

5. (Optional) To clear your changes, click Clear..

6. (Optional) To save your settings, expand the Manage Custom View, provide a name for the view, optionally provide a description for the view, and then click Save To New View.

After saving the custom view, it becomes available from the View drop-down list.

Filtering Products

In addition to using the auto-sort functions, you can tailor the monitoring table view by applying filters to exclude monitoring data. The monitoring table uses the same filter operators as those used for the Real-Time reports. For more information on the supported filters and how to use them, see the LogLogic User Guide.

Performing Remote Control Operations on Managed ProductsThe monitoring dashboard provides remote control operations for managed products, which lets the MA system administrator run reports and perform system administration on remotely managed products.

Note: You can remotely control only one managed product at a time.

There are two remote control entry points to remote control operations available to you from the Product Status tab:

Clicking on the name entry in the monitoring table and then selecting remote control from a pop-up menu, which takes you directly to the remote product’s Home page.

Clicking on a particular high, medium, or low alert icon, which then takes you to the remote product’s Aggregated Alerts Log tab (see Getting Details on Alerts per Product on page 31).



Remote Control to the Product System Status Tab

To remote control a managed product by its name entry

1. On the Product Status tab, click the name of the product in the monitoring table whose status you want to check and on which you want to perform remote control operations.

2. From the pop-up menu, select Remote Control.

This action links you to the remote product’s Home page. The UI lets you know that you are now on a remotely managed product, by displaying a grey banner with white words.

Figure 9 Home page of Remote Product

On the remote product System Status tab, you can check the current software revision level, current message rate, CPU usage, alert count, and message counters.

In addition, you can perform a number of administrative and reporting tasks. For more information on performing administrative and other user tasks, see the LogLogic Administration Guide and the LogLogic User Guide respectively.

3. (Optional) To return to the MA, click the red X icon on the grey banner.

Monitoring LogLogic High Availability Product PairsBeyond the basic monitoring of remote products, the monitoring dashboard lets you monitor HA product pairs and indicates status when:

A shared IP address on one of the product pairs is out of its cluster

Data synchronization issues occur (incomplete synchronization, synchronization failures)


Monitoring LogLogic High Availability Product Pairs

Figure 10 Viewing the Status of High Availability Pairs

Peer out of clusterWarning symbol

By default, the MA treats high availability pairs with shared IP addresses as separate products in the monitoring table display view. To let you know of this fact, the display for these pairs includes a warning icon. When you hover your mouse over the warning icon, a tooltip informs you “HA Peer Out Of Cluster.”

Viewing HA Pairs Together

You can change the monitoring table display view to show HA pairs together.

To view HA pairs together

1. On the Product Status tab, expand the View Options section.

2. Click the Group HA Pairs checkbox and then click Filter.

You can then save this option as a custom view. For more information on creating a custom view, see Defining and Saving a Custom View on page 33.


CHAPTER 4

Administering the Local Management Appliance

Contents

Introduction to the Local Management Appliance Administration. . . . . . . . . . . . . . . . . 37

Performing Immediate Maintenance Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Performing Routine Administrative and Maintenance Tasks. . . . . . . . . . . . . . . . . . . . . 39

Introduction to the Local Management Appliance AdministrationAs with all LogLogic Appliances, the MA supports a number of routine administrative and maintenance tasks. This chapter describes these tasks and assumes you are using the Management Appliance User Interface (UI) to perform them.

You can also perform self-logging and auditing on the MA via a terminal window and by using any of the supported LogLogic command-line (CLI) administrative commands. For more information on CLI commands, see the LogLogic Administration Guide.

Figure 11 on page 38 shows the high-level administrative workflow steps.


Performing Immediate Maintenance Tasks

Figure 11

Login

Login LogoutM A A dm in

M anage S S L C ertifica te

M A M ain tenance

LogLogic S igned C ertificateC ertificate S igningC ertificate Im port

C om m on w ith LX /ST/M X

File U pdate (upgrade)License U pdateO nline U pdate (upgrade)System P rocesses

A ccess C ontro l

M anage U sers

S ystem S ettings

G eneralR em ote S erversN etw ork In terfaceTim e, N TP S erverLog in Page

O nly one adm in user

MA Administrative Workflow

As you can see from this workflow, the MA shares the alert mechanism, system settings, and software upgrade and maintenance tasks in common with the LX, ST, and MX Appliances.

Performing Immediate Maintenance TasksThe next sections describe where and how to perform immediate maintenance tasks on the local MA, in particular, restarting, rebooting, and shutting down.

Restarting the Management Appliance

Restarting the MA stops all local software application processes and then restarts the application processes on the MA. Typically, restarting the MA applies any changes that you make to the Appliance. The appliance itself is not rebooted during this operation.

To restart the MA

1. Go to Maintenance > System and click Restart.

A message asks you to confirm this action.

2. Click Confirm.


CHAPTER 4 Administering the Local Management Appliance

Rebooting the Management Appliance

Rebooting the MA shuts down the entire Appliance including the OS.

To reboot the MA

1. Go to Maintenance > System and then click Reboot.

A message asks you to confirm the reboot action.

2. Click Confirm.

A message appears letting you know that a reboot is in progress.

Shutting Down the Management Appliance

Shutting down the MA shuts down the entire Appliance after which the Appliance is only accessible via the direct connect console.

To shutdown the MA

1. Go to Maintenance > System and then click Shutdown. A confirmation message appears.

2. Click Confirm. A message appears informing you that a shutdown is in progress.

Performing Routine Administrative and Maintenance TasksThere are a number of routine administrative and maintenance tasks that the MA shares in common with all Appliances.

Access Control

The MA uses the same Access Control capability as all LogLogic Appliances. Access Control lets you restrict network access based on source IP address and destination port, similar to access lists used by routers or firewalls. For example, you can allow TCP port 443 access from a specific host or subnet.

To administer MA access control, go to Administration > Access Control. For more information on access control settings, see LogLogic Administration Guide.


Performing Routine Administrative and Maintenance Tasks

Backup Configuration

To manage Backup Configuration, go to Administration > Backup Configuration. For more information, see the LogLogic Administration Guide.

Managing SSL Certificates on the MA and on Remote Products

The procedure for managing SSL certificates on the MA and on remote products is the same as for all Appliances.

To manage SSL Certificates, go to Administration > Manage SSL Certificate. For more information on managing certificates, see the LogLogic Administration Guide.

Manage Users

To manage users, go to Administration > Manage Users. For more information, see the LogLogic Administration Guide.

System Settings

There are a number of system-wide settings that the MA uses to determine access control and security. These system settings include:

general settings

remote server settings

network settings

time settings

login page

password control

While the predefined settings are sensible for most network topologies, there are occasions when you might need to change these settings.

To administer MA system settings, go to Administration > System Settings.

The MA shares the same system settings as the LX, ST, and MX Appliances. For more information on managing these settings, see the LogLogic Administration Guide.

Upgrading the Local Management Appliance

As with all LogLogic Appliances, you can upgrade the local MA software:

by using the license update ((Maintenance > License Update) facility

by using the online update (Maintenance > Online Update) facility

by using the file update (Maintenance > File Update) facility


CHAPTER 4 Administering the Local Management Appliance

The online update facility uses an Internet connection to download and update the software, while the file update facility requires you to log on to the LogLogic Support Web site to download the applicable update files (.tar and .sig).

For more information on performing a software upgrade using the online update or file update capabilities, see the LogLogic Administration Guide.

RAID Status

To check RAID status, go to Maintenance > RAID Status. For more information, see the LogLogic Administration Guide.

System

For system information, go to Maintenance > System. For more information, see the LogLogic Administration Guide.


Performing Routine Administrative and Maintenance Tasks


CHAPTER 5

Troubleshooting the Local Management Appliance

Contents

Troubleshooting Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Getting Local Critical Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Viewing the Local MA Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

System Restart, Reboot, and Shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Checking the Local MA System Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Troubleshooting OverviewAs the local MA is the common entry point for managing remote products, it is important to ensure that it is in optimal condition. Typically, the first line of defense in troubleshooting a particular local MA problem comes in the form of an informational message, for example, an MA critical notification immediately after logging in to the MA on the System Status page.

The next sections describe the differences between critical notifications and system alerts, how to find and track this information, as well as some of the actions you can take to resolve these conditions.

Getting Local Critical NotificationsOn the local MA, you view critical notifications on the System Status tab. Examples of critical notifications include the following messages:

Your evaluation license is about to expire.

Your license is expired.

There is a problem mounting the configured external storage device.

This LogLogic appliance requires an external storage device.

You should change the default IP Address for the appliance.

The maximum message rate recommended for this appliance is exceeded.


Viewing the Local MA Alerts

Getting Critical Notifications on the Local MA

You are alerted to local MA critical notifications when you first log in to the MA. Most of these conditions are straight forward to fix.

Figure 12 shows a common critical notification condition, which alerts you to the fact that the MA does not have an NTP server defined. While it is not mandatory to set an NTP server, LogLogic recommends that you set one up on the network. This can save you the time from having to manually set the time when the Appliance reboots or the local time changes take effect due to daylight savings time.

In this case, the critical notification gives the explicit instructions on where to go to rectify the situation. In this case, you go to the Administration > System Settings > Time tab to set the NTP server or to the local time as desired. Clicking OK dismisses the message.

Figure 12 MA Critical Notification Condition

To troubleshoot critical notification conditions found on remote products, see Checking for Critical Notifications on Remote Products on page 32.

Viewing the Local MA AlertsThe MA Alert Viewer is common with all LogLogic Appliances. It provides an effective way to troubleshoot local MA problems. LogLogic categorizes alerts by their priority status, that is, high, medium, and low priority.

The local MA displays and aggregates all its local alerts in the Alert Viewer on the Aggregated Alert Log tab.

To view alert messages on the local MA

Go to Local Alerts > Alert Viewer.

You can see all alerts received on the local MA sorted by the latest alert on the top of the list. By default, the MA lists all alerts by high priority and color-codes them with a red line.


CHAPTER 5 Troubleshooting the Local Management Appliance

Figure 13 Viewing Alerts on the Local MA

For example, assuming that the network interface system alert is enabled on the local MA, and, if one of the ports is down, you would see a message similar to the following:

Alert 'System Alert - Network Interface' (System Alert - Network Interface) was generated by 10.0.40.94for the following device: 10.0.40.94_logapp.eth0 is down, be sure cable is not unplugged.Subsequent alerts will not be sent until 1800 seconds have passed.There were 20 alertable events since last alert message.

In this case, the action to take is to physically inspect the local MA and to make sure that the appropriate ethernet cable is completely plugged into the ethernet port.

To troubleshoot alert conditions found on remote products, see Checking for Alerts on Remote Products on page 30.

System Restart, Reboot, and ShutdownThere might be times when you are in the process of troubleshooting a problem on the MA, which requires you to restart, reboot, or shutdown the system. To perform any one of these functions, see Performing Immediate Maintenance Tasks on page 38.

Checking the Local MA System StatusAfter you log in to the MA, the System Status tab is the default display. The System Status tab displays a condensed view of the MA’s current state, showing current message rate, CPU utilization, database size, alerts, and total message counts. This is where you go to monitor the status of the local MA.

For more information on viewing system status, see the LogLogic User Guide.


Checking the Local MA System Status



Index

Aaccess control settings, local MA 39, 40, 41adding monitored products 18add-on products 11administration

first-time tasks 16administration, local MA 37administrative

account, managing 13commands 37password 16tasks, MA 12tasks, performing on remote products 31, 35tasks, routine 37workflow 37

administratoraccount, managing 10default user name and password 15performing remote control 34role 10

aggregate statusremote products 32viewing 33

alertscolor key 30editing on the local MA 21getting details per product 31MA local 12managing local MA 13pre-defined 20remote product 21setting up 20viewing local MA 13viewing MA local 20viewing on the local MA 44

authenticationmanaging 21remote product 21

Ccapabilities, monitoring 24color key

alerts 30

status monitoring 26commands

administrative 37set mip 17

configuringMA 15

conventions 7counts, MPS 23CPU

changing monitoring interval 28temperature alert, threshold 20

critical notificationsdefinition 11getting on remote products 32local MA 43, 44sorting 32

Ddashboard

Monitored Products 11, 12monitoring 11, 23, 24, 25, 32, 34, 35system status 12

data collection intervals 28definition

critical notifications 11remote control 10

disk usagealert, threshold 20system alert 20system alert, setting 20

distributed monitoringsetting up 18setup 5, 17

dropped messagealert

system alertdropped message 20

Eediting

monitored products 19elements 7

Guide 47

48

INDEX

Ffeatures & benefits, MA 11filtering products 34functions

sort 24

Hhigh availability pairs

monitoring 35

Iintervals

changing the MPS and CPU 28data collection 28

Llist view

customizing 33hiding remote products 19monitoring 18, 19product monitoring 26product status 24, 25remote products 25

local MAaccess control settings 39, 40, 41administration 37alerts 12checking system status 45critical notifications 43editing alerts 21getting critical notifications 44managing alerts 13system settings 40troubleshooting 43viewing alerts 44

log in to the MA 16LogLogic

products 15, 18, 21LogLogic products 20

MMA

administrative task map 12changing passwords 13

configuring 15distributed deployment scenario 10features and benefits 11first-time log in 16full administrative privileges 10getting local system status 12local alerts 13overview 9rebooting 39restarting 38setting up 15shutting down 39upgrading 40viewing local alerts 13workflow 11

MA localalerts, viewing 20viewing alerts 20

maintenanceperforming routine 38

managed products 15managing remote products 5maximum MPS, per product 24Monitor ed Products dashboard 12monitored products 18

adding 18modifying 19removing 19

Monitored Products dashboard 11monitoring

capabilities 24dashboard 11data, sending 17distributed 5high availability pairs 35list view 18, 19procedure overview 24products 23status view, customizing 33UI 18workflow 24

monitoring dashboard 23, 24, 25, 32, 34, 35dashboard

monitoring 11, 25, 32MPS

changing monitoring interval 28counts 23maximum per product 24



INDEX

Nnetwork connection

alert, threshold 20network connection system alert, setting 20network interface

alertsystem alert 20

network interface system alert 20

Ooperations, remote control 24

Ppage

Status Summary 25, 32System Status 43

pairshigh availability, monitoring 35

passwordadministrative 16changing on the MA 13default administrator 15

placeholders 7platform, monitoring capabilities 24pre-defined system alerts 20privileges

full administrative 10product 33product monitoring status default list view 26Product Status

list view 24product status

detailed view 29list view 25refresh rate 29

productsadding monitored 18add-on 11editing 19filtering 34hiding 19LogLogic 10, 15, 18, 20, 21managed 15managing 5monitoring 12removing monitored 19

RRAID disk failure alert

alertRAID disk failure 20

rebootingMA 39

refresh rateproduct status 29

related documents 5remote control

definition 10managed products 35operations 24performing 34performing on managed products 34selecting 35

remote productalerts, setting up 21authentication 21

remote productsaggregate status 32alert color key 30checking for alerts 30checking the health and status 24, 25getting critical notifications 32linking to 35list view 25LogLogic 9model number 27monitoring 23no status 26setting the MA IP address on 17status column 27

removing monitored products 19restarting, MA 38role

administrator 10

Sscenario

distributed deployment 10screen output 7set mip command 17setting up

alerts 20distributed monitoring 18MA 15

Guide 49

50

INDEX

shutting down, MA 39sort functions 24SSL certificates, managing 21status monitoring color key 26Status Summary page 25, 32Summary Page

viewing aggregate status 33Summary tab 25summary, product 25system alert

CPU temperature 20RAID disk 20

system prompts 7system settings, local MA 40System Status

checking on the local MA 45dashboard 12page 43

Ttable view

customizing 33tasks

MA administrative 12performing immediate maintenance 38

temperature system alert, setting 20threshold

CPU temperature 20disk usage 20network connection

system alert 20time intervals

changing for MPS and CPU 28troubleshooting

local MA 43

Uupgrading, MA 40

Vviewing

MA local alerts 20views

creating custom 33getting product status detailed 29pre-defined custom list 33

Wworkflow

administrative 37MA 11monitoring 24
