Viewing System Status

The System Status tab displays a condensed view of the appliance's current state.

The tab shows current message rate, CPU utilization, alerts, total message counts, and disk usage, including usage external to the database.

Procedure

  1. Choose Dashboards > System Status from the navigation menu.
  2. View the following sections on the System Status tab for information about your appliance’s system status. Detailed descriptions for each section are documented in the System Status Tab Elements table.
    • Current Message Rate
    • New Alerts
    • Disk Usage
    • CPU Usage
    • Message Counters
  3. Click to expand or collapse a section to display an expanded or condensed version of the section’s status information.
  4. (Optional) click the Message Rate tab for a larger view of this graph.
    For more information, see Viewing Message Rate.
  5. (Optional) click the CPU Usage graph or the CPU Usage tab for a larger version of this graph.
    For more information, see Viewing CPU Usage.
  6. Click the Refresh button to update the system status information for your appliance.
    System Status Tab Elements - General information
    Element Description
    Uptime Continuous running time since the last reboot of the appliance.
    Date/Time Date and time set on the appliance.
    Software Version LogLogic software release running on the appliance.
    Failover (not visible unless issues are present) Status of the HA cluster’s master and standby appliances. If issues exist, they are indicated through flags:
    • C: Cluster_id mismatch
    • A: Appliance model mismatch
    • V: Software version mismatch
    • E: Eligible
    • H: HA mode
    • X: eXcluded
    • O: Out-of-cluster
    • M: Master
    • S: Standby

    For example, the failover status line Failover: master 10.1.4.6 (wait), standby 10.1.4.7 (flags:__V/EHX/O) means the master is waiting for the standby, and the standby is running the wrong software version, is configured for failover, is eligible for HA, but is excluded, and (as a result of the version mismatch) is out of cluster.

    Important: After pairing two appliances in HA, do not change any network settings.
    System Status Tab - System Status Elements
    Element Description
    Current Message Rate Measured messages per second rate for the last 1, 5, and 15 minute time segments.

    Click on the 1 MIN, 5 MIN, or 15 MIN headings links to change the Message Rate Graph time scale to 2 hour, 12 hour, and 24 hour time scales, respectively.

    When using LogLogic TCP for routing logs to the appliance, this graph displays spikes of activity every 5 minutes rather than a steadier line. This is because LogLogic TCP transfers data in regularly recurring chunks that are merged on the appliance, and not continually.

    Message Rate Graph (Message Rate tab) Recent message rate over 1, 5, and 15 minute time segments.
    • The pink line represents the average number of messages per time segment.
    • The blue line represents the real-time incoming message rate for your appliance.
    • The red line appears when inbound traffic exceeds the preset threshold

    Click the Message Rate tab for a larger view of this graph.

    New Alerts (LX/MX only) Number of active alerts over 1, 6, and 12 hour periods categorized by priority.
    Disk Usage Usage of the disk on the file system. This can be helpful for calculating data retention time tables, by listing Free and Total available usage.
    CPU Usage Current CPU utilization for the last 1, 5, and 15 minute time segments.

    Click on the 1, 5, and 15 minute headings to change the CPU Usage Graph time scale to 2, 12, and 24 hour time scales, respectively.

    CPU Usage Graph Percent CPU utilization over 1, 5, and 15 minute time segments.

    Click the CPU Usage Graph or the CPU Usage tab for a larger version of this graph.

    Message Counters Statistics on each message category stored in the appliance since the last boot. The count corresponds to a percentage of the total number of messages received. This is useful in calculating data retention settings and maximum syslog message rates.

    Message categories:

    • Total Received: Total number of incoming messages for all categories.
    • Processed: Total number of messages received and parsed into the database.
    • Unapproved: Messages received from a log source that is not in the Manage Devices table. These messages are discarded. If auto-identify is on, all messages are auto-identified and no messages are unapproved.
    • Skipped: Total number of messages ignored by the appliance when the log source entry in LogLogic® LMI exists but is disabled.
    • Dropped: Total number of messages recognized but not processed due to network congestion or a corrupted syslog message.

    The following appear only on LX and MX appliances:

    • Total Parsed: Total number of incoming messages parsed for all categories.
    • Accepted IP: Total number of messages indicating successful connections through the firewall. For example, PIX® Message Numbers - 302013-302016.
    • Denied IP: Total number of messages indicating denied access by the firewall. For example, PIX Message Numbers - 106001, 106006, 106007, 106015, 106023.
    • Security: Total number of messages to be recorded in the Security Event Log report.
    • System: Total number of messages to be recorded in the System Event Log report.
    • Generic: Total number of flawed messages received from an approved source. These messages are discarded.
    • URL: Total number of messages to be recorded to the Web Surfing Activity report.
    • FTP: Total number of messages to be recorded in the FTP Connections report.
    • Auth/Access: Total number of messages to be recorded to the VPN Events report.
    • Other: Any message that is not in included in the other listed categories. Messages received from an approved source but contain an unrecognized message number. Certain known messages numbers are discarded.
    Updates the system status information for your appliance.