Access to Real Time Messages

The Real Time Viewer shows an immediate scrolling display of log messages as they are received by the appliance.

Choose Search > Real Time Viewer from the navigation menu.
Real-Time Viewer Tab Elements
Element Description
Saved Custom Report Select a Custom Report from the drop-down menu.

If you do not have any saved Custom Reports, this field is grayed out. This option is useful to view real-time data with the specified parameters from your saved filter for a specific appliance.

Device Type Devices associated with the appliance.
Source Device IP address of the selected Device Type.

The drop-down menu contains the devices connected to the appliance.

Highest Severity Specify the selection of a set of syslog messages by their highest severity. Select this checkbox to filter the syslog messages of that severity.
Search Filter Define an expression used to limit information displayed from the devices.

Filter options are:

  • Pre-Defined—The drop-down contains pre-defined search filters that you manage in the Search Filters tab.
  • Use Words—The components of messages. The maximum character length of the Use Words field is 125.

    For example, userIDs like cjreid, or parts of IP addresses like 192.

  • Use Exact Phrase—A component of a syslog message that is not randomly linked but forms a fixed string. For example, a specific URL, or specific words such as Authentication rejected:, or keyboard-interactive for root. The maximum character length of the Use Exact Phrase field is 4096.
  • Regular Expression—A regular expression is a tool that comprises of characters and symbols, which enable the search to match patterns of text stored in the raw data repository of LogLogic LMI. The maximum character length of the Regular Expression field is 4096.
    For example: 
    User .* connected, \>su:.*(to root), amd sshd.*Accepted.*for root from
Save Custom Report Define and save frequently used search criteria for future use to execute a report against your real-time logs more quickly. Novice users can run reports with complex search criteria with minimal input.

Specify the following information:

  • Report Name—A name for the report.
  • Report Description—A brief description for other users to understand the type of information that this report generates.
  • Share with Other Users checkbox — The default, Share with Other Users option lets you make this Custom Report accessible for other users logging in to this appliance. 


Click to save your changes.

Runs the filter and display the real-time log view.