Managed Station Status

After you configure an appliance as a Management Station and add appliances to its cluster, Dashboards > Management Station Status displays the following information:

  • Real-time, condensed status of each managed appliance in the cluster
  • Message rate for the default managed appliance
  • Aggregate new alerts and message counters across all managed appliances

The colored square by each managed appliance indicates the health of the communication to the managed appliance:

  • Green square—managed appliance status received
  • Red square—failed SSL tunnel between the nodes due to incorrectly configured certificates
  • Clear square—managed appliance status is queried but not yet received

The Management Station dashboard displays the following information:

  • Managed Appliances list - Displays message statistics for each managed appliance:
    • Total, Processed, Dropped, Unapproved, Skipped—Displays the number of messages processes on each managed appliance for each message category. Clicking a number in these columns toggles the displayed values between exact numbers and rounded numbers.
    • Message Rate/Sec—Displays the message rate per second for the managed appliance by 1, 5, and 15 minutes. Clicking a message rate value for a managed appliance switches the Message Rate graph to 2, 10, and 30-hour timescales, respectively, for that appliance.
    • Time Skew—Displays the time difference, in seconds, between the Management Station appliance and the managed appliance. Clicking a number in this column toggles the displayed values between exact numbers and rounded numbers.
  • Message Rate - Graphically displays message traffic over 5, 10, or 15 minute segments for the current appliance. By default, message traffic for the Management Station's appliances is updated every 60 seconds.
    • Pink line—the average number of messages per time segment
    • Blue line—the real time incoming message rate for the appliance
    • Red line—the message rate is at the maximum for the appliance (appears only when the maximum is reached, as a flat line at the maximum level)
  • New Alerts - Lists the number of alerts on all managed appliances in the last hour, 6 hours, and 12 hours. Alerts are displayed based on severity (high, medium, low). To view the alerts, click on the displayed number.
  • Message Counters - Provides statistics for all managed appliances on each message category, as separately listed previously for each managed appliance. This is useful in calculating Data Retention Settings and maximum syslog message rates.

The message categories are:

Message Category Description
Total Received Total number of incoming messages for all categories for all appliances
Processed Total number of messages received and parsed into the database
Skipped Total number of messages ignored by the appliance because the associated log source is disabled
Unapproved Messages received from a log source that is not in the Manage Devices table. These messages are discarded. The most recent 100 messages are accessible from the Log Source Status screen. (If auto-identify is on, all messages are auto-identified and no messages are unapproved.)
Dropped Total number of messages recognized but not processed due to network congestion
Note: It is difficult to troubleshoot why messages are dropped because these messages are not dropped by the application. Though the OS is responsible for tracking and dropping messages, as such there isn’t any way to determine why the messages were dropped or where they came from as the OS does not record this information.