Configuring System Administrator Settings : Configuring log settings
  
Configuring log settings
You set up local and remote logging in the Administration > System Settings: Logging page.
By default, the system rotates each log file every 24 hours or if the file size reaches 1 GB uncompressed. You can change this setting to rotate every week or month, and you can rotate the files based on file size.
The automatic rotation of system logs deletes your oldest log file, labeled as Archived log #10, pushes the current log to Archived log # 1, and starts a new current-day log file.
To set up logging
1. Choose Administration > System Settings: Logging to display the Logging page.
Logging page
2. To rotate the logs manually, under Log Actions, click Rotate Logs. After the logs are rotated, this message appears:
logs successfully rotated
When you click Rotate Logs, your archived file #1 contains data for a partial day because you are writing a new log before the current 24-hour period is complete.
3. Under Logging Configuration, complete the configuration as described in this table.
Control
Description
Minimum Severity
Select the minimum severity level for the system log messages. The log contains all messages with this severity level or higher. Select one of these levels from the drop-down list:
Emergency—Emergency, the system is unusable.
Alert—Action must be taken immediately.
Critical—Conditions that affect the functionality of the SteelHead.
Error—Conditions that probably affect the functionality of the SteelHead.
Warning—Conditions that could affect the functionality of the SteelHead, such as authentication failures.
Notice—Normal but significant conditions, such as a configuration change. This is the default setting.
Info—Informational messages that provide general information about system operations.
This control applies to the system log only. It doesn’t apply to the user log.
Maximum Number of Log Files
Specify the maximum number of logs to store. The default value is 10.
Lines Per Log Page
Specify the number of lines per log page. The default value is 100.
Rotate Based On
Specifies the rotation option:
Time—Select Day, Week, or Month from the drop-down list. The default setting is Day.
Disk Space—Specify how much disk space, in megabytes, the log uses before it rotates. The default value is 16 MB.
The log file size is checked at 10-minute intervals. If there’s an unusually large amount of logging activity, it’s possible for a log file to grow larger than the set disk space limit in that period of time.
4. Click Apply to apply your changes to the running configuration.
5. Click Save to Disk to save your settings permanently.
To add or remove a log server
1. To add or remove a log server, complete the configuration as described in this table.
Control
Description
Add a New Log Server
Displays the controls for configuring new log servers.
Server IP
Specify the server IP address.
Minimum Severity
Select the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select one of these levels from the drop-down list:
Emergency—Emergency, the system is unusable.
Alert—Action must be taken immediately.
Critical—Conditions that affect the functionality of the SteelHead.
Error—Conditions that probably affect the functionality of the SteelHead.
Warning—Conditions that could affect the functionality of the SteelHead, such as authentication failures.
Notice—Normal but significant conditions, such as a configuration change. This is the default setting.
Info—Informational messages that provide general information about system operations.
Add
Adds the server to the list.
Remove Selected
Select the check box next to the name and click Remove Selected.
2. Click Apply to apply your changes to the running configuration.
3. Click Save to Disk to save your settings permanently.
Filtering logs by application or process
You can filter a log by one or more applications or one or more processes. This is particularly useful when capturing data at a lower severity level where a SteelHead might not be able to sustain the flow of logging data the service is committing to disk.
To filter a log
1. Choose Administration > System Settings: Logging to display the Logging page.
2. Under Per-Process Logging, complete the configuration as described in this table.
Control
Description
Add a New Process Logging Filter
Displays the controls for adding a process level logging filter.
Process
Select a process to include in the log from the drop-down list:
alarmd—Alarm manager, which processes all alarms, including their thresholds and severity.
collectord—Application visibility NetFlow collector.
cifs—CIFS optimization.
cmcfc—SCC automatic registration utility.
rgp—SCC connector, which handles SCC appliance communication.
rgpd—SCC client daemon, the connection manager.
cli—Command-line interface.
mgmtd—Device control and management, which directs the entire device management system. It handles message passing between various management daemons, managing system configuration, and general application of system configuration on the hardware underneath through the hardware abstraction layer daemon (hald).
http—HTTP optimization.
hald—Hardware abstraction layer daemon, which handles access to the hardware.
notes—Lotus Notes optimization.
mapi—MAPI optimization.
nfs—NFS optimization.
pm—Process manager, which handles launching of internal system daemons and keeps them running.
qosd—QoS scheduler and DPI engine.
rscored—REST API core services.
rstild—REST translation interface layer.
sched—Process scheduler, which handles one-time scheduled events.
ssl—SSL optimization.
statsd—Statistics collector, which handles queries, storage, and trending of system statistics.
wdt—Watchdog timer, the motherboard watchdog daemon.
webasd—web application process, which handles the web user interface.
domain auth—Windows domain authentication.
Minimum Severity
Select the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select a level from the drop-down list:
Emergency—Emergency, the system is unusable.
Alert—Action must be taken immediately.
Critical—Conditions that affect the functionality of the SteelHead.
Error—Conditions that probably affect the functionality of the SteelHead.
Warning—Conditions that could affect the functionality of the SteelHead, such authentication failures.
Notice—Normal but significant conditions, such as a configuration change.
Info—Informational messages that provide general information about system operations.
Add
Adds the filter to the list. The process now logs at the selected severity and higher level.
Remove Selected
Select the check box next to the name and click Remove Selected to remove the filter.
3. Click Apply to apply your changes to the running configuration.
4. Click Save to Disk to save your settings permanently.