It includes rules-based policies to flag network exceptions and execute a workflow to initiate resolution for critical issues in the network.
DART SYSLOG Analyzer is built on a high-availability, scalable architecture providing a comprehensive, unified perspective on the network by collecting all SYSLOG records from all elements for integrated, centralized log analysis.
Its capabilities include:
The system provides a distributed syslog collector architecture for collecting syslog messages from many syslog network devices. Each MetaPoint or PacketPoint node has a local syslog
collector that receives and stores syslog messages on its local disk for its subtending network devices.
All the distributed local syslog collectors then forward their syslog information to the DART Performance Center where it becomes centrally stored in a database and represents a network wide view of all syslog error reporting.
The system also provides a syslog alert rules that are preprogrammed for key syslog messages and when detected, result in an alarm, email notification, and SNMP trap sent toward an external SNMP device that has been designated as needing to know about the detected condition.
In addition to the preprogrammed syslog alert rules, users can create custom syslog alert rules using the syslog alert rule builder tool.
The syslog capability also provides a display of syslog events received and analytics GUI panels that characterize the syslog event traffic. For example, there are panels for the top 10 syslog
severities, hosts, facilities, traffic rate, and a syslog summary panel.
There are also GUI panels for alert severities, history, and a list of alerts generated from the events received. Note that not all syslog events result in a syslog alert.
The syslog capability also provides the capability to store syslog event messages in archive files, retain them on the system for a configured period of time, and then automatically deleted to conserve disk space.
To this point, we have discussed flow data analytics and alert rules and syslog data analytics and associated alert rules. So, let’s look at the third option for network fault monitoring, detection, and alerting. It is SNMP based.
Collection of Real Time Router Performance Data
and SNMP Based Alerts
The Network Visibility Solution periodically polls all known routers to collect the following
The router performance data is stored in a time-series database so additional network analytics tools can analyze the data and issue alarms and notifications for detected anomalies.
The system provides a SNMP alert rule builder tool for creating alert rules regarding SNMP traffic. For example, an alert rule can be designed for monitoring CPU usage. When the CPU usage crosses a predetermined high threshold, the system will issue an alarm and send an email notification to \support personnel.