SYSLOG Analyzer is a core component of Cirries’s DART solution

SYSLOG Analyzer captures all network SYSLOG records from network elements and stores them with indexing for flexible future searching and retrieval.

It includes rules-based policies to flag network exceptions and execute a workflow to initiate resolution for critical issues in the network.
DART SYSLOG Analyzer is built on a high-availability, scalable architecture providing a comprehensive, unified perspective on the network by collecting all SYSLOG records from all elements for integrated, centralized log analysis.

Its capabilities include:

  • Alert rules
  • Troubleshooting
  • Trends

Thanks to the complexities of 5G, comprehensive network performance monitoring is essential.

Learn more about how DART helps Enterprises

ALERT RULES

By collecting SYSLOG records from all network elements and establishing a rules-based policy that the network operator defines, DART makes it possible to report alarms for network-wide exceptions that could not be reported by a single element.

TROUBLESHOOTING

DART’s centralized SYSLOG collection helps identify and correct problems across multiple network types more quickly and easily to maximize network performance. The DART dashboard provides a dynamic chart of the Top 10 SYSLOG message generators, which assists with the rapid identification of an issue in the network and the cause of the issue.

TREND ANALYSIS

DART collects SYSLOG records from every network element, stores them for multiple months/years, and provides flexible reporting capability so that network operators can analyze years of network data trends to plan more effectively.

STORAGE

Every SYSLOG record is stored in raw and in an indexed format. Raw allows for compression for greater storage efficiency and indexed allows for rapid search capability.

Get a Customizable Overview of Network Errors

The system provides a distributed syslog collector architecture for collecting syslog messages from many syslog network devices. Each MetaPoint or PacketPoint node has a local syslog
collector that receives and stores syslog messages on its local disk for its subtending network devices.

All the distributed local syslog collectors then forward their syslog information to the DART Performance Center where it becomes centrally stored in a database and represents a network wide view of all syslog error reporting.

The system also provides a syslog alert rules that are preprogrammed for key syslog messages and when detected, result in an alarm, email notification, and SNMP trap sent toward an external SNMP device that has been designated as needing to know about the detected condition.

In addition to the preprogrammed syslog alert rules, users can create custom syslog alert rules using the syslog alert rule builder tool.

The syslog capability also provides a display of syslog events received and analytics GUI panels that characterize the syslog event traffic. For example, there are panels for the top 10 syslog
severities, hosts, facilities, traffic rate, and a syslog summary panel.
There are also GUI panels for alert severities, history, and a list of alerts generated from the events received. Note that not all syslog events result in a syslog alert.

The syslog capability also provides the capability to store syslog event messages in archive files, retain them on the system for a configured period of time, and then automatically deleted to conserve disk space.

To this point, we have discussed flow data analytics and alert rules and syslog data analytics and associated alert rules. So, let’s look at the third option for network fault monitoring, detection, and alerting. It is SNMP based.

Collection of Real Time Router Performance Data
and SNMP Based Alerts

The Network Visibility Solution periodically polls all known routers to collect the following
performance data:

  • CPU usage
  • Memory usage
  • Incoming traffic
  • Outgoing traffic
  • Link speed


The router performance data is stored in a time-series database so additional network analytics tools can analyze the data and issue alarms and notifications for detected anomalies.

The system provides a SNMP alert rule builder tool for creating alert rules regarding SNMP traffic. For example, an alert rule can be designed for monitoring CPU usage. When the CPU usage crosses a predetermined high threshold, the system will issue an alarm and send an email notification to \support personnel.