Collectd – Exploring Available Sensors

In this blog post we are going to take a look at some of the sensors that come with Collectd and how  to chart the information. Here are some useful links on searching in Logscape.

Before we get straight into the searches lets take some time and understand how Collectd outputs data.

Collectd Metric Data

The collectd daemon stores data from other linux host on disk by the server name and the plugin. The load plugin is set by default on most Linux distributions and is stored like this.

/var/lib/collectd/central_server/svr001/load/ ….

In this set up many collectd daemons are forwarding their metric data to one central host.

/var/lib/collectd/central_server/svr0002/tcpconns-80-local/ ….

Using the Collectd DataType

To chart the data in Logscape you need a passing familiarity with the how to search using a  data type.


To execute a search I would need to know which Collectd plugin I am interested in and what metrics it outputs. The table of all collectd plugins can be found here. Here’s an example which charts the load of a host svr0001

 | _type.equals(collectd) plugin.equals(load)  value.max(id)  _host.equals(svr0001)

One thing to note from the search is the use of the id field. This field is a unique key which identifies each unique metric value by  host, plugin  and instance.

Lets take a look at a few other search examples
Continue reading

Logscape 2.3.1 is now out !

Logscape 2.3.1 is a critical point release fixing problems in the 2.3 release.  All customers on 2.3 should upgrade to this version.

New Security Features

Network endpoints can now be secured by a combination of host list filters and PKI Authentication. The host list is optional when security is enabled.

Improved Memory Footprint

This release improves memory consumption and disk utilization by indexes. It reduces the size of the indexes when importing large volumes of data.

Blog Updates

Check out recent blog articles on using Logscape to:

Identify suspicious network activity on Cisco routers
* Import Collectd metric data from a Linux Server Estate.

Using Network Traffic Analysis on Cisco ASA routers to detect SpamBot Activity

Today businesses face an array of external and internal threats to their corporate network. Protecting business operations from security threats requires vigilance, experience and excellent tools.

Recently one of our customers found that alert emails from a trade capture system where being blocked by external mail servers. Further investigation showed that all traffic from the company mail server had been blacklisted and were being marked as spam.

Fortunately the sysadmin had Logscape installed actively monitoring all Cisco router traffic.

Outbound Connection Analysis

The Composite Blocking List (CBL) keeps a list of blacklisted mail servers with suspicious traffic. Many mail servers use this list to reject suspicious mail traffic. The first step for the sysadmin was to analyse all outbound traffic coming from within the company.

The first search he built showed all outbound mail connections recorded by the Cisco router  grouped by the  outbound mail-servers ip address. In a search like this you would expect to see connections to a short list of company approved mail server. This wasn’t the case.


 |  _type.equals(cisco-asa)  dstAddress.count() dstPort.equals(25)



On the 10th of April there is a distinctive spike in mail traffic. The blue parts of the search results represent expected mail activity but the  multi coloured spike indicates suspicious activity. Continue reading

Importing Collectd Metrics into Logscape using the Graphite Write plugin.

Logging and monitoring system health is a hot topic where operational engineers manage large server estates. There are many solutions out there that solve a piece of the puzzle of how the metrics are generated, where the metric data is stored and how it is then visualized.

Collectd Sensors

In this blog post we are going to take a look at Collectd and how to integrate this with Logscape. Collectd is an excellent monitoring backend for collecting operating system metrics. Collectd has around 90+ plugins including hardware sensors such as temperature and power usage. Metric data by itself is of little use unless you can visualize it in some way or fire alerts based on trends in the systems under supervision.


This table shows some of the available sensors being collected. There are abount 32 different sensors from 8 different hosts being imported in this environemnt. Here is dashboard of system health KPIs.


CPU Temperatures and Wattage metrics depend on the server hardware. Continue reading

Logscape 2.3 is now available!

After a long test, fix and thrashing cycle 2.3 is finally available!

Head over to the to request the download.

To upgrade you can follow the standard upgrade procedure as described here:

After that, the following installation tasks can be followed:

  • Install the new  Home page. Upload the new logscape/downloads/logscape-home.config and click deploy
  • Install the updated Logscape Monitoring app has a couple of minor updates.. Upload the new logscape/downloads/logscape-audit.config and click deploy
  • If you wish edit your existing DataSources to include the new System-Fields – edit your datasource and choose the ‘System-Time-Series’ checkbox to include ‘DayOfWeek, Date etc’

The release notes can be found as the usual place.

Best Regards,