In my experience Correlated Alerts are something the average user doesn’t touch on, either thinking that they don’t need them, or believing (falsely) that setting up a correlated alert is much more difficult than it is. While correlated events can be used on almost any form of data, my personal opinion is that they’re at their best when dealing with data such as audit or webserver logs, but truly they will excel in any environment that makes use of error messages or codes. Today, I’m going to walk you through setting up a correlated alert, just to show how easy it is.
The Problem of Ticket Tracking
Systems tend to have workflows – where an object or ticket are passed around different systems. As someone responsible for monitoring such a system, I need to be able to keep track of the events to ensure that customers get served and orders processed. My main aim in this example is to track how long it takes to process tickets.
This kind of assumes you already have a Logscape environment running. If you don’t, download it now and get started!
Today I’m going to walk you through the steps to enable the monitoring of Ansible with Logscape 3, this may become a series of the steps taken to develop an Ansible app, but let’s start with the basics, configuring your Ansible installation to generate logs, and configuring Logscape to ingest those logs. Continue reading