Logscape 2.5.1 is here!

All,

Release 2.5.1 includes enhancements to JMX functionality, improvements to Logscape roll detection aswell as significant search performance optimisation.

2.5.1 Introduces new linking functionality. This allows you to flawlessly link your workspaces and transfer context between them providing a troubleshooting workflow for non-expert users of the Logscape system.

The release notes are here.

Continue reading

Logscape 2.5 is now live!

All,goinglong

Release 2.5 includes improvements to LDAP/Active Directory management, selective UI enhancements and performance improvements. IE11 compatability has also been improved along with minor bug fixes.

The release notes are here.

Continue reading

New App: Mysql monitoring

Check out the new MySQLApp. Monitor the health of your MySQL instances and servers.

 Download the MySQLApp here

mysql_innodb

Features to look forward to.

  • Resource KPIs such as memory, disk I/O and server load.
  • Innodb statistics
  • Query Cache Trends
  • Network – bandwidth utilization
  • Threads Created vs Threads Cached.

 

   Subscribe to our mailing list click here

Monitoring a Web Application Stack (Nginx,Haproxy,Apache)

 

Dearchitectureveloping a responsive highly available web application is a complex task with many subcomponents. In the old days , a web application used to consist of a web server, usually Apache with a few cgi scripts to provide content dynamically. As the web grew in size so did the stack, the number of subcomponents,hosts involved increased in number and complexity. A simple web application can now easily consist of a web server, a load balancer, a few databases and a web framework such as Django or Rails. In this blog post we are going to look  at the  different Logscape Apps needed to monitor a web farm.

 

Continue reading

Realtime WebSocket streaming from the cloud to you: Part II

webSocket-AWS-Running

I’ve got the ‘green-light’ and an IP allocated.

In Part 1 I built a Groovy WebSocket
Server  and a Java and HTML Client. In Part 2 I’ll deploy it into AWS, fire up the Clients and add the Github link. With WebSocket Clients, I can run Logscape in the ‘wild’ and make use of the Alert-Feed WebSocket functionality to stream data to my local servers.

AWS Deployment: Before running on the AWS server I need to find the right AMI – one with Java installed. The OpenJDK is installed on most Linux flavours, and I prefer to work with Ubuntu. In the following grab you can see where I’ve fired up the AMI instance.

Continue reading

Realtime WebSocket streaming from the cloud to you: Part I

This is a 2 part post where iwebSocketClientn Part 1 I build the ‘spike’ using Groovy to run a WebSocketServer to stream data to HTML5-WebSocket & JavaWebSocket Clients. The HTML Client uses the elegant smoothie charts (great for streaming). In Part 2 Ill show you how to run it on Amazons AWS.
At the end we have a real-time feed plotting the data from the cloud; it looks something like the grab on the right.

Collectd – Exploring Available Sensors

In this blog post we are going to take a look at some of the sensors that come with Collectd and how  to chart the information. Here are some useful links on searching in Logscape.

Before we get straight into the searches lets take some time and understand how Collectd outputs data.

Collectd Metric Data

The collectd daemon stores data from other linux host on disk by the server name and the plugin. The load plugin is set by default on most Linux distributions and is stored like this.

/var/lib/collectd/central_server/svr001/load/ ….

In this set up many collectd daemons are forwarding their metric data to one central host.

/var/lib/collectd/central_server/svr0002/tcpconns-80-local/ ….

Using the Collectd DataType

To chart the data in Logscape you need a passing familiarity with the how to search using a  data type.

metrics_diagram

To execute a search I would need to know which Collectd plugin I am interested in and what metrics it outputs. The table of all collectd plugins can be found here. Here’s an example which charts the load of a host svr0001

 | _type.equals(collectd) plugin.equals(load)  value.max(id)  _host.equals(svr0001)

One thing to note from the search is the use of the id field. This field is a unique key which identifies each unique metric value by  host, plugin  and instance.

Lets take a look at a few other search examples
Continue reading

Using Network Traffic Analysis on Cisco ASA routers to detect SpamBot Activity

Today businesses face an array of external and internal threats to their corporate network. Protecting business operations from security threats requires vigilance, experience and excellent tools.

Recently one of our customers found that alert emails from a trade capture system where being blocked by external mail servers. Further investigation showed that all traffic from the company mail server had been blacklisted and were being marked as spam.

Fortunately the sysadmin had Logscape installed actively monitoring all Cisco router traffic.

Outbound Connection Analysis

The Composite Blocking List (CBL) keeps a list of blacklisted mail servers with suspicious traffic. Many mail servers use this list to reject suspicious mail traffic. The first step for the sysadmin was to analyse all outbound traffic coming from within the company.

The first search he built showed all outbound mail connections recorded by the Cisco router  grouped by the  outbound mail-servers ip address. In a search like this you would expect to see connections to a short list of company approved mail server. This wasn’t the case.

 

 |  _type.equals(cisco-asa)  dstAddress.count() dstPort.equals(25)

cisco-blurred

 

On the 10th of April there is a distinctive spike in mail traffic. The blue parts of the search results represent expected mail activity but the  multi coloured spike indicates suspicious activity. Continue reading