Archive

Tech Tip: NV - Event Log Filtering 

08-25-2015 09:04 AM

The Event Log can be used for troubleshooting various problems which relate to a specific service. Each of the NV services have an option to set Logging Level to Normal (Verbose) which will result in all available messages going into the Event Log.

 

Note these verbose messages will only be displayed in the event log window and will not be saved into the database.

 

Two of the most common reasons are for polling overruns and discovery failures when a dataset fails to get added to a device. The idea is to first enable verbose logging for the particular service involved and then open an event log window and set a filter to exclude unwanted entries. Additionally multiple Event Log windows can be opened each with its own filter.

 

Note: This is to be done via a remote connection into the Poller and not at the MC.

 

For overruns:

Find the overrun messages in the Event Log.

For example:

ifstats(Fast): Polling did not complete due to a polling cycle overrun

rttstats(Normal): Polling did not complete due to a polling cycle overrun

qosclass(Fast): Polling did not complete due to a polling cycle overrun

 

Now go to Console > Services > Polls > Logging Level: Normal (Verbose)

 

Next Console > Tools > Event Log > Edit > Set Filters

Now at each tab check only these items:

Severity & Ackn: Normal, Acknowledged, Unacknowledged

Message & Time check 'Match message' and enter the first part of the message from the log such as ifstats(Fast): or rttstats(Normal):.

Type: Polling

Source: Polls

 

Click OK and wait through the next few polling cycles.

Then, File > Save > Filtered

 

Here is a sample message.

ifstats(Fast): Polling for 10.241.251.71 did not complete due to a polling cycle overrun, was 82 percent complete (1505/1826)

To be more meaningful the logging needs to be left in place for some time to get a better understanding. For example if the same devices keep showing or if each time investigate them.

 

 

For discovery:

Locate the device in the Groups tree

Open the Event Log > Tools > Event Log > Edit > Set Filters Now at each tab check only these items:

Severity & Ackn: leave everything selected Message & Time: leave it blank

Type: deselect all

Source: Topology

Go to Services > Topology > set Logging Level to Normal (Verbose)

Now right click on the device > Rediscover

When the discovery of the device is finished then go to the Event Log window > File > Save > All Events.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

09-09-2015 06:06 PM

Another real life example.

A new Juniper device was added and the Juniper System Stats dataset shows up under it but it has no poll instances.

 

Using the above steps for discovery the query used was found.

 

select jnxOperatingEntry.jnxOperatingContentsIndex,jnxOperatingEntry.jnxOperatingL1Index,jnxOperatingEntry.jnxOperatingL2Index,jnxOperatingEntry.jnxOperatingL3Index,jnxOperatingEntry.jnxOperatingDescr,jnxOperatingEntry.jnxOperatingDescr from '132.235.66.1:161':'Routers'@JUNIPER_MIB.jnxOperatingEntry jnxOperatingEntry where (jnxOperatingEntry.jnxOperatingDescr ='Routing Engine' or jnxOperatingDescr ='Routing Engine 0' or jnxOperatingDescr='Routing Engine 1')

 

For this new device they are called 'node0 Routing Engine 0' and 'node1 Routing Engine 0'.

The 'node' prefix is causing them to be excluded.

08-26-2015 08:46 AM

Here is another example showing how to filter for rollup activity.

 

Filter Event Log

Go to Console > Services > Polls > Logging Level: Normal (Verbose)

 

Next Console > Tools > Event Log >

Event Log > Edit > Set Filters

Now at each tab check only these items:

Severity & Ackn: Normal, Acknowledged, Unacknowledged

Message & Time check 'Match message' and enter 'ifstats(Fast):'

Type: Polling

Source: Polls

 

Normal 5min messages:

ifstats(Fast): rollups(300->3600) for 7/31/2014 12:10 completed 1954 records in 0 secs

ifstats(Fast): threshold evaluation completed in 0 seconds

ifstats(Fast): 4244 polls converted to 2121 deltas in 9 seconds

ifstats(Fast): 2121 polls completed and 64 missed in 127 seconds

ifstats(Fast): BER stats: PDU size 65507, 988 allocs, 988 queued, 663 max req, 1364 max rsp

ifstats(Fast): iterator initialized in 0 seconds

 

Normal Hour messages:

all the same type messages but two of the last, one for the current 5min and one for the hour

For example this was at 13:00

ifstats(Fast): rollups(300->3600) for 7/31/2014 13:00 completed 1875 records in 1 secs

ifstats(Fast): rollups(300->3600) for 7/31/2014 12:00 completed 949 records in 2 secs

 

Midnight messages are the same as the Hour messages.

Related Entries and Links

No Related Resource entered.