Multiple table usage with monilog

Support, Questions and Discussions on MoniLog

Moderator: alorbach

Google Ads


Multiple table usage with monilog

Postby javstech » Tue Jul 15, 2003 10:06 pm

am i mistaken, or am i only able to access one table with monilog per server? I'm wanting to set up a separate table for my servers and firewalls, and would like the reports generated separately, it is easy to setup winsyslog to direct all my firewall messages to a separate table, but i have yet to figure out how to get monilog to read more than one table, am i missing something?

i am also noticing that it takes monilog an extened period of time to generate reports, as in approximately 5 minutes, and a simple query to the database takes less than 3 seconds, any ideas on tweaking performance?

i am also noticing that monilog is primarily for use with windows systems, in that it appears that all events, no matter the severity, from any non-windows source is simply listed as non-winodows, instead of listing error, warning, etc., am i correct or am i missing alot in the config?
javstech
 

Postby alorbach » Wed Jul 16, 2003 9:30 am

Hi,

I guess you are talking about a database source.
Monilog can only generate reports out of one table / file.

In your case, I would recommend that you use dedicated tables for devices, but also a general table where you store all information in.
In Monilog, you would use this general table then to generate reports.
Within the Monilog Profiles, you can then create profiles for each machine (With the Servers to analyze Filter).

Regarding the performance problem, could you tell us the specs of the machine where you have Monilog running?

Regarding your last question, Monilog can only analyse what it knows, and only a few "non windows" Syslog messages are supported (like Pix Syslog messages).
alorbach
Site Admin
 
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Postby Guest » Wed Jul 16, 2003 9:37 am

Hello,

Thank you for contacting Adiscon Support. Just a quick comment on the performance of monilog that you are comparing with regular SQL query.

The fact is that Monilog uses certain algorithm to compress the data as well which takes some time. So you cannot compare a simple SQL query time with the time that Monilog takes to generate the report becuase of additional processing of the data is involved in Monilog's Algorithm.

If you have any other query, please feel free to contact us.

Best Regards
Wajih-ur-Rehman
Adiscon
Guest
 

Postby Guest » Wed Jul 16, 2003 9:57 am

Hello,

Let me explain a little bit more which my colleague has written.

1. You can create just a single table in which all of your devices are logging data.

2. Lets say that you have 2 different machines "A" and "B" on which you want to generate separtate reports

3. In Monilog, create 2 different profiles. In the first profile, put "A" in the Servers to Analyze text box and "B" in the other's profile Servers to Analyze text box.

4. Now when you create the report, for first profile, it will only display you the records that were logged by A and similarly the report generated by second profile will only display you the records that were logged by B

Hope this will help

Best Regards
Wajih-ur-Rehman
Adiscon
Guest
 

Postby javstech » Wed Jul 16, 2003 1:22 pm

ok, so the performance issue is more of monilog interpereting the data for it's own purposes then? makes sense to me, and i can deal with it when i finally get my schedule working. the machine is a dual pentium3 1.0Ghz, 256MB ram, 7200 RPM HDD, with windows xp, event reporter, winsyslog, monilog, a small tftp server, and mySQL running on the second processor by itself. the system is extremely responsive.

the non-windows messages are primarily genereated from a cisco pix (which generates a great deal of entries) and an adtran atlas 500. i can do the multiple tables with one common one no problem, so there's the resolution to that problem, however, is there a product adiscon offers that interoperates with non-windows devices better?
javstech
 

Postby agrigorof » Wed Jul 16, 2003 2:34 pm

The 5 minutes that you mentioned sounds too much for the typical Monilog analysis. How many log entries do you estimate that the query retrieves? We can work on this issue offline and just post the results here (so feel free to email me at adrian.grigorof@altairtech.ca).

We are working on a new version of MoniLog that will not be focused on Windows events (even though it will preserve the same capabilities in regards to Windows). It may become available in the fall.

Regarding the Cisco Pix, how many entries per day do you get in average?
agrigorof
 

Postby wwei » Mon Apr 11, 2005 10:57 pm

Hi,

Is Adiscon planning to be able make Monilog able to generate reports from multiple sources? We are facing the same problem too, I want one source for servers and one source for network devices (like Pixs, routers etc). They both generate alot of report, and to seperate them to make files smaller helps. Also good practice to seperate the types of logs.
wwei
 

Google Ads



Return to MoniLog

Who is online

Users browsing this forum: No registered users and 0 guests

cron