How can I export logs online from os monitoring tools? - monitoring

I need your experience in my topic.
I want to export logs from two or three operating system monitoring tools and analyze these logs and send a help message to user upon that state.
now i want two program and their methods to export logs online that i gather these data online in my database and use data for my program.
thank you for your answers!

Related

How do I manage syslog data from a firewall

I want to capture firewall Syslog data for the analysis purpose. What are the best practices for the same? In 10 min 300MB+ data is generated, so not sure dumping it in DB would be a feasible approach.
Any recommendations?
There are many tools available for this. I'd recommend LogZilla, since I work there, but a few other popular solutions are Splunk, ELK, and Loglogic. You would need to set up a server to receive the events, then configure your device to send its logs to that server. This would allow you to search those messages, as well as configure alerts for service impacting events. Managing your logs is an important part of network administration and has many benefits, so do your homework to determine your needs before selecting a solution.
After much research with various free and paid solution, we have finalized on https://www.graylog.org. Setup on the digital ocean was very straightforward. Primary because of strong API support besides other good stuff. It has log rotation settings that help to keep the log size under control.
Hope this helps.

Geneos data extraction

We are planning to use geneos reporting service for extracting data from application DB. But the problem is the geneos active console should remain open for reporting extraction to take place ie somebody needs to monitor it 24/7. Is there any solution/ any other option for data extraction using geneos? T
If you are using Geneos, the purpose should be monitoring. You are not clear when you say 'planning to use geneos reporting service for extracting data'. What is the purpose of extracting data? Is it monitoring? If yes, you have two options for monitoring - one is active console and the other is dashboard. You do not have to monitor 24/7, there are several alerting options available. Please elaborate your requirements to suggest further.
Have you tried switching on the Database Logging section in the GSE?
Extracting historical data can be useful for post incident analysis - for example CPU Spikes or Memory usage issues.
Online info:
https://resources.itrsgroup.com/ActiveConsole2/user_guide/index.html?highlight=database%20logging#database-logging
But surely if you are looking at historical data of a database, couldn't you look directly on the database?

Zabbix & external monitoring systems

I need to make freinds zabbix & other monitoring system.
My company uses Zabbix for monitoring. Our partner plans to use other system.
We need to exchange monitoring datas.
I'm interested in coopereation with the next systems: BMC Patrol, MS SCOM, NetCool, Portal.
What is the best way to integrate it?
Maybe via SNMP?
Replicate hosts and metrics into your Zabbix (use Zabbix trapper item type and setup also Allowed hosts value) and then just use some suitable zabbix-sender implementation and push data into Zabbix.
IMO it's terrible idea, because latency, syncing, ... Do you really need data (item values) or do you need only visualize data from different datasources in one graph?
Regarding BMC Patrol you can use History Loader/Propagator KM to export the monitoring data:
https://docs.bmc.com/docs/display/public/unixlinux912/PATROL+KM+for+History+Loader
or you can use the 'dump_hist' command to dump the history data from the agents:
https://docs.bmc.com/docs/display/pia9600/dump_hist+uility
Regarding Netcool events, you could get the information using different approaches, for example, depending on the version, you could get the events from the HTTP interface, as described below:
https://www.ibm.com/support/knowledgecenter/en/SSNFET_9.2.0/com.ibm.netcool_OMNIbus.doc_7.4.0/omnibus/wip/api/reference/omn_api_http_httpinterface.html
Or perhaps you could create a flat file gateway to read the events and write them on a file:
https://www.ibm.com/support/knowledgecenter/en/SSSHTQ/omnibus/gateways/flatfilegw/wip/concept/flatfilegw_intro.html

Getting vlc SAP Broadcast dump

I am receiving SAP broadcasts, which I can normally use and play using the standalone vlc application.
I have been asked to provide a dump of the same. I have 2 questions:
I dont clearly understand what exactly dump is
How can I obtain the same?
There are multiple types of dumps, so you might first find out, what kind of dump is meant. It could be a database dump, which is similar to a backup, but usually it's a memory dump.
A memory dump or crash dump is a copy of the application including its memory at a specific point in time. Usually you want to create a dump exactly at the time an application is crashing or hanging. The dump will then be helpful to find the cause of the problem.
There are many ways to obtain a dump. First, Windows might do that for you, when it asks "Send information to Microsoft". Second, you can create it using Task Manager. Right click a process and choose "Create dump file". Third, there are many tools out there, e.g. Process Explorer or ProcDump, which all have pros and cons and serve different purposes.
To suggest a tool for your specific case, we would need more information. Exact wording might matter in this situation.
Update
In your particular case it looks like SAP means Service Advertising Protocol, which is related to the network. A broadcast is a message which is sent to everybody.
You could capture that one with Wireshark, but you would need a lot of network knowledge to get the filters set up. In this case the term "dump" probably refers to a something similar to a database dump, because SAP uses tables to store lists of services.

Which is the best way to get real time data from avaya cms server?

I am sorry if this question goes out of topic but i forced to ask here as there is very limited resources found over the net on this.
I am looking to implement system to get real time data from avaya cms server I did lot of RND on JTAPI but it has got some limitations it is not giving all events all data as stored in CMS database. I also tried connecting cms database using Java but no success because it also give historical data in delay of 30 mins.
Is it possible to get the same technically using JTAPI,TAPI anything. Or is there anyone who have used any paid tool by avaya which is cheaper and can solve this purpose.
I saw clint but don't intend to use. Please let me know the ways if anyone had done this.
Your CMS may provide a feature known to me as realtime socket. It is a service pushing data about skills/splits, vdns and vectors over a network socket.
It is virtually the same what you'll find in hsplit and so on but realtime.
Pushed data can be configured by your cms admin.
If you are looking for call data you may take a look at *call_rec* table in cms.
You can use clintSVR which is a high level tool based on CMS CLINT. By using clintSVR, you can use CGI, OCX and C++ interfaces to get the real time data from CMS.
As others have said you can get this from realtime reports. You'll need to scrape them.
RT socket is just a set of wrappers around clint for running reports. It takes the realtime report data and sends to to a socket.
You can roll your own real time reports with clint and feed that to whatever needs to ship the data. A sample realtime report can be run from the command line like:
/cms/toolsbin/clint -u your_user <<EXECUTE_DONE
do menu 0 "cu:rea:Meas"
do "Run"
do "Exit"
EXECUTE_DONE
Here is an example of running a report directly
Run report directly:
/cms/toolsbin/clint -u ini <<EXECUTE_DONE
clear
run gem "r_custom/cr_r_3"
do "Run"
do "Exit"
EXECUTE_DONE

Resources