Follow

Finding Which Log Sources and Messages Contribute Most to Log Volume | Best Practices

In This Article

Description

To find which log sources and messages are contributing most to your log volume, several resources are available to you. This article describes best practices for managing your log volume for Alert Logic® Log Manager™. 

Locating Message Volume in the User Interface

Multiple reports and modules are available in the Alert Logic console to track the message counts per log source and the message type that is responsible for the majority of the volume. There are multiple ways to obtain useful information about message volumes:

  • Run the Saved View reports from the Alert Logic console to see the message counts per log source and the message type that is responsible for the majority of the volume. There are three related Saved View reports: one showing Messages by Source, one showing Messages by Type, and one showing Messages by Type and Source. 

    For procedures on viewing and scheduling these reports, refer to the View Log Manager Messages by Source and Type | How To article. 

  • Review the following modules on the Summary page for Log Manager:

    - Received Logs
    - Top 10 Message Types

    In the classic Alert Logic console, the Summary page is accessed by selecting Log Manager in the drop-down menu at the top of the Alert Logic console. In the left navigation area, under Monitoring, click Summary. Your dashboard displays. 



    In the new Alert Logic console, the Summary page is accessed by clicking Log Manager in the top menu and then clicking Monitoring and then Summary on the left side of the page. Your dashboard displays. 



  • Review the Top 10 Sources Collecting module on the Support - Licensing page in the Alert Logic console. 

    In the classic console, this module can be accessed by selecting Log Manager in the drop-down menu at the top of the Alert Logic console. In the left navigation area, click Support. On the Support page, click the Licensing tab. If you want to view data for other dates or sources, you can change the settings for the module by clicking the gear icon in the top-right corner of the module. 

     
    In the new console, this module can be accessed by selecting Log Manager in the top menu of the Alert Logic console. On the far right of the lower menu, click Support. On the Support page, click the Licensing tab. If you want to view data for other dates or sources, you can change the settings for the module by clicking the gear icon in the top-right corner of the module. 

Making Adjustments

Once you've determined the source of the majority of your volume, review your collection practices and determine if adjustments can be made to reduce volume without undue compromise with respect to your security and compliance. 

For more information and procedures regarding Log Manager policies, refer to our Log Manager Policies documentation. 

Additional Information

The following related documentation may be useful when reviewing and updating Log Manager data and settings:

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.