In This Article
To find which log sources and messages are contributing most to your log volume, several resources are available to you. This article describes best practices for managing your log volume for Alert Logic® Log Manager™.
Multiple reports and modules are available in the Alert Logic user interface (UI) to track the message counts per log source and the message type that is responsible for the majority of the volume. There are multiple ways to obtain useful information about message volumes:
- Run the Saved View reports from the Alert Logic UI to see the message counts per log source and the message type that is responsible for the majority of the volume. There are three related Saved View reports: one showing Messages by Source, one showing Messages by Type, and one showing Messages by Type and Source.
For procedures on viewing and scheduling these reports, refer to the View Log Manager Messages by Source and Type | How To article.
- Review the following modules on the Summary page for Log Manager:
- Received Logs
- Top 10 Message Types
The Summary page is accessed by selecting Log Manager in the drop-down menu at the top of the Alert Logic UI. In the left navigation area, under Monitoring, click Summary. Your dashboard displays.
- Review the Top 10 Sources Collecting module on the Support - Licensing page in the Alert Logic UI.
This module can be accessed by selecting Log Manager in the drop-down menu at the top of the Alert Logic UI. In the left navigation area, click Support. On the Support page, click the Licensing tab.
If you want to view data for other dates or sources, you can change the settings for the module by clicking the gear icon in the top-right corner of the module.
Once you've determined the source of the majority of your volume, review your collection practices and determine if adjustments can be made to reduce volume without undue compromise with respect to your security and compliance.
For more information and procedures regarding Log Manager policies, refer to our Log Manager Policies documentation.
The following related documentation may be useful when reviewing and updating Log Manager data and settings: