Alert Logic® Log Manager™ customers can view message counts per log source and message type using the Alert Logic console. Viewing message counts can help you determine which sources and types are contributing the most to your log volume.
For more information about finding which log sources and messages are contributing most to your log volume, refer to the Finding Which Log Sources and Messages Contribute Most to Log Volume article.
You can display reports listing messages and message counts on an as-needed basis, or you can schedule these reports to be sent to you.
Display messages by source/type as needed
- At the top of the Alert Logic console, navigate to the Log Manager page.
- Find and click the Messages tab.
- In the search table, click the Available Saved Views icon, which looks like a ribbon. A configuration area will display on your screen.
- In the search bar on the top right of the configuration area, type Messages by. The list of saved views is filtered with the following views on top:
- Messages by Source
- Messages by Type
- Messages by Type and Source
- Messages by Windows Event Type
- Select the view you want to display.
- For a short time period (up to a few days), click Load View.
For a period up to a week, click BETWEEN at the top left of the configuration area. In the drop-down menu, choose the desired date range. If you want to display messages for a specific date, click Custom..., pick the dates from the calendars, and then click Apply. When you have defined your search parameters, click the search (Magnifying glass) icon.
- (Optional) To export the results, click the gear icon and select Export Log Messages. A configuration area will expand and display on your screen. Click Export.
Schedule reports for messages by source/type
- Complete steps 1-5 in the procedure above.
- Click Add schedule.
A configuration area appears where you can make your desired schedule.
- In the What to Include section, enter settings as desired to determine what is included in the report. The default settings can often be used.
- In the Options section, enter the following:
- Type 0 in Limit.
- Select the Send documents as email attachments checkbox.
- Select yourself in Send notification to. You can locate your name more easily by typing your last name and selecting your name from the list that displays.
- In the Schedule and Time Frame sections, enter settings to determine whether the report is run once or multiple times and whether the report is recurring.
- Click Add new schedule to run the report or start the schedule if recurring.