Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > How-to View All Real-Time and Historical Activity from a Single IP using Log & Event Manager - Video

How-to View All Real-Time and Historical Activity from a Single IP using Log & Event Manager - Video

Updated 8-18-2016

Overview

This video will show you how to use Monitor and NDepth to see all events from a single IP address or hostname.

Environment

  • Log and Event Manager

Video Transcription

Let's get started!

  1. Within the LEM web console there are two areas you can use to investigate device activity. Let's start in the Monitor section which provides a real-time view of your log data and comes in handy when you need to see everything happening on a server, router, firewall or application.
  2. The Monitor view comes with several built-in filters that provide a global view into different types of logs however for this example a custom filter is required.
  3. To build a custom filter, click on the plus (plus) sign above the filter list and select "New Filter" to be taken to the filter interface.
  4. Similar to other interfaces in the web console everything is drag and drop. The categories on the left contain the items that can be added to this "Conditions" box to define exactly what logs you wish to view.
  5. To see all information from a single system, use Event Groups located here. The object of this filter is to view all logs. Select the "Any Alert" Alert Group and you will see several fields displayed below. Fields allow you to apply granularity to the filter where necessary. For this example, click and drag the "DetectionIP" field into the Conditions box.
  6. Now type in the IP address or hostname of the system you wish to monitor. Wildcards ( * ) can be used if you want to add a subnet or a portion of a name.
  7. Be sure to name the filter and click the "Save" button.
  8. Now you will be taken to the new filter in the console where you can view all of the logs sourcing from this IP address.

While real-time data can be useful when troubleshooting a problem more often then not you will be required to investigate historical logs. Now, let's learn how to use the previously created filter to initiate a quick search and use a basic text search to see every log that contains that IP.

  1. At the top of the Filters list you will see a gear icon that lists additional options. One of those options is Send to nDepth which will take you to the nDepth search interface.
  2. If you wish to go directly to nDepth, click on "Explore" and select the "nDepth."
  3. The same filter you created to display the real-time logs can be used to search the database.
  4. Make sure the filter is selected then click on the gear icon at the top and select "Send to nDepth."
  5. You will immediately be taken to the nDepth section where LEM will display 10 minutes worth of log data.
  6. If you need a longer period of time, click on the time drop-down menu and select a built-in option or "Custom Range" to create you own.
  7. If you didn't build a filter or you just want to see every log associated with an IP or hostname you can run a basic text search.
  8. To search by text click the small toggle switch next to the search bar and drag it down. A text field will be displayed to the right.
  9. Now type in your search term and click the blue search button.
  10. Directly below the search bar on left you will see that LEM automatically refines the results into several categories which help you quickly identify events of interest. The actual log details are presented on the right.
  11. To drill down further just double-click an item to add it to the search bar then click the "Search" button again and LEM will refine the results further.
  12. You can continue to double-click on items for further drill down or use the search history section to return to an earlier search.

Visit the Success Center for more information on using Log and Event Manager

 

 

Last modified
10:45, 6 Mar 2017

Tags

Classifications

Public