System Notifications and Error Messages

Introduction

This article provides an overview of Logsign system notifications and error messages.

System Notifications

Logsign has services for health checks, and when a critical situation is detected by these services, Logsign health check logs are created. You can review these logs in detail from the table below.

 

 

Data.Type Event.Category Event.VendorID Event.Status Event.Action Event.Note
health_check




























EPS 100101 green status ok

"Check EPS Average" defined in log sources

EPS Average Checked. It reports that there is no problem in EPS Status.

1.png

EPS 100102 yellow increase

"Check EPS Average" defined in log sources

Reports an increase in EPS Average.

2.png

For the example above, the notification log will appear as follows.

Overall EPS average increased by more than 50% in 5 minutes. Last week's average is 12.

EPS 100103 yellow decrase

"Check EPS Average" defined in log sources

It informs us that there is a decrease in EPS Average.

3.png

For the example above, the notification log will appear as follows.

The overall EPS average fell more than 30% in 5 minutes. Last week's average is 12.

Disk State 100201 green size ok Disk Size indicates that there is no problem in the use case and the available disk size information.
Disk State 100202 red limit exceed

The disk space usage limit is exceeded. Exceeding this limit causes logging to stop.

4.png

Log Source 100301 green start

It is the status of successfully receiving logs at the source.

5.png

Log Source 100302 red stop

It is the case of not receiving any logs during the Health Check period.

6.png

Syslog Service 100401 green status ok It is the case that there is no problem in the syslog service. It is the status of logging with the syslog protocol.
Syslog Service 100402 red stop A situation where no logs are received from syslog resources within 5 minutes.
Index 100501 green start

It is the restart state of the ElasticSearch service.

Index   yellow  

It is the case of an incorrect log in the ElasticSearch service.

Index 100502 red stop

It is the case where the ElasticSearch service is stopped.

Persist 100601 green start

Persist service logs are written to disk.

Persist 100602 red stop

It is the case that there is no change in the logs written by the Persist service within 5 minutes.

Archived Data 100701 green status ok

Archive is the state of having no problem in the file, directory size and current state.

Archived Data 100702 red file error

The status of the archive file not being found.

Signed Data 100703 green status ok

There is no problem in the current state of the signed file and directory.

Signed Data 100704 yellow size error

Signed file size is a problem.

Signed Data 100705 red file error

Signed file and directory are not found.

Stored Data 100801 yellow file create

It is the new file state created in the archive or signed directory.

Stored Data 100802 red file modify

Archive or signed file update status.

Stored Data 100803 yellow file move

It is the archive or signed file transfer status.

Stored Data 100804 red file delete

Archive or signed file deletion status.

Stored Data 100901 yellow folder create

It is the case of creating a new folder in the archive or signed directory.

Stored Data 100902 yellow folder move

It is the case of moving a folder in an archive or signed directory.

Stored Data 100903 red folder delete

It is the case of deleting a folder in the archive or signed directory.

 

For the logs in the table given above, logsign stores ready-made alarms in its library.

7.png

Let's proceed by describing the conditions that must occur for these alarms to trigger and notify.

 

Health Check ElasticSearch Check It is triggered when an incorrect log occurs in the Elasticsearch service.
Health Check Disk Check Triggered if the disk space usage limit is exceeded.
Health Check EPS Average It is triggered when there is an increase or decrease in the EPS average.
Health Check File Create Triggered in case of new file created in archive or signed directory.
Health Check File Delete Triggered in case of file deletion in archive or signed directory.
Health Check File Modify Triggered in case of archive or signed file update.
Health Check File Move Triggered in case of archive or signed file move.
Health Check Persist Check It is triggered when the Persist service does not write any logs within 5 minutes.
Health Check Source Check Triggered if no logs are received during the Health Check period.
Health Check Syslog Status Check Triggered if no logs are received from syslog sources within 5 minutes.

 

You can follow the steps below to turn on the alarm notification.

 


Alarm Notification

Let's turn on alarm notifications by creating Logsign Action Rules.

8.png

9.png

10.png

 

11.png

12.png

 

13.png

 

We complete the process with the Save button.

14.png

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.