Logsign health check service allows you to control important parameters and services from a single location for your system. If there will be a problem on any these services you will be notified through e-mail or SMS. It is possible to notify other users which is identified by system with SMS and e-mail except admin users.
Note : To configure e-mail and SMS settings you can read the "Mail Settings" and "SMS Settings" articles, also to identify users check "User Management" article.
This feature is used to prevent breaking down the stability of system while the capacity of the disc is fulfilled that Logsign installed on this disk.
If you activate this feature;
When the fill rate of the disc is % 80, you will be notified with SMS or e-mail as written disc status : "Yellow" by Logsign.
When the fill rate is %90, it will inform you as written disc status : "Red" and the collectors will not aggregate logs to the systems (poller-wmi, poller-wmi, syslog-collector, etc.) which is used to collect logs. The logs will not be written anymore on archive(.json), signed(.raw) and index. Thus, your disc will be prevented from filling until you interfere to the system.
** To allow the collecting logs again, the disc status must be "Green" and the fulfilled rate of the disc must be under %80.
When your system is installed on a virtual environment, you can increase the size of the disc and define a second disk. If your system is installed on a physical device, you can add a new disc and mount it to the system. You can check the disc fulfilled rate from Disk Utilization chart under the Dashboard > System Events > SIEM System Events section, as in the following screenshot admin panel:
With this feature, you will be notified when the logs and signed logs settings are changed. (You can check the signed logs settings under Settings > Data Management > Sign Settings on Logsign web interface.)
In warning e-mail, it shows the problem with its date (yy/mm/dd) and file name. You can access the file which is under Settings > Logs > Signed from admin panel and verify the file according to the signature method via "Validate" button. As a result of that, it is possible to see the changed rows on log file.
At 5-minute intervals, the change in log files maintained with raw and json extensions is checked. Warns if the log directory size has not changed.
Log Source STATUS
It is the mechanism for controlling whether logs come to Logsign from sources. While sources are integrated to Logsign, you can set the period of health check control as desired, as in the screen shot below:
You must enable this feature to check the status of the syslog service.
Namenode Service STATUS
Namenode works as a manager in Logsign cluster systems which is responsible for:
File access and distribution, creation, deletion and problem solution of processes overall servers. In brief, the information of all the files on HDFS (metadata) is stored and managed by Namenode.
It must be activated to check Namenode in cluster systems.