Log Management

About Log Management

The new WhatsUp Gold Log Management add-on allows you to collect Windows Event Log
and Syslog events from any available device configured as a log data source. In addition to
simply collecting log data, you can customize WhatsUp Gold to collect events which fit your
specific needs by defining search criteria and applying several common and/or format-specific
filters when viewing corresponding reports and dashboard views.

While applicable log management configuration settings are maintained in the WhatsUp Gold
database, the actual log data collected by WhatsUp Gold Log Management is stored in a
dedicated instance of Elasticsearch to ensure you can retrieve the information you're looking
for quickly and easily. You also have the option of using WhatsUp Gold Log Management with
an existing Elasticsearch installation. To do so, simply specify the URL and valid access
credentials when prompted during installation.

Before you can successfully collect log data, you must configure one or more monitored
devices to serve as log data sources. Follow the procedure steps presented in Configure a
Log Source to set up a device to make either Windows Event or Syslog data available to
WhatsUp Gold. Please note, to successfully collect Syslog data, you must configure WhatsUp
Gold AND the actual Syslog server. For the Syslog server, configure and enable the push of
log data to WhatsUp Gold using IP Address, hostname, etc. One port is dedicated to listening
for Syslog data all the time. Additionally, if you have set up any passive monitors for Syslog or
Windows Event Logs, we recommend disabling them due to duplicate collection of data.

Once log data is actively being collected, you have the option to use the Advanced Filter
Builder create and save sets of filter criteria in a dedicated library for use in several interfaces
applicable to log management inside WhatsUp Gold. It's important to note that, depending on
how you configure log data collection, WhatsUp Gold has the potential to collect enormous
amounts of data and possibly fill your storage database to capacity. Proper use of advanced
filters in concert with the conservative use of applicable settings and/or configuration will help
prevent this from occurring. Refer to Creating Filters for step-by-step information on how to
populate your log management filter library.

One of the most versatile and commonly-used features of WhatsUp Gold is its robust and
customizable reporting views. The application now offers an additional dashboard view as well
as individual reports dedicated to presenting data collected by WhatsUp Gold from log
sources. The Log Management Dashboard view can be found by selecting ANALYZE > Log
Management > Log Management Dashboard. Using the same menu path, you can also
access the Log Viewer full page report which allows you to search for log data based on user-
defined critera and/or a saved filter selected from the Log Filter Library. You also have the
option to launch the advanced filter builder dialog directly from the Log Viewer interface where
you can create a new set of filter criteria to apply to the report which can also be saved to the
Log Management filter library.

Important: Any Syslog or Windows Event Log reports from previous versions of
WhatsUp Gold will NOT show Log Management-specific data.

Alert Center now offers a new threshold exclusive to WhatsUp Gold's new Log Management
functionality called Log Management Filter Frequency. This threshold monitors either the
absence or the presence of logs based on a saved filter selected from the Log Filter Library. It
can be used just like any other threshold in Alert Center in that you have the ability to apply a
notification policy so you can be alerted when certain log data is collected as well as view
related activity in the Alert Center full-page reports which can be found by selecting of the
options under ANALYZE > Alerts and Actions.

Installing and Configuring Log Management

Installing WhatsUp Gold with Log Management

features

If your license includes Log Management features, you'll be prompted to designate a database
instance designated solely for log data collection during your initial WhatsUp Gold installation.
All data collected by and/or sent to WhatsUp Gold from log data sources is stored in an
Elasticsearch database. You have the option to either install a dedicated instance of
Elasticsearch directly from the WhatsUp Gold installer or configure a connection to an existing
Elasticsearch instance you install external of WhatsUp Gold.

Important: If you plan on deploying WhatsUp Gold Agents to assist with log data
collection, we highly recommend connecting to an existing Elasticsearch instance.

Warning: When prompted by the installer, review the IMPORTANT information

about available options and recommendations for using Elasticsearch with
WhatsUp Gold before proceeding. Your selection must reflect the needs of your
specific network environment, how you intend to collect log data from sources, and
any security limitations under which you may be operating.

Warning: If you do not plan to use Log Management features and as such do not
need to install or use an Elasticsearch database, please enable the applicable
checkbox at the bottom of the IMPORTANT Log Management Information dialog, then
click Next.

If your license includes Log Management features and you would like to use a secure
Elasticsearch instance:

1. Select Point to a secure installation of Elasticsearch, then click Next.

Important: This option should be selected if you require a secure Log Management
data store and/or if you plan to deploy WhatsUp Gold Agents on your network. We
strongly recommend pointing to an existing, secure instance of Elasticsearch. If you do
not have a secure Elasticsearch database available for use with WhatsUp Gold, please
see the Knowledge Base article found here.

2. Enter name of the Elasticsearch host, applicable port number, and username and
password combination (if using a secure connection), then click Next.

3. Select the language or languages you would like to install for use with the application,
then click Next.

4. Click Proceed. The WhatsUp Gold install program begins the installation. When the
installation program completes, the InstallShield Wizard Complete dialog appears.
 5. Click Finish. The setup program closes.

If your license includes Log Management features and you would like to use the local
Elasticsearch instance included with WhatsUp Gold:

1. Select Install an open-source version of Elasticsearch with WhatsUp Gold, then

click Next.

Note: Please ensure your WhatsUp Gold server meets the minimum recommended
hardware specifications to adequately support Log Management.

2. Select the destination folders for the ElasticSearch instance and data files, then
click Next.

Note: Please ensure the selected drive contains the minimum recommended free
space to store log data.

3. Enter the HTTP and Transport port numbers for WhatsUp Gold to use for
communication with Elasticsearch, then click Next. The default and recommended port
numbers are 9200 and 9300, respectively.

4. Select the language or languages you would like to install for use with the application,
then click Next.

5. Click Proceed. The WhatsUp Gold install program begins the installation. When the
installation program completes, the InstallShield Wizard Complete dialog appears.

Click Finish. The setup program closes.

Log Management Settings

Configure the following to enable WhatsUp Gold to successfully ingest data from log sources:

Elasticsearch Connection
 Elasticsearch Address. Enter the IP address WhatsUp Gold should use to
communicate with Elasticsearch.
 Port. Enter the port number WhatsUp Gold should use to communicate with
Elasticsearch. The default port number is 9200.
  Credential. Enter the username and password required to access the specified
Elasticsearch instance if required.
 Use SSL. Enable this option to secure communication between WhatsUp Gold and
Elasticsearch using Secure Socket Layer encryption (https).

Tip: If you would like to upload your own SSL certificate, please disable the Ignore
Certification Error option, then click Upload. Browse to and select the desired
Certificate Authority file in PEM container format (.crt).

Log Collection Settings

 Log Data Retention. Specify the number of days log data should be retained before
WhatsUp Gold begins deletion of older logs.
 Total Disk Space Usage Limit. Use the slider control to indicate the maximum
percentage of the total storage to be consumed before WhatsUp Gold begins deletion
of older logs.

Important: When the total disk space usage on disks where Elasticsearch stores its
data reaches the usage limit, a web alarm is automatically triggered. This alarm
advises users to take appropriate actions to address the impending problem before
indexes are deleted. The notification can be dismissed or temporarily snoozed just
like any other web alarm, however it does not need to be created or configured in
the Actions Library. Instead, users can select a corrective action directly from the
notification dialog, when applicable.

Tip: Current Elasticsearch Node Disk Space Usage Information refers to the
Elasticsearch instance WhatsUp Gold Log Management is using.

Tip: Maximum Disk Space Usage Limit refers to the point at which Elasticsearch
will stop accepting more data.

Syslog Server Settings

 Enable Syslog server. Select this option to enable the Syslog server in WhatsUp Gold
Log Management to allow devices to connect and send Syslog data to Log
 Management. Please note, this option must be enabled if you want to collect Syslog
data from log sources.

Important: If you plan to enable this option, you must first disable the Listen for
messages option under the Syslog Settings section of the Passive Monitor Listener
dialog which can be accessed by selecting SETTINGS > System Settings > Passive
Monitor Listeners.

 Syslog Server IPv4 Address. Enter the IPv4 address on which WhatsUp Gold should
listen for Syslog messages.
 Syslog Server IPv4 Port. Enter the port number on which WhatsUp Gold should listen
for Syslog messages.
 Syslog Server IPv6 Address. Enter the IPv6 address of your Syslog server if you are
collecting IPv6 Syslog data.
 Syslog Server IPv6 Port. Enter the port number on which WhatsUp Gold should listen
for Syslog messages if you are collecting IPv6 Syslog data.

Please note, clicking Save automatically tests the Elasticsearch connection. If a successful
connection cannot be established, the Log Management settings you've configured will not be
saved.

Using Log Management features

Configure a Log Source

To configure a new Windows Event Log or Syslog source:

1. Select SETTINGS > Log Management > Log Data Source Setup from the main
menu to launch the Log Data Source Setup interface.
2. First, click , then select either Windows Event Log or Syslog from the options
displayed.
3. Click within the Add Devices to Collect Logs dialog, then browse to and select a
device using the group/device selector provided.
4. When you've selected the device you want to use as a log source, click Select.
 Tip: You may select multiple devices by holding the Ctrl key when clicking device
names/IP addresses.

Note: By default the Select Log Source Devices dialog only displays network devices
from which WhatsUp Gold can likely receive log data. If you do not see a device you'd
like to designate a log source, disable the Eligible sources only control at the top of
the dialog to expand log source options across the network.

5. Click Next.
6. Choose which logs to collect and which ingestion filter to apply.

o If you are configuring WinEvent Log collection, you have several options to
consider. First, use the radio buttons to collect Standard logs only or Specific
logs. When Standard logs only is enabled, use the checkboxes provided to
tag Application, System, and or Security log data for collection. When Specific
logs is enabled, use the checkboxes provided to select individual logs by
name. Both options allow for ingestion filter application per log type and a Bulk
apply ingestion filter control which applies a single ingestion filter to all items
displayed within the dialog.
o If you are configuring Syslog collection, simply select the ingestion filter you
want to apply to each log source using the applicable drop-down menu.

7. When finished, click Save.

The log source(s) you've configured now appear in the main Log Data Source Setup dialog. In
addition to being the launching point for configuring a new log source, this interface also allows
you to edit and remove log sources as well as enable/disable log sources and apply a single
ingestion filter to multiple (WinEvent) log sources using the Bulk apply ingestion filter control.

Please note the following specific to the Bulk apply ingestion filter feature:

 If your device selection contains a single log type and the selected filter is of the same
type, all logs are updated.
  If your device selection contains a single log type and the selected filter is not the same
type, a message indicating, “No selected log sources match the type of the ingestion
filter.” is displayed.
 If your device selection contains a multiple log types, the selected filter is applied to all
logs in the device selection which match the filter type.

Tip: The Bulk apply ingestion filter feature respects results returned when using the
Search field at the top of the dialog. By default, the bulk filter is applied to all logs of
the selected ingestion filter type. To apply a bulk ingestion filter change to a
specific log name, use the Search field to identify and select the target log name
prior to filter application.

You can also access this workflow directly from the Logs tab on the Device Properties
interface. When viewing Device Properties for a device you'd like to configure as a log source,
select the Logs tab, then proceed with the same steps described previously beginning with
clicking the icon. If you configure log data collection from Device Properties, it's important
to note the Add Device to Collect Logs dialog is automatically populated with the device as
the potential log source; no device selection is necessary, so the group/device selector tool
cannot be accessed in this scenario.

Creating filters

Use the Advanced Filter Builder dialog to create a defined filter consisting of one or more
complex criteria groups for use with WhatsUp Gold log management data ingestion and
associated reporting. This interface can be most easily accessed by selecting SETTINGS >
Log Management > Log Filter Library, then clicking the Add icon. You can also navigate to
the Advanced Filter Builder dialog directly from the Log Viewer by clicking Advanced Filter,
then selecting New Filter from the menu that appears.

To create an advanced filter for use with WhatsUp Gold Log Management:

1. First, give your new filter a name. This is the name by which you'll identify the filter in
WhatsUp Gold when working with log management reporting and alerting features.
2. Select a field from the first drop-down menu on the left. This menu is categorized by
type and can be searched using the data entry field at the top of the list.
 3. Select the relationship between the selected log field and the user-defined criteria the
filter will consider from the drop-down menu in the center.

Tip: When the center drop-down menu is expanded, you can hover over any item in
the list to display a tool tip describing that option in greater detail.

4. Enter the criteria the filter should consider in the data entry field at right.
5. If you would like to create an additional item for the Criteria group, click the Add icon,
then repeat the previous steps as needed to complete the group.
6. If you would like your filter to contain additional groups, click Add filter group to begin
specifying additional criteria, as needed.
7. Ensure the drop-down menus separating both filter and criteria groups reflect the
correct relationship between each group (e.g., Criteria Group A AND Criteria Group B
OR C.)

o IP Address + begins with + 172.

AND
o Event Severity + matches + Critical
OR
o Event Severity + matches + Warning

8. To remove any item from a criteria group, click the X icon to the right of the target item
or to remove an entire criteria group from the filter, click the
applicable Delete hyperlink.
9. When your filter is complete, click Save.

When viewing the Log Filter Library, you can see a list of all saved filters as well as related
information including the number of Alert Center thresholds that have been configured using
that filter and which user last updated the filter criteria and when.

Note: Pre-defined filters displayed in the library are appended with a lock icon and
cannot be edited.

To launch the Log Management Filter Frequency Alert Center threshold configuration dialog in
order to set up an alert for any filter displayed, select the filter, then click Setup Alert. The
configuration dialog appears with the Log filter field automatically populated with the filter you
selected in the library. If a saved filter already has an alert applied to it, you can create an
additional alert using the same control.

Caution: Clicking Remove Alert will remove all alerts applied to the selected filter.

Configuring a Log Management Filter Frequency

Threshold

Monitor the absence or presence of logs based on the filter query you have saved.

To configure a Log Management Filter Frequency threshold:

1. Select SETTINGS > Actions & Alerts > Alert Center Libraries from the main menu,
then select the Thresholds tab in the interface that appears.
2. Click the Add icon to launch the Select Threshold Type dialog.
3. Choose Log Management Filter Frequency from the options displayed, then
click Select.
4. Use the General tab to configure the following threshold settings:

 Name. Used in the Threshold library and the title on the Alert Center Dashboard.
 Log Filter. Select the desired log filter from filter library using the drop-down menu.
 Notification Policy. (Optional) Select the notification policy to apply to this threshold.
The policy initiates notifications when an item is outside the configured threshold limits.
 Threshold Check Interval. Enter a time interval for Alert Center to check the database
for items that are out of the threshold limits.

Tip: Avoid setting the threshold check interval to a very short time, as this can degrade
system performance. In general, setting the threshold check interval to less than five
minutes is not advised.

 Automatically resolve items no longer out of threshold. Select this option if you
want Alert Center to automatically resolve items when they return to the value within
the threshold limit.
Note: Notification policies are optional for most thresholds. If you do not select a
notification policy, no notifications are generated for the threshold, but a dashboard
report listing the out of threshold items still appears on the Alert Center Home
page.

Condition
 Presence/Absence. Enable the desired option to report the threshold as breached
when the results of the selected log filter query appear/do not appear with the specified
frequency and within the specified duration.

Warning: When Absence is selected, the threshold will be considered breached with a
count of zero for enabled log sources that may not be collecting log data. This could
result in excessive alerts and notifications depending on your Log Management and
Alert Center settings and configuration.

 Frequency. Indicates the number of records WhatsUp Gold finds matching the applied
filter criteria within the specified duration.
 Duration. Specify the length of time in which the results of the log filter query must
appear/not appear for a single log source to consider the threshold breached.

Use the Applied Log Sources tab to which log source or sources this threshold should be
applied:

 Apply this threshold to ALL applicable log sources. Enable this option to apply the
threshold to all available log sources.
 Exclude log sources. When the threshold is applied to all log sources, you can enable
this option, then specify one or more specific sources to be excluded from filter
frequency threshold monitoring. Click the Add icon, then select either Groups or
Devices. Use the subsequent dialog to select the group(s) or device(s) to exclude
depending on your selection.
 Apply this threshold to specific log sources. Enable this option to apply the
threshold to one or more user-defined log sources.
Accessing Log Management data from other areas of
WhatsUp Gold

There are several methods by which you can locate specific log data in WhatsUp Gold.

 The Global Search feature at the top of the WhatsUp Gold user interface now returns
results which include log data from configured log sources.
 The Device Information card has been enhanced to include an expandable section
containing recent log counts arranged by category.
 The Device Properties interface has been enhanced to include a Logs tab where you
can enable and disable as well as manage specific elements of log data collection. You
can also access the Log Data Source Setup interface directly from Device Properties
without using the main menu path.

Log Management Reporting

Log Management Dashboard

The Log Management dashboard is a reporting tool which provides a centralized location
specific to data collected by WhatsUp Gold Log Management.

Log Management dashboard reports include:

 Log Activity
 Log Management Server Status
 Log Source Statistics
 Top 10 Devices with Critical Windows Security Events
 Top 10 Devices with Critical Windows Application Events
 Top 10 Devices with Critical Windows System Events
 Top 10 Devices with Critical Syslog Issues
Log Activity

The Log Activity dashboard report presents a summary of all log entries retrieved by or sent to
WhatsUp Gold within the selected time period. The report displays a graph tracking the
quantity of log entries by severity. It can be configured to chart log entry quantity by minute,
hour, or day by clicking the Settings icon and selecting from the Chart Options menu. Please
note, this menu also includes a Group by Time setting of Automatic which causes the report to
adjust from minute to hour to day depending on the length of the date/time range selected
without user interaction. Additionally, you have the ability to further customize the chart by
clicking on any of the severity categories shown in the legend below the graph to hide them
from display. Click any hidden category to return the corresponding chart data to the display.

Log Management Server Status

The Log Management Server Status report is a relatively basic view that provides you with a
dedicated interface with which to see high-level Elasticsearch server information. This includes
the server name and connection status as well as current data retention setting and disk space
limits. More specifically, Total Disk Space Usage Limit represents the limit of total disk space
usage on disks where Elasticsearch stores its data while Maximum Total Disk Space Usage
Limit reflects a setting inside Elasticsearch itself, and is the maximum that users are allowed to
set the Total Disk Space Usage Limit through the Log Management Settings dialog. The
Maximum Total Disk Space Usage Limit is displayed only if the Disk-based shard allocation
option is enabled inside Elasticsearch. When enabled (by default), if the disk space usage
percentage reaches that level, then all indexes residing on the affected node become read-
only and no new data can be added. Additionally, you can access the Log Management
Settings interface directly from the report without the need to leave the Log Management
Dashboard by clicking the applicable hyperlink.

Expanding the lower section of the report allows you to view current disk space usage data for
each node. This data includes the actual disk space in gigabytes, the percentage of total disk
space on the node used by Elasticsearch indexes, by other programs, and the percentage of
free disk space available.
Important: Only one node is configured on the Elasticsearch server by default. The
procedure for adding nodes to the server occurs entirely independent of WhatsUp
Gold.

At the bottom of the report view, you can now see the following operational metrics:

 Devices configured to collect Windows Event Logs

 Devices configured to collect Syslogs
 Total number of log events collected

Note: Record counts may vary at various levels (e.g., cluster, node, index, etc.) in
Elasticsearch and some of these records are categorized as metadata. WhatsUp
Gold displays the number of records at the Index level to ensure a greater degree
of accuracy regarding how many actual log events, as opposed to total records,
were collected.

 Log data size (GB)

 Daily size increase (GB)
 Average log events per second (past hour)

Note: This metric provides you with a sense of scale for the severity of any peaks.
A change in average over time may indicate the disk space allocated for the data
store needs to be increased to accommodate more rapid growth than anticipated.

 Maximum log events per second ( past 24 hours)

Note: This metric can be useful for capacity planning because it identifies spikes
and/or growth in events per second and can give administrators a better idea of the
appropriate amount of bandwidth needed to handle those spikes and growth.

 Approximate days to deplete free disk space

Note: This metric is a rough projection of how many days it may take log collection
at the current rate (indicated by the daily size increase in GB) to fill the remaining
free disk space. Please note, this estimate assumes no other applications other
than Elasticsearch are consuming space on this disk.

Share, export, and save as PDF

Most generated Log Management Server Status report data can be printed, shared, and
exported when selecting Expand ( ) from the Dashboard Options ( ) menu. After the
report has been expanded, select export ( ) to access the following options:

 Print/Export to PDF. Automatically generate a PDF file of the report.

 Export Data. Export Log Management Server Status data and leverage outside of
WhatsUp Gold.
 Schedule Export. Set a recurring date and time, format, and email destination for
report data export.

Log Source Statistics

The Log Source Statistics report provides you with a list of all devices configured as log
sources along with high-level log data collection statistics for each for the date/time range
selected for the selected date/time range. Using this report, you can see at a glance if log data
collection is enabled for the device, the number of events collected, the rate of collection
(Events Per Second), and the percentage of total events collected.

Share, export, and save as PDF

Most generated Log Source Statistics report data can be printed, shared, and exported when
selecting Expand ( ) from the Dashboard Options ( ) menu. After the report has been
expanded, select export ( ) to access the following options:

 Print/Export to PDF. Automatically generate a PDF file of the report.

 Export Data. Export Log Source Statistics data and leverage outside of WhatsUp
Gold.
 Schedule Export. Set a recurring date and time, format, and email destination for
report data export.
Top 10 Devices with Critical Windows Security Events

The Top 10 Devices with Critical Windows Security Events report provides you with a list of ten
devices configured as log sources that have received the most Windows security events
categorized as "Critical" for the selected date/time range.

Important: For Windows Event Logs, events categorized as "Critical" include the
underlying severity levels of both Critical and Error.

Using this report, you can see at a glance if log data collection is enabled for the device, the
number of events collected, the rate of collection (Events Per Second), and the percentage of
total events collected.

Share, export, and save as PDF

Most generated Top 10 Devices with Critical Windows Security Events report data can be
printed, shared, and exported when selecting Expand ( ) from the Dashboard Options ( )
menu. After the report has been expanded, select export ( ) to access the following options:

 Print/Export to PDF. Automatically generate a PDF file of the report.

 Export Data. Export Top 10 Devices with Critical Windows Security Events data and
leverage outside of WhatsUp Gold.
 Schedule Export. Set a recurring date and time, format, and email destination for
report data export.

Top 10 Devices with Critical Windows Application Events

The Top 10 Devices with Critical Windows Application Events report provides you with a list of
ten devices configured as log sources that have received the most Windows application events
categorized as "Critical" for the selected date/time range.

Important: For Windows Event Logs, events categorized as "Critical" include the
underlying severity levels of both Critical and Error.
Using this report, you can see at a glance if log data collection is enabled for the device, the
number of events collected, the rate of collection (Events Per Second), and the percentage of
total events collected.

Share, export, and save as PDF

Most generated Top 10 Devices with Critical Windows Application Events report data can be
printed, shared, and exported when selecting Expand ( ) from the Dashboard Options ( )
menu. After the report has been expanded, select export ( ) to access the following options:

 Print/Export to PDF. Automatically generate a PDF file of the report.

 Export Data. Export Top 10 Devices with Critical Windows Application Events data
and leverage outside of WhatsUp Gold.
 Schedule Export. Set a recurring date and time, format, and email destination for
report data export.

Top 10 Devices with Critical Windows System Events

The Top 10 Devices with Critical Windows System Events report provides you with a list of ten
devices configured as log sources that have received the most Windows system events
categorized as "Critical" for the selected date/time range.

Important: For Windows Event Logs, events categorized as "Critical" include the
underlying severity levels of both Critical and Error.

Using this report, you can see at a glance if log data collection is enabled for the device, the
number of events collected, the rate of collection (Events Per Second), and the percentage of
total events collected.

Share, export, and save as PDF

Most generated Top 10 Devices with Critical Windows System Events report data can be
printed, shared, and exported when selecting Expand ( ) from the Dashboard Options ( )
menu. After the report has been expanded, select export ( ) to access the following options:
  Print/Export to PDF. Automatically generate a PDF file of the report.
 Export Data. Export Top 10 Devices with Critical Windows System Events data and
leverage outside of WhatsUp Gold.
 Schedule Export. Set a recurring date and time, format, and email destination for
report data export.

Top 10 Devices with Critical Syslog Issues

The Top 10 Devices with Critical Syslog Issues report provides you with a list of ten devices
configured as log sources that have collected the most Syslog events categorized as "Critical"
for the selected date/time range.

Important: For Syslog issues, events categorized as "Critical" include the underlying
severity levels of Emergency, Alert, Critical, and Error.

Using this report, you can see at a glance if log data collection is enabled for the device, the
number of events collected, the rate of collection (Events Per Second), and the percentage of
total events collected.

Share, export, and save as PDF

Most generated Top 10 Devices with Critical Syslog Issues report data can be printed, shared,
and exported when selecting Expand ( ) from the Dashboard Options ( ) menu. After the
report has been expanded, select export ( ) to access the following options:

 Print/Export to PDF. Automatically generate a PDF file of the report.

 Export Data. Export Top 10 Devices with Critical Syslog Issues data and leverage
outside of WhatsUp Gold.
 Schedule Export. Set a recurring date and time, format, and email destination for
report data export.

Log Viewer (Full Page Report)

The Log Viewer full page report presents a summary of all log entries retrieved by or sent to
WhatsUp Gold within the selected time period. The report contains two main viewing areas:

 The first displays a graph tracking the quantity of log entries by severity. The graph can
be configured to chart log entry quantity by minute, hour, or day by clicking the Settings
icon and selecting from the Chart Options menu. Please note, this menu also includes
a Group by Time setting of Automatic which causes the report to adjust from minute to
hour to day depending on the length of the date/time range selected without user
interaction. Additionally, you have the ability to further customize the chart by clicking
on any of the severity categories shown in the legend below the graph to hide them
from display. Click any hidden category to return the corresponding chart data to the
display.
 The second contains the list of individual log entries. Hover your mouse over any
column header, then click the icon that appears to display a drop-down menu you can
use to further refine results and customize the report by choosing which data points
appear in the report. Hover over Columns, then select the applicable column or
columns you'd like to see on the Log Viewer full page report. Use the same drop-down
menu to sort report data, if needed. To see the detailed, structured log message for
any individual line item, click the icon at the far-left of the applicable log entry to expand
the display.

Either viewing area may be hidden from view by clicking the Settings icon, then disabling the
applicable checkbox. Set the date/time range for the report using the dedicated control found
at the upper-left corner of the user interface. To refine the report content to better fit your log
management needs, use the search field at the top of the screen to locate any log entries
using the term(s) entered. You also have the option to launch the Advanced Filter Builder to
create and save more complex searches which use multiple criteria to identify target log
entries.