Monitoring tables
The Devo Relay generates monitoring events and they are stored in the following tables inside Devo:
syslog.relay.conf: replicates the conf logs of the old relay (<= 1.4.2).
syslog.relay.monitor: shows the health-checker and test logs.
syslog.relay.out: shows the relay logs.
syslog.scoja.main: shows the logs of the core components.
syslog.scoja.source: shows the logs of the core source/input operations.
syslog.scoja.stats: shows sending statistics.
syslog.scoja.target: shows the logs of the core target/output operations.
syslog.scoja.thread: shows the logs for core threads.
These tables can be used to monitor the status of the relay and alert in case of incident.
syslog.relay.conf
Shows the configuration logs of the old relay (<= 1.4.2)
Name | Type | Description |
---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
machine | String |
|
serverdate | String | Event timestamp at the instance of the relay |
message | String | Message describing the current status of the relay and the result (SUCCESS or FAILURE) of the configuration event |
syslog.relay.monitor
Shows the health-checks events and the relay CLI tests events
Name | Type | Description |
---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
machine | String |
|
operation | String | Monitoring operation name |
id | String | The operation id shared by all messages belonging to same operation |
relayId | String | The relay Id as it is set up at Web |
message | String | The contents of the message of the operation |
syslog.relay.out
Shows the global/general relay logs.
Name | Type | Description |
---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
machine | String |
|
level | String | Log level: TRACE, DEBUG, INFO, WARN, ERROR |
operation | String | Type of operation the event belongs to |
id | String | The operation id, so several messages can be grouped in the same operation |
relayId | String | The relay Id as it is set up at Web |
logger | String | Logger name of the relay component the event belongs to |
message | String | The contents of the message |
syslog.scoja.main
Shows the core component logs.
Name | Type | Description |
---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
collector | String | The relay Id as it is set up at Web |
hostchain | String |
|
level | String | Log level: trace, debug, info, warn, error, fatal |
tag | String | Tag of the event |
message | String | The contents of the message |
syslog.scoja.source
Shows the core source/inputs operations.
Name | Type | Description |
---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
collector | String | The relay Id as it is set up at Web |
hostchain | String |
|
level | String | Log level: trace, debug, info, warn, error, fatal |
tag | String | Tag of the event: UDP or TCP |
message | String | Message content describing the input/source operation. |
syslog.scoja.stats
Shows the core sending statistics.
Name | Type | Description |
---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
collector | String | The relay Id as it is set up at Web |
kind | String | Specifies if stats are from data received by sources or sent to a target. |
subkind | String | Protocol used for transmission
|
parameters | String | Connection parameters with specifics details
|
partialCpu | int | CPU time in nanoseconds spent in OS functions. Only valid for |
partialCpuUser | int | CPU time in nanoseconds spent in the application (user mode). Only valid for |
partialPackets | int | Number of packets sent through UDP. Only valid for |
partialBytes | int | Number of bytes processed from source by UDP. Only valid for |
partialEvents | int | TCP and UDP number of events processed of kind and subkind. |
partialEventBytes | int | TCP and UDP number of events bytes processed of kind and subkind. Valid for all but |
partialMinorErrors | int | Number of minor errors, incremented value since last stats event |
partialMayorErrors | int | Number of major errors, incremented value since last stats event |
partialDroppedLogs | int | Number of logs dropped, incremented value since last stats event. These are not the events filtered by rules, but the events dropped by relay as it could buffer and process |
partialBufferBytes | int | Buffered bytes, incremented value since last stats event |
totalBufferBytes | int | Buffered bytes, total value |
partialBufferLogs | int | Buffered log events, incremented value since last stats event |
totalBufferLogs | int | Buffered log events, total value |
partialBufferLogsMain | int | Buffered log events on RAM memory, incremented value since last stats event |
totalBufferLogsMain | int | Buffered log events on RAM memory, total value |
partialBufferLogsSecondary | int | Buffered log events and persisted on disk, incremented value since last stats event |
totalBufferLogsSecondary | int | Buffered log events buffered and persisted on disk, total value |
syslog.scoja.target
Shows the core target/output operations. It would include errors related to connection to the collector.
Name | Type | Description |
---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
collector | String | The relay Id as it is set up at Web |
hostchain | String |
|
level | String | Log level: trace, debug, info, warn, error, fatal |
tag | String | Tag of the event |
message | String | Message content describing actions related to target |
syslog.scoja.thread
Shows the core operations belonging to threading.
Name | Type | Description |
---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
collector | String | The relay Id as it is set up at Web |
hostchain | String |
|
level | String | Log level: trace, debug, info, warn, error, fatal |
tag | String | Tag of the event |
message | String | The contents of the message describing the threading operation |