LOGalyze Concepts and Definitions

Skip to end of metadata
Go to start of metadata

LOGalyze Architecture

Concept Definition
Related Topics
Engine
LOGalyze Engine is a standalone log analyzer engine. It runs as a service, collects or receives log data, analyze them and provide automated reports, synthetic events, alerts.
LOGalyze Engine is a framework, all of the business logic is placed in Definition files.
See Architecture Overview
See Definition files details below.
Admin
LOGalyze Admin is a RIA web interface for managing the Engine, search log data and display reports, alerts.Admin uses the SOAP API to communicate to Engine.
See Architecture Overview
SOAP API, Client
The Engine offers a SOAP Web Services interface, so any SOAP client can connect to it. One of them is LOGalyze CLI, a perl client, available for free at http://sourceforge.net/p/logalyze-cli/ See Architecture Overview

Definition Files

Definition Files are XML formatted files under the /conf directory. XML schema files are also available.

Definition Object
Description
Log Definition
Contains information for identifying, parsing, indexing and storing incoming data. Describes the outgoing fields and the logic of parsing.
Query Definition
A Query Definition is a saved search.
Statistics Definition
A Stat Definition is for aggregating collected data. It helps to create charts and summarized data tables.
Report Definition
A Report Definition contains several sections of Queries and Stats in addition to static text. Reports can have different output format, such as PDF or CSV list.
Event Definition
An Event is a simple or correlated real-time event based on one or more incoming log row.
Repository
Central collection of standard definitions. LOGalyze can download and install definition files from the central repository.

General Concepts

Concept
Description
Related Topics
EventType
LOGalyze handles different types of data. Each type of data has a type attribute. EventType can be: Log, Event, Alert, Audit.
See Log, Artificial Event, Alert, Audit
EventType:Log
Logs are incoming data from external sources. Usually they are real log data, but can be any data as well.
 
EventType:Event
Events are artificial data generated by LOGalyze internally. LOGalyze's Event module can generate events what go through the same process as external logs. Events can be input data for Event Definitions, or you can search for them or aggregate them with a Statistics Definition.
 
EventType:Alert Alerts are artificial data generated by LOGalyze internally. LOGalyze's Event module can generate alerts what go through the same process as external logs. You can search for them or aggregate them with a Statistics Definition, put them into a report, etc.  
EventType:Audit
LOGalyze's internal Audit module generates events what go through the same process as external logs. Audit logs can be input data for Event Definitions, or you can search for them or aggregate them with a Statistics Definition.  
Collectors
LOGalyze uses Collectors to collect or receive data from external sources. Collectors cover the Transport Protocol and Data Format handling. There are active and passive Collectors. Active collectors collect data with pull method. For example: file collector. Passive collectors are listening for incoming data. For example: socket based collectors, such as syslog.
A Collector instance consists of two parts: a DTP and a DF.
See DTP, DF
DTP
Data Transport Protocol: Part of a collector instance, implements the transport protocol to handle the data. For example: network socket, file access.
 
DF
Data Format: Part of a collector instance, implements the data format of incoming data. For example: syslog, CSV file parsing.
 
Index
LOGalyze uses an inverted index to store parsed log data and index. It provides very efficient search function. There is a default index, and a user can create custom indexes. The index contains documents, documents consist of fields.
 
Tag
Special multi-value index field. With tags you can add any value to an incoming log. Tags can be defined in Collectors or in Log Definition.
 
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.