LogGuard Starting Point

This is the starting point for understanding the LogGuard Platform. LogGuard is a system for Events and Notification Management meaning that it searches Log Files for given patterns and upon a case discovery, it dispatches the appropriate event. In order to do so, it utilizes several components like, File Parsers, Log Agents, System Tasks, FTP Clients, Generic HTTP Clients and many other features that come “Out of the Box” with the platform. Without restricting the developer's or system engineer's needs for a custom tool, LogGuard offers a powerfull JAVA API that can be used in order to derive any type of Events to Notification Flow. Explore the LogGuard platform starting from this point.

Link	Description
White Paper	Synopsis of the LogGuard Platform.
Back End	One minute description of the LogGuard. Database Architecture. For a complete reference to the database, click here
JAVA API Documentation	The latest Java Core and Subsidiary Components of LogGuard as they are documented from the development team. Use this page if you want to write custom Component Pluggins for the LogGuard Scheduler.
XSD and WSDL	Schema Definitions for LogGuard Scheduler and other components configuration. Use the XSDs in order to generate valid XML configuration files for the LogGuard components. For a complete XML configuration examples, please click here Web Service Definition Language files (WSDLs) will help you to define your own WS clients to be used for SOA communication with LogGuard.
UIT	LogGuard is a Registered Trademark of UIT.

Back End

The following figure describes:

How Actions are classified to different Action Types
How Actions are bound with Alarms

Basic Entities

PARSED_RESULT : Results that are produced from File Parsers. Each parsed result is defined by the following attributes:
- TASK_NAME which is the process name of the Parser that uploaded the result. Actually this maps to the system whose log files are under examination.
- SECTION_NAME defines the section inside the log file where this line was parsed
- TOKEN_NAME defines the entry name that was matched and parsed. It is actually a bookmark in the log file that interests us and we need to parse.
- CREATED is the database time stamp where this entry was entered.
ALARMS: Defined in the database and activated by Log Agents. Alarm is an event that is triggered when a value inside a system's log file is matched with the alarm's critical value. Each alarm can be bound to a number of Actions. Alarms are defined by users. Log Agents insert rows inside tables TRIGGERED_ALARMS, TRIGGERED_ACTIONS.
ACTIONS: Defined in the database and activated by Log Agents. Action is what has to be done upon an ALARM. In this way we can distinguish types of actions, for example an e-mail that has to be sent, an HTTP post method or a WEB Service activation. Alarms are bound with Actions in a one – to – many relationship, meaning that for a specific Alarm, we can perform a number of actions like sent an e-mail or call a Stored Procedure.

Interface Tables with Front End

For file parsers: PARSED_RESULT, UNPARSED_RESULT
For Log Agents: TRIGGERED_ALARM, TRIGGERED_ACTION

XSD - WSDL

XML Schema allows you to define execution models for LogGuard Schedulers. Get the following schema:

LogGuard Scheduler : Use this XSD document in order to derive correct XML configurations describing your LogGuard execution plan.
LogGuard Parser: Use this XSD document in order to derive correct XML configurations describing your parsing plan.
LogGuard Log Agent: Use this XSD document in order to derive correct XML configurations describing your parsing and alarms definition for your LogFile Agents.