Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hector Aguilar Director, Connector Development May 2006

Published byOwen Beasley Modified over 6 years ago

Similar presentations

Presentation on theme: "Hector Aguilar Director, Connector Development May 2006"— Presentation transcript:

1 Hector Aguilar Director, Connector Development May 2006
What is the “Logfu”? Hector Aguilar Director, Connector Development May 2006 © 2006 ArcSight Confidential

2 What is the “Logfu”? My Kung-Fu is better than your Kung-Fu!
My Code-Fu is better than your Code-Fu! . I can analyze logs better than you can. My Logfu is better than your Logfu! © 2006 ArcSight Confidential

3 What is the Agent “Logfu”?
Logfu is an application that reads and parses ArcSight logs to generate a visual representation of the information contained in them Logfu can be used for Manager and Connectors. This presentation will focus on the Connector Logfu The Connector Logfu generates an interactive visual representation of the information contained in the logs This presentation will show how to navigate using Logfu to analyze connector event flow issues © 2006 ArcSight Confidential

4 © 2006 ArcSight Confidential
FAQ About Logfu Who would use Logfu? Logfu can be used by people managing connectors on a daily basis, to analyze connector behavior Why would people use Logfu? When event flow problems happen related to the connector or to the device, it is very useful to have a visual representation of what happened overtime What do you need to run Logfu? You need any agent build Logfu is included with all connector builds and you can analyze logs from older (or newer) connectors © 2006 ArcSight Confidential

5 © 2006 ArcSight Confidential
Starting Logfu Logfu will read the log files contained in the directory where it was run, so to execute it change to the /logs folder and run: C:\Program Files\ArcSightSmartAgents\current\logs>..\bin\arcsight agent logfu -a Logfu will start reading all the agent.log.* files and produce “data” files (data.agent.log.*) with optimized data and indexes that will be used to feed the interactive display © 2006 ArcSight Confidential

6 © 2006 ArcSight Confidential
More about Logfu The “data” files can be used as a “cache” so that the analysis of the log files is done only once for multiple interactive sessions © 2006 ArcSight Confidential

7 © 2006 ArcSight Confidential
More on Agent Logfu… When Logfu is run a second time, it will first check the blah, blah, blah, blah… Ok! Enough with the slides already! We want to see a demo!!!! © 2006 ArcSight Confidential

8 © 2006 ArcSight Confidential
Ok, just one more slide… Things that Logfu can help you analyze Event-flow (Eps/Cache/Manager Throughput) Device database performance Memory consumption Name resolution Device activity (Event count) Errors/Exceptions Any counter logged Ok, so what are we going to see now? © 2006 ArcSight Confidential

9 © 2006 ArcSight Confidential
Demo © 2006 ArcSight Confidential

10 © 2006 ArcSight Confidential
Summary Logfu is a tool to visualize connector logs Can be used for troubleshooting event flow problems or simply analyze connector behavior A couple of suggestions Use Logfu to analyze the logs of your current agents Enter the Logfu contest! © 2006 ArcSight Confidential

11 © 2006 ArcSight Confidential
Questions and Answers Download Slides More ArcSight Events Join the User Forum © 2006 ArcSight Confidential

12 Maybe some Q&A? © 2006 ArcSight Confidential

Download ppt "Hector Aguilar Director, Connector Development May 2006"

Similar presentations

Corporate Property Automated Information System (CPAIS) Macro Walkthrough Guide for Excel Version 2003.

Corporate Property Automated Information System (CPAIS) Macro Walkthrough Guide for Excel Version 2003.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
High Speed Data Converter University

High Speed Data Converter University
Improving Efficiency of I/O Bound Systems More Memory, Better Caching Newer and Faster Disk Drives Set Object Access (SETOBJACC) Reorganize (RGZPFM) w/

Improving Efficiency of I/O Bound Systems More Memory, Better Caching Newer and Faster Disk Drives Set Object Access (SETOBJACC) Reorganize (RGZPFM) w/
PDA Program Install Manual 2010. 3. 19 IT Team. 1. Execute Internet Explorer 2. Connect Website 3. Download 4. Installation 5. Run 6. Setting 1. Execute.

PDA Program Install Manual IT Team. 1. Execute Internet Explorer 2. Connect Website 3. Download 4. Installation 5. Run 6. Setting 1. Execute.
Maximizing Windows 7 Performance: Troubleshooting Tips Johan Arwidmark Chief Technical Architect Knowledge Factory WCL327.

Maximizing Windows 7 Performance: Troubleshooting Tips Johan Arwidmark Chief Technical Architect Knowledge Factory WCL327.
Process Control Management Prepared by: Dhason Operating Systems.

Process Control Management Prepared by: Dhason Operating Systems.
Troubleshooting Exchange Transport Service Miha Pihler MVP – Enterprise Security Microsoft Certified Master | Exchange 2010.

Troubleshooting Exchange Transport Service Miha Pihler MVP – Enterprise Security Microsoft Certified Master | Exchange 2010.
Lindsey Velez, Director of Instructional Technology Single Sign-On One Click.

Lindsey Velez, Director of Instructional Technology Single Sign-On One Click.
Environment Manager Troubleshooting and Debugging.

Environment Manager Troubleshooting and Debugging.
111 State Management Beginning ASP.NET 4.5.1 in C# and VB Chapter 4 Pages 124 - 131.

111 State Management Beginning ASP.NET in C# and VB Chapter 4 Pages
Windows Server 2003 { First Steps and Administration} Benedikt Riedel MCSE + Messaging www.go-unified.comwww.go-unified.com www.siemens.com/openwww.siemens.com/open.

Windows Server 2003 { First Steps and Administration} Benedikt Riedel MCSE + Messaging
1 Adding a Model. We have created an MVC web app project Added a controller class. Added a view class. Next we will add some classes for managing movies.

1 Adding a Model. We have created an MVC web app project Added a controller class. Added a view class. Next we will add some classes for managing movies.
Developing annotation based monitoring framework Fedor Romanov, TomTom.

Developing annotation based monitoring framework Fedor Romanov, TomTom.
DFR Downloader Theo Laughner, PE Presented at GPA User Forum August 5, 2015.

DFR Downloader Theo Laughner, PE Presented at GPA User Forum August 5, 2015.
SQL Database Management

SQL Database Management
SoftLogica Inc A load testing solution for web applications

SoftLogica Inc A load testing solution for web applications
Information Retrieval in Practice

Information Retrieval in Practice
Getting & Running EdgeX Docker Containers

Getting & Running EdgeX Docker Containers
Integrating ArcSight with Enterprise Ticketing Systems

Integrating ArcSight with Enterprise Ticketing Systems

Similar presentations

Ads by Google