Configure the following to enable WhatsUp Gold to successfully ingest data from log sources:

Elasticsearch Connection

  • Elasticsearch Address. Enter the hostname or IP address WhatsUp Gold should use to communicate with Elasticsearch. Please note, we do not recommend using localhost as your Elasticsearch server as it could affect performance. Your WhatsUp Gold instance and your Elasticsearch instance should run on separate machines.
  • Port. Enter the port number WhatsUp Gold should use to communicate with Elasticsearch. The default port number is 9200.
  • Credential. Enter the username and password required to access the specified Elasticsearch instance if required.
  • Use SSL. Enable this option to secure communication between WhatsUp Gold and Elasticsearch using Secure Socket Layer encryption (https).
Tip: If you would like to upload your own SSL certificate, please disable the Ignore Certification Error option, then click Upload. Browse to and select the desired Certificate Authority file in PEM container format (.crt).

Log Collection Settings

  • Online Data Retention. Specify the number of days log data should be retained before WhatsUp Gold begins deletion of older logs.
  • Total Disk Space Usage Limit. Use the slider control to indicate the maximum percentage of the total storage to be consumed before WhatsUp Gold begins deletion of older logs.
Important: When the total disk space usage on disks where Elasticsearch stores its data reaches the usage limit, a web alarm is automatically triggered. This alarm advises users to take appropriate actions to address the impending problem before indexes are deleted. The notification can be dismissed or temporarily snoozed just like any other web alarm, however it does not need to be created or configured in the Actions Library. Instead, users can select a corrective action directly from the notification dialog, when applicable.
Tip: Maximum Disk Space Usage Limit refers to the point at which Elasticsearch will stop accepting more data.
Tip: Current Elasticsearch Node Disk Space Usage Information refers to the Elasticsearch instance WhatsUp Gold Log Management is using.
  • Enable Archive Logs. Select this option to enable archiving of Log Management data.
  • Archive Location. Enter the UNC path/network folder location where Log Management data should be stored. Please note, this should not be the same drive as the Elasticsearch database used for online Log Management data.
  • Windows Credential. Select the Windows credential required to access and write to the Archive Location.
  • Archive Data Retention. Use the controls provided to specify how long archived Log Management data should be kept.
  • Archive Compression. Indicate if you would like to compress archived log management data and if so, in what format. Please note, if Log Management archive data is not compressed, the resulting file will be much larger.
    Note: Log Management archive files are generated once per day for each index type resulting in a maximum of two new archive files per day.
Important: Log Management data is moved to the specified Archive Location after the retention period configured in the Elasticsearch database has ended. If archiving is not enabled, Log Management data is deleted from Elasticsearch once the retention period has ended.

Syslog Server Settings

  • Enable Syslog server. Select this option to enable the Syslog server in WhatsUp Gold Log Management to allow devices to connect and send Syslog data to Log Management. Please note, this option must be enabled if you want to collect Syslog data from log sources.
    Important: If you plan to enable this option, you must first disable the Listen for messages option under the Syslog Settings section of the Passive Monitor Listener dialog which can be accessed by selecting SETTINGS > System Settings > Passive Monitor Listeners.
  • Syslog Server IPv4 Address. Enter the IPv4 address on which WhatsUp Gold should listen for Syslog messages.
  • Syslog Server IPv4 Port. Enter the port number on which WhatsUp Gold should listen for Syslog messages.
  • Syslog Server IPv6 Address. Enter the IPv6 address of your Syslog server if you are collecting IPv6 Syslog data.
  • Syslog Server IPv6 Port. Enter the port number on which WhatsUp Gold should listen for Syslog messages if you are collecting IPv6 Syslog data.

Please note, clicking Save automatically tests the Elasticsearch connection. If a successful connection cannot be established, the Log Management settings you've configured will not be saved.