Search Our Site

Our Newsletter

Our Ramblings

How Useful Is Syslog

syslogThe foremost use of syslog is for systems management. Proactive syslog monitoring really pays off because it significantly reduces downtime of servers and other devices in your infrastructure. Then there is the cost savings from preventing loss of productivity that usually accompanies reactive troubleshooting.

Alerting is another good use of syslog. You have a variety of options and severity levels that you can choose in setting up syslog alerts, including emergency, critical, warning, error, and so on. Also, alerts have fine points like host details, time period, and log/message details. The following are different areas where syslog alerting is useful:

  • Network alerting: Syslog is extremely helpful in identifying critical network issues. For example, it can detect fabric channel errors on a switch fabric module. This is one of many such warnings or errors that other forms of monitoring metrics cannot detect.
  • Security alerting: Syslog messages provide detailed context of security events. Security admins can use syslog to recognize communication relationships, timing, and in some cases, an attacker’s motive and/or tools.
  • Server alerting: Syslog can alert on server startups, clean server shutdowns, abrupt server shutdowns, configuration reloads and failures, runtime configuration impact, resource impact, and so on. All these alerts can help detect if the servers are alive. Syslog also helps detect failed connections. Server alerts are always useful, especially when you oversee hundreds of servers.
  • Application alerting: You need application alerting for troubleshooting live issues. Applications create logs in different ways—some through syslog. When you run a Web application, dozens of logs are written in the log folder. To get real-time monitoring, you need a syslog monitoring solution that can observe changes in the log folder.

Monitoring high-availability (HA) servers is important and another good use of syslog. However, not all the logs from the HA server are important. You just need to monitor the logs that are troublesome. However, in case of a HA server failure, you still need all the logs from the server. The solution for this is to have a dedicated syslog server for your HA cluster.

Despite the importance of proactive monitoring, some logs can only be analyzed later. Sometimes an alert or an error sends only basic details that are located in the local memory buffer. For detailed analysis, you need to dig into the historical syslog reports using any syslog analysis tool, like LogZilla®, Kiwi Syslog®, syslog-ng, etc. Historical syslog data can often provide comprehensive details, like configuration changes, high momentary error rates, a sustained abnormal condition, etc., that cannot be shown using other forms of monitoring.

Proactive syslog monitoring and troubleshooting reduces trouble tickets because you detect and resolve issues before they become trouble tickets. A synchronous Web dashboard, alerting system, and log storage (with search options) are the basic features of any syslog monitoring tool. Moreover, integrating the syslog monitoring tool with other infrastructure management tools adds value to your syslog monitoring.

What Is A Management Information Base (MIB)

dbaseIn a managed device, specialized low-impact software modules, called agents, access information about the device and make it available to the network management system (NMS). Managed devices maintain values for a number of variables and report those, as required, to the NMS. For example, an agent might report such data as the number of bytes and packets in and out of the device, or the number of broadcast messages sent and received. In the Internet network management framework, each variable is referred to as a managed object, which is anything that an agent can access and report back to the NMS.
All managed objects are contained in the Management Information Base (MIB) database. The managed objects, or variables, can be set or read to provide information on network devices and interfaces. An NMS can control a managed device by sending a message to an agent of that managed device requiring the device to change the value of one or more of its variables.

What Is Simple Network Management Protocol (SNMP)

generic-fs-snmpSimple Network Management Protocol (SNMP), an application layer protocol, facilitates the exchange of management information among network devices, such as nodes and routers. It comprises part of the TCP/IP suite and uses UDP. System administrators can remotely manage network performance, find and solve network problems, and plan for network growth by using SNMP.

Instead of defining a large set of commands, SNMP places all operations in a get-request, get-next-request, get-bulk-request, and set-request format. For example, an SNMP manager can get a value from an SNMP agent or store a value in that SNMP agent. The SNMP manager can comprise part of a network management system (NMS), and the SNMP agent can reside on a networking device such as a router.

Three versions of SNMP exist: version 1 (SNMPv1), version 2 (SNMPv2), and version 3 (SNMPv3). SNMPv1 represents the initial implementation of SNMP that functions within the specifications of the Structure of Management Information (SMI) and operates over protocols, such as User Datagram Protocol (UDP) and IP.

The SNMPv1 SMI defines highly structured MIB tables that are used to group objects that contain multiple variables. Tables contain zero or more rows, which are indexed, so SNMP can retrieve or alter an entire row with a supported command.

With SNMPv1, the NMS issues a request, and managed devices return responses. Agents use the Trap operation to asynchronously inform the NMS of a significant event.

As with SNMPv1, SNMPv2c functions within the specifications of SMI. MIB modules contain definitions of interrelated managed objects. Be aware that the operations that are used in SNMPv1 are similar to those that are used in SNMPv2. The SNMPv2 trap operation, for example, serves the same function as that used in SNMPv1, but it uses a different message format and replaces the SNMPv1 trap.

The Inform operation in SNMPv2c enables one NMS to send trap information to another NMS and to receive a response from the NMS.

SNMPv3 provides the following security features:

•Authentication—Verifying that the request comes from a genuine source.

•Privacy—Encrypting data.

•Authorization—Verifying that the user allows the requested operation.

•Access control—Verifying that the user has access to the objects that are requested.

SNMPv3 prevents packets from being exposed on the network. Instead of using community strings like SNMP v1 and v2, SNMP v3 uses SNMP users.

Wireless Body Area Networks

wbanWireless networking has become increasingly pervasive throughout our lives with the emergence of new communications technologies and techniques which have had a dramatic effect on the efficacy of the technology. As systems and ideas catch up with the tools available to them, one very interesting area which has been touched by wireless networking is that of the human body and its very immediate surroundings. Such networks are known as WBANs (Wireless Body Area Networks).

As a reasonably intimate application area, WBANs have found their primary usefulness to be in the medical arena. The demographics of the population of the world show it to be ageing fast as the baby boom generation moves up through the years. Around the world, governments and other interested agencies have begun to plan for the inevitable peak in the requirements for the care of the aged population. One potential advantage in dealing with the thorny problem they face is to use technology to leverage the effect of the limited resources they can bring to bear. Clinical areas such as Cancer Detection, Cardiovascular Diseases, Asthma Mitigation and Sleep Disorders can be positively impacted not to mention the broader areas the implants and wearable medical devices can bring to bear. Reaching further out, WBANs can also make a significant difference to the remote control of medical devices via telemedicine systems.

In short, the assistance provided by using WBANs is extremely significant however the adoption of the technology into the specific field has had to overcome some broad and significant challenges. These challenges can be broadly described as Architecture, Power Consumption, Data Rate and Security.

Lets take a look at how WBAN technology can be applied to the UK in the specific field of heart disease. Clearly heart disease is a leading cause of death for a significant percentage of the population. Appropriate and timely monitoring can prove to be a real asset in dealing with this condition and it is in this way that the benefits of WBANs can really be brought to bear. Systems have been developed such that, by the use of non intrusive miniaturised sensors, ambulatory monitoring of the most important metrics can be continued in real time as the patients go about their routines. The ubiquity of high speed mobile data networks in the UK means that, for the most part, this monitoring can continue uninterrupted for as long as is necessary. By carefully monitoring these vital signs, trained medical professionals can interpret the presence of problems, monitor deterioration and if necessary perform interventions.

In order to gain traction and mainstream acceptance in the United Kingdom, certain key issues had to be addressed. A hierarchical model for the architecture of WBANs has been developed such that  the devices are controlled by a central appliance known as a personal server. The model is flexible enough that it can be adapted to more specifically suit its use in specialised places such as a hospital or conversely broader scope areas out in the field.

Devices have had to be developed specifically for use in such an intimate way such that they do not exceed power outputs that are considered harmful to localised regions within the human body. A key measure known as the Specific Absorption Rate must not exceed the limits set out by various legislatures in the regions within which they operate. Institutional approval must be sought for each device that will operate in this specialised area. Furthermore, these specialised appliances, be they sensors or other devices must operate to very stringent limitations on their power consumption.

In order for the system to work within the context of a 21st century professional medical care system the governance framework around which the application is set out must be considerable. Lives can be lost if the system fails so it becomes imperative that systems failure modes and their consequences be carefully managed. Where there is potential for loss of life or serious non fatal consequences, steps must be in place to ensure that systems failure cannot take place.

pavAnother extremely important aspect which must be carefully managed is that of the security of medical WBAN systems. It almost goes without saying that, with systems that intrude into the most intimate areas of the human body that are charged with managing and effecting healthcare decisions, security is one of the most paramount concerns. Conventional network security, whilst strong, is by no means impenetrable. Appropriate systems of management, policy and operation need to run covalently with the key building blocks of security such as authentication, integrity and confidentiality. Complex encryption systems place demands upon processing as well as data rate overhead which serve to pull the design of the equipment away from the miniature. Broadly speaking therefore, a robust system must mesh together and operate flawlessly for the system to meet its mandatory requirements. Such standards require a strong governing entity to overarch the system and maintain its operation. The UK is well placed to provide this governing body and manage standards such as is necessary.

Looking contrastingly at Uzbekistan, where heart disease is a more significant issue, it becomes necessary to consider whether the resources available can ensure the necessary standards are met. It becomes perhaps necessary to rethink whether any of the standards which are necessarily adopted in an idealised situation such as is available in the UK can be relaxed. Standards of governance and their implementation and control require significant budget. Given the contrasting fiscal limitations in play in Uzbekistan one wonders perhaps if such actions and activities are appropriate.

In addition, looking at the figures for the penetration of networked data communication within the country, one also wonders if the infrastructure is in place to support such ambitions. One of the key unique selling points of the technology and its application is the ability for it to continue to operate with near ubiquity. In a country where the telecommunications infrastructure renders this nigh on impossible, it would seem to render the argument in favour of using the technology moot. Looking at both arguments it is therefore probably not a suitable technology for use in countries such as Uzbekistan with insufficient network infrastructure and very limited health budgets, tempting though the technology is.

WBANs present health professionals with unique opportunities to enhance medical care to levels previously unheard of and probably unachievable. With proper and effective management systems in place they represent a fantastic fillip to the broader toolset of medical practitioners. They will undoubtedly play an increasing part in health systems for many years to come.