Using Nebula’s Event Log and Change Log for Monitoring Network and Quick Troubleshooting

Nebula_YvonneNebula_Yvonne Posts: 20  mod
edited September 23, 2020 2:53PM in Nebula Tips & Tricks

The event log can be used to check a number of events occurring across a network. Nebula Control Center (NCC) has two kinds of built-in logs: Device’s event log and Organization-wide change log. Besides the built-in logs, users can also configure the log path in NCC, sending the event messages directly from Nebula devices to a Syslog server. With these, users can easily navigate the event log and change log, built inside of NCC, and filter out extraneous information for monitoring purposes and troubleshooting.

In this article, we will Introduce how to navigate the logs GUI and how to set up a syslog server on NCC.

Firstly, there are two kinds of logs that can be checked on NCC directly:

Nebula Device’s Event log

The user may check the logs to track the events occurring in your network for troubleshooting.

Location: (Depends on the product type)
  • Security gateway > Monitor > Event log
  • Switch > Monitor > Event log
  • Access point > Monitor > Event log

                                                   Figure 1: Event log of Security gateway

The event log page has two parts: A. Filter/Search section and B. Result section.


 Figure 2: Event log has two parts

 A.   Filter/Search section:

Search the log with the customized parameters including Device (Switch, AP only), Keyword, Priority (Switch only), Category, Tag (Switch only), and Time.


B.  Result section:

Display the result to match the filtered parameters the user selected.

Note: The user can export the log to CSV or XML file. (Pro Pack feature)


Organization-wide change log

The user can check and monitor who/when/which site did what configuration change.

Location: Organization-wide > Monitor > Change log

                      Figure 3: The user can see when/who/which site has changed the SSID name.

The change log also supports filter/search functions with the specific parameters and the export of the result table to CSV or XML file.

Although we recommend the user to check logs on NCC, we still support a syslog server on our Nebula devices to fulfill other scenarios.

Site-side Syslog server

Location: Site-wide > Configure > General settings > Reporting > Syslog server

  Figure 4: The user can configure Syslog server IP at Site-wide > Configure > General settings page

After saving the configuration and the configuration status is up to date, you should be able to see the syslog on your syslog server.


The syslog server feature is using UDP 514, so please make sure you have already configured it on your syslog server.


The screenshot below is the example of the Nebula Switch message displayed on a syslog server. (Some syslog server vendors may have a different event log look.)

           Figure 5: The user can see the events that has occurred to the Switch in the syslog server.





















Nebula_Erin
Sign In to comment.