Event search

Event Console

The Event Console is similar to an event log and displays the most recent 50 events (most recent first), based on the context defined by the Current Filters. The Current Filters are selected via the Advanced Search (Pressing Advanced Search opens/closes the display). After the filters are selected, press Search to view the corresponding events. The default context is a single filter that indicates a time range that represents the last week. Selecting the “x” on a filter removes the filter and automatically initiates a new search, establishing a new context. Click Show Audits to include 30 days of audit information with the events. Audits can be filtered via Advanced Search.

Click Show More to display more events in increments of 50. Use the Remove/Add scroll bar to hide/add back the inner scroll bar in the display.

Select Export to create a .csv (comma-separated values) file for use with spreadsheet applications. The export file, limited to the most recent 50000 events, contains all events, regardless of the severity filter setting. Events can also be forwarded to an email account based on severity, frequency, and timing. Use the Preference menu to configure this function to the wanted operation.

Note: A New Event Count (#) prefix is added to the HTML title tag in the browser when new events exist in the Event Console. After the New Events link is selected, the count disappears until a new event occurs.

In Advanced Search, the Message text box accepts standard text and operates in Quick Mode by default. This mode will return results faster compared to the older legacy mode. When using this mode, an "AND" search is done on the individual search terms provided. For example, if you search for "device hostname", the results will contain both the word "device" and the word "hostname".

Searching with Quick Mode will return queries significantly faster than legacy mode, so it is recommended to use for most searches.

When Quick Mode is disabled, the search will switch to the legacy mode that allows for standard text or regular expressions (a special pattern that specifies a set of strings - see http://en.wikipedia.org/wiki/Regular_expression for an overview). When you use standard text (Regular expression box cleared), an “AND” search is done of the individual terms that are provided in the text box. In particular, all terms in any order are returned when the regular expression box is not checked.

Alternatively, a search based on regular expressions can be initiated. It is accomplished by entering a regular expression in the Message text box, selecting the Regular expression box, and clicking Search. Several examples of regular expressions are provided.

Table 1. Regular expression examples
“OR” functions. usage | space (matches events with usage or space). Note - The vertical bar separates alternatives.
Matching preceding character zero or one time. file? (matches events that contain fil or file, such as file system). Note - In addition to "?", the "*" and "+" characters can be used to match a set of strings.
Bracket construct. slices[te] (matches events with terms such as slicestor, sliceserver). Note - The items in the bracket are interpreted as “t” or “e”.
One term followed by another. reporting status (matches events with “reporting status”). Note - This pattern represents a request to match based on a specific ordering, one term after another. It is a constrained “AND” search.
Combining parentheses with a preceding element zero or one time. r(eb)?oot (matches events with root and reboot).  

Numerous other constructs can be used as part of regular expressions, which are not described. An error occurs if an invalid regular expression is provided.

Event Console Details

The display includes event: Status [Severity], Summary [Description], and Time [Occurrence], including amount of time relative to the current time. When selected, a detailed view of an event is shown within this box. An event might occur multiple times. The count appears in a rectangular box (Count) next to the event. Older events that were migrated from an earlier Manager version are denoted with an asterisk (*).

Times are shown in GMT (Greenwich Mean Time) by default. Use the Preference menu to change the display to local time.

Severity Key - Red = Critical, Orange = Error, Yellow = Warning, Blue = Information, Green = Cleared  

Selecting a cleared event displays all related events. Selecting of any of the related events in the Event Console displays the same collection of events as the clear event. In addition, the duration from the time of the event occurrence until the time that it is cleared is displayed.

Clicking any event in the Event Console displays additional information on the event.

Example - Click a diagnostic disk event to show the suspend reason: List Disk Suspend Codes.

Note: Virtual device disk events reference the device name, instead of bay string and drive serial number.
Note: Only a Security Officer account (or a Super User account) can access the Audit Search utility.
Attention: Any time a device is added or a vault, site, cabinet, or an administration configuration is changed, the Manager device must be backed up by navigating to Settings > Operations > Backup Manually . Permanent data loss can occur if the Manager database becomes corrupted. Periodic backups must also be performed to preserve historical statistics and log information. For details, click the Settings tab, and navigate to Operations > Backup Configuration.