Messages Tile (version 24)

Knowledge Base / Version 24 / System Admin Duties / Canary Admin

updated 5 days ago

Warn - the number of warnings in the last 24 hours
Error - the number of errors in the last 24 hours
Fatal - the number of fatal errors in the last 24 hours

Each of these categories acts as a hyperlink that will filter the Message log when clicked.

The Messages tile contains the message log that all Canary services write to. From here a user can filter and/or export the log as well as configure the system to send email notifications that other Canary services use.

Audit Screen

The Audit screen provides a view of the messages, updated every 5 seconds with the latest messages at the top. Each message row will have a column for Timestamp, Log Level, Source, Category, and Message which can be reordered by clicking on the column header.

By default, the first 1000 messages are displayed. Messages are retained for 1 year unless the message count reaches 1.5 million. In that case, the message log is trimmed back to 1.25 million messages. The Admin service checks the size of the message log once a day and upon startup.

Filter

The FILTER button in the top right allows the user to filter the message log based upon the column headers. Using the Message field, keywords are separated by spaces and are NOT case-sensitive. Furthermore, keywords can be excluded from the filter using a prepended '!'.

Export

Similarly, the EXPORT button allows the user to export or email (See Configuring the Canary System to Send Email Alerts) the message log based upon the filters selected. Exported message logs are located wherever the Canary Base Path is stored which, by default, is C:\ProgramData\Canary\Log.

Configuration Screen

The Configuration screen allows the user to configure the Canary system to send email notifications, increase the verbosity level of the messages that are logged, view other message log databases, and enable the EAL (Enhanced Audit Log).

Email

Suspend Email Notifications - checking this will disable all email notification

Send Test Email - sends a test email message using the configured settings. A confirmation message is displayed indicating the status of the test.

SMTP Server - the name of the mail server that can send out mail through the SMTP protocol. If you do not know the name of your SMTP mail server, contact your Network Administrator for this information.

Port - port 25 is the default for no authentication and port 587 when using authentication, but these are dependent upon the SMTP server and subject to change.

From - requires a valid email address format

When not using authentication this address could contain the name of the machine to indicate where the message originated from (Ex: Mymachine@canarylabs.com).
When Use Authentication is checked this email must match the authenticated username. To track the source of the email the address it may be formatted as "Mymachine <ValidEmail@mailserver.com>".

To - a valid email address. Multiple emails can be entered by separating with commas

CC - carbon copy email address

BCC - blind carbon copy email address

Use Authentication - email credentials for SMTP servers requiring authentication

Use SSL - most SMTP servers using authentication will support SSL for encryption

Username/Password - credentials used for authentication

Verbosity

The Verbosity screen allows the user to change the message level for each Canary service as well as enable the EAL (Enhanced Audit Log).

MESSAGE LEVEL

The message level should be set to Standard unless trying to troubleshoot a particular service. In that case, Debug or Trace can be enabled for a particular source(s). Debug and Trace messages will consume extra resources to write to the message log so it is not advised to leave them on.

SOURCES

The Sources available will vary depending on the products installed. All sources will log messages at the Standard Level. The sources checked will also log messages for Debug or Trace, whichever is selected.

AUDIT LOGGING

In addition to the default message log, the EAL can be enabled to log audit information for whenever configuration changes are made within the Canary system. These messages are written to both the default message log and a separate audit log. Whereas the default message log stores messages up to a year, the audit log stores audit messages indefinitely.

Database

The Database screen allows the user to change the database provider where its messages are stored and select a database to view in the Audit screen.

DATABASE SETTINGS

Provider - the method for storing the Events database
1. SQLite - by default, messages will be stored in C:\ProgramData\Canary\Log\log.sqlite
2. MSSQL - events will be stored in a Microsoft SQL database determined by the remaining parameters.
  - Server - the machine name of the SQL server that will store the messages
  - Database Name - the name of the database in which the messages table will be created
  - Is Domain User - determines if the configured user is a domain user
  - User/Password - the credentials used to authenticate and write to the SQL database

DATABASES

A list of available databases to view in the Audit screen. The Default database pertains to the message log local to the Admin service the client is connected to. The Enhanced Audit Log database will only contain messages of audit information if it has been enabled from the Verbosity screen. To view an exported message log from another Canary server, it must be placed in the %ProgramData%\Canary\Log directory.