Using HealthBot LFA

The HealthBot application has two Web UI views: HealthBot RCA and HealthBot LFA. When you launch HealthBot, the HealthBot RCA dashboard opens by default.

To launch HealthBot LFA from HealthBot RCA:

Procedure

1. Click the LFA option in the HealthBot RCA left-nav bar (see Figure 1).

   When you launch HealthBot LFA, the Visualizations page opens by default.

   Figure 1: HealthBot RCA left-nav bar

   
2. To open a HealthBot LFA page, click the menu option in the left-nav bar (see Figure 2).

   Figure 2: HealthBot LFA left-nav bar

   
3. (Optional) To go back to HealthBot RCA, click the Main Menu option in the HealthBot LFA left-nav bar.

To automatically export log files from a HealthBot device:

Procedure

1. Click the Devices option in the HealthBot LFA left-nav bar.
2. In the Action column of the device, choose Open.
3. For the Device Profile option, choose a device profile from the drop-down list. Ensure that at least one rulegroup has been activated for the device profile that is associated with the device. For information on how to activate rulegroups for a device profile, see the Activating a HealthBot LFA Rulegroup and Including the Rulegroup Within a Device Profile section.
4. For the Retention option, choose from the drop-down list the length of time the LFA log records for this device will be retained in the LFA database before they’re deleted. For more information about the Retention option, see the “Configure the LFA Data Retention Policy” section under Managing HealthBot LFA Log Record Storage.
5. For the Protocol option, choose FTP from the drop-down list.
6. Configure the Junos OS system log levels. For information on Junos OS system logging levels, see Junos OS System Logging Facilities and Message Severity Levels.

   1. Click the Add Level button.

   2. Use the Facility drop-down list to set the logging facility level.

   3. Use the Severity drop-down list to set the message severity level.

   4. Click Save.

   5. Click Go Back to go back to the Devices page.

7. In the Action column of the device, choose Enable.

To export log files on-demand from a HealthBot device:

Procedure

1. Click the Devices option in the HealthBot LFA left-nav bar.
2. Ensure at least one rulegroup has been activated for the device profile that is associated with the device. The name of the device profile is listed in the Profile column for each device. For information on how to activate rulegroups for a device profile, see the Activating a HealthBot LFA Rulegroup and Including the Rulegroup Within a Device Profile section.
3. In the Action column of the device, choose Fetch.
4. Select one or more log files from the list.
5. Click the Fetch button.
6. Click Go Back to go back to the Devices page.

To FTP log files from a device to the HealthBot server:

Procedure

1. Start an FTP session on the machine from where the log files are being copied.
2. Connect to the host on the HealthBot server using the username lfa and password lfa.
3. Change directories to the device name or stay in the root directory.
4. Copy the log files to the HealthBot server.
5. Exit the FTP session.

To manually upload log files from the HealthBot server to LFA:

Procedure

1. Click the Log Sources option in the HealthBot LFA left-nav bar.
2. Under Manual Upload, click Choose Files.
3. Navigate to and select the log files. Click Open.
4. For the Processing Action, choose Normal from the drop-down list.
5. For Constrain to host, choose default from the drop-down list to process the log files using the default device profile. Otherwise, choose a device name from the drop-down list to process the log files using the device profile associated with a particular device.
6. Click Upload File.

To transfer log files using automatic Kafka feeds:

Procedure

1. Click the Log Sources option in the HealthBot LFA left-nav bar.
2. Under Automatic Feeds, click Add Feed.
3. Enter the necessary values, such as Name and Servers, in the text boxes. The format of the Kafka topic should be raw text lines with a timestamp followed by a hostname, and then the remaining log line.
4. Click Add.

To export log messages using automatic syslog feeds, you must perform the following two tasks:

• Create a syslog feed for the HealthBot devices you’re interested in (Step 1 - Step 7).

• Enable the devices to send syslog messages to HealthBot LFA (Step 8 - Step 14).

Procedure

1. Click the Log Sources option in the HealthBot LFA left-nav bar.
2. Under Automatic Feeds, click Add Feed.
3. For the Name text box, enter the name of the syslog feed.
4. (Optional) For the Notes text box, enter a description for the syslog feed.
5. For the Type option, choose syslog in the drop-down list.
6. For the Server text box, enter the syslog server and port number pairs in the following format server:port. You must use 514 for the port number.

   The syslog server variable can be entered using one of the following options:

   1. FQDN of a device—This feed will ingest syslog messages only from the specific device associated with the FQDN. For example: testdevice.lab.juniper.net:514.
   2. IP address of a device—This feed will ingest syslog messages only from the specific device associated with the IP address. For example: 192.0.2.0:514.
   3. 0.0.0.0—This feed will ingest syslog messages from all devices. For example: 0.0.0.0:514.
7. Click Add. Now it’s time to enable the devices to send syslog files to LFA
8. Click the Devices option in the HealthBot LFA left-nav bar.
9. In the Action column of the device, choose Open.
10. For the Device Profile option, choose a device profile from the drop-down list. Ensure that at least one rulegroup has been activated for the device profile chosen. For information on how to activate rulegroups for a device profile, see the Activating a HealthBot LFA Rulegroup and Including the Rulegroup Within a Device Profile section.
11. For the Retention option, choose from the drop-down list the length of time the LFA log records for this device will be retained in the LFA database before they’re deleted. For more information about the Retention option, see the “Configure the LFA Data Retention Policy” section under Managing HealthBot LFA Log Record Storage.
12. For the Protocol option, choose syslog from the drop-down list.
13. Configure the Junos OS system log levels. For information on Junos OS system logging levels, see Junos OS System Logging Facilities and Message Severity Levels.

    1. Click the Add Level button.

    2. Use the Facility drop-down list to set the logging facility level.

    3. Use the Severity drop-down list to set the message severity level.

    4. Click Save.

    5. Click Go Back to go back to the Devices page.

14. In the Action column of the device, choose Enable.

To start filtering and processing log messages, you must activate at least one HealthBot LFA rulegroup and then associate the active rulegroup with a device through the device profile. By default, the device profile named default is applied to any device added to HealthBot.

To activate a HealthBot LFA rulegroup:

Procedure

1. Click the Rulegroups option in the HealthBot LFA left-nav bar.
2. In the Action column of the rulegroup, choose Activate in the Choose an action drop-down list. Rulegroups are inactive by default.

To include a rulegroup within a device profile:

Procedure

1. Click the Device Profiles option in the HealthBot LFA left-nav bar.
2. Choose one of the following two options:

   1. In the Action column of a specific device profile, click Open.

   2. Click Add Profile and enter a profile name in the Name text box.

3. Choose one of the following two options:

   1. In the Inherits from drop-down list, choose none, all, or a specific device profile from which you want to inherit rulegroups.

   2. In the Overrides section, choose the name of an active rulegroup in the Includes drop-down list. You may choose more than one.

4. Click Save for an existing device profile or Add for a new device profile.

   HealthBot LFA should now start filtering and processing log messages from devices associated with the device profile that includes an active rulegroup.

   Note HealthBot LFA will try to retrieve a HealthBot device name from each log message, and then apply the rulegroups associated with that particular device. If a valid HealthBot device name is not found, the rulegroups associated with the “default” device will be applied to the log message.

Once the log messages have been collected, processed, and added to the HealthBot LFA database, you can view several different types of visualizations of the aggregated log data. The Healthbot installation package includes factory default visualization options.

To view a visualization:

Procedure

1. Click the Visualizations option in the HealthBot LFA left-nav bar.
2. On the left side of the page under Time Filter, select a range from the drop-down list.

   If no log records exist in the HealthBot LFA database for the selected time range, warning messages might be generated. You can ignore these warning messages.

3. (Optional) On the left side of the page under Device Filter, select a particular device and file from the drop-down lists.
4. On the left side of the page under Dashboards, Searches, or Visualizations, select one of the visualization choices to view the aggregated log data. To view the default visualizations, the HealthBot LFA database must contain log records generated by the default rules and rulegroups.

   The default visualizations support interactive graphics, charts, and tables.

5. (Optional) After making modifications to a visualization through the interactive features, click Update to reset the visualization to its default display.

To configure the HealthBot LFA retention policy for a HealthBot device:

Procedure

1. Click the Devices option in the HealthBot LFA left-nav bar.
2. In the Action column of the device, choose Open.
3. For the Retention option, choose from the drop-down list the length of time (in months) the LFA log records for this device will be retained in the LFA database before they’re deleted. The allowed time range is from 1 - 24 months. Choose none if you don’t want to retain any LFA log records for the device. Choose unlimited if you want to retain all of the LFA log records for the device for an indefinite length of time.
4. Click Save.

To check the amount of disk storage used by HealthBot LFA logs:

Procedure

1. Click the Kibana option in the HealthBot LFA left-nav bar.

   The Kibana application web UI opens.

2. Click the Management option in the Kibana left-nav bar.
3. Under Elasticsearch, click on Index Management.

   The amount of disk space used by HealthBot LFA is shown in the table.

To delete HealthBot LFA log records:

Procedure

1. Launch HealthBot LFA.
2. Click the Context button located in the top right corner of any HealthBot LFA page.
3. Enter admin in the Context text box.
4. Click Set Context.

   The Database Reset option should now appear in the Healthbot LFA left-nav bar.

5. Click Database Reset in the Healthbot LFA left-nav bar.
6. Choose one of the options shown in the Database Reset page to delete HealthBot LFA records.
7. Click Reset.