Skip to content

Pillar · Log investigation

Logs that know how to fix themselves.

Every log parser in OpsLantern is paired with a Known-Error Database. Match the error, read the explanation, apply the remediation — without leaving the tab.

Not a SIEM

Pulled on demand. Solved on sight.

SIEMs are for compliance retention and correlation. OpsLantern is for answering 'why is this broken right now?' — cheaper, faster, and action-oriented.

Pull, don't stream

Agent tails locally and sends only relevant slices. No petabytes of forwarded noise.

Group, don't flood

UI surfaces distinct errors with counts, confidence, and linked solutions — never a raw stream.

Correlate across the stack

Exchange queue stuck? Pull transport log + MSSQL ERRORLOG + disk I/O + recent changes into one timeline.

Known-Error Database

Fingerprints, causes, solutions, prevention.

Every entry in the KEDB is authored by senior operators. Each fingerprint carries an explanation, prerequisite checks, ranked solutions with risk levels, a prevention plan, and references.

KEDB entry yaml 
error_fingerprint:
  id: MSSQL-DB-SUSPECT-824
  sources: [mssql_errorlog, windows_eventlog_mssql]
  pattern: "Error: 824.*Possible bad page|logical consistency-based I/O error"
  severity: critical
  explanation: |
    Page checksum mismatch detected — typically storage-layer
    corruption or failing disk. Database marked SUSPECT.
  prerequisites_check: [latest_backup_age < 24h, disk_health_smart]
  solutions:
    - title: Restore from last verified backup (preferred)
      action_ref: mssql.restore.from_backup
      risk: medium
    - title: DBCC CHECKDB REPAIR_ALLOW_DATA_LOSS (last resort)
      action_ref: mssql.dbcc.repair_allow_data_loss
      risk: high
      requires_approval: dual
  prevention:
    - monitor: storage_smart_attributes
    - runbook: storage/disk-replacement
  tags: [mssql, storage, data-loss]

Log sources

Dozens of parsers, ready on day one.

Windows Event Log (System, Application, Security, Setup, custom channels)
IIS, Apache, Nginx
MSSQL ERRORLOG + Extended Events
MySQL / MariaDB error log, slow query log
PostgreSQL
Exchange transport + message tracking
Postfix / Exim / Sendmail
MailEnable SMTP / IMAP / auth
ModusGate, FortiMail
syslog / journald
vCenter vpxd / hostd / vmkernel
Proxmox task / corosync / pve-manager
cPanel access / error / cpanellogd
Plesk panel.log, maillog
Docker / containerd
Azure Activity Log
Microsoft 365 Audit Log
Huawei Cloud Trace Service
opslantern — troubleshooting session · mail.customerX

matched fingerprint: POSTFIX-QUEUE-DEFERRED-LOOP

occurrences in 15m: 842

confidence: high

suggested solutions

1. Flush deferred queue + restart smtpd [Apply]

2. Review upstream relay throttling [Open runbook]

related signals

· disk_free dropped 18% in last 20m

· upstream DNS MX check — passing

Concept preview — not final UI.

See the KEDB live.

Contribute once, every OpsLantern customer benefits. Your fingerprints stay yours — the seed library is shared.

Request a walkthrough Back to features