Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Confused...

I am finding this software to be far more difficult to use/understand than other competing products. We purchased a full license for this recently and I'm really frustrated.

By default, everything is sent to a log file. That's fine. But, when running the GUI interface, after reading the help file and stuff online, I still cannot figure out how to filter based on a given IP address. I don't understand if I need to create an entire new rule, filter, action, some of it, or all of it. I want everything to be logged to file. But at times, I only want to VIEW syslog messages coming from a single IP/device. How is this done!? Please don't direct me to the help file or online knowledge base because I've gone through this and found it extrmely confusing. A different syslog product I work work, all I have to do is right click on the event log in the GUI and a context window comes up which allows me to temporarily filter ONLY on that device. Kiwi's filtering process is a real pain IMHO.

Can someone explain this better and provide a walk through or something? Also, why can I only view the last 10-1000 events in the syslog viewer? What should I be using to view messages that are not showing in the gui window? We go through 1000+ messages very quickly. I would prefer to see ALL messages from a single IP over the course of the entire log file.

Anyways, hopefully someone can help. All these rules, filters, displays, etc. is frustrating.

Find more posts tagged with

Accepted answers

All comments

bshopp

Always love to hear feedback on how we can improve the product, so thank you for that, although I am sorry you are frustrated, so let me see if I can help.

You have the default rule and action which logs everything to a file, which you want, so check, done.

On your use case you want to view Syslog messages from a single device or IP Address, couple different options for you

Build a new rule with a filter for only that Device/IP and set the action as Display and select one of the display options (which you can rename to be more human readable). Then back in the Syslog viewer you can select the drop down to select this saved display filter
Since they are logged to a file by default, some customer use our Log Viewer app which allows them to open any log file and quickly search them
If you are using the web console, you can define filters as well to quickly narrow down scope of Syslogs

The 10-1000 events issue, is this in the Win32 or Web View?

Fodome

Jrink,

As an adendum to Brandon's reply, in order to Filter for a single IP address, you need to use an IP Address Filter. Set the "Filter Type" to "Simple" and use the following format:

-"IP address""another IP address if needed".

Example:

"192.168.1.157""192.168.1.173"

Hope this helps.

Sincerely,

Chris Foley | Support
SolarWinds | IT Management, Inspired By You
Support:866.530.8040 || Fax:512.857.0125