Syslog report for a device

I'm looking to provide a report of VPN device syslog for specific entiries for one year. Can the report writer handle it?

Find more posts tagged with

syslog

npm

Accepted answers

All comments

i_like_eggs

HI,

You might find that you dont retain that amount of Syslog messages the default from SolarWinds is 7 Days. To check just click Settings > Polling Settings and

i wouldn't recommend increase depending on Hard drive space ect.. but then again depends on your retention policy if i did have all that data i would first start by selecting top 10 then 50 then 100 records and make sure that i have the nodeID (like below) selected and checking the CPU to ensue its not running at 99% trying to execute the query. so..

select TOP 10 * from syslog where NodeID = '464' and Message like '%VPN%'

select TOP 100 * from syslog where NodeID = '464' and Message like '%VPN%'

select TOP 1000 * from syslog where NodeID = '464' and Message like '%VPN%'

if you are happy with the query at the end you can check the Log located here Orion Web see if SolarWinds is happy with your query.

C:\ProgramData\Solarwinds\Logs\Orion

if not you will get a WARN message like below:

At the end i would say go for it maybe not the best advice but learning the true capabilities of the SolarWinds beast is Awesome

all the best dude

mesverrum

I'm just going to jump in here and point out that increasing this value to 1 year is going to kill the performance of your Orion server unless you have the most minimal of incoming syslog data. NPM's syslog capabilities are not set up with the intention of acting as a long term repository of syslog data or for very chatty devices such as firewalls.

Solarwinds has two other separate products specifically for that task, Kiwi Syslog Server or Log and Event Manager and either of them are plenty capable of this task but expecting NPM to do it will likely lead you to frustration.

-Marc Netterfield

Loop1 Systems: SolarWinds Training and Professional Services

LinkedIN: Loop1 Systems
Facebook: Loop1 Systems
Twitter: @Loop1Systems

tfbissett

Yes mesverrum, I agree and we are working to move to Kiwi for the performance reason and will be able generate reports from there but we are currently looking to pull past info out of the SQL database (configured to maintain syslog for 365 days)to fulfill a security requirement.

we are trying i_like_eggs ideas and some brut force looking at log results to get thru for now.....

Thanks for the Input!