new syslog node

Question

hi

we have Netasq Firewall in our network

it is not valid in node vendor option

how can i add it ?

Thanks

anthonychlee · Answer

Thanks, curtisi.

I managed to read the syslog using nDepth.  Will contact my vendor regarding the request of creating a new connector.

curtisi · Answer

anthonychlee‌ and mska‌:

Regardless of vendor, the first step is to configure your syslog device to send syslog to the LEM.  If you haven't done that, scanning for new nodes won't ever find anything.  You'll need to work with the vendor of your device to find out how to configure syslog.

Once you've got syslog configured, you should be able to confirm the LEM is receiving data by connecting the CMC shell, going to "APPLIANCE" and running a "CHECKLOGS" command.

Details on how to connect to the CMC shell can be found here: SolarWinds Knowledge Base :: Use an SSH client to connect to your LEM appliance

If the LEM is getting data (you can find your device's IP and logs in one of the local facilities) you can always use your maintenance to contact support and request a new connector be made.

In the meantime, you can do what cscoengineer‌ suggested: use the LEM to collect raw logs and search them.  This requires some configuration, though.  First, you'll need to configure the LEM to store raw logs:

SolarWinds Knowledge Base :: Configuring Your LEM Appliance for Log Message Storage and nDepth Search

Then you'll need to configure any syslog connector (I suggest the Cisco FIrewalls connector).  Set it to read the log that you identified with the CHECKLOGS command, and change the "Output" drop down to "nDepth."  This will make the logs searchable even if the LEM isn't normalizing them.

anthonychlee · Answer

Hi

I have the same problem with mska, My firewall is not in the node vendor list.  When I add node using the "Add node" button, I choose "All vendors" and let LEM scans for me.

After a long scan, it says "LEM has not found any new nodes or connectors in the Syslog files that are being monitored."