My Solarwinds NAM is forwarding syslogs from my nodes to a SIEM. I can't recall where that configuration is accessed.
Help me find it, please?
Rick Schroeder
As Leon stated, this can be found in the Win32 Syslog Viewer application.
You should have the win32 version of NPM syslog manager. THat's how you did it years ago.
If you have LM enabled, I'm not 100% sure of the action, but that would be in the consolidated alert manager.
HOWEVER, you know how I feel about syslog/trap and sending everything straight to Orion. (ie: don't). Get a few Kiwi syslog boxes set up behind a load balancer, and let it do all the heavy lifting of receving, throwing out the garbage, forwarding to SEIM (and elsewhere), and passing the real alerts into Orion.
The good old Kiwi Traps/Syslog „Firewall“
Sadly many of my clients fear the additional configuration effort and put the load on OrionCore
Until their monitoring solution is pummeled into the dirt by the metric butt-load of spurious syslogs. Then they're all "this software sucks!", right?
If it's worth the thought exercise, on the polling engine open up the perfmon viewer and load "total packets" from the SolarWinds Syslog collection, and the similar counters from the SolarWinds Trap collection. That should give your clients a sense of how hard the poller is getting hammered.
I can't make a silk purse from a sow's ear, but it's MUCH more convenient for me to have everything going into SolarWinds (single pane of glass, you know) and be able to search for items there, than to learn Splunk and open it up and get a query figured out.
Yes, I'll learn Splunk and make work for me.
No, I'm not happy SolarWinds syslogging and trap receiving/viewing can't do handle my environment's size.
Thanks, adatole. Your answer was the correct one--as always. I found the solution onboard the actual server, using Syslog Viewer.
I also (re)learned that Trap Viewer has POG to forward traps from EVERY poller to some other destination. Set it up once on the main instance and it's set up on all APE's if you choose that option.
That's new to me (I think).
LM isn't part of NAM, I don't have a license for it. Sadly, adatole, that means it's not a player in my game.
Or am I mistaken?
If having your log data visible within SolarWinds is very convenient for you, Log Manager could certainly be a good fit. I'd love to chat to you for 30 minutes to discuss your environment size and whether Log Manager could handle the event load (LM's scalability is higher than the current Syslog/Trap viewers). I can also walk you through Log Manager's current feature set along with what we're currently working on.
Will send you a private message to set up some time.
How come you know my clients so well ?