Hey guys, I am having an issue where a tenable vulnerability scan is causing the syslog service to crash and causing a failover. Has anyone run into this before and know of any work around? This is for the main Orion install.
Is this an HA failover?
Ya, this is an HA pair.
HA is so sensitive to the slightest anomalies that we had to turn it off due to it failing over many times a day.
Hopefully it can be tuned in the future with a definitive scope of items that cause fail-overs and a way to control them at a granular level.
For us, we have a very transient error happening that has zero affect on HA or Orion, but it triggers a failover.
There is no way to control this, so HA is failing over when it really should not.
Tickets were opened, but with no control over HA failover criteria, there is no way to combat unnecessary fail-overs.
I know people are using it effectively, and I wish i could say the same, but failing over many times a day is just hard to manage for a very busy system.
Our SolarWinds VAR acknowledges this and are in agreement with me on the inability to granularity control HA fail-over criteria can make it difficult to use.
Response:
"Ok, then fix the underlying issue causing fail-overs..."
Easier said than done.
I think we found what is happening, tenable is scanning on port 162 and SW thinks it's an incoming trap, then syslog just freaks out because it's not a trap. Not sure what we will do for a work around yet.
