Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Syslog monitoring & Archival

Dear Experts,

In our environment, NPM is already in use for monitoring network devices, Adding to it, We were asked to monitor syslog messages now. After going through thwack forum and SolarWinds documentation, I understand that we have a separate module called KIWI syslog for mentioned requirement.

Environment contains - 5000 devices

But in some documents, I noticed that NPM/Orion platform does have feature to monitor and archive syslog messages, and it can process upto 300 messages / second

Monitor Syslog messages - SolarWinds Worldwide, LLC. Help and Support

Required clarification On:

1) Does Solarwinds NPM alone can perform similar functionalities of KIWI syslog server ?

2)In above approach , I understand that all syslog messages will be inserted into Database. Can we define/control what messages can be inserted into database..i.e only critical severity messages.

3) Does solarwinds Orion platform server can act as central syslog server( i.e should receive all syslog messages from all network devices) , And should store all incoming syslog messages into a flat file.

Requesting your suggestion and response on this, please

Find more posts tagged with

Accepted answers

neomatrix1217

Here is the datasheet let me know if you would like to see a demo.

https://www.solarwinds.com/-/media/solarwinds/swdcv2/licensed-products/log-manager/resources/datasheets/lm-datasheet.ash…

All comments

sja

Take a look at those 2 links

That how you scale Orion...

Syslog and Trap Messages are Slowing Down my Monitoring Solution. What Would the Geek Do? - YouTube

Building a large scale SWI installation - YouTube

dhinagar_j

Thank you sja , It helps

superfly

Yes if you have NPM, you can use the syslog viewer it comes with. Just point all your devices to send the logging to the NPM server.

To answer your questions

1) yes

2) yes you can create rules to delete syslogs you're not interested in or you can configure all your devices to only send the syslogs you're interested in. In my previous environment, every device was configured to send syslogs to NPM and some of these I had no access to. As they send a heap of syslogs no one seemed to care about, I deleted them with a syslog viewer rule. I only kept my syslogs for 10 days.

3) yes I only used the Solarwinds NPM sever as my central logging server. But then some requirements came out to keep syslogs for longer than what I was doing, so I used a syslog viewer rule to forward all the syslogs of to another server for a more permanent storage area. Personaly I don't know why you'd keep syslogs for longer than say 10 days.

neomatrix1217

Also, Log Manager will be coming out soon that will integrate with the Orion console.

5/23 Live Webinar (NA): Putting Your Logs Where They Belong with Log Manager for Orion

dhinagar_j

Thanks neo, From the thread, I understand that Log manager for Orion will be a powerful tool than kiwi syslog. For our environment, We have to decide a syslog monitoring solution in 2 weeks, and if the Log manager V1 is ready for release , I believe it is worth a try. In the mean time, I couldn't find any information on Log manager, apart from the shared meeting URL, Kindly please let me know, if incase you came across any documentation on the same

neomatrix1217

The RC should be out early June watch for it in your customer portal.

Log Manager for Orion LM - SolarWinds Worldwide, LLC. Help and Support

neomatrix1217

Here is the datasheet let me know if you would like to see a demo.

https://www.solarwinds.com/-/media/solarwinds/swdcv2/licensed-products/log-manager/resources/datasheets/lm-datasheet.ash…

dhinagar_j

Dear neo,

Sincere thanks for your response and demo invite.

Few clarification again

As discussed in below Geek video, If I send all syslog messages from Network devices to Solarwinds Orion server, will it will impact the performance of Orion.

Syslog and Trap Messages are Slowing Down my Monitoring Solution. What Would the Geek Do? - YouTube

Possible for me to install Log manager, in a separate server as per below guidelines and then integrate to Orion platform & Orion Database.

HARDWARE	MINIMUM REQUIREMENTS
CPU	2.0GHz dual-processor and dual-core is recommended
Memory	8GB
Hard Drive	100GB