After upgrading our Solarwinds Orion from 2020.2.6 to 2023.3.1, we are no not able to see any syslog in Log Viewer. We are also not seeing Filters. Does anyone know what the issue could be?
If the SolarWinds log services are running and you have confirmed that the packets are reaching the SolarWinds server on port 514 then there's a very high chance something is blocking it once it gets to the server. I know you said that there were no rules blocking it on Windows Firewall but are there any rules allowing it either? Could you try adding an inbound rule to allow communication over port 514 if you havent already? If that doesnt work then I'd expect there is a a fundamental issue with the SolarWinds service and I'd need to see the logs to investigate further.
I can't see any known issues for it on your current version but it is worth mentioning that the version you have upgraded to is quite a few behind the latest which is 2024.4.1.
Last thing I can think to try here if there is definitely no firewall issue is to run a core repair on the platform which will repair all services:
To run a core platform repair:
It will now take you through the repair process and run the configuration wizard afterwards automatically.
Run through the configuration wizard as you normally would ensuring that the settings on each page are correct.
This will require downtime usually around 15 - 30 minutes.
2020.2.6 was the "last version" with the legacy syslog viewer tool. all this has been now moved to LogViewer/LogAnalyzer. Can you please share where you are expecting the syslogs to show up so we can confirm it's really the case of "Legacy Syslog viewer" vs "LogViewer/LogAnalyzer"
cheers
We are expecting to see the syslogs in the "Log Viewer"
I am assuming this is the "log viewer" you are talking about? You can also reach it from here:
Alright, so we figured out this is the "new" Logviewer. Now we need to check if the Services on the Solarwinds Server are running:
The corresponding services is the "SolarWinds Log manager for Orion Syslog Service" . If this is running we need to check if there could be a "discard all" rule" or maybe a firewall rule blocking syslogs from reaching the solarwinds service.
you can also check via netstat -ano if the service is listening on the syslog port:
There is no discard rule or firewall blocking syslog service.
Are the devices sending Syslog messages added to SolarWinds as nodes?
other than that it is getting a tough one to support through the forum, trying to think of other possibilities causes…
Yes the devices are sending and Solarwinds is receiving. Verified with packet capture.
I meant, are the devices added as nodes in the platform? If there is no “Node” in the SolarWinds Database, the Syslog receiver discards the message because it doesn’t have a database object where it can attach the syslog
