7 Replies Latest reply on Nov 5, 2014 4:31 PM by nicole pauls

    Syslog Issue




      I'm having an issue with LEM parsing syslog information.


      I have a network firewall configured on the LEM with the correct up to date connector.

      The connector was made by solarwinds by request and has been tested previously and works.


      The problem I've got is it only seems to work some of the time.

      For example I know that if I try and ping a device behind the firewall I will consistently get the event in the LEM as expected, however having checked the logs on the firewall there are other events being sent (of the same type i.e. denied traffic) that are not appearing in the LEM.


      I have connected to the LEM via SSH and checked the the logs (appliance>checklogs) and can see that the relevant log ([6] User Log) is 72MB and after exporting this I can confirm that the missing events are listed in the log.


      I have tried rebooting the appliance, restarting the manager, deleting the configured connector and recreating it all with not affect.


      I've opened a support case (#711990) but would appreciate your help.


      I'm aware this may be the same issue as discussed here but I didn't want to hijack the thread as it sounds different (slightly at least).


      Thanks for your help.