What We’re Working on for Log Analyzer (Updated Nov 13, 2019)

Since the release of Log Analyzer 2019.4, there have been a lot of things going on behind the scenes here at SolarWinds. Everything from new LA specific features to Orion platform enhancements are in the works! See below:

  • Flat log file ingestion - Collect flat logs from applications running on Orion nodes utilizing the Orion agent.
  • Continued feature parity work for syslogs and traps
  • Analytics - we want to find problems you didn't know you have, by leveraging machine learning capabilities to detect anomalies in your log data.
  • Sub-string Extraction - Create custom metrics and identify strings to be used as variables in alerting etc.
  • New dashboard framework - Next generation summary dashboard framework.
  • UI performance optimizations - Faster and more responsive web UI.
  • Centralized upgrades - Pre-stage upgrades for reduced downtime.
  • Orion maps - Bridging the feature parity gap with Network Atlas.

As always we welcome your input! If you have an idea for Log Analyzer be sure to post it in our feature request forum.

  • These three features will make this product a must have for many of us....

  • I think that this will be a very interesting product once the Alert Integration is completed.

  • LogManager should be "part off" NPM installation, syslog's and trap's are regular log's that must be analysed by NPM in order to have a good view of the network.  So I recommend that this will be part of the NPM....

  • having the 3 features mentioned would be great.. this is something most of the folks are waiting for....

  • When creating a new rule,in the add an action configuration window, the second option run an external program,What types of external programs are supported? such as vb? or python?

  • Without at least the trap & syslogs forwarding, we cannot install this module. We have complex forwarding rules per additional poller that are critical to our organization.

    That being said, as an upgrade to something already in NPM, I dont understand why it's priced separately, and how to build a business case to buy a feature we currently have... emoticons_plain.png

  • Syslog and trap forwarding is something we are actively working for Log Manager. I'd be interested in understanding your use case for forwarding - what tool do you need to forward your log data to? Which logs/traps do you typically need to forward? With regards to LM being priced separately, please see my comment here for an explanation on our plans for LM.

  • The 'Run an External Program' can be used to launch an executable. If you'd like to run a script such as PowerShell, you can launch an exe and then put the path to the script as a command line argument, like this:

    Screenshot 2019-01-21 at 11.52.13.png

  • We use Solarwinds to aggregate traps & syslogs (Mostly traps) from private production sub networks. We filter some traps (Mostly the informational traps) and forward the remaining to our National NOC. The source IP of the trap identiify the network it came from to ensure proper treatment at the NOC.

    Also, we use forwarding in our setup to palliate a lack of feature in Solarwinds. Let me explain:

    We currently have a main Orion server and 2 additional pollers. Each additionnal poller is dedidated to a specific network. When a trap is coming to the AP, the AP forwards the trap, and based on source IP, the National NOC is treating the information.

    When we generate a trap on an alert (i.e.: Node is down), even if the node is managed by one of the additional pollers, the trap is sent by the main Orion server. Since a part of our NOC workflow uses the source IP of trap to Identify the corresponding network, sending it from the main Orion server gets us into trouble... To bypass this issue, we send the alarm trap to 127.0.0.1, then we then have a rule that tag the trap and forward the trap to the AP. That AP would then forward the trap to the NOC with appropriate source IP so the alarms could be treated accordingly...

    I have to maintain a Visio workflow diagram due to the many rules and Orion servers we have. it is time consuming and not really ideal. I hope this would change in LM one day.

  • jhynds​, regarding your comment about LM being priced separately you mention the following:

    "I hope that gives you some comfort that we're committed to including syslog and trap functionality within NPM."

    but from what I read, is that if we are going forward with upgrades without LM, I'll be stucked with a product that will not address our needs anymore and that we will be forced to buy another module (and add maintenance fees on top  of the many thousands we are already paying) to continue to do what we are doing today. Am I getting this right?

    I understand the trap and syslog viewer interface has to be redefined as they are archaic, but it works. If you want to add functionalities I'm all about getting some money for that (We are already doing that by paying those maintenance fees), but it seems that soon I will feel that I am in a hostage situation...