• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 23 subscribers
  • Views 2273 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ability to Identify Which Devices Are Not Sending Syslogs

k_barton

Hello!

I have spent the last week attempting to comb through Thwack forums as well as create a custom SQL/SWQL script that will provide me with a list of nodes that have not reported any Syslog messages in 7 days. I had opened up a ticket with Solarwinds, and they told me that my only option was to create a script.

I cannot imagine that I am the only one that would like to see this sort of information. Does there exist a way to do this other than a SQL/SWQL script?

Thank you!

Parents
  • 0

    What is your scenario? Why is such information useful?

    SWQL script might be possible and it can be used as a data source for a report. Or maybe there is a completely different solution.

  • 0 in reply to abakus

    Thanks for your reply. We manage 3000+ nodes within SolarWinds, and it's exceptionally useful to have devices log via syslog/log viewer so that we can monitor and send alerts for anything that we deem to be critical. If a device is not successfully configured and/or reporting syslogs to SolarWinds, then I would like to be aware of this so that it can be remedied. That is why i suggested 7 days, as most devices will report at least some sort of syslog message within that time frame.

Reply
  • 0 in reply to abakus

    Thanks for your reply. We manage 3000+ nodes within SolarWinds, and it's exceptionally useful to have devices log via syslog/log viewer so that we can monitor and send alerts for anything that we deem to be critical. If a device is not successfully configured and/or reporting syslogs to SolarWinds, then I would like to be aware of this so that it can be remedied. That is why i suggested 7 days, as most devices will report at least some sort of syslog message within that time frame.

Children
  • +1 in reply to k_barton

    This SWQL query should work as you need, you can use it e.g. in a report:

    SELECT NodeID, IPAddress, Caption FROM Orion.Nodes
    WHERE NodeID NOT IN (SELECT DISTINCT le.NodeID FROM Orion.OLM.LogEntry le JOIN Orion.OLM.LogEntryType let ON le.LogEntryTypeID = let.LogEntryTypeID WHERE let.Type = 'Syslog' AND le.DateTime BETWEEN ADDDAY(-7, GETUTCDATE()) AND GETUTCDATE())

    The query checks syslogs in the database, which means that the result will be nodes which either haven't sent any syslog in the last 7 days or they are not monitored by Orion (and then it doesn't matter if they have or haven't sent anything).

  • 0 in reply to abakus

    I truthfully cannot thank you enough. Using your query and modifying it slightly to include some custom properties, I finally am able to report on exactly what I am looking for. Hopefully other people can find this as well, as I think it's incredibly useful.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 190,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Accounts
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.