Open for Voting
over 1 year ago

Allow For Syslog Product Overlap; Log Manager & Legacy Syslog (w/Kiwi)

The new Log Manager product is a nice tool to have, and I understand that product is the future of the syslog functionality for SolarWinds. However, it would be nice to be able to continue to use the old/legacy syslog tools in addition to the new Log Manager tools. We have more nodes sending syslog than Log Manager can even be licensed for, so we couldn't even go full Log Manager if we wanted. Having said that, if we put 1000 of our most important devices to send syslog using the LM product, we immediately lose 100% of everything else. (unless I'm missing something here) So, under the presumption I have the basics correct, we can either choose to process syslog from 1000 devices, losing everything else, OR we can stay with our current Kiwi setup, being able to process ALL syslog from ALL devices, but without all the nice features of LM.

Why not just keep functionality for both sides? (At least for a while, until LM evolves into a more mature product.) I would love to be able to use LM and all its wonderful features for our core network, while still being able to process all the syslog from our peon level nodes too. I know it's not as simple as flipping both switches to yes, but I can't imagine it being rocket surgery or anything too difficult.

Thank you,

-Will

Top Comments

Parents
  • Could you not send all your syslog to Kiwi and then have a rule to forward (maintaining source IP) the syslog messages you do wish to have in LM4O?

    This allows you to do the filtering or noise within Kiwi, which will help the processing capacity of LM4O.

  • Yes, we currently use Kiwi as a filter, but since they are keeping new syslog functionality integration separate from legacy/kiwi, then we have to pick 1. We can either have the new features, or the old. Currently, when we forward syslog from Kiwi to SolarWinds, we can do so for ANY/ALL syslog messages, without a node restriction. Once you choose to take the Log Manager route, you can no longer send other syslog messages (non-licensed) to SolarWinds, as they are simply discarded. Since we cannot use both the legacy AND LM app/features/functionality simultaneously, we have to choose one and lose the other.

Comment
  • Yes, we currently use Kiwi as a filter, but since they are keeping new syslog functionality integration separate from legacy/kiwi, then we have to pick 1. We can either have the new features, or the old. Currently, when we forward syslog from Kiwi to SolarWinds, we can do so for ANY/ALL syslog messages, without a node restriction. Once you choose to take the Log Manager route, you can no longer send other syslog messages (non-licensed) to SolarWinds, as they are simply discarded. Since we cannot use both the legacy AND LM app/features/functionality simultaneously, we have to choose one and lose the other.

Children
No Data