Open for Voting
over 1 year ago

Replace NPM Syslog & Trap system with Kiwi Syslog

For many years now the Sylsog and Trap system have been due to an overhaul.  At this point they are nothing more than an ugly scar on NPM which is an otherwise fantastic product.  Years ago SolarWinds squired Kiwi Syslog Server which handles both Sylsogs and Traps and is also a fantastic product.

I think the Syslog & Trap system that are currently in NPM should be permanently removed and replaced by Kiwi.  SolarWinds should just provide a free copy of Kiwi with every polling engine.  Of course then it would make sense to provide some out-of-the-box integration between Kiwi and NPM.

It seems to me this is a much easier way to solve the legacy Syslog and Trap system issue in NPM versus completely rebuilding it; no need to reinvent the wheel when you already have a perfectly good wheel!

  • rschroeder While I don't have the numbers immediately available I can tell you it's enough to overwhelm the system currently built in to NPM.  However, it's more than just that; it's also a functionality problem.  The system that currently exists in NPM is one of the oldest parts of the product and it isn't super flexible.  Kiwi is a much better and more flexible product.  By being able to remove another legacy component of Orion and provide better functionality to clients it really is a win/win.  Even if you don't have a load issue, Kiwi will give you better functionality.

  • Your suggestion makes sense for large deployments, but perhaps less so for smaller ones.

    I got by just fine with the NPM Syslog & Trap systems included with NPM, as long as I was judicious in selecting the types of messages and traps I wanted to receive.

    However, if you have Wireless Controllers or firewalls that are set to debug or informational levels of syslogging or trapping, they can easily overwhelm NPM's syslog & trapping system.  When I found that issue I began sending the data to Splunk, which we thought had been sized correctly for our environment.  And Splunk was promptly swamped with the data; our vendor was required to provide us with a significantly larger solution due to poor discovery of our environment.

    What's the size of your network environment--how many nodes and elements do you monitor, byrona​?  How many firewalls and wireless controllers are in it?  What's the amount of data (in records per second or minute or hour) they're sending to your syslog and trap solutions?