This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Ability to Identify Which Devices Are Not Sending Syslogs


I have spent the last week attempting to comb through Thwack forums as well as create a custom SQL/SWQL script that will provide me with a list of nodes that have not reported any Syslog messages in 7 days. I had opened up a ticket with Solarwinds, and they told me that my only option was to create a script.

I cannot imagine that I am the only one that would like to see this sort of information. Does there exist a way to do this other than a SQL/SWQL script?

Thank you!

  • What is your scenario? Why is such information useful?

    SWQL script might be possible and it can be used as a data source for a report. Or maybe there is a completely different solution.

  • Thanks for your reply. We manage 3000+ nodes within SolarWinds, and it's exceptionally useful to have devices log via syslog/log viewer so that we can monitor and send alerts for anything that we deem to be critical. If a device is not successfully configured and/or reporting syslogs to SolarWinds, then I would like to be aware of this so that it can be remedied. That is why i suggested 7 days, as most devices will report at least some sort of syslog message within that time frame.

  • This SWQL query should work as you need, you can use it e.g. in a report:

    SELECT NodeID, IPAddress, Caption FROM Orion.Nodes
    WHERE NodeID NOT IN (SELECT DISTINCT le.NodeID FROM Orion.OLM.LogEntry le JOIN Orion.OLM.LogEntryType let ON le.LogEntryTypeID = let.LogEntryTypeID WHERE let.Type = 'Syslog' AND le.DateTime BETWEEN ADDDAY(-7, GETUTCDATE()) AND GETUTCDATE())

    The query checks syslogs in the database, which means that the result will be nodes which either haven't sent any syslog in the last 7 days or they are not monitored by Orion (and then it doesn't matter if they have or haven't sent anything).

  • I truthfully cannot thank you enough. Using your query and modifying it slightly to include some custom properties, I finally am able to report on exactly what I am looking for. Hopefully other people can find this as well, as I think it's incredibly useful.