After upgrading our Solarwinds Orion from 2020.2.6 to 2023.3.1, we are no not able to see any syslog in Log Viewer. We are also not seeing Filters. Does anyone know what the issue could be?
After upgrading our Solarwinds Orion from 2020.2.6 to 2023.3.1, we are no not able to see any syslog in Log Viewer. We are also not seeing Filters. Does anyone know what the issue could be?
2020.2.6 was the "last version" with the legacy syslog viewer tool. all this has been now moved to LogViewer/LogAnalyzer. Can you please share where you are expecting the syslogs to show up so we can confirm it's really the case of "Legacy Syslog viewer" vs "LogViewer/LogAnalyzer"
cheers
We are expecting to see the syslogs in the "Log Viewer"
Are the devices sending Syslog messages added to SolarWinds as nodes?
other than that it is getting a tough one to support through the forum, trying to think of other possibilities causes…
I know that originally it is said that this stopped working after the upgrade but it is still worth confirming that we are actually receiving syslog to the SolarWinds server in the first place. rccamacho could you please set up a packet capture on the SolarWinds server and monitor to see if we are receiving any packets over port 514? I usually would use Wireshark for this.
I know it would be a crazy coincidence that something changed on the network at the same time as the upgrade but this is technical support after all so lets apply Occam's Razor.
It would be strange if SolarWinds' Syslog service was running fine but not processing the Syslogs received to it.
Yes the devices are sending and Solarwinds is receiving. Verified with packet capture.
Verified and Solarwinds is receiving Syslog from devices.
If the SolarWinds log services are running and you have confirmed that the packets are reaching the SolarWinds server on port 514 then there's a very high chance something is blocking it once it gets to the server. I know you said that there were no rules blocking it on Windows Firewall but are there any rules allowing it either? Could you try adding an inbound rule to allow communication over port 514 if you havent already? If that doesnt work then I'd expect there is a a fundamental issue with the SolarWinds service and I'd need to see the logs to investigate further.
I can't see any known issues for it on your current version but it is worth mentioning that the version you have upgraded to is quite a few behind the latest which is 2024.4.1.
Last thing I can think to try here if there is definitely no firewall issue is to run a core repair on the platform which will repair all services:
To run a core platform repair:
It will now take you through the repair process and run the configuration wizard afterwards automatically.
Run through the configuration wizard as you normally would ensuring that the settings on each page are correct.
This will require downtime usually around 15 - 30 minutes.
I'd recommend opening a support case. If syslogs aren't working are traps? Did something else go sideways in your upgrade? Better to be safe and have the support team look at everything having to do with the upgrade.
You can try and repair it yourself, but I've always felt better having support on the line to assist in case I run into anything else.
Windows Firewall is allowing port 514.
We do have a case open with Solarwinds Support. They are telling us it may be a license issue which I doubt.
One thing I forgot to mention was when I open the Log Viewer. In the Filters Navigations Pane of the Log Viewer, the filter options would flash for about a second then disappear.
I meant, are the devices added as nodes in the platform? If there is no “Node” in the SolarWinds Database, the Syslog receiver discards the message because it doesn’t have a database object where it can attach the syslog
I meant, are the devices added as nodes in the platform? If there is no “Node” in the SolarWinds Database, the Syslog receiver discards the message because it doesn’t have a database object where it can attach the syslog
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 200,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.