RoyalEF

I would wonder if what you are seeing is just a general performance issue. The problem we're dealing with always produced an Error message in palce of each Map/Graph "Cannot load Network Map from "C:\Program Files\SolarWinds\Network Performance Monitor V8\Maps\****.OrionMap" When I bring up the Network Trends it takes well…

That would be a lovely thing, and a very, very long time coming. I'm trying to build ammunition for another upgrade. This account has lost 60% of it's staff and none of it is being replaced until a major about face in the economy materializaes (or the network collapses in a fiery heap and the Board is inconvenienced).…

That's good to hear. Although for us, once maps fail, they stayed broken forever until a reboot or re-config. It was never an intermittent problem. Once broken, all maps and graphs stopped rendering.

Brandon, I did open a case for my issue. We re-installed the service as it is suspected that a Windows Update monkeyed with registration of DLL/OCXs. Only time will tell if that proves to be the fix for the zombie-state issue--which is the one I need to resolve. The periodic STOPs of the service have occurred for five…

The only problem with the script is that the normal Discovery process overwrites this, so we have to constantly run this script. Every Discovery (every 4 hours) wipes out the correct descriptions for the useless ones Solarwinds uses. It's sad that Solarwinds has failed to support CatOS in this basic way since this problem…

I'll ask you to do the same and censor your "enlightening" responses to anything I post. I'm sure most people in your position think a product that sells for under $200 will have "the ability to perform analysis and correlation functions on the messages as well as reporting and real-time alerting" for whatever devices they…

On our most worked box, which is running Kiwi 9.2 as of two days ago: Windows 2008 32-bit (so only 4gb available) Physical Memory usage: 1.57 Gb We increased the Overflow Queue many years ago. When kiwi maxxes the CPU that buffer fills and the syslogd process shows an additional 200 mb of memory usage. Normally is consumes…

So have people confirmed that the issue has been resolved in the SP's for 9.1? Once we went to version 8.5 the problem became more apparent. I can pretty much cause it simply by having a lot of graphing requests hitting the server. By a lot I mean, me with multiple tabs open on SW & one or two other users running the Home…

The first two choices that come to mind to try is either implement a Log rotation in the logging command, or Archive aged out files to a "TO BE DELETED" folder, and after the Archive RUN PROGRAM of a batch file that deletes "C:\TO BE DELETED\*.*" I would opt to use the later, since the LOG ROTATION is a very simplistic…

Thanks, Chris I'll take a look at the feature set. From the screen shot it doesn't look like it would fit our needs. From a security and accountability perspective we keep as much as we can throughout the year. So sometimes that is four months, sometimes seven weeks. We delete only when space forces us to. The options I…

The Service Options that the screen shot I show are part of Windows Services - not unique or particular to Kiwi at all. Administrative Tools->Services->Kiwi Syslog Service->right click for Properties.

The whole analyze/correlate concept is a tall order, made short in people minds by wishful thinking. Basically, what's being asked for is a highly knowledgeable, broadly experience, deeply developed veteran Engineer to work for you--all compressed into a piece of, preferably low-priced software. That's why the big packages…

I am quite disappointed to see Solarwinds acquire Kiwi. Kiwi has been a strong consistent product developed by a company with a very narrow focus. Now it is one of a conglomerate of products managed. And when belts tighten and Orion/Solarwinds needs to focus resources, Kiwi, will not be a top priority. It would be if it…

Mikejay, my first suggestion is avoiding forwarding messages. I find Kiwi to be a poor performer for forwarding. In the past I found it doubles CPU hit when forwarding a message over processing all the rules locally. You are forwarding... looks like 2/3s of your messages to another syslog system. If possible, have your…

I think 350 million a day is going to be tough to do, without overcoming the CPU limitation. I don't know what you peak is. 350/24 hours = 15 million per hour average. You probably don't have a flat msg rate around the clock, so your peak might be 20mill/hour. I know I've seen 225million here. We handle 9million/hour…

We currently have 3 syslog servers--all physical. This IT shop has poor skills when it comes to disk & SAN performance. Maintenance and capacity planning are non existent. I would never trust a virtual server here for a high-performance system. If you have a tight handle on determining how single threaded CPU processing…

No, it's been an issue for the last year we've been running at 8.5.1. One daily report has a 1.4Mb attachment in addition to the 400K of html & graphs. ("att10481.dat" was yesterday's name--I believe the ### may change). When I open the attachment in wordpad, I can see it is executable code. Wading through it I do see…

No, but I haven't had much time. I was hoping I'd find an answer on the forum. I've been struggling with several issues (including support cases outside of this Solarwinds upgrade). We also have a problem with SW not being able to talk to 4006s properly ever since the upgrade to 9.1. The SNMP polling changed and older…

Thanks. That worked perfectly. Sometimes I think we'd be better off uninstalling the previous versions and deleting all the Program Files directories. V9 still wrote some logs to V8 directories. Now I have two Toolkit directories (Toolkit & Engineer's Toolkit) on this install. Toolkit and NCM had conflicts between versions.

David that's a brilliant solution. I'd love to get a copy. Thank You very much. I checked the standard mib and saw that Cisco doesn't populate the interfaces.descr properly. Actually whoever made the 4000 & 6000 lines (cause these aren't actual Cisco creations, just acquisitions) didn't do it. And Cisco hasn't bothered to…

Any similarity between the 16? 9.1 SP2 fixed a bug with false CPU numbers on ESX Servers (which I assume means either the virtualization servers, or one of the virtualized servers).

Fodome is correct, although it is absolutely possible. Firewalls will send syslogs with the full URL. Cisco PIX/ASAs do. Any firewall that has http momnitoring integrated (like WebSense) must forward URLs as a basic feature). We originally logged URLs, but do to the large space requirement elected to filter them out so we…

I would use the AUTO-INSERT to break your logs into HOURLY logs or even by the MINUTE (We do firewall logging by the minute, a directory per day, a directory per month. ) That will actually make them easier to search if you use a grep tool. OSes and apps can really choke handling gig files. We then use WinGREP which is…

The acceptable number of errors is ZERO. I've seen a lot of errors on these Ethernet handoffs. If this was a T1/T3/OC# the error rate would be zero. Yet these telecom vendors seem to handoff very error-prone, sloppy poorly engineered "ethernet-like" port. Take a look at your ethernet stats on your servers. Unless you've…

Tony, I've never found a true solution for the situation you are looking at. It's actually quite complex, because it suggests that messages be held and counted. If more don't arrive, send the individual one; if more come, send a single, or digest of all messages accumulated. I've sure if this was implemented it would have…

You don't say explicitly, but do the nodes just NEVER come back on their own? The first thing that occurred to me is the initialization rights of the tunnel. VPN tunnel can be configured one way or bi directionally--indicating which side has the right to bring the tunnel up. On cross platform tunnel I've found some…

Relay denied is an aspect of the SMTP server being used. It is typical for an internal-only SMTP to lock down where it will only accept mail for the local domain--no relays to the outside world. You may be using the wrong SMTP server. We have ones hard fixed for incoming mail (only addressed to domain we own-no relaying to…

You could use a virtualization technology to run 3 virtualized servers on the same hardware. More complex, but it would provide three environments and let you run the services 3 times on 3 IPs and all on one piece of hardware.

We've always had random STOPs on the Kiwi Service. The more you push the service, the more common. We're experiencing a lot of them lately and Support had us re-install. Apparently issues can occur after Windows Updates mess with dll/ocx registrations. Time will tell if that get us back to stability. However, STOPs have…

We figured it out. While the discovered speeds wee correct, the bad ones had Custom Bandwidths set. I'm not sure who would set all of these Ethernet ports to a hard-set custom value. Maybe some process flipped the custom switch on. Or somebody did something without understanding why you shouldn't do that. We're going…