Comments
-
Wow, you have 21+ varbids in a trap? You can raise the number in Advanced Configuration (aka centralized settings), setting AlertMaximumTrapVarBindings.
-
There is a way how to do it using Advanced Configuration settings + "No reset condition – Trigger this alert each time the trigger condition is met", but the alert flooding protection is there for a reason. Imagine receiving 2k syslogs per second and sending all of them to alerting - that would probably kill the whole…
-
What exactly isn't possible? There are some ways how to get varbinds from a trap. For example for versions 2020.2.5+ using ${N=OLM.AlertingMacros;M=OLMAlertMessage.VbName1} or ${N=OLM.AlertingMacros;M=OLMAlertMessage.VbData1} (up to VbName10/VbNData10) which might help if the varbind you are interested in is a part of trap…
-
Well, there is just general LA documentation related to your question: https://documentation.solarwinds.com/en/success_center/la/content/la/la-configure-devices-to-send-messages.htm And the secure syslogs: https://documentation.solarwinds.com/en/success_center/la/content/lm/la-securesyslogsettingsexternal.htm If you're not…
-
Can you post an example of the message?
-
Log Analyzer can receive and process syslogs from all devices if the syslogs meet RFC requirements. Does Palo Alto use any special syslog format?
-
I can see it in both Customer Portal and Updates&Evaluations in My Orion Deployment (/ui/ha/deployment/update).
-
In case you also have LA, you can monitor the swdebugMaintenance.log file using LA and alert on any part of incoming messgaes (= new lines in the log), including severity (ERROR, FATAL) or content of the message (e.g. database maintenance duration line or the maintenance result).
-
2020.2.6 contains fixes in trap and syslog services, give it a try. OID resolution is improved and if it didn't work well it may have eaten up a lot of memory (messages are waiting in a queue for OID resolution).
-
There is a way which requires manual verification. If you're OK with it, let me know via PM.
-
You will be asked if you want to use OLM, which is a basic version of LA. You can say no and you will continue to use legacy syslogs and traps with some security fixes, but without any new features. Which is probably exactly what you want. Btw LA/OLM uses a different database from Orion. Both OLM and Orion databases can be…
-
That's limit what you're able to see in the log entry list (with paging). If you zoom in the histogram, you will see again 1000 entries, but over a shorter period of time and eventually if you zoom more and more you will see what you need (when the range contains less than 1000 entries). However, there is a zoom limit to 1…
-
I could get it working by setting two "Message" conditions: I just changed {1,8} to {4,8} since you write that it can be 4 to 8 digits long. Also note that there is a space between "=" and "40". Using Message Contains would trigger this rule when value would be 401 and suprisingly it happens also when Message Matches…
-
This should be addressed in LA 2020.2.5 since RC1 has the option to use any Windows credential defined in Orion. In addition, the default user has changed to Network Service:
-
I created a rule with your conditions (with AND operators), added a single action which adds tag "WAN!" and sent several traps from a generator. LA 2.1 with HF1. I put LTE to a separate varbind, same varbind, changed casing and it always did what I'd expected. See: (ignore varbind names, I just modified existing trap, so…
