What do I lose if I don't send Syslog messages to Solarwinds? I'm already getting snmp traffic (traps) from these devices and I'm logging to a Kiwi server

I've been streamlining the amount of traffic my Solarwinds server gets and I noticed that much of the Syslog traffic does not get attention unless you create filters for matching to an alert. If I stop sending syslog messages to Solarwinds, what do I lose? I do get traps from the same devices.

Thanks,

--Lunar53

Parents
  • That is the most common set up for the use of Syslog in an organisation.

    • Configure the devices to send syslog event messages to Orion
      • Control the level by specifying severity level (e.g. Notice and above) or tuned filters depending on what your device supports. 
    • Configure tagging and/or alerts in Orion syslog for thing you know you want to bring attention to
    • Configure filters to delete syslog messages for things you know is not required and is just noise
    • Set a data retention period to suit your resources and needs
    • Update the Orion web page views to include this data alongside other monitoring data
    • Review the syslog data you have collected for the operational purposes you will encounter i.e. forensic review when issue occurs

    It is unlikely you want to be sending event data to Orion as syslog AND SNMP Traps as this just generates duplicate data, just in different structures. Syslog is our recommended protocol of choice and only where you have specific reasons are you likely to use Traps.

    Mark

Reply
  • That is the most common set up for the use of Syslog in an organisation.

    • Configure the devices to send syslog event messages to Orion
      • Control the level by specifying severity level (e.g. Notice and above) or tuned filters depending on what your device supports. 
    • Configure tagging and/or alerts in Orion syslog for thing you know you want to bring attention to
    • Configure filters to delete syslog messages for things you know is not required and is just noise
    • Set a data retention period to suit your resources and needs
    • Update the Orion web page views to include this data alongside other monitoring data
    • Review the syslog data you have collected for the operational purposes you will encounter i.e. forensic review when issue occurs

    It is unlikely you want to be sending event data to Orion as syslog AND SNMP Traps as this just generates duplicate data, just in different structures. Syslog is our recommended protocol of choice and only where you have specific reasons are you likely to use Traps.

    Mark

Children
No Data