Log data is finally where it belongs - within the Orion Platform! Log Manager for Orion is a brand new SolarWinds product which provides powerful log management functionality including aggregation, searching and charting all within the Orion console. Log data contains a wealth of information which can be invaluable in identifying and troubleshooting of issues that may be affecting performance and availability of your network and applications. When integrated with tools such as Network Performance Monitor and Server and Application Monitor, you can now get a unified view of infrastructure monitoring data with log data in a single pane of glass.
Traditionally, there has been a gap between performance and log data. Log data is often aggregated and analyzed using a standalone tool which doesn't offer integration with your performance monitoring tool. Combining the incredible breath and depth of performance data you get with tools such as NPM and SAM with log data makes it easier to identify, troubleshoot and remediate performance impacting issues.
So, how do you access your log and SNMP trap data and what can you do with Log Manager?
We've made it really easy to access your log data directly from the Node Details page. As an example, I can see on this Node Details page that NPM has triggered a Hardware Health alert. Using the 'Analyze Logs' button I can drill into the log data and quickly identify log data which indicates a rotation error on the fan. It's like when the dreaded Engine Warning Light comes on your car. You know there's a problem, but need to get more information on the specific error via the onboard diagnostics. NPM will tell you there's an issue and then the log data can provide more information such as error codes and warning messages.
Log data is noisy by nature and can generate a vast amount of data. It can be a challenge to quickly drill into that data and focus on the important log data that will help you identify and solve a particular problem. Log Manager includes very useful filters which enables you to instantly refine your dataset with just a few clicks. Filters include Log Type, Level, Node Name, IP Address and more. Thanks to the Orion integration, you can enrich your logs and apply filters based on information gathered by SNMP including Vendor and Machine Type.
Log Manager's powerful search engine allows you to quickly and easily find that needle in the haystack. You can search for anything from keywords to IP addresses and event ID's without the need to learn any new complex query language. Log Manager's search engine is built upon SQL Full Text Search. We recommend that you have FTS enabled on your SQL Server for optimal search performance.
Scrolling through realms of 'texty' log data to determine how often a particular event has occurred can be a cumbersome task.The interactive chart included with Log Manager allows you to easily visualize when particular events occurred and how many of those events occurred. The chart also serves as a way to refine your time frame via an intuitive click and drag method. For example, if you've noticed an issue in Network Performance Monitor at a point in time, you can use the chart in Log Manager to quickly drill into the log data for that timeframe to provide an additional layer of visibility.
One of the many benefits of monitoring your log data is the real-time nature of logs. Tools such as NPM do a great job at collecting a vast amount of performance data at regular polling intervals, however there can be a visibility gap in between those polling intervals. Log data can bridge that gap and provide almost instantaneous visibility into what's going happening on your network devices, servers and applications. Log Manager's Live Mode provides a near real-time stream of log data as it occurs in your environment to aid with identification of issues as they occur. Filters and keyword can be applied to the live stream to hone in a particular events as they occur. This could be based on an event ID, a keyword, an IP address and more.
Tag - you're it!
Individual log (and trap) entries can contain quite amount of text. When you are receiving hundreds, if not thousands of these logs every second it can be difficult to identify important log entries. Assigning a meaningful name to important logs can help you to easily focus on those logs. You can easily apply multiple tags to your important logs to quickly identify those logs as soon as they appear within Log Manager. What's more, you can even color code those tags to make it even easier to draw your attention to those logs. To configure your tags you simply go to Configure Rules and use the 'Tag Entry' action after you set your rule conditions.
Where can I find Log Manager and how do I install it?
The Log Manager for Orion 30-day evaluation is now available to download from your Customer Portal and SolarWinds.com. It can be installed on your existing Orion server or if you prefer to use a test system that's fine too. Log Manager may require other Orion modules to be updated as part of the installation process - the Orion installer will take care of all of this for you. Log Manager can run as a standalone module, but I'd recommend deploying alongside NPM/SAM to avail of the performance data and log data in a single console I mentioned earlier.
I'm leveraging the Orion Syslog and Trap Viewers - what happens when I install LM?
These applications will still reside on your Orion server however they will be disabled and will not process any new incoming data once Log Manager is installed. You can view historical data and rule conditions/actions within these viewers, but they will be in a read-only mode. Speaking of rules, I'm sure you're asking what happens to those old syslog/trap rules? These rules will not be migrated as part of the upgrade to Log Manager. Log Manager provides an incredibly intuitive web-based rule builder which can be used to manually create your rules. However, not all of the alert actions are available with Log Manager v1. Log Manager rule actions include Tag an Entry, Run an External Program and Discard Event.
Can I use Log Manager to collect Windows Events?
Log Manager currently supports syslog and SNMP traps, however you can install our free Event Log Forwarder to convert Windows Events to syslog and transmit to Log Manager.
How is Log Manager licensed?
Most log management tools are licensed based on the volume of log data you generate. This requires you to estimate your log volume, costs can rapidly increase if you miscalculate your log volume and you may have to selectively chose which logs to send to your log management tool to stay within your volume limit. Log Manager uses a very simple and affordable node-based licensing model. If you are transmitting logs from 100 devices, that simply equates to 100 nodes. It is worth pointing out that each node you are receiving log data from, must be managed by Orion.
Log Manager for Orion is a result of feedback we've received from our users on Thwack, SolarWinds User Groups, Trade Shows and more. We're incredibly excited to get your feedback on the tool and answer any questions you may have, please feel free to post Feature Requests here and any questions/comments here. We're already working on some exciting new features for the next release of Log Manager which you can view on the What We're Working On page.
So based on the What were working on for LM does the current EC not support Alert integration? I’m surprised that was not the number one item on the list?
Log Manager currently supports NCM Real-time Change Detection alerts, however Orion Alert integration is not currently support. We are currently working on Orion Alert integration as a top priority which aims to satisfy many of comments within this feature request: SNMP Traps and Syslog Can Raise an Advanced Alert in NPM
We rely on Solarwinds to process SNMP traps from legacy and proprietary applications, and have invested significant development to enable alerts based on SNMP traps. Disabling this functionality would have a devastating affect on our capabilities. Aside for being unhappy I now have to purchase a module to replace existing functionality, the trap viewer functionality cannot be disabled before the alert integration is built.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.