This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Create Post
amoss24
Level 8
‎12-01-2020 02:37 PM

Log Viewer Tags and Actions

Jump to solution

I apologize if this is a "newbie" type question that can be answered by reading the manual... however I'm just a bit confused on Log Viewer vs Log Analyzer in Orion.

We send a lot of syslog and SNMP traps to Orion and would like to start possibly alerting on some of these items (eg: APC Struxureware sends a Device Alarm). I can see what looks like some out-of-box Cisco rules which are set up to add a tag for things like authentication failures under Traps > Default Logging Rules while on the Log Processing Configuration page. 

The question I have is: when building a custom rule, is the ability to add a tag only available with Log Analyzer? And if so, what is the best way to  alert w/ Log Viewer if possible. Here's what options I currently have to configure for Log Entry Actoins:Screenshot 2020-12-01 143559.png

If adding tags with Log Viewer is not possible - which option should I choose if I simply want to make an alert?

Thank you Thwack community!

Labels (1)
Labels
0 Kudos
Reply
1 Solution
amoss24
Level 8
In response to amoss24
‎12-07-2020 12:12 PM

Jump to solution

I figured this out - just needed to do more experimenting and stop overthinking, as usual. 🙂

 

In my case, I am forwarding the SNMP traps on to another system for further processing, so I've selected that as the action.

Then I configured an alert to fire for every instance of this log event. I also have configured a separate rule for this particular use case that fires when "Cleared" traps are received. I then use that rule as my reset condition.

 

View solution in original post

0 Kudos
Reply
2 Replies
amoss24
Level 8
‎12-02-2020 10:07 AM

Jump to solution

I have partially answered my question here - LA feature comparison (solarwinds.com)

I can see that for tagging, I would need a full LA license. 

Still have the question regarding what would be needed in order to alert off of certain traps - based on the actions available in Log Viewer, I am assuming I would just choose to stop processing rules and then go ahead create my alert?

  1. FLAG FOR DISCARD
    1. Rules will continue processing, but the entry will not be saved to the database.
  1. STOP PROCESSING RULES
    1. Halt further rule processing for the active log entry.

 

0 Kudos
Reply
amoss24
Level 8
In response to amoss24
‎12-07-2020 12:12 PM

Jump to solution

I figured this out - just needed to do more experimenting and stop overthinking, as usual. 🙂

 

In my case, I am forwarding the SNMP traps on to another system for further processing, so I've selected that as the action.

Then I configured an alert to fire for every instance of this log event. I also have configured a separate rule for this particular use case that fires when "Cleared" traps are received. I then use that rule as my reset condition.

 

View solution in original post

0 Kudos
Reply

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
© 2021 SolarWinds Worldwide, LLC. All Rights Reserved.