cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

Log Viewer Tags and Actions

Jump to solution

I apologize if this is a "newbie" type question that can be answered by reading the manual... however I'm just a bit confused on Log Viewer vs Log Analyzer in Orion.

We send a lot of syslog and SNMP traps to Orion and would like to start possibly alerting on some of these items (eg: APC Struxureware sends a Device Alarm). I can see what looks like some out-of-box Cisco rules which are set up to add a tag for things like authentication failures under Traps > Default Logging Rules while on the Log Processing Configuration page. 

The question I have is: when building a custom rule, is the ability to add a tag only available with Log Analyzer? And if so, what is the best way to  alert w/ Log Viewer if possible. Here's what options I currently have to configure for Log Entry Actoins:Screenshot 2020-12-01 143559.png

If adding tags with Log Viewer is not possible - which option should I choose if I simply want to make an alert?

Thank you Thwack community!

Labels (1)
0 Kudos
1 Solution

I figured this out - just needed to do more experimenting and stop overthinking, as usual. 🙂

 

In my case, I am forwarding the SNMP traps on to another system for further processing, so I've selected that as the action.

Then I configured an alert to fire for every instance of this log event. I also have configured a separate rule for this particular use case that fires when "Cleared" traps are received. I then use that rule as my reset condition.

 

View solution in original post

0 Kudos
2 Replies
Level 8

I have partially answered my question here - LA feature comparison (solarwinds.com)

I can see that for tagging, I would need a full LA license. 

Still have the question regarding what would be needed in order to alert off of certain traps - based on the actions available in Log Viewer, I am assuming I would just choose to stop processing rules and then go ahead create my alert?

  1. FLAG FOR DISCARD
    1. Rules will continue processing, but the entry will not be saved to the database.
  1. STOP PROCESSING RULES
    1. Halt further rule processing for the active log entry.

 

0 Kudos

I figured this out - just needed to do more experimenting and stop overthinking, as usual. 🙂

 

In my case, I am forwarding the SNMP traps on to another system for further processing, so I've selected that as the action.

Then I configured an alert to fire for every instance of this log event. I also have configured a separate rule for this particular use case that fires when "Cleared" traps are received. I then use that rule as my reset condition.

 

View solution in original post

0 Kudos