cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Product Manager
Product Manager

ORION LOG VIEWER NOW SHIPPING WITH ORION PLATFORM PRODUCTS TO REPLACE LEGACY SYSLOGS AND TRAPS

If you have been using the Orion platform for any length of time you are probably well familiar with the Syslog and SNMP Trap facilities built into the Orion platform. While these tools have been a mainstay in our platform for many years, the time has come for us to move on to a new set of features that will allow us to modernize and extend the logging capabilities in Orion. As an example, our customers have been asking to see integration of syslog and traps into the Orion alerting engine for a very long time. Orion Log Viewer (OLV) makes that possible! Starting with Orion Core Platform 2019.4, OLV is now a free add-on feature that you can install directly via the SolarWinds Orion installer during fresh installs or upgrades. There are some pre-requisites for OLV and the installer will check on these and give you the option to proceed with an OLV install if those requirements are met. Don't despair if your environment isn't ready to consume OLV. The upgrade from the legacy syslog and traps will still be optional with this release. One note for those using the existing syslog and trap functionality. Installing OLV will override your existing rules. This means your previously configured syslog and trap rules and alerts will no longer be active. While there is no migration path for existing rules or log data to transfer to OLV, they will continue to be readable in the old viewers. We hope this change will be a big step forward in making logging a more valuable tool on the Orion platform. As always, we would love to hear your feedback!

There are several benefits to moving over to OLV such as:

  • Orion alert integration. When a rule is triggered you can now select an option to send the event to the Orion alerting engine.
  • OLV has it's own database separate from the Orion DB to alleviate performance issues caused by large volumes of syslog and traps.
  • OLV is completely web based. No more jumping out of the web console and jumping on to the Orion box via RDP to use the old Win32 apps.
  • Use log data in PerfStack for quick and easy correlation.
  • VMware event collection. (For those who have licensed Virtualization Manager)

pastedImage_0.pngpastedImage_4.pngpastedImage_3.png
Click to EnlargeClick to EnlargeClick to Enlarge

In addition to the benefits above you can also enable a 30 day evaluation of Log Analyzer directly from the OLV interface within seconds. (No downtime or reboots needed) Log Analyzer is a paid product that lives on top of the basic Orion Log Viewer and brings additional value by allowing for:

  • Windows event collection
  • Log Tagging
  • Histogram view of logs and events
  • Live view of event collection
  • Filter on Log Tags
  • Included polling engines for distribution and scale
  • Export logs to CSV
  • Direct access to Log Viewer from Node Details management resource

pastedImage_0.png
Click to Enlarge
17 Replies
Highlighted

Re: ORION LOG VIEWER NOW SHIPPING WITH ORION PLATFORM PRODUCTS TO REPLACE LEGACY SYSLOGS AND TRAPS

jvb​  Question for you.

We moved Syslog and traps out of Orion and into Kiwi due to the volume of data coming in and the impact it had on the database and platform performance. With OLV having it's own database and i'm sure a raft of other performance improvements under the hood, could i consider moving them back and having Orion take the extra load again?

To give you an idea we are receiving approx 400k entries a day into Kiwi which used to equate to a 20GB Syslog table in Orion before we moved it out, in doing this we lost the single pain of glass view (bouncing between Kiwi and Orion) so moving it back definitely has perks as well as extra benefits especially around alerting.

Thanks

0 Kudos
Reply
Highlighted
Product Manager
Product Manager

Re: ORION LOG VIEWER NOW SHIPPING WITH ORION PLATFORM PRODUCTS TO REPLACE LEGACY SYSLOGS AND TRAPS

Hey dsimpkins​ it sounds like you would be a good candidate to make the move back. Log Viewer is able to handle 1000 Events Per Second which clocks in around 90 million a day. So provided that your 400k a day aren't coming in all at once but roughly spread out over the whole day the system should be well able to handle that level of ingestion.

0 Kudos
Reply
Highlighted

Re: ORION LOG VIEWER NOW SHIPPING WITH ORION PLATFORM PRODUCTS TO REPLACE LEGACY SYSLOGS AND TRAPS

Thanks,

Is there the concept of de-duplication for logs and traps received?

Our lovely engineers have a habit of configuring multiple syslog and traps destinations in the same device so Orion has to receive and process (and store) the messages twice.

0 Kudos
Reply
Highlighted
Product Manager
Product Manager

Re: ORION LOG VIEWER NOW SHIPPING WITH ORION PLATFORM PRODUCTS TO REPLACE LEGACY SYSLOGS AND TRAPS

Sorry for the slight delay, I had to verify with the team on this. No, there is no de-duplication done on received messages. You might be able to use NCM to check for configs where that duplicate config is present.

0 Kudos
Reply
Highlighted

Re: ORION LOG VIEWER NOW SHIPPING WITH ORION PLATFORM PRODUCTS TO REPLACE LEGACY SYSLOGS AND TRAPS

Thanks, figured that would be the case as it would be a challenge to identify the duplicate and remove it safely.

Like the NCM suggestion but unfortunately not all the devices are in NCM (Checkpoint firewalls) so i have to rely on the beating stick for the engineers who keep configuring more than one destination.

I'm spinning up a new instance so will have a go at using OLV and if it starts make the app or database creak then i'll shift the workload over to Kiwi.

Highlighted

Re: ORION LOG VIEWER NOW SHIPPING WITH ORION PLATFORM PRODUCTS TO REPLACE LEGACY SYSLOGS AND TRAPS

I just upgraded the 2019.4 RC2 and opted to upgrade to the integrated log viewer. As per the above article my old trap rules should still be readable via the legacy apps but it appears that the upgrade has uninstalled these. Is there any way I can access my old trap rules so I can manually migrate them?

thanks!

0 Kudos
Reply
Highlighted
Product Manager
Product Manager

Re: ORION LOG VIEWER NOW SHIPPING WITH ORION PLATFORM PRODUCTS TO REPLACE LEGACY SYSLOGS AND TRAPS

The menu item was likely removed from the Start Menu when you upgraded, but your Syslog and Trap viewers are still accessible from under 'C:\Program Files (x86)\SolarWinds\Orion'. Just lauch 'SyslogViewer.exe' or 'TrapViewer.exe'. When executed they will tell you they are in Read-only mode which will only allow you to review historical messages or view syslog or trap rule configuration settings.

pastedImage_0.png

Highlighted

Re: ORION LOG VIEWER NOW SHIPPING WITH ORION PLATFORM PRODUCTS TO REPLACE LEGACY SYSLOGS AND TRAPS

Perfect......thanks!

0 Kudos
Reply
Highlighted

Re: ORION LOG VIEWER NOW SHIPPING WITH ORION PLATFORM PRODUCTS TO REPLACE LEGACY SYSLOGS AND TRAPS

I've noticed that not all the syslogs make it to my email. Currently I have a device that is sending 4 syslogs per minute in regards to a MACFLAP. All of these syslogs can be seen under Alerts & Activity, Syslogs. Out of those 4 syslogs per minute, I only receive 1 in my email. So I'm missing 3 per minute.

What can I do to assure that I receive all the syslogs that arrive in the syslog database? The old syslog program would forward every single message but this new one doesn't seem to.

And the other thing is that the Syslogs widgets no longer display anything in them. So I had to custom write a widget as per this thread Syslogs in NPM 12.5  I am now on 2019.4.

Thanks.

0 Kudos
Reply