cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Syslog question

Jump to solution

I am running NPM v12.2 on Orion 2017.3.4 SP4. recently I was looking for Syslog messages on a node and found that node is not visible when I drop down from the Alerts & Activity menu. Investigating further, I found that there are a number of nodes that I do not see. The nodes are created and up in the Web viewer. Digging deeper, I found the same thing in the Event viewer (some of the nodes that are not seen in Event Log are different). I create alerts on some Syslog messages so it is important that I see them all. I have looked at the configuration of the switches and routers, found the same configuration (for logging) on devices that are seen in Syslog and Event viewers as those that are not seen. I have looked for similarities and dissimilarities and haven't been able to come up with anything yet. Can anyone point me in the right direction, any and all suggestions are welcomed!

Thanks!

PS. Yes, I will be upgrading to NPM 12.5 Orion 2019 on Server 2016 soon but until them, I need to get this fixed.

0 Kudos
1 Solution

If the node is added into Solarwinds but syslogs are not coming through, then check if there's a firewall in between blocking the syslog traffic.

View solution in original post

2 Replies

If the node is added into Solarwinds but syslogs are not coming through, then check if there's a firewall in between blocking the syslog traffic.

View solution in original post

Thanks, there is a firewall in the equation but that is not blocking the traffic. Here is a simplified illustration of what I am dealing with.

Core--Firewall--L3 device--Switchstack

                                                   |

                                           Voice Gateway

The L3 device and Voice Gateway are seen in the Syslog but not the Switchstack. All devices are seen in NPM but not in Syslog. All of these devices are seen in the Event Log viewer. There are a number of devices (this network has over 3000 devices that are monitored) that are present in Syslog or Event log viewers but not the others. Some devices are seen in all of them. I have checked to ensure that logging is turned on and pointing to NPM. SNMP strings have been checked. The L3 device is a pair of 3850's, the Switchstack is a stack of 4 3650's.

0 Kudos