Hi,
Firstly, SolarWinds newbie alert (with experience of Dynatrace and HP monitoring tools).
I have a requirement from our security dept to provide the logs that describe automated actions taken by SolarWinds due to an alert (for instance, re-start service), which needs to be ingested by their log monitoring / auditing tools.
I wasn't able to find details for this other than how to enable log forwarding with SEM
https://documentation.solarwinds.com/en/Success_Center/SEM/Content/Admin_Guide/New_In_6_5/SEM-Log-Forwarding.htm
and I don't believe this is what I'm looking for, I don't believe this is for Orion logs per se, but for any logs ingested by the Orion log monitor (please correct me if I'm wrong).
So I set up a duplicate of a couple of very simple alerts (node down and component critical) and used the "run an external program" option to write out to a log using a batch file, purely for testing...
This works fine, but I am unable to identify any Orion/SAM logs that report that this action has been taken.
Is there a log that should be written to?
If so, is this something I need to enable and haven't spotted?
Or is this something that isn't logged?
If it isn't logged, I assume that it will be recorded in the database somewhere, does anyone have an SWQL query that would extract it (or at least point me in the right direction for the tables I would need to query.
Thanks
Tim