Generic Syslog Connector

Thanks for providing this; however, I guess I don't understand why you would provide this and not support it?  This is clearly functionality the product needs and the community has requested and from the looks of it you have found a good stop-gap solution; why will you not support it?

I'm not a part of the connector team, dev team or product management team for LEM, so I can't promise any support.  If someone identifies an issue I can fix, I'll take a whack at it and then re-upload, but I don't want to set the expectation and then disappoint.  I've played with this in my lab, it seems to work, and I want to distinguish this from any future official solution produced by Solarwinds.

Okay, that makes sense and I appreciate the explanation.  Is there any chance we can get this ran up the support chain and approved so that it can be supported since it seems to fulfill a need and allows SolarWinds to check yet another box on the list of items that LEM can support.  Seems like a win/win to me.

I just don't want to start using it and then find support using it as a reason to not support me.  I have had that exact problem with other vendors.

I'm pretty sure that the Support team won't kick you to the curb for having a single off-label connector (and when I was in Support, I saw more than a few attempts to manipulate the connectors), but I understand the concern.  I know that the product team is aware of the need and requests.

Okay; sounds good.  Now away from the business side of things and on to the tech side:

My understanding of this is that you can setup this up on your appliance and point it to one of the syslog locations and it will pull everything into nDepth for archival and searching; however, no reporting or correlations.  Is that correct?

Correct.  Reports and Rules are built on normalized data, and this connector won't produce any.

This very well may address several of my needs so I am going to set it up in my lab as soon as I can.  Thanks for putting it together!

I just finished getting a LEM appliance setup in my lab with nDepth enabled on it and I have imported this connector.  When I try to start it on the appliance it won't start; any thoughts?

Revision 2: I apparently removed a line that I shouldn't have, and I put it back.  It's starting in my lab now.

Ok, I am able to start the connector now; however, I am seeing a few other issues.

So, here is what I have so far:

• LEM appliance setup in lab and running properly
• nDepth configured on the appliance
• Orion sending all of the syslog data it receives to LEM so that I have syslog data to work with
• GenericSyslog connector imported, running, and pointed at the log files where the Orion log data is going in LEM

With that being said; here are the two issues I am having:

Running a scan for new nodes is taking forever, not sure if this is due to this connector or not.

I am also not seeing any of the data in the LEM console, I have flipped the little switch on the upper right of the nDepth screen to look at logs and still nothing.

Thoughts?