3 Replies Latest reply on Apr 29, 2016 8:58 AM by jamesatloop1

    Node Name

    jbrannen

      I am new to LEM but watched a bunch of the introductory videos, and I searched for node name issues and saw a previous post where the op was told that node names cannot be manually edited. So I am curious as to how people are actually managing their nodes since the node name cannot be edited and although I am new to LEM I have found no way to organize nodes in any organizational or hierarchical format. 

       

      I have not found any particular way to organize or manage the nodes on the aptly named manage->nodes window.  All I see are two columns of the same IP addresses (NodeIP and Node Name). I have only added about 20 nodes so far and it has already become painful to look at and I have many more nodes to add. My company is a financial institution which does not like the idea of creating dns entries for network devices. All of our devices (well 98%) are Cisco devices so i researched and even added the logging origin-id hostname to the syslog configuration and I am still only getting the IP as the node name and not the hostname on the device, so apparently that doesn't work either.

       

      Is there some secret or really advanced feature I will find out about later that requires the node name to be restricted in such a manner ? Or is there another way to get some useful data in the node name field ?

       

      Thanks,

       

      Jeff

        • Re: Node Name
          jamesatloop1

          You have to think latterally with LEM. The organization of lem is done by grouping alerts. It's the alerts from the node that is the emphais and you create the alerts for the nodes, hence where the grouping of the nodes. You do this through build.

            • Re: Node Name
              jbrannen

              I was able to get into the filters and groups and created some user-defined of both, so I do see what you mean about the operational functionality of LEM. So i ( as a user) can deal with what amounts to poor aesthetics of the manage->nodes page with just ips and no names. i just thought that if the node name was immaterial to the operational nature of LEM then why can't that field be editable?

               

              Also for Security auditing purposes, I need to be able to verify that all network nodes in Solarwinds NPM that can be logged are indeed being logged. Since the polling interface and the syslog interface are not necessarily the same interface (don't ask because I do not know why either) it usually requires another attribute to perform the matching, thus the hostname would  make this rather easy. Maybe if a connector between LEM and ORION/NPM is created this will not be an issue but in the interim I have a security team and a team of auditors that must be appeased.

               

              In addition our Security team uses another SIEM product (Qradar) which I have to match up to for auditing and validation processes. They are currently disenfranchised with their product and have been waiting to see what LEM can do. 

               

              In the meanwhile I have issues just getting devices added to LEM, I have configured 60 devices and LEM only detects 20 (yes i have validated the network path and generated log entries) and every person that logs into it has to stop and ask me about the node name field. Unfortunately this is becoming a very slow implementation, especially for a solarwinds product.

                • Re: Node Name
                  jamesatloop1

                  Well the node name is your hostname as recieved from your devices so if your talking about renaming the nodes why dont you change the hostnames but i fail to see why you would rename your naming convention in the first place. LEM'S primary functionality is to analyse syslog and events from nodes, not node management so the management config is based on the alerts for the syslog and event traffic, hence the grouping and organisation of alerts, not nodes. LEM' is not a node management tool.

                   

                  The node names in LEM and NPM should be exactly the same as they are pulled from the devices. No there is no LEM NPM integration which is a shame. To achived the same interfaces on LEM as on NPM, list resources in NPM and make sure that the interface is selected that syslog is reporting.

                   

                  As for your implementation, if the hostname is not appearing on the devices on LEM, presuming you are talking about layer 2\3 stuff, then i would double check snmpconfig again. In all them LEM installs i have worked on, i have never seen a case where hostnames were not retrieved. I would also go over and see if all LEM ports are being allowed. I would also check if the ports on LEM appliance are unrestricted as per the documentation. If it is servers with the issue i would also check if the agents are currectly deployed.