• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 22 subscribers
  • Views 441 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SolarWinds LEM Log Ingestion for NGINX Servers & Core FTP Servers

balonyjnr

I would like to get some suggestions with regards to applicable solarwinds connectors that could be used in ingesting\parsing logs from NGINX & Core FTP Servers. Further research indicates a custom connector might need to be created if there generic log sources.Any advice from NGINX servers users would  be very much appreciated.

  • 0

    There's at least one Nginx connector in the LEM, not sure if that relates to the same logs you're looking for or not, but you may want to start there.  It would be set up on a Linux based server to read the data directly with the agent typically.

    Otherwise you're likely right that you will need to reach out to support to see if this will be a connector request.  With a sample of the log data they can help you find an existing connector if one will match, but there aren't really any supported generic syslog connectors.

    One was created once upon a time and made available on Thwack, but it is not supportable and not the best way to bring data into the LEM (it isn't going to normalize the data really for use in rules and reports):

    Generic Syslog Connector

  • 0

    Hi

    The LEM application currently supports the Error log only for NGINX and as jrouviere​ highlighted uses the LEM agent to collect the file based logs.

    NGINX also has a content log, but this will require a connector to be created to support the collection of this log data, as the format and definition of the log messages are different to the Error log. The Core FTP application is also not supported out of the box and will therefore require a custom connector to be created.

    SolarWinds themselves are the only ones able to create a new connector and therefore a case will need to be created requesting these. The connectors to be clear are definition templates which tells LEM how to parse the event message data into the normalised fields available within LEM. It also maps the events into the categories, so for example a login failure attempt to the application will be placed in the Logon Failure category. This capability is very much what a SIEM solution is their to do; to provide a searchable and structured data set against the wide range of log message formats and output.

    The following SolarWinds KB article provides information on the creation of a new connector request:

    Submit a request to SolarWinds for a new LEM connector - SolarWinds Worldwide, LLC. Help and Support

    Mark Roberts

    Prosperon - UK SolarWinds Partners

    Installation | Consultancy | Training | Licenses

    facebook_icon.jpglinkedin.pngblogger.pngtwitter-icon.jpg 

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.