• State Not Answered
  • Locked Locked
  • Replies 73 replies
  • Subscribers 27 subscribers
  • Views 12370 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Introducing Log Manager for Orion

jhynds

Log data is finally where it belongs - within the Orion Platform! Log Manager for Orion is a brand new SolarWinds product which provides powerful log management functionality including aggregation, searching and charting all within the Orion console. Log data contains a wealth of information which can be invaluable in identifying and troubleshooting of issues that may be affecting performance and availability of your network and applications. When integrated with tools such as Network Performance Monitor and Server and Application Monitor, you can now get a unified view of infrastructure monitoring data with log data in a single pane of glass.

Traditionally, there has been a gap between performance and log data. Log data is often aggregated and analyzed using a standalone tool which doesn't offer integration with your performance monitoring tool. Combining the incredible breath and depth of performance data you get with tools such as NPM and SAM with log data makes it easier to identify, troubleshoot and remediate performance impacting issues.

Screen Shot 2018-05-31 at 6.27.22 PM.pngScreen Shot 2018-06-01 at 1.02.13 PM.png

So, how do you access your log and SNMP trap data and what can you do with Log Manager?

We've made it really easy to access your log data directly from the Node Details page. As an example, I can see on this Node Details page that NPM has triggered a Hardware Health alert. Using the 'Analyze Logs' button I can drill into the log data and quickly identify log data which indicates a rotation error on the fan. It's like when the dreaded Engine Warning Light comes on your car. You know there's a problem, but need to get more information on the specific error via the onboard diagnostics. NPM will tell you there's an issue and then the log data can provide more information such as error codes and warning messages.

Screen Shot 2018-05-31 at 6.13.30 PM.pngScreen Shot 2018-05-31 at 6.24.38 PM.png

Filtering

Log data is noisy by nature and can generate a vast amount of data. It can be a challenge to quickly drill into that data and focus on the important log data that will help you identify and solve a particular problem. Log Manager includes very useful filters which enables you to instantly refine your dataset with just a few clicks. Filters include Log Type, Level, Node Name, IP Address and more. Thanks to the Orion integration, you can enrich your logs and apply filters based on information gathered by SNMP including Vendor and Machine Type.

Screen Shot 2018-05-21 at 11.53.13 AM.png

Search

Log Manager's powerful search engine allows you to quickly and easily find that needle in the haystack. You can search for anything from keywords to IP addresses and event ID's without the need to learn any new complex query language. Log Manager's search engine is built upon SQL Full Text Search. We recommend that you have FTS enabled on your SQL Server for optimal search performance.

Screen Shot 2018-05-21 at 12.30.24 PM.png

Chart

Scrolling through realms of 'texty' log data to determine how often a particular event has occurred can be a cumbersome task.The interactive chart included with Log Manager allows you to easily visualize when particular events occurred and how many of those events occurred. The chart also serves as a way to refine your time frame via an intuitive click and drag method. For example, if you've noticed an issue in Network Performance Monitor at a point in time, you can use the chart in Log Manager to quickly drill into the log data for that timeframe to provide an additional layer of visibility.

Live Mode

One of the many benefits of monitoring your log data is the real-time nature of logs. Tools such as NPM do a great job at collecting a vast amount of performance data at regular polling intervals, however there can be a visibility gap in between those polling intervals. Log data can bridge that gap and provide almost instantaneous visibility into what's going happening on your network devices, servers and applications. Log Manager's Live Mode provides a near real-time stream of log data as it occurs in your environment to aid with identification of issues as they occur. Filters and keyword can be applied to the live stream to hone in a particular events as they occur. This could be based on an event ID, a keyword, an IP address and more.

Tag - you're it!

Individual log (and trap) entries can contain quite amount of text. When you are receiving hundreds, if not thousands of these logs every second it can be difficult to identify important log entries. Assigning a meaningful name to important logs can help you to easily focus on those logs. You can easily apply multiple tags to your important logs to quickly identify those logs as soon as they appear within Log Manager. What's more, you can even color code those tags to make it even easier to draw your attention to those logs. To configure your tags you simply go to Configure Rules and use the 'Tag Entry' action after you set your rule conditions.

Screen Shot 2018-05-31 at 6.46.06 PM.png

Where can I find Log Manager and how do I install it?

The Log Manager for Orion 30-day evaluation is now available to download from your Customer Portal and SolarWinds.com. It can be installed on your existing Orion server or if you prefer to use a test system that's fine too. Log Manager may require other Orion modules to be updated as part of the installation process - the Orion installer will take care of all of this for you. Log Manager can run as a standalone module, but I'd recommend deploying alongside NPM/SAM to avail of the performance data and log data in a single console I mentioned earlier.

I'm leveraging the Orion Syslog and Trap Viewers - what happens when I install LM?

These applications will still reside on your Orion server however they will be disabled and will not process any new incoming data once Log Manager is installed. You can view historical data and rule conditions/actions within these viewers, but they will be in a read-only mode. Speaking of rules, I'm sure you're asking what happens to those old syslog/trap rules? These rules will not be migrated as part of the upgrade to Log Manager. Log Manager provides an incredibly intuitive web-based rule builder which can be used to manually create your rules. However, not all of the alert actions are available with Log Manager v1. Log Manager rule actions include Tag an Entry, Run an External Program and Discard Event.

Can I use Log Manager to collect Windows Events?

Log Manager currently supports syslog and SNMP traps, however you can install our free Event Log Forwarder to convert Windows Events to syslog and transmit to Log Manager.

How is Log Manager licensed?

Most log management tools are licensed based on the volume of log data you generate. This requires you to estimate your log volume, costs can rapidly increase if you miscalculate your log volume and you may have to selectively chose which logs to send to your log management tool to stay within your volume limit. Log Manager uses a very simple and affordable node-based licensing model. If you are transmitting logs from 100 devices, that simply equates to 100 nodes. It is worth pointing out that each node you are receiving log data from, must be managed by Orion.

Summary

Log Manager for Orion is a result of feedback we've received from our users on Thwack, SolarWinds User Groups, Trade Shows and more. We're incredibly excited to get your feedback on the tool and answer any questions you may have, please feel free to post Feature Requests here and any questions/comments here. We're already working on some exciting new features for the next release of Log Manager which you can view on the What We're Working On page.

Happy Logging emoticons_happy.png

  • 0

    This is a very nice tool to be added to the Orion lineup. Great job SolarWinds!

  • 0

    So based on the What were working on for LM does the current EC not support Alert integration? I’m surprised that was not the number one item on the list?

  • 0 in reply to dgsmith80

    Log Manager currently supports NCM Real-time Change Detection alerts, however Orion Alert integration is not currently support. We are currently working on Orion Alert integration as a top priority which aims to satisfy many of comments within this feature request: SNMP Traps and Syslog Can Raise an Advanced Alert in NPM

  • 0

    jhynds​​ I'm missing the link on the Customer Portal.

    Should this be available via Download Trials ?

  • 0 in reply to zyl

    DM sent to determine why LM isn't appearing for you.

  • 0

    We rely on Solarwinds to process SNMP traps from legacy and proprietary applications, and have invested significant development to enable alerts based on SNMP traps.  Disabling this functionality would have a devastating affect on our capabilities.  Aside for being unhappy I now have to purchase a module to replace existing functionality, the trap viewer functionality cannot be disabled before the alert integration is built. 

  • 0 in reply to tkercher

    I agree and feel like they missed the mark on this product launch.

  • 0 in reply to tkercher

    We firmly believe that syslog and traps are an essential part of any network monitoring tool and we fully intend to always include a basic level of syslog & trap functionality with NPM. We also believe that there is strong demand for more extensive log management coverage. We have some very exciting features planned for Log Manager which exceed the basic syslog and trap use cases and we intend to charge for this functionality.

    The latest version of NPM still ships with the Syslog and Trap Viewers. If you decide to install the LM evaluation, your current Syslog and Trap Viewers are disabled (but not removed from the Orion Server). If the evaluation expires, Log Manager will then run in 'basic' mode which includes functionality such as filtering and searching. Only the licensed version of Log Manager includes features such as tagging, charting and Live Mode. You also have the option of uninstalling Log Manager and reverting to the current iteration of Orion syslog/traps if you feel that Log Manager doesn't meet your needs.

    We do intend on eventually replacing 'legacy' syslog and traps with the basic version of Log Manager, but for now your current syslog and trap functionality remains as is.

    I hope that gives you some comfort that we're committed to including syslog and trap functionality within NPM

  • 0

    It's a pretty display.  Can it replace Splunk?  Can it alert me when malicious behavior by packets / flows is detected, and advise me what actions to take, like Splunk does?

  • 0 in reply to rschroeder

    I'm curious rschroeder​, what does Splunk tell you? Do you have any examples?

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.