Nice tool. Thank you.
Very NICE, I had the same issue with both the Alert engine and the Syslog service not restarting, it was like getting caught in the girls locker room in highschool... That was until my director asked me why Orion can not monitor itself... oops!
Thanks again NG!
When setting up Snare, do you set the Destiniation Snare address to the Orion Server, Change the port to 514?
Are there any other settings in snare that should be changed?
Any help would be great.
I have another Syslog server (non Solarwinds) that I send the events to from my Orion server.
That way I can be notified when the syslog (or any)service is down on my server.
You can even alert on MSSQL events such as log files full etc.
Basically anything in the eventlog can be sent as a syslog.
The easiest way to setup Snare is to find an event you wish to alert on & base the settings on that.
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Time: 9:31:48 PM
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.
Setup Snare to check for: System - Error - EventID 29
to alert on NTP errors