• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 38 subscribers
  • Views 218 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

setting up Syslog for first time - need help!

freemen

I am setting up Syslog on Orion v9 for the first time (ever, if you can believe it) and I need some basic help. I am getting my feet wet with sending syslog from a Win Server 2003 client to my Orion server. 


 am seeing syslog messages in the Syslog Viewer alright, but I am having trouble applying a filter.


How exactly do you build a filter to, say, remove all but critical , error, and warning messages? Is there a tutorial available or planned?


Thanks for helping a newbie with this stuff!

  • 0

    Hi,


    You need to create a new rule in the Syslog Viewer.


    Open the Orion Syslog Viewer and select File -> Settings.


    Click the Alerts / Filter Rules tab.


    Click Add New Rule.


    Click Severity / Facility tab.


    From Message Severity box, untick Critical, Error and Warning checkboxes. This rule will apply to all other Syslog messages.


    Click Alert Actions tab.


    Click Add New Action. Select Discard the Syslog Message. Click OK.


    All Syslog Messages will be discarded except Critical, Error and Warning.


    Regards,


    Paul

  • 0 in reply to Paulfromrylane

    Thanks. I set up the rule just like that and I am still getting Informational messages. Also, when I select messages in the Viewer and try to acknowledge them, they will not delete from the list.


    Ideas?

  • 0 in reply to freemen

    One other thing. I see that syslog daty is getting written to the Orion database, but I looked at the SyslogRules table and under the EngineID field is a value of "0". Shouldn't that be a "1"?

  • 0 in reply to freemen

    Yet another question, please. The syslog viewer help guide states that one should be able to clear the messages from the viewer by clicking on the "X" next to the message. There are no "X" es in my viewer?


    What's up?

  • 0 in reply to freemen

    Hi,


     1.)  I have tested this rule and it does work. If you are still getting informational syslog messages, it may be due to the engine ID issue. Please try restarting the Syslog service to see if this resolves the issue.


     2.) You can acknowledge syslog messages via the Syslog page in the web console. Syslog messages wil remain in the database however, until the retention time has expired.


     3.) Yes, syslog messages should have the same Engine ID as your polling engine. Please check the Engines table to see what polling engines you have registered and what IDs they have.


     Regards

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.