I am curious as to the future enhamcements planned for the Kiwi Syslog Server. Now that we are collecting all of these syslogs, it would be nice to have the ability to analyze, correlate, report, and alert on syslog events and to easily be able to determine root causes intuitively. We are looking at other solutions but would prefer to have this within the Solarwinds suite of tools.
- State Not Answered
- Locked Locked
- Replies 7 replies
- Subscribers 21 subscribers
- Views 559 views
- Users 0 members are here
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.
-
We have over 270 syslog enabled devices. We are required by NERC (National Energy Regulatory Commission) to monitor our "cyber" assets. We have a very lean resource pool that is unable to designate a person to review and decipher all of the syslogs that are cpatured on a daily basis. It would be great to have the ability to perform analysis and correlation functions on the messages as well as reporting and real-time alerting. This would help us to get a better idea as to what is going on at all time on our system.
-
The whole analyze/correlate concept is a tall order, made short in people minds by wishful thinking. Basically, what's being asked for is a highly knowledgeable, broadly experience, deeply developed veteran Engineer to work for you--all compressed into a piece of, preferably low-priced software. That's why the big packages are so costly and so complex. That's what they are trying to replace.
I find, like IDS, syslog has to be learned. Each device and software revision has pecularities, the most common of which must be understood and worked around. The message pattern I get from a PIX vs. ASA is different. A sup2 versus 720 can be different. Nexus is a whole 'nother animal. Autonomous Cisco APs and WLC controllers are vastly different--despite using the same AP hardware. You've got to learn what your environment chatters about and weed out the noise so you can listen for the important events.
It's absolutley worthwhile to learn this end of network management--it has helped me to build a strong reputation for the last decade. I'm the guy who knows there's a problem when nobody else does. There is nothing more satisfying then have Kiwi email you a message that explains what just went wrong on the 5th floor.
-
I don't think I need you to tell me what I need to learn or what my "dreams" may be. You do not know our organization and you do not know how we operate. The items I mentioned are the features and functions that my management has requested. We are short staffed and and do not have the resources to look at all of the messages that are received via Syslog. That being said, I was just trying to get some sort of product roadmap for the Kiwi Syslog server. This way, if the roadmap does not fit our requirements, then we evaluate something else, very simple.
I do not need you to tell me what I need to learn or what I don't need to learn. I understand the complexities that go into evaluating a syslog message from different devices.
I am glad that you have built a strong reputation over the last 10 years and you are the "goto" guy. I am not impressed.
Do not respond to any of my future posts. You are of no help to me!!
-
I'll ask you to do the same and censor your "enlightening" responses to anything I post.
I'm sure most people in your position think a product that sells for under $200 will have "the ability to perform analysis and correlation functions on the messages as well as reporting and real-time alerting" for whatever devices they happen to own.
Best of Luck.
-
Maybe with your broad-based syslog intelligence, you could develop something that could do the job. Oh, but it has to cost under say....$200?
Or better yet, conduct a worldwide Syslog conference where you can teach every other Network and System Engineers how to decipher syslogs. I bet the registration would cost just under say....$200?
In all seriousness, I apologize for coming off as harsh. That post was right after an 18 hour work day. The cost is not an issue, within reason. Our company does not have a dedicated Network Engineer. The purpose of my original post was just to see where Solarwinds was planning to go with the Kiwi Syslog product line. Greg asked me what I would want so I gave it to him. I do not expect the cost to stay the same when you add those features, that would be insane!
Anyway, I was not planning to get into a "war of words" in the Thwack community. I was just on a fact finding mission. Your post had some good information. I think it was the way in which it was stated that came across wrong.
Have a great day and best of luck to you as well.
-
Have you taken a look at Splunk?
You can certainly still use Kiwi too but Splunk can do somewhat of what you might be looking for...worth a look maybe. As you both have eluded to, you will start adding zeros to the price quickly as you grow.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.