• State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 21 subscribers
  • Views 290 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Problem with Syslog server?

Daywatch

I just installed the toolset 10.3.  I started the Syslog server, and the monitor screen came up but will not stop scrolling, and I cannot access any of the menu options at the top to try and configure it, etc.  All I can do to stop it is kill it through Task Manager.  I wanted to configure this so I can monitor syslog messages, but right now it is impossible because I cannot do anything once I start it.  Has anyone else run into this issue, or have any ideas on how to fix it?

I am pretty sure it is not because of there being too many messages - there are fewer than 10 devices forwarding to the server.

  • 0

    Have you verified the amount of Syslog traffic you're receiving?  Use Wireshark or another packet sniffer to see how many SysLog messages you're receiving.  A single device forwarding Syslog messages could be overwhelming the SysLog server - it has less to do with the number of devices and more to do with the amount of Syslog traffic each device is sending.

    If this is the case, you may be able to use Windows Firewall to block UDP port 514.  If blocking the port solves the issue, you may be able to set up some filtering rules to help manage the load and then unblock the port.  However, if there's a high volume of SysLog messages, I would recommend either Kiwi Syslog or the Orion Syslog server, both of which are better-suited to handling higher volumes of SysLog messages.

    If you're not being overwhelmed by Syslog messages and the Syslog server is still behaving badly, let's try to set up a more in-depth troubleshooting session.  Let me know what you find out and we'll go from there.

    Thanks!

  • 0 in reply to floyd.may

    It looks like this was the case - since by default the syslog server records every type of message sent, it was being buried in events from a couple of devices.  I took the box off the network in order to stop the traffic then configured the alerts I wanted to see and things seem to have settled down considerably.

    Thanks very much for the help!

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.