15 Replies Latest reply on Oct 27, 2010 4:02 PM by dawnh

    A rant about syslog on NPM


      To let some steam off and hopefully reaching some people who might finally be able to change something...

      The Syslog part of Orion is just ****! I guess we are just too spoiled from KiwiSyslog (which we replaced by Orion)...

      Any date variable that includes a month there is does not work correctly, NONE of them! they all change the month part to minutes. the only possible variable is ${Month} which resolves incorrectly into "October 22".

      I am trying to log everything to a file for history again because we were told by solarwinds that the database cannot hold such a big syslog table and we should consider to log to a file for history purposes (and to log anything below warning). So we decided to follow recommendations once again (following recommendations seems to be like choosing to keep hanging on a rope on your neck or choosing to jump off of a cliff, hoping you are hitting the small mattress on the bottom).

      A question to the product manager(s) or whoever is responsible:

      What is the recommended way to set up logging to a file while still being able to view the file correctly in free kiwi syslog viewer with separate columns for each field added?

      The problems I currently encounter is with syslog messages is that some messages are truncated for no reason (We have a support case open for that #195842) and I cannot get all messages to be logged in separate columns as we have some messages that include quotation marks.


      Is nobody else using syslog and log to file?!?

        • Re: A rant about syslog on NPM

          And PS:

          The Administrator Guide shows a wrong entry for the severity variable at syslog variables:


          A network health score providing 1 point for an interface in a warning state, 1000 points for a down interface, and 1 million points for a down node.

          The severity in syslog is actually between 0 and 7, 0 being the highest severity and 7 the lowest.

            • Re: A rant about syslog on NPM

              Thanks for the feedback, Questionario. The NPM PM will definitely see your suggestions, and I'll take care of the documentation fix.


              • Re: A rant about syslog on NPM

                I have had problems with the native Orion NPM Syslog functionality as well.  The built in Syslog component is by no stretch of the imagination an Enterprise syslog solution.

                Here is a thought...  What if the Syslog component was removed from Native Orion NPM and re-developed (or re-develop Kiwi Syslog) as a module for Orion that functions semi-independently with it's own set of features and the ability to handle things on an enterprise scale.  To do this and handle the necessary volume (which is currently one of it's major problems) it may need to have the option for it's own database.  This would include a much more robust searching and reporting functionality for Syslog.

                  • Re: A rant about syslog on NPM

                    yes, I agree...

                    Maybe a module together with traps and some advanced logics to evaluate syslog messages (also forwarded windows event logs) and report on it...

                    but the current syslog still needs to be improved as noone would accept the current functionality to just disappear...

                    i am fine with logging the stuff to a file if orion cannot handle large syslogs (apparently a single firewall is too much already) but it cannot even do that in a proper way that you are able to view/use it afterwards...

                    Also I think there should be something like the paid kiwi syslog viewer included for free if you are using NPM... I mean we are only logging it to a file because Orion cannot handle the data and to have the functionality of the syslog viewer within orion I would have to pay for kiwi syslog viewer...

                      • Re: A rant about syslog on NPM


                        absolutely nothing seems to work with that NPM syslog...

                        If I add a rule to replace " with ' the whole rule gets messed up and sometimes the syslog crashes...

                          • Re: A rant about syslog on NPM

                            Hi Questionario--

                            I'll make sure to ping the PM on this for review and comment.

                            Thanks for your feedback.


                              • Re: A rant about syslog on NPM

                                Good feedback guys and we recognize we for sure have some room for improvement :)

                                One cool thing coming in the next version of Kiwi Syslog is pass thru authentication into the Kiwi Web Console.  So you can then add that as an external website with the pass-thru setup and users won't have to authenticate into Kiwi.  Also next version of Kiwi add multi-user web access so you can add some additional controls.


                                Will take you directly to the Events page, and auto-log-you-in.

                                We provide additional support for filter refinements in the URL parameters now too, in the following form:


                                Where [FieldName] is the same as the field names on the Events Grid.



                                We also now provide a “Direct Link” button on the Filter Refinements panel in Kiwi Web Conole, as a quick and easy way for Users to generate the desired direct link form.

                                  • Re: A rant about syslog on NPM

                                    We have a few problems with that...

                                    1.) a political one: We bought Orion to get rid of Kiwi ;-)

                                    2.) we dont even have maintenance on Kiwi anymore.

                                    3.) This is stuff that should work, period.

                                    We were told that everything Kiwi CatTools and KiwiSyslog can do, can be done with NPM and NCM...

                                    Now seeing that the NPM syslog is practically not usable...

                                    The only way to use syslog on Orion right now is to keep the data only for a very short time (7days is recommended by Solarwinds) and not keep a history of it as logging to file has never ending bugs.

                                      • Re: A rant about syslog on NPM

                                        #1 - Kiwi is apart of SolarWinds, not sure if that help internally politically

                                        #2 - if you want, you can sync with customer service to see if you can re-up

                                        #3 - Don't disagree, we are cranking through stuff as fast as we humanly can to add new features, enhance existing features etc.  This is something we have on our list, I was just attempting to give you options.

                                        1 of 1 people found this helpful
                                        • Re: A rant about syslog on NPM


                                          While I don't disagree with you on most of your points, I would like to respond to this one...

                                          The only way to use syslog on Orion right now is to keep the data only for a very short time (7days is recommended by Solarwinds) and not keep a history of it as logging to file has never ending bugs

                                          Monitoring systems in general aren't typically designed to manage logs for the sake of retention or archiving.  The purpose of Syslog on a monitoring system is simply to flag alerts and keep it just long enough for a person to investigate (which is typically in a day or so).  If you are interested in a Syslog system for the sake of retention and archiving (as is often necessary for compliance) then I would recommend you use a dedicated solution that is designed for that (Orion isn't).

                                            • Re: A rant about syslog on NPM

                                              Hi Brandon,

                                              thanks for your offer but we would not be able to re-introduce kiwi syslog :-\

                                              I see that you are constantly adding features to increase stock values but would appreciate for existing features to be fixed first, some are just annoying, now while we are finally able to work with Orion, I still consider it to be full of bugs (and not just a few).

                                              Network Discovery: buggy

                                              Syslog: buggy

                                              NPM graphs: buggy

                                              dashboards: buggy

                                              database manager: buggy

                                              installation: buggy

                                              network atlas: buggy

                                              adding nodes: buggy

                                              polling: buggy

                                              alarming/automatic creation of interface names: buggy

                                              I could go on but I am sure you have an endlessly longer list you are aware of.

                                              Now I know I rant a lot and would like to add that I think Orion is a great product and the features are amazing but as with probably many software companies, some customers who usually use the product a lot are not satisfied with some of the companies mentalities.

                                              I do think that Solarwinds is doing a great job in most areas and understand that it is difficult to keep up with everything, I am sure everyone is doing their best but I usually just writing explicitly from a customers perspective without considering your circumstances as in the end they are of no interest to my management which will just judge me on what I deliver.

                                              @byrona: when we purchased Orion we were told that Orion would just be able to do that as Kiwi was purchased by solarwinds and has been integrated into Orion, at first glance it did that... I understand that keeping it forever in a SQL database might not be the best idea but with logging it to a file it should not pose a problem... unfortunately that feature is more than a little buggy for us.

                                                • Re: A rant about syslog on NPM

                                                  As always, good feedback and please keep it coming.  Philosophically, my job as a Product Manager is to find a delicate balance each release between new features both customers (as well as the market) have been requesting, enhancing existing features and fixing defects.

                                                  I know some of the defects you have referenced above I have put as lower priority.  Why?  When I look at prioritizing features, enhancements and bugs, I look at how many people have been requesting them.  So while something may annoy you to no means, other users are not asking for it or reporting that issue.  Does it mean we will never fix it?  No, but just might not be on the time frame you desire.

                                                  While you may not agree with the choices I make, I do have a rhyme to my reasons.  And while I may not agree with some of the statement you made in the last post, I respect them and do listen and take them to heart.

                                                  This next statement is less aimed at you and just more in general to others who may read this.  Please be specific in the items that do not meet your expectations.  Questionario and I have spoken via email and on the phone multiple times, so I have a good idea of many of the items he references above. 

                                                  As many of you know me from thwack, as well as talking on the phone and email, I am always open to listening to how you use the product, what you like, what you don't, how you feel we can make it better etc.  Always feel free to PM me via thwack.

                                • Re: A rant about syslog on NPM

                                  Hello all

                                  I am new to NPM and Thwack so not really sure how this works.

                                  At my last job I used kiwi syslog and when I came here they were also using it but it wasn't configured properly to save off different files(systems are sending logs due to PCI requirements and we need to save them for some amount of time...they didn't have the kiwi log viewer which made it easier to view the logs later.

                                  I got a lot of things working while I have been here but wanted a monitoring system...got a good deal the end of September and I am trying to come up to speed on setting things up properly...trying to get through the training video's and guide book but no video on syslog and not much in the guide.

                                  So I couln't find any information on making syslog files. I opened a ticket #196879 showed them my logs and asked how to create files -he started to show me...looked like it would work but then I asked...will it create a new file every day and they answered no but you could create a perl script to do that.(I'll have to find someone who knows that)

                                  I am not sure what problem you are having with the date it seemed fine when I ran my test (do you have the NPM hotfix1) but like you said the line wrap doesn't work in notepad, couldn't open the file in the Orion syslog viewer(they should add that)

                                  so I used our kiwi syslog viewer to look at the file which doesn't wrap but goes on as far as you need it to scroll.
                                  So I would like to see the Orion syslog viewer be able to
                                  1) take the files it creates and read them and wrap text in the same column(it does that now live)
                                  2)create a new file every day like kiwi syslog

                                  the solarwinds tech advised he would add this to the request for changes list.



                                    • Re: A rant about syslog on NPM

                                      Hi Dawn,

                                      as a workaround within NPM Syslog you can create a file like c:\Syslog\${Hostname}_${Year}-${Month}.log

                                      This is actually a bug but this will nonetheless create a file for you for each device for every day, if you dont want a separate one for each device, just leave out the hostname part!

                                      If you don't have any issues with any other bugs within Orion NPM Syslog, this might help you... you should check the logs after a few days and check if the results are what you expect as I have encountered a bug that just cuts off parts of syslog messages when writing to file as well.

                                      hope that helps.

                                      PS: If you were asking if I have NPM Service Pack 1 installed, yes I  do... solarwinds support usually ask if you have the latest version  installed, not sure of their motives but upgrading sometimes introduces new  bugs/problems as well ;-)

                                        • Re: A rant about syslog on NPM

                                          Awesome!!! THANKS SO MUCH!!!

                                          Wonder why the tech didn't know this?

                                          works great so far I'll check it tomorrow and see how it does, especially reading the files..

                                          BTW -you know they are always coming out with hotfixes there is one that came out mid sep for NPM SP1
                                          there are more for other add ons as well APM, NTA, and Engineer toolset.
                                          hotfixes don't show up that you have done them though.
                                          I am keeping track on my wiki and when I did it in case there is any issue.