• State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Subscribers 38 subscribers
  • Views 758 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

A rant about syslog on NPM

Questionario

To let some steam off and hopefully reaching some people who might finally be able to change something...

The Syslog part of Orion is just crap! I guess we are just too spoiled from KiwiSyslog (which we replaced by Orion)...

Any date variable that includes a month there is does not work correctly, NONE of them! they all change the month part to minutes. the only possible variable is ${Month} which resolves incorrectly into "October 22".

I am trying to log everything to a file for history again because we were told by solarwinds that the database cannot hold such a big syslog table and we should consider to log to a file for history purposes (and to log anything below warning). So we decided to follow recommendations once again (following recommendations seems to be like choosing to keep hanging on a rope on your neck or choosing to jump off of a cliff, hoping you are hitting the small mattress on the bottom).

A question to the product manager(s) or whoever is responsible:

What is the recommended way to set up logging to a file while still being able to view the file correctly in free kiwi syslog viewer with separate columns for each field added?

The problems I currently encounter is with syslog messages is that some messages are truncated for no reason (We have a support case open for that #195842) and I cannot get all messages to be logged in separate columns as we have some messages that include quotation marks.

 

Is nobody else using syslog and log to file?!?

  • 0

    And PS:

    The Administrator Guide shows a wrong entry for the severity variable at syslog variables:

     

    ${Severity}
    A network health score providing 1 point for an interface in a warning state, 1000 points for a down interface, and 1 million points for a down node.

    The severity in syslog is actually between 0 and 7, 0 being the highest severity and 7 the lowest.

  • 0 in reply to Questionario

    Thanks for the feedback, Questionario. The NPM PM will definitely see your suggestions, and I'll take care of the documentation fix.

    Thanks,

  • 0 in reply to Questionario

    I have had problems with the native Orion NPM Syslog functionality as well.  The built in Syslog component is by no stretch of the imagination an Enterprise syslog solution.

    Here is a thought...  What if the Syslog component was removed from Native Orion NPM and re-developed (or re-develop Kiwi Syslog) as a module for Orion that functions semi-independently with it's own set of features and the ability to handle things on an enterprise scale.  To do this and handle the necessary volume (which is currently one of it's major problems) it may need to have the option for it's own database.  This would include a much more robust searching and reporting functionality for Syslog.

  • 0 in reply to byrona

    yes, I agree...

    Maybe a module together with traps and some advanced logics to evaluate syslog messages (also forwarded windows event logs) and report on it...

    but the current syslog still needs to be improved as noone would accept the current functionality to just disappear...

    i am fine with logging the stuff to a file if orion cannot handle large syslogs (apparently a single firewall is too much already) but it cannot even do that in a proper way that you are able to view/use it afterwards...

    Also I think there should be something like the paid kiwi syslog viewer included for free if you are using NPM... I mean we are only logging it to a file because Orion cannot handle the data and to have the functionality of the syslog viewer within orion I would have to pay for kiwi syslog viewer...

  • 0 in reply to Questionario

    wow...

    absolutely nothing seems to work with that NPM syslog...

    If I add a rule to replace " with ' the whole rule gets messed up and sometimes the syslog crashes...

  • 0 in reply to Questionario

    Hi Questionario--

    I'll make sure to ping the PM on this for review and comment.

    Thanks for your feedback.

    M

  • 0 in reply to MarieB

    Good feedback guys and we recognize we for sure have some room for improvement :)

    One cool thing coming in the next version of Kiwi Syslog is pass thru authentication into the Kiwi Web Console.  So you can then add that as an external website with the pass-thru setup and users won't have to authenticate into Kiwi.  Also next version of Kiwi add multi-user web access so you can add some additional controls.

    http://localhost:8088/Events.aspx?AccountId=Administrator&Password=Test
    Will take you directly to the Events page, and auto-log-you-in.
    We provide additional support for filter refinements in the URL parameters now too, in the following form:
    http://localhost:8088/Events.aspx?FID=1&[FieldName]=[FieldValue]&[FieldName]=[FieldValue]&...
    Where [FieldName] is the same as the field names on the Events Grid.
    eg.
    http://localhost:8088/Events.aspx?FID=1&Hostname=127.0.0.1 
    We also now provide a “Direct Link” button on the Filter Refinements panel in Kiwi Web Conole, as a quick and easy way for Users to generate the desired direct link form.

  • 0 in reply to bshopp

    We have a few problems with that...

    1.) a political one: We bought Orion to get rid of Kiwi ;-)

    2.) we dont even have maintenance on Kiwi anymore.

    3.) This is stuff that should work, period.

    We were told that everything Kiwi CatTools and KiwiSyslog can do, can be done with NPM and NCM...

    Now seeing that the NPM syslog is practically not usable...

    The only way to use syslog on Orion right now is to keep the data only for a very short time (7days is recommended by Solarwinds) and not keep a history of it as logging to file has never ending bugs.

  • 0 in reply to Questionario

    #1 - Kiwi is apart of SolarWinds, not sure if that help internally politically

    #2 - if you want, you can sync with customer service to see if you can re-up

    #3 - Don't disagree, we are cranking through stuff as fast as we humanly can to add new features, enhance existing features etc.  This is something we have on our list, I was just attempting to give you options.

  • 0 in reply to Questionario

    Questionario

    While I don't disagree with you on most of your points, I would like to respond to this one...

    The only way to use syslog on Orion right now is to keep the data only for a very short time (7days is recommended by Solarwinds) and not keep a history of it as logging to file has never ending bugs

    Monitoring systems in general aren't typically designed to manage logs for the sake of retention or archiving.  The purpose of Syslog on a monitoring system is simply to flag alerts and keep it just long enough for a person to investigate (which is typically in a day or so).  If you are interested in a Syslog system for the sake of retention and archiving (as is often necessary for compliance) then I would recommend you use a dedicated solution that is designed for that (Orion isn't).

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.