Ok, so we have purchased Solarwinds Orion NPM, Orion NCM and Kiwi's Syslog server. This gives me 3 different syslog engines.
Currently, our primary syslog server is the Kiwi engine. We have it logging to a SQL database and run daily scripts for backups/archiving and emailing reports based on severity - not an "alert" email, but a summary of all events of "Error" or above from the previous day. We also have a custom website that allows us to search up to 30 days of archived reports. In addition, I have the Kiwi engine email me the statistics daily. Currently, we do not use the Config manager engine, since there is only 2 folks that have access to the routers/switches, real-time monitoring is not necessary. On the Performance Monitor, on the other hand, I have "some" of the 300+ devices reporting to it, but not all. I have yet to be able to get the rules "just right" for alerting on syslog messages, but also havent had a lot of time to devote to it.
My delima is this -
- Which server should we keep as the primary - any opinions? It seems the cost of maintenance on Kiwi has gone up, and since I am already paying for Orion, do I REALLY need Kiwi?
- We receive, on average, millions of records a day.
- Can the Orion engine, either from NPM or NCM, provide, or can a custom report be created, to dupliate the daily statistics report?
- Can the Orion engine, either from NPM or NCM, provide, or can a custom report be created to dupliate the daily report of "Errors" or above?
It would seem, since the syslog data is stored in a table in the NetPerfMon database, I should be able to migrate my custom SQL scripts, point to the new DB, and keep on trucking - Ill get with my in-house SQL DBA's to see if thats an opiton. I am more concerned about the performance hit on Orion by having it assume the role of primary, with that many transactions each day.