0 Replies Latest reply on Mar 21, 2011 7:32 AM by dclick

    Syslog Delima

    dclick

      Ok, so we have purchased Solarwinds Orion NPM, Orion NCM and Kiwi's Syslog server.  This gives me 3 different syslog engines.

      Currently, our primary syslog server is the Kiwi engine.  We have it logging to a SQL database and run daily scripts for backups/archiving and emailing reports based on severity  - not an "alert" email, but a summary of all events  of "Error" or above from the previous day. We also have a custom website that allows us to search up to 30 days of archived reports.  In addition, I have the Kiwi engine email me the statistics daily.  Currently, we do not use the Config manager engine, since there is only 2 folks that have access to the routers/switches, real-time monitoring is not necessary.  On the Performance Monitor, on the other hand, I  have "some" of the 300+ devices reporting to it, but not all.  I have yet to be able to get the rules "just right" for alerting on syslog messages, but also havent had a lot of time to devote to it.

      My delima is this -

      • Which server should we keep as the primary - any opinions?  It seems the cost of maintenance on Kiwi has gone up, and since I am already paying for Orion, do I REALLY need Kiwi?
      • We receive, on average, millions of records a day.
      • Can the Orion engine, either from NPM or NCM, provide, or can a custom report be created, to dupliate the daily statistics report?
      • Can the Orion engine, either from NPM or NCM, provide, or can a custom report be created to dupliate the daily report of "Errors" or above?

      It would seem, since the syslog data is stored in a table in the NetPerfMon database, I should be able to migrate my custom SQL scripts, point to the new DB, and keep on trucking - Ill get with my in-house SQL DBA's to see if thats an opiton.  I am more concerned about the performance hit on Orion by having it assume the role of primary, with that many transactions each day.