1 Reply Latest reply on May 23, 2013 2:20 PM by nicole pauls

    Troube Adding 3Com Switches as Syslog Nodes

    net-tech

      I have recently downloaded and installed the SolarWinds Log and Event manager. I have added several syslog devices successfully (ASA & Barracuda), and have had no issues with adding the Windows servers.

           However, I have about 7 3Com switches on my network that will not seem to add. They are configured for two different syslog servers (a main syslog server & SolarWinds LEM). The syslog server can see messages being generated by the switches and I can review the logs from there,  but when I try to add them in LEM, it is unable to receive messages from that device.

           I have tried removing the entry in the switches for our other syslog server and rebooting. I have tried adding the nodes as HP & as 3COM. Still nothing.

       

      Anybody else having trouble with these kinds of devices?

       

      The most popular model on our network is the HP V1910-48G.

       

      Any help would be appreciated.

       

      Thanks.

        • Re: Troube Adding 3Com Switches as Syslog Nodes
          nicole pauls

          Are you using "Scan for New Nodes" to find them? It sounds like it found something, and you added the connectors, or configured them manually, but it's still not finding them?

           

          Here's the thing about the auto-scan: it wants at least 100 lines in the log file before it'll consider it enough hits to match a connector. The big reason we did this was with too few events it's too easy for a connector to match multiple possible choices, which makes automatically picking the right one confusing. We might want to do a "deeper scan" sort of thing where we show you EVERYTHING we found and you can pick. There are also some connectors that are excluded from the scan process because they generate/match everything, and would always be presented as an option. You'll always have to configure those manually.

           

          When configuring connectors manually, the default log file is sometimes hard to choose, and might not match where your log data actually is (the easy rule is /var/log/facility.log, e.g. local1.log, local2.log, ...).

           

          The last possibility is that those messages really don't match a connector, or the format has changed from the connectors we've built.

           

          So, from here, if you can tell me what you've tried and where you're seeing the data, I can tell you a few more things to try. And, if you can paste a few lines of the log (you can scrub IPs) I can confirm which manual connector to configure in case we have to do it by hand.