As an added tip, make sure you have your Orion Syslog Rules Tag the entries it touches, so you can easily confirm when a rule is actually running against a message or not when you search in Syslog Viewer.
---
I've been adding more of our systems to our syslog service. It allows us to trigger events based off of message patterns and severity through our Solarwinds Orion SyslogD service - part of their NPM (Network Performance Monitor) product.
Added all of our Cisco device with no issue, but when adding our Dell 2162DS KVM, I couldn't find any entries in the Syslog Viewer on Orion. Hmmm... so, I shrugged and moved on to our Dell EqualLogic SAN units (models PS4000xv)... none of them reported either. Now, what the fudge?! I setup a little Java based syslog system on another system, and I noticed it worked fine, but it was missing the "Message Type" variable.
After opening a case with Solarwinds and sending them screenshots and Wireshark captures of the missing messages, they offered a simple solution. So, again, here it is to share:
- Open Program Files\Solarwinds\Orion\SyslogService.exe.config file in Notepad
- Find the string <add key="
UseCollectorEndpoint " value="True"/> and change the value to false. E.g.,<add key=" UseCollectorEndpoint " value="False"/>
- Save the file and restart the syslog service
Presto! You'll get the missing messages. I imagine this is somehow bypassing the validation of properly formatted syslog messages, but until Dell (and whomever) start sending the messages with Message Type, this work around seems to work just fine.
 |
| Dell KVM Bad Login Test |
 |
| Dell EqualLogic Login Test |
Let me know how it works for you.
No comments:
Post a Comment