Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Log Analyzer (LA) Formerly Log Manager for Orion > Log Analyzer Documentation > Log Analyzer (LA) 1.0 Release Notes

Log Analyzer (LA) 1.0 Release Notes

 

Last updated March 12, 2019

These release notes describe the features in LA 1.0. They also provide information about upgrades and describe workarounds for known issues.

LA features

LA is a fully-integrated log management solution that is accessible through your Orion Web Console. Upon installation, you can instantly view live event messages from nodes currently integrated with the Orion Platform, and quickly map unknown devices through the Node Management feature. Key benefits include live event filtering to target and identify current network issues, and seamless transitions between critical event messages and associated Orion Platform products for on-the-spot troubleshooting and issue resolution.

Filter and analyze event logs

In the LA Filters pane, select one or more filters to refine your event log stream to display messages based on event type, node, IP address, vendor, and more.

To drill down into a log summary for a specific node, click a node link in the Log Viewer table, and then click Analyze Logs in the Node Details Management pane.

Search and filter historical event logs

LA includes an advanced search capability to access your aggregated event logs based on applied filters and a specified range of time. To set your search parameters, select your log filters, and then on the histogram chart, open the custom time picker to set your time frame.

Filter and view event logs in live mode

Switch the Log Viewer to live mode to view events as they occur in your environment. This is particularly useful when troubleshooting active network problems. You can apply "live" filters to target and identify issues using the Filters pane and keyword search, and then observe the histogram chart to note any spikes in activity or log anomalies.

Create custom log-processing rules

On the Log Processing Configuration page, you can create custom rules to complement the standard, out-of-the-box LA rule sets. You can define rule conditions to identify a specific log entry, and then establish subsequent actions, such as adding event tags, executing commands, and discarding log entries.

Apply tags to event logs

Apply pre-defined and custom log tags to quickly identify specific log activity. For example, if you are interested in a certain event ID or keyword, you can configure your rule to display a color-coded tag notification on event logs matching the defined criteria. You can also apply multiple tags to a single log event ID or keyword.

Disable and enable log-processing rules

The Log Processing Configuration page includes out-of-the-box rules that provide a visual identifier for common event groups. These pre-defined log tags are enabled by default and allow you to quickly identify specific event activity in your Log Viewer table.

Monitor Orion Platform nodes in LA

Monitor any networked Orion Platform node in the LA Log Viewer with your LA license plan. In the Orion Web Console, check for available licenses by navigating to Settings > All Settings, and then clicking License Details in the Details pane. The License Details page lists all licensed Orion Platform products, including the total number of LA licenses, and the number of nodes currently consuming a license. For more licensing information, see the LA 1.0 Installation Guide.

To adjust your LA node settings, edit the node properties, and then select one of the LA monitoring options. For more information, see the LA 1.0 Getting Started Guide.

Add unknown nodes to the Orion Platform

In the Orion Platform, messages received from an unknown network node are discarded until you add the device through Node Management. When log activity is observed from an unknown device, you will receive a notification in the Orion Web Console linking you to the Events page, where you can add the node as a managed device.

Manually migrate existing NCM Real-Time Change Notification rules

You can apply existing NCM Real-Time Change Notification (RTCN) rules to your current LA log-processing rule set. When LA detects NCM RTCN rules, you will receive a notification in the Orion Web Console, which means you can then access and enable the rules through the LA Log Processing Configuration page. See the NCM RTCN article in the SolarWinds Customer Success Center for more information.

Drop unwanted event logs

Streamline your Log Viewer table by selecting and dropping unwanted event logs that clutter your log feed and occupy valuable database space. You can establish rule parameters that will discard all undesired logs to ensure relevant content displays in a more efficient manner.

Set LA storage and search retention period

On the Log Analyzer Settings page, you can set the number of days that syslog and traps messages are stored and searchable in the LA database. The default setting is seven days, but you can adjust it to anywhere from one day to one year.

Review unlicensed and unmonitored log source reports

You can access LA log source reports in the Orion Web Console by navigating to Reports > All Reports. In the Group By list, select Report Category, and then click Log Analyzer report. Each report lists the IP address and detection timestamp for unlicensed or unmonitored log sources.

Enable full-text search in Microsoft SQL Server 2016

When installing and configuring SQL Server 2016, enable full-text search to ensure optimum event log search performance within LA. You can still install LA and initiate event log searches without enabling this capability, but the speed and quality of your search may be significantly reduced.

Before you upgrade

If you are adding LA 1.0 to your existing Orion Platform products, make note of the following:

  • LA 1.0 requires Microsoft SQL Server 2016 SP1 or later.
  • LA 1.0 does not support data migration of existing rules and alerts.

Legacy syslog and traps

LA replaces the existing legacy syslog and trap services, but only provides a subset of the legacy functionality (no alerting or data migration). After installation of LA over the legacy syslog and trap services, the records remain in the database, but will not be used by LA. You can still access the read-only legacy records in the Syslog Viewer and Traps Viewer applications. All new syslog and trap messages will be stored in the dedicated LA database. 

New customer installation

Use the SolarWinds Orion Installer, available in the Customer Portal, to install LA. After installation, refer to the LA 1.0 Getting Started Guide to learn about configuring and customizing LA.

Fixed issues

LA 1.0 fixes the following issues:

 

LA does not show incoming syslog and traps messages when both LA and DPA are installed.

 

Add support for KIWI-specific IP address format.

  Orion Diagnostic doesn't gather OLA log files.
  Source Time not parsed correctly.
  Disabled rules are hard to identify.
  Configure Rules should be available only for administrators.
  Log Viewer history loading 2+ times on page load.
  Node changes are not propagated to the service immediately.

 

Configuration Wizard fails when NTA and Orion Logs are installed on same database.
  Configuration Wizard fails on Case Sensitive SQL Server.
  Re-running CW should not change enable/disable status.

Known issues

32-bit Microsoft Office products have issues after installing LA

Issue: As a part of the LA installation, the 64-bit Microsoft Access driver is installed. The installation of this driver causes issues with 32-bit Microsoft Office installations because Microsoft does not support side-by-side installations of 64-bit and 32-bit Office components. 

Workaround: Upgrade Microsoft Office to a 64-bit version before installing Orion Platform products. Find more information here.

Analyze Logs feature is available for disabled nodes

Issue: The Node Details page continues to display the Analyze Logs feature for disabled nodes when no log data is available.

Workaround: None. We expect to address the issue in a future version.

SNMP v3 credentials are not propagated to trap service immediately

Issue: When adding a node with SNMP credentials and then sending a trap message to LA with the credentials, the message is not immediately stored; it can take up to five minutes.

Workaround: None. We expect to address the issue in a future version.

The LA Viewer filter list is misaligned in IE11 and Microsoft Edge 

Issue: When syslog and trap messages stream into the Log Viewer, the Filters pane numbering and spacing are aligned incorrectly.

Workaround: None. We expect to address the issue in a future version.

Messages load slowly in the LA Log Viewer when using IE11

Issue: Messages in the LA Log Viewer load more slowly in IE11 than similar web browsers such as Chrome and Firefox.

Workaround: None. We expect to address the issue in a future version.

LA loses out-of-the-box rule status 

Issue: Enabled and disabled out-of-the-box rules may revert to their original setting after upgrading.

Workaround: None. Enable and disable rules where necessary.

Legal notices

© 2018 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

 

 

Last modified

Tags

Classifications

Public