Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Network Performance Monitor (NPM) > Discard syslogs in Syslog Viewer

Discard syslogs in Syslog Viewer

Table of contents

Overview

A quick guide on how to discard syslogs in Syslog Viewer.

Environment

  • All NPM Versions

Steps

 

1. Stop Orion Syslog Service, this stops Syslog table from growing again.

 

2. Edit your Syslog Retention Settings to keep Syslogs for x Days. Also, adjust the severity levels for the Syslog output on your devices to Warning or above.

a. Go to your Orion Web Console

b. Go to "Settings".

c. "Polling Settings" under the  "Thresholds & Polling" heading .

d. Scroll down to "Database Settings" and look for "Syslog Message Retention"

e. Adjust the retention settings (2 days by default)

 

3. Disable sending of Syslog messages on your device.

 

4. Syslog Message comes to Orion Syslog Service. You can use rules/filters from Syslog Viewer to determine whether you want to store the Syslog message in the Database or discard it.

 

You can check the Severity of Syslogs here.

 

Make sure that all rules which are set up to “Discard messages” also contain the line "Stop processing syslog rules".

 

The Syslog and Traps filters/rules work very differently to the Orion Alerting Engine. Each time a Syslog message or Trap is received it will work through every rule, from the top, until it either gets to the end, or hit a rule that specifically tells it to "stop processing rules".

 

To Discard Syslog Message:

a. Open Syslog Viewer (by default C:\Program Files (x86)\SolarWinds\Orion)

b. Go to File

c. Syslog Server settings

d. Alert/Filter Rules Tab

 

In here you can filter using various methods, By IP address, by Message Type Patterns, Syslog Message Patterns, Severity, etc.

 

Add the following Alert Actions to your Rule: "Discard Syslog Message" and "Stop processing syslog rules"

"Stop processing syslog rules" rearranges the Syslog Rules so that the ones which filter and discard messages are at the top of the list. This will ensure that they are processed first.

 

 

 

 

Last modified

Tags

Classifications

Public