Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Network Performance Monitor (NPM) > Discard syslogs in Syslog Viewer

Discard syslogs in Syslog Viewer

Table of contents

Overview

A quick guide on how to discard syslogs in Syslog Viewer.

Environment

  • NPM 12 and older

Steps

 

1. Stop Orion Syslog Service, this stops Syslog table from growing again.

 

2. Edit your Syslog Retention Settings to keep Syslogs for x Days. Also, adjust the severity levels for the Syslog output on your devices to Warning or above.

a. Go to your Orion Web Console

b. Go to "Settings".

c. "Polling Settings" under the  "Thresholds & Polling" heading .

d. Scroll down to "Database Settings" and look for "Syslog Message Retention"

e. Adjust the retention settings (2 days by default)

 

3. Disable sending of Syslog messages on your device.

 

4. Syslog Message comes to Orion Syslog Service. You can use rules/filters from Syslog Viewer to determine whether you want to store the Syslog message in the Database or discard it.

 

You can check the Severity of Syslogs here.

 

Make sure that all rules which are set up to “Discard messages” also contain the line "Stop processing syslog rules".

 

The Syslog and Traps filters/rules work very differently to the Orion Alerting Engine. Each time a Syslog message or Trap is received it will work through every rule, from the top, until it either gets to the end, or hit a rule that specifically tells it to "stop processing rules".

 

To Discard Syslog Message:

a. Open Syslog Viewer (by default C:\Program Files (x86)\SolarWinds\Orion)

b. Go to File

c. Syslog Server settings

d. Alert/Filter Rules Tab

 

In here you can filter using various methods, By IP address, by Message Type Patterns, Syslog Message Patterns, Severity, etc.

 

Add the following Alert Actions to your Rule: "Discard Syslog Message" and "Stop processing syslog rules"

"Stop processing syslog rules" rearranges the Syslog Rules so that the ones which filter and discard messages are at the top of the list. This will ensure that they are processed first.

 

 

 

 

Last modified
17:16, 2 May 2017

Tags

Classifications

Public