Hide this message
Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.
This article provides a number of solutions that may help reduce the impact of very high volumes of Trap or Syslogs on the Orion system, firstly by changing the logging levels of the devices that send the Syslogs and Traps or using the Syslog and Trap rules and information on how to use additional external Solarwinds products to reduce the load of Syslog and Trap messages that may impact on Orion performance.
All Orion products
Syslog and Trap messages may be critical to your organization but very high volumes may impact on the Orion server performance either through processing overheads or network resources.
1. Managing the Sylogs and traps at source.
Syslog and Trap messages are organized in Severity levels Emergency, Alert, Critical, Error, Warning, Notification, Informational and Debugging. In most devices the logging can be set to only send specific levels of Syslog or Trap messages. This would have the effect of managing the Syslogs and Traps before they are sent from the device.
2. Managing Syslogs and Traps in Orion
The volume can be managed in Orion by using the Syslog and Trap viewer Rules to manage and discard certain levels or types of message before they are written to the the SQL database as described in these articles:-
Note: This approach can be used if the Orion database is being affected by the large volumes of Syslog or Traps but would not help if the effect on the Orion collector service or Network Interface is being adversely affected.
3. Filtering the Syslogs and Traps between the sending device and Orion
This approach would utilize other Solarwinds products such as Log and Event Manager (LEM) or Kiwi Syslog to receive the Syslog and Trap messages sent from your devices and using these products to filter only the most important Syslog or Trap messages and then forwarding only those message to Orion. This approach shows more benefit as your deployment scales to monitor larger networks.