Documentation forLog Analyzer
Analyzing logs is a key capability of Hybrid Cloud Observability and is also available in a standalone module, Log Analyzer (LA). Hybrid Cloud Observability and LA are built on the self-hosted SolarWinds Platform.

Configure devices to send messages to Log Analyzer

To receive messages from a syslog-capable device, configure the device to send syslog messages to the appropriate port on the computer where the dedicated server is installed.

Log Analyzer listens for UDP messages on port 514 and TCP messages on ports 1468 and 6514. These are the default ports for devices sending syslog messages as defined by RFC standards 5425 and 5426. Learn about configuring secure syslog settings here.

Log Analyzer listens for SNMP trap messages on UDP port 162. This is the default port for devices sending SNMP traps as defined by RFC standard 1157.

SNMP v1 and v2 are unencrypted. SNMP v3 uses DES56, AES128, AS192, and AES256 for encryption, and MD5 and SHA1 for authentication.

When the device is added as a monitored node to the SolarWinds Platform, messages from this device stream into the Log Viewer and are processed according to the rules that you define.

For information about configuring a specific device, refer to documentation from the device manufacturer. Below is an example for configuring a Cisco switch.

Configure a Cisco Catalyst 2960 switch to send syslog messages to Log Analyzer

The following example shows how to configure a Cisco Catalyst 2960 switch. To configure other types of devices, see the device manufacturer's instructions.

Message logging must be enabled on the device. On many devices that generate syslog messages, logging is enabled by default.

  1. On the Cisco Catalyst 2960 switch, open the Cisco command-line interface and begin a session.
  2. Verify that you are in privileged EXEC mode on the switch. To enter Privileged EXEC mode, type the command:

    enable

  3. Switch to global configuration mode. Type the command:

    configure terminal

  4. Verify that logging is enabled. If logging has been disabled, type the command:

    logging enable

  5. Configure the switch to send log messages to the Log Analyzer database. Type the command:

    logging host

    where host is the name or IP address of the device where the dedicated server is installed.

  6. Limit the messages sent based on priority level. Type the command:

    logging trap level

    where level is one of the following, listed in descending order of priority:

    • emergencies
    • alerts
    • critical
    • errors
    • warnings
    • notifications
    • informational (default level)
    • debugging

    The device sends messages with the specified priority level and above. For example, the level critical sends messages with priority levels of critical, alerts, and emergencies.

  7. Return to privileged EXEC mode. Type the command:

    end