Documentation forLog Analyzer

Legacy syslog/trap and LA/OLV feature comparison

Installation of Log Analyzer (LA) or the Orion Log Viewer (OLV) replaces existing legacy syslog and trap services, but only provides a subset of the legacy functionality. After installation of LA/OLV over legacy syslog and trap services, the records remain in the database, but will not be used by LA or OLV. You can still access the legacy records in read only format. All new syslog and trap messages will be stored in the dedicated LA/OLV database.

Since feature parity is not 100 percent, existing syslog/trap data and rules are not migrated. The tables below compare the rule conditions and actions that can be defined in legacy syslogs and traps to rule conditions and actions supported by LA/OLV.

Find variables that can be used in syslog alert messages here.

Conditions

Source Rule Condition Legacy LA/OLV
Syslog & Trap Source Addresses
Syslog & Trap EngineID
Syslog Facilities
Syslog Severity
Syslog & Trap DNS Host Name
Syslog & Trap Time Of Day **
Syslog & Trap Days Of Week **
Syslog Message
Syslog & Trap Message Type **
Syslog & Trap Trigger Threshold **
Syslog & Trap Trap Details */**
Syslog & Trap Conditions */**
Syslog & Trap Community String

Actions

Source Action Type Legacy LA/OLV
Syslog & Trap Discard Processing
Syslog & Trap Tag Processing
Trap Flag with specific color Processing
Syslog Modify the syslog message Processing
Syslog & Trap Log to a file Alerting
Syslog & Trap Log to a Windows event log Alerting
Syslog & Trap Forward the syslog/trap Processing
Syslog Send a new syslog message Alerting
Trap Send an SNMP trap Alerting
Syslog & Trap Play a sound Alerting
Syslog & Trap Text to speech output Alerting
Syslog & Trap Execute an external program Processing/Alerting
Syslog & Trap Send an email/page Alerting
Syslog & Trap Execute an external VB script Alerting
Syslog & Trap Send a Windows Net message Alerting
Syslog & Trap Stop processing rules Processing

* Partially supported

** For details, see below:

Rule Condition Legacy UI LA/OLV
Time of Day LA/OLV is not currently able to define a rule condition matched only for syslog/traps received with in a specified time of day.
Days of Week LA/OLV is not currently able to define a rule condition matched only for syslog/traps received during specified days of the week.
Message Type LA/OLV is not currently able to filter syslogs matching a specific message type pattern. For example, a specific regex pattern.
Trigger Threshold LA/OLV is not currently able to define a trigger threshold for the rules.
Trap Details This is partially supported. Missing: "Multiple conditions always apply AND only." "Inability to use a different operator while checking more values within a single condition."
Trap Conditions This is partially supported. Missing: "Multiple conditions always apply AND only." "Inability to use a different operator while checking more values within a single condition."