Documentation forLog Analyzer

LA 2.1 Release Notes

Release date: June 6, 2019

These release notes describe the features in Log Analyzer (LA), formerly Log Manager for Orion, 2.1. They also provide information about upgrades and describe workarounds for known issues.

New features and improvements in LA

LA is a fully-integrated log management solution that is accessible through your Orion Web Console. Upon installation, you can instantly view live event messages from nodes currently integrated with the Orion Platform, and quickly map unknown devices through the Node Management feature. Key benefits include live event filtering to target, identify, and alert on current network issues, and seamless transitions between critical event messages and associated Orion Platform products for on-the-spot troubleshooting and issue resolution.

New in LA 2.1

LA 2.1 includes Microsoft Azure SQL and secure syslog support. Learn more about Microsoft Azure SQL support here, and secure syslogs here.

LA 2.1 is an Orion Platform product, and runs on Orion Platform 2019.2.

Additional LA features

Monitor Windows event logs

Starting with LA 2.0, you can stream, monitor, and alert on Windows event logs. From the LA Log Viewer, you can filter Windows events, enable out-of-the-box rules for events, and create custom rules tailored for specific Windows event activity.

Log forwarding

On the Log Processing Configuration page, create custom rules to forward your syslog and trap log messages to a dedicated server. This feature allows you to forward log data to third-party systems and other SIEM tools.

Filter and export search results

Filter and export your search results to a CSV file from the LA Log Viewer. Use CSV files to attach search results to a help ticket, share with members of your team, archive data for historical reference, and more.

Reorder custom rules

On the Log Processing Configuration page, you can change the processing order for each of your custom rules.

Free poller support and Centralized Upgrades

Starting with LA 1.1.1, LA includes free poller support and Centralized Upgrades. Learn more about free poller engines here, and Centralized Upgrades here.

Orion alert integration

On the Log Processing Configuration page, you can integrate alert actions into your custom rules, or create new rules and apply alert actions. You can configure your rule to send an event to the Orion Platform alerting engine when the rule criteria are met, and also create a new alert that fires each time a rule is triggered.

For more information about Orion Platform alerting, see Create and manage alerts in the online LA Administrator Guide. To create a new rule in LA, see Create custom log-processing rules.

Enable existing NCM Real-Time Change Notification rules

You can apply existing NCM Real-Time Change Notification (RTCN) rules to your current LA log-processing rule set. When LA detects NCM RTCN rules, you will receive a notification in the Orion Web Console, which means you can then access and enable the rules through the LA Log Processing Configuration page. See the NCM RTCN article in the SolarWinds Customer Success Center for more information.

Enable full-text search in Microsoft SQL Server 2016

When installing and configuring SQL Server 2016, enable full-text search to ensure optimum event log search performance within LA. You can still install LA and initiate event log searches without enabling this capability, but the speed and quality of your search may be significantly reduced.

Before you upgrade

If you are adding LA 2.1 to your existing Orion Platform products, make note of the following:

LA 2.1 requires Microsoft SQL Server 2016 SP1 or later.

LA 2.1 does not support data migration of existing rules and alerts.

Legacy syslog and traps

LA replaces the existing legacy syslog and trap services, but only provides a subset of the legacy functionality. After installation of LA over the legacy syslog and trap services, the records remain in the database, but will not be used by LA. You can still access the read-only legacy records in the Syslog Viewer and Traps Viewer applications. All new syslog and trap messages will be stored in the dedicated LA database.

New customer installation

Use the SolarWinds Orion Installer, available in the Customer Portal, to install LA. After installation, refer to the LA Getting Started Guide to learn about configuring and customizing LA.

Fixed issues

LA 2.1 fixes the following issues:

Case Number Description
CUST-54958 License Details page shows incorrect number of monitored nodes.
CUST-50651 Associating tags with 1000 events in the Log Viewer reduces performance.

CUST-52774

CUST-52995

Agent overloaded alert doesn't work as expected.
CUST-52995 Some log filters throw exceptions.
CUST-53965 NCM rules are not properly triggered on additional pollers.

CUST-55732

CUST-54998

Expired evaluation event repeats every minute.
N/A The expiration message appears when LA switches to Orion Log Viewer.
N/A Log entries are dropped when collecting Orion diagnostics.

Hotfixes

LA 2.1 Hotfix 1

Known issues

Messages are dropped when changing Azure database tiers

Issue: With Microsoft Azure, messages are dropped when the Azure database tier is changed.

Workaround: Review this article for additional information.

Previous versions

LA 1.0

LA 1.1

LA 1.1.1

LA 2.0

Legal notices

© 2019 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.