Documentation forLog Analyzer
Analyzing logs is a key capability of Hybrid Cloud Observability and is also available in a standalone module, Log Analyzer (LA). Hybrid Cloud Observability and LA are built on the self-hosted SolarWinds Platform.

Monitor logs and events with your LA and SolarWinds Platform product license plans

Monitor any networked SolarWinds Platform node in the Log Analyzer (LA) Log Viewer with your LA license plan. In the SolarWinds Platform Web Console, check for available licenses by navigating to Settings > All Settings, and then clicking License Details in the Details pane. The License Details page lists all licensed SolarWinds Platform products, including the total number of LA licenses, and the number of nodes currently consuming a license.

Beginning in April 2020, you can choose to use a perpetual license or a subscription-based (term-based) license. Learn more here.

If your LA licenses expire, you will then only have access to the SolarWinds Platform Log Viewer, formerly Log Manager Basic. This means the SolarWinds Platform Log Viewer will use SolarWinds Platform nodes for licenses, so you will continue to receive message data, but will not have access to live event streaming, the event histogram, event tagging, and more. Review the feature comparison here.

As part of the LA licensing framework, LA receives messages from all nodes the SolarWinds Platform manages. When you purchase and register a license as an existing customer, the licensing framework combinesSolarWinds Platform nodes with your LA licenses. For instance, if you have NPM SL100 and SAM AL100, and then register an LA100 license, you can monitor up to 300 nodes, but only receive messages from 100 nodes. Of the total (300) nodes, you can select which 100 nodes you would like to monitor in LA.

The SolarWinds Platform does not support using LA with one set of nodes, and the SolarWinds Platform Log Viewer on remaining nodes. In other words, if you have an LA10 license and a SAM AL100 license, you can monitor 10 nodes with LA, but you cannot monitor the other 90 with the SolarWinds Platform Log Viewer.

LA evaluation customers receive unlimited licenses for SolarWinds Platform nodes during the evaluation period.

  • The SolarWinds Platform Log Viewer only receives syslog/trap messages from licensed devices.
  • VMAN requires the SolarWinds Platform Log Viewer to monitor VMware-specific events.
  • Processing NCM Real-Time Change Notification messages requires an LA-specific license for each device.

Licensing levels

License Number of Monitored Elements
LA10 Up to 10 nodes with 1st-Year Maintenance
LA25 Up to 25 nodes with 1st-Year Maintenance
LA50 Up to 50 nodes with 1st-Year Maintenance
LA100 Up to 100 nodes with 1st-Year Maintenance
LA250 Up to 250 nodes with 1st-Year Maintenance
LA500 Up to 500 nodes with 1st-Year Maintenance
LA1000 Up to 1000 nodes with 1st-Year Maintenance

Message source terminology

  • Message source: Any device that sends log messages to LA.
  • Unmonitored message source: Unknown device (not in the SolarWinds Platform) that sends messages to LA.

  • Managed by LA: Node that sends messages to LA and consumes an LA license.

  • Passive SolarWinds Platform node: Node that doesn't send messages and is ignored by LA.

Enable or disable log and event monitoring

To adjust your node settings, edit the node properties, and then select one of the Log and Event Monitoring options.

  1. In the SolarWinds Platform Web Console, navigate to Settings > Manage Nodes.

  2. Select one or more nodes, and then click Edit Properties.

  3. Scroll down to the Log and Event Monitoring section.

    Choose one of the following options from the Status drop-down list:

    • Default: Monitoring will be enabled for this node on receipt of the first message.

      The Default setting applies to syslog and SNMP trap messages only. Windows and VMware events must be manually set to Enabled or Disabled. Log monitoring is automatically enabled by log profile creation.

    • Enabled: Monitoring is enabled for this node.

    • Disabled: Monitoring is disabled for this node. Log and event data will be discarded for this node.

  4. Click Submit.

You can also enable a node by selecting one or more nodes and clicking More Actions > Enable Log Monitoring.

Before removing a node, determine if it is collecting events from additional networked nodes that you want to continue monitoring. This action can result in loss of data from multiple nodes.