Legacy rule migration and LA/LV feature comparison
Legacy syslogs and traps have been removed and replaced with new log functionality included in Log Viewer, Log Analyzer, and SolarWinds Observability Self-Hosted. To learn more about the features available in each product, see the feature comparison chart below.
Log Viewer, Log Analyzer, and SolarWinds Observability Self-Hosted only accept traps and syslogs from nodes monitored in SolarWinds Platform.
If your syslog and trap alerts were built with custom SQL queries, the alerts will not function with the new syslogs and traps (including rules) in SolarWinds Platform because the syslogs and traps are stored in a database outside of Orion.
When you upgrade to SolarWinds Platform from version 2020.2.6 or earlier, your current syslog and trap rules are automatically migrated during installation. If legacy rules are not migrated, you can force migration by enabling the PerformLegacyRuleMigration switch in the central settings. By default, PerformLegacyRuleMigration is enabled and subsequently disabled after migration is complete.
Because rules are not deduplicated, forced migration can result in multiple copies of legacy rules.
The new log functionality supports most legacy functionality. However, some rule conditions are not currently supported and cannot be migrated. Learn more about rule condition compatibility in the rule conditions chart below.
Once the rule migration is complete, a notification appears in the SolarWinds Platform Web Console with a link to the Rules migration report.
The report details the status of each migrated rule as follows:
- Success - Rule migrated successfully
- Warning - Rule migrated without the designated actions and is disabled
- Failure - Rule was not migrated
- Info - Rule successfully migrated but may perform differently than expected
You can also access the report in the SolarWinds Platform Web Console by navigating to Reports > All Reports > Rule migration report.
Click any rule in the Report to launch the Rule Builder for reviewing and editing the rule. Click View legacy rule details to view the original rule.
Migration results may vary based on the configuration of migrated rules. Rules are sorted based on the migration result and displayed by severity, from most to least critical.
Input legacy rule | Status | Migration result |
---|---|---|
The rule contains a condition that is not supported. | Failure | The rule is not migrated. |
The rule contains an action which is not supported by migration. | Failure | The rule is created without that action and the rule is disabled. |
The rule contains a misconfigured action supported by migration. | Warning | The action is not added to the final rule and the rule is disabled. |
The rule contains needs additional setup or configuration and is supported by migration. | Info | The rule is migrated, but needs further configuration. |
The rule contains actions and/or conditions supported by migration | Success | The rule is fully migrated. |
Legacy syslog/trap and LA/Log Viewer feature comparison
The tables below compare the rule conditions and actions that can be defined in legacy syslogs and traps to rule conditions and actions supported by LA/Log Viewer.
Find variables that can be used in syslog alert messages here.
Conditions
Source | Rule Condition | Legacy | LA/Log Viewer | Note |
---|---|---|---|---|
Syslog & Trap | Source Addresses | |||
Syslog & Trap | Name | |||
Syslog & Trap | Enabled | |||
Syslog & Trap | Apply to engines | |||
Syslog & Trap | EngineID | |||
Syslog | Facilities | |||
Syslog | Severity | |||
Syslog & Trap | DNS Host Name | |||
Syslog & Trap | Time Of Day | |||
Syslog & Trap | Days Of Week | |||
Syslog | Message | |||
Syslog | Message Type | Message Type is a subset of Message that populates under Message Contains or Message Matches Regex. | ||
Syslog & Trap | Trigger Threshold | |||
Trap | Trap Details | |||
Trap | Conditions | Wildcards in OIDs are not supported. The full varbind OID or name is required. | ||
Syslog & Trap | Community String |
Actions
Source | Action | Type | Legacy | LA/Log Viewer | Note |
---|---|---|---|---|---|
Syslog & Trap | Discard | Processing | |||
Syslog & Trap | Tag | Processing |
In LA 2022.3, each tag is required to have both a name and a color. This feature is only available in Log Analyzer. |
||
Trap | Flag with specific color | Processing | |||
Syslog | Modify the syslog message | Processing | |||
Syslog & Trap | Log to a file | Alerting | |||
Syslog & Trap | Log to a Windows event log | Alerting | |||
Syslog & Trap | Forward the syslog/trap | Processing | You cannot select network adapters in LA 2022.3. | ||
Syslog | Send a new syslog message | Alerting | |||
Syslog | Send an SNMP trap | Alerting | |||
Syslog & Trap | Play a sound | Alerting | |||
Syslog & Trap | Text to speech output | Alerting | |||
Syslog & Trap | Execute an external program | Processing/Alerting | In LA 2022.3, you can choose which account will run the program. | ||
Syslog & Trap | Real-time config change detection | Processing/Alerting | Starting with LA 2023.2.1, you can send a notification to NCM or HCO Advanced when changes to network configuration files are detected. | ||
Syslog & Trap | Send an email/page | Alerting | You can only implement one set of credentials per SMTP server. | ||
Syslog & Trap | Execute an external VB script | Alerting | |||
Syslog & Trap | Send a Windows Net message | Alerting | |||
Syslog & Trap | Stop processing rules | Processing | |||
Syslog & Trap | Change interface status | Processing | Starting with 2022.x, this is supported in Log Viewer/LA. |
* Partially supported