Documentation forLog Analyzer
Analyzing logs is a key capability of SolarWinds Observability Self-Hosted (formerly Hybrid Cloud Observability) and is available in the Essentials edition. Log Analyzer (LA) is also available in a standalone module.

Legacy rule migration and LA/LV feature comparison

Legacy syslogs and traps have been removed and replaced with new log functionality included in Log Viewer, Log Analyzer, and SolarWinds Observability Self-Hosted. To learn more about the features available in each product, see the feature comparison chart below.

Log Viewer, Log Analyzer, and SolarWinds Observability Self-Hosted only accept traps and syslogs from nodes monitored in SolarWinds Platform.

If your syslog and trap alerts were built with custom SQL queries, the alerts will not function with the new syslogs and traps (including rules) in SolarWinds Platform because the syslogs and traps are stored in a database outside of Orion.

When you upgrade to SolarWinds Platform from version 2020.2.6 or earlier, your current syslog and trap rules are automatically migrated during installation. If legacy rules are not migrated, you can force migration by enabling the PerformLegacyRuleMigration switch in the central settings. By default, PerformLegacyRuleMigration is enabled and subsequently disabled after migration is complete.

Because rules are not deduplicated, forced migration can result in multiple copies of legacy rules.

The new log functionality supports most legacy functionality. However, some rule conditions are not currently supported and cannot be migrated. Learn more about rule condition compatibility in the rule conditions chart below.

Once the rule migration is complete, a notification appears in the SolarWinds Platform Web Console with a link to the Rules migration report.

The report details the status of each migrated rule as follows:

  • Success - Rule migrated successfully
  • Warning - Rule migrated without the designated actions and is disabled
  • Failure - Rule was not migrated
  • Info - Rule successfully migrated but may perform differently than expected

You can also access the report in the SolarWinds Platform Web Console by navigating to Reports > All Reports > Rule migration report.

Click any rule in the Report to launch the Rule Builder for reviewing and editing the rule. Click View legacy rule details to view the original rule.

Migration results may vary based on the configuration of migrated rules. Rules are sorted based on the migration result and displayed by severity, from most to least critical.

Input legacy rule Status Migration result
The rule contains a condition that is not supported. Failure The rule is not migrated.
The rule contains an action which is not supported by migration. Failure The rule is created without that action and the rule is disabled.
The rule contains a misconfigured action supported by migration. Warning The action is not added to the final rule and the rule is disabled.
The rule contains needs additional setup or configuration and is supported by migration. Info The rule is migrated, but needs further configuration.
The rule contains actions and/or conditions supported by migration Success The rule is fully migrated.

Legacy syslog/trap and LA/Log Viewer feature comparison

The tables below compare the rule conditions and actions that can be defined in legacy syslogs and traps to rule conditions and actions supported by LA/Log Viewer.

Find variables that can be used in syslog alert messages here.

Conditions

Source Rule Condition Legacy LA/Log Viewer Note
Syslog & Trap Source Addresses  
Syslog & Trap Name  
Syslog & Trap Enabled  
Syslog & Trap Apply to engines  
Syslog & Trap EngineID  
Syslog Facilities  
Syslog Severity  
Syslog & Trap DNS Host Name  
Syslog & Trap Time Of Day  
Syslog & Trap Days Of Week  
Syslog Message  
Syslog Message Type Message Type is a subset of Message that populates under Message Contains or Message Matches Regex.
Syslog & Trap Trigger Threshold  
Trap Trap Details  
Trap Conditions Wildcards in OIDs are not supported. The full varbind OID or name is required.
Syslog & Trap Community String  

Actions

Source Action Type Legacy LA/Log Viewer Note
Syslog & Trap Discard Processing  
Syslog & Trap Tag Processing

In LA 2022.3, each tag is required to have both a name and a color.

This feature is only available in Log Analyzer.

Trap Flag with specific color Processing  
Syslog Modify the syslog message Processing  
Syslog & Trap Log to a file Alerting  
Syslog & Trap Log to a Windows event log Alerting  
Syslog & Trap Forward the syslog/trap Processing You cannot select network adapters in LA 2022.3.
Syslog Send a new syslog message Alerting  
Syslog Send an SNMP trap Alerting  
Syslog & Trap Play a sound Alerting  
Syslog & Trap Text to speech output Alerting  
Syslog & Trap Execute an external program Processing/Alerting In LA 2022.3, you can choose which account will run the program.
Syslog & Trap Real-time config change detection Processing/Alerting Starting with LA 2023.2.1, you can send a notification to NCM or HCO Advanced when changes to network configuration files are detected.
Syslog & Trap Send an email/page Alerting You can only implement one set of credentials per SMTP server.
Syslog & Trap Execute an external VB script Alerting  
Syslog & Trap Send a Windows Net message Alerting  
Syslog & Trap Stop processing rules Processing  
Syslog & Trap Change interface status Processing Starting with 2022.x, this is supported in Log Viewer/LA.

* Partially supported