LA 2.1 Release Notes
Release date: June 6, 2019
These release notes describe the features in Log Analyzer (LA), formerly Log Manager for Orion, 2.1. They also provide information about upgrades and describe workarounds for known issues.
New features and improvements in LA
LA is a fully-integrated log management solution that is accessible through your Orion Platform Web Console. Upon installation, you can instantly view live event messages from nodes currently integrated with the Orion Platform, and quickly map unknown devices through the Node Management feature. Key benefits include live event filtering to target, identify, and alert on current network issues, and seamless transitions between critical event messages and associated Orion Platform products for on-the-spot troubleshooting and issue resolution.
New in LA 2.1
LA 2.1 includes Microsoft Azure SQL and secure syslog support. Learn more about Microsoft Azure SQL support here, and secure syslogs here.
LA 2.1 is an Orion Platform product, and runs on Orion Platform 2019.2.
Additional LA features
Monitor Windows event logs
Starting with LA 2.0, you can stream, monitor, and alert on Windows event logs. From the LA Log Viewer, you can filter Windows events, enable out-of-the-box rules for events, and create custom rules tailored for specific Windows event activity.
Log forwarding
On the Log Processing Configuration page, create custom rules to forward your syslog and trap log messages to a dedicated server. This feature allows you to forward log data to third-party systems and other SIEM tools.
Filter and export search results
Filter and export your search results to a CSV file from the LA Log Viewer. Use CSV files to attach search results to a help ticket, share with members of your team, archive data for historical reference, and more.
Reorder custom rules
On the Log Processing Configuration page, you can change the processing order for each of your custom rules.
Free poller support and Centralized Upgrades
Starting with LA 1.1.1, LA includes free poller support and Centralized Upgrades. Learn more about free poller engines here, and Centralized Upgrades here.
Orion Platformalert integration
On the Log Processing Configuration page, you can integrate alert actions into your custom rules, or create new rules and apply alert actions. You can configure your rule to send an event to the Orion Platform alerting engine when the rule criteria are met, and also create a new alert that fires each time a rule is triggered.
For more information about Orion Platform alerting, see Create and manage alerts in the online LA Administrator Guide. To create a new rule in LA, see Create custom log-processing rules.
Enable existing NCM Real-Time Change Notification rules
You can apply existing NCM Real-Time Change Notification (RTCN) rules to your current LA log-processing rule set. When LA detects NCM RTCN rules, you will receive a notification in the Orion Platform Web Console, which means you can then access and enable the rules through the LA Log Processing Configuration page. See the NCM RTCN article in the SolarWinds Customer Success Center for more information.
Enable full-text search in Microsoft SQL Server 2016
When installing and configuring SQL Server 2016, enable full-text search to ensure optimum event log search performance within LA. You can still install LA and initiate event log searches without enabling this capability, but the speed and quality of your search may be significantly reduced.
Before you upgrade
If you are adding LA 2.1 to your existing Orion Platform products, make note of the following:
LA 2.1 requires Microsoft SQL Server 2016 SP1 or later.
LA 2.1 does not support data migration of existing rules and alerts.
Legacy syslog and traps
LA replaces the existing legacy syslog and trap services, but only provides a subset of the legacy functionality. After installation of LA over the legacy syslog and trap services, the records remain in the database, but will not be used by LA. You can still access the read-only legacy records in the Syslog Viewer and Traps Viewer applications. All new syslog and trap messages will be stored in the dedicated LA database.
New customer installation
Use the SolarWinds Orion Platform Installer, available in the Customer Portal, to install LA. After installation, refer to the LA Getting Started Guide to learn about configuring and customizing LA.
Fixed issues
LA 2.1 fixes the following issues:
| Case Number | Description |
|---|---|
| CUST-54958 | License Details page shows incorrect number of monitored nodes. |
| CUST-50651 | Associating tags with 1000 events in the Log Viewer reduces performance. |
|
CUST-52774 CUST-52995 |
Agent overloaded alert doesn't work as expected. |
| CUST-52995 | Some log filters throw exceptions. |
| CUST-53965 | NCM rules are not properly triggered on additional pollers. |
|
CUST-55732 CUST-54998 |
Expired evaluation event repeats every minute. |
| N/A | The expiration message appears when LA switches to Orion Log Viewer. |
| N/A | Log entries are dropped when collecting Orion Platform diagnostics. |
Known issues
Messages are dropped when changing Azure database tiers
Issue: With Microsoft Azure, messages are dropped when the Azure database tier is changed.
Workaround: Review this article for additional information.
Legal notices
© 2019 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.