Send a syslog message in the Orion Platform

This topic applies to all Orion Platform products except for the following products:

EOCETSWPM

SolarWinds can log received alerts to the syslog of a designated machine for later investigation. The following procedure configures an alert to send a message to a designated syslog server.

Starting with Orion Platform 2019.2, you can encrypt syslog messages using TCP or TCP/TLS protocols.

  1. When editing or adding an alert, click Add Action in the Trigger or Reset Action section of the Alert Wizard.
  2. Select the Send a Syslog Message option, then click Configure Action.
  3. Under Send a Syslog message settings:
    1. Enter the Hostname or IP Address of the syslog server in the field provided.

      Multiple syslog servers should be separated by commas.

    2. Select a protocol. By default, UDP is selected. Ensure that appropriate ports are open:
      ProtocolPort to open
      UDP514
      TCP1468
      TCP/TLS6514

      To specify a different port, provide it directly in the Hostname/IP Address field above.
      For example: 1.23.4.10:500 sends a syslog message to 1.23.4.10, port 500.

    3. If you selected TCP/TLS, further specify certificate validation rules:
      • Ignore Certificate Chain Errors: Select the box to ignore any chain errors of the certificate, such as a missing root certificate.
      • Disable Certificate Revocation Check: Select the box to skip CRL check of a certificate. Useful to bypass 'revoked certificate' errors.
      • Ignore Certificate Name Mismatch: Select to ignore errors where the Common Name or Subject Alternative Name of the certificate does not match the client's (Orion server) host name.
    4. Select a Severity and a Facility from the drop down lists.
  4. Enter the Message of your alert trigger in the field provided. 
  5. Schedule the action by selecting Time of Day > Use special Time of Day schedule for this action. This schedule only applies to the alert action you are editing.

    This is often used to prevent an action from occurring during specific windows.

  6. Select how frequently this action occurs for each triggered alert in Execution Settings.

  7. Click Add Action.

The action is added to the trigger or reset action list, and you can test the action using the Simulate button. When the trigger or reset conditions of the alert are met, the syslog message is sent.