Documentation forOrion Platform

Syslog alert actions

This Orion Platform topic applies to the following products if you are NOT using the Orion Log Viewer to monitor syslogs.

DPAIMNAMNCMNPMNTASAMSRMVNQM

The following alert actions are relevant if you are monitoring syslogs with the Orion Platform.

If you use Log Analyzer or the Orion Log Viewer to monitor syslogs, these alert actions are not relevant any more.

Discard the Syslog Message

Delete unwanted Syslog messages sent to the Syslog server.

Tag the Syslog Message

Add a custom tag to received Syslog messages. Ensure you include the Tag column in the viewer when assigning a tag.

Modify the Syslog Message

Modify the severity, facility, type, or contents of a Syslog message.

Log the Message to a file

Specify a file and a series of variables with which to tag Syslog messages sent to the file. Ensure you have already created the log file you want to use. The alert cannot create a file.

Windows Event Log

Write a message to local or remote Windows Event Logs.

Forward the Syslog message

Specify the IP address or hostname and the port to forward a Syslog event.

Send a new Syslog message

Trigger a new Syslog message, sent to a specific IP address or hostname, on a specific port, with a customizable severity, facility, and message.

Send an SNMP Trap

Send a trap to an IP address following a specific trap template and using a specific SNMP community string.

Play a sound

Play a sound when a matching Syslog message is received.

Text to Speech output

Define the speech engine, speed, pitch, volume, and message to read.

Execute an external program

Allows you to specify an external program to launch using a batch file. This action is used when creating real-time change notifications in the Orion Platform.

To run external programs or VB scripts, Orion Platform 2020.2.5 enabled the usage of lower privileged built-in accounts. By default, this is the Network Service account. If you encounter issues, see Troubleshooting.

Execute an external VB Script

Launch a VB Script using the selected script interpreter engine and a saved script file.

To run external programs or VB scripts, Orion Platform 2020.2.5 enabled the usage of lower privileged built-in accounts. By default, this is the Network Service account. If you encounter issues, see Troubleshooting.

Send a Windows Net Message

Send a net message either to a specific computer or to an entire domain or work group.

Send an E-mail / Page

Send an email from a specified account to a specified address, using a specific SMTP server, and containing a customizable subject and message.

Stop Processing Syslog Rules

Stops the processing of Syslog rules for the matching Syslog message.

Troubleshooting

Issues with executing external programs/VB scripts

To execute external programs or VB scripts as a syslog or SNMP trap alert actions, Orion Platform 2020.2.5 enabled usage of lower privileged built-in accounts. If you experience issues with these actions after the upgrade to 2020.2.5, check the built-in account used as the Network Service and ensure it has been added into the access control list for your program and its location. If the issues persist, consider reverting to the legacy way of running them.

SolarWinds recommends that you create tailored low-privilege accounts on the machine to run specific external programs, scripts, and alert actions. See Secure external programs and script alerting actions for details.

If you revert back to the Legacy method, the actions will always use the Local System Account, regardless of what's in the registry.

To change the account used for running scripts/external programs.

  1. Log in to the server hosting your main polling engine.

  2. Locate the configuration file of the service with issues:

    • C:\Program Files (x86)\SolarWinds\Orion\SyslogTraps\SWTrapService.exe.config

    • C:\Program Files (x86)\SolarWinds\Orion\SyslogTraps\SyslogService.exe.config

  3. Search for "useLegacyExecurtor" and change its value to "true".

    The record should look as follows: <add key="useLegacyExecutor" value="true" />

  4. If you have additional polling engines deployed, repeat the steps on servers hosting your polling engines.

    The scripts and external programs will run under the system account.