Monitor Syslog messages
Syslog messages are received by the SolarWinds Syslog Service, which listens for incoming messages on UDP port
514. Received messages are decoded and stored in the SolarWinds Platform database. The SolarWinds Syslog Service can handle large numbers of simultaneously incoming Syslog messages from all your monitored devices.
Starting with Orion Platform 2019.4, you can optionally manage Syslog and SNMP trap messages through the SolarWinds Platform Web Console using the free Orion Log Viewer (OLV).
A SolarWinds installation can process approximately 1 million Syslog messages per hour, which is about 300 Syslog messages per second. You can process more by increasing your hardware requirements over the minimum requirements.
You can view Syslog messages in the SolarWinds Platform Web Console or in the Syslog Viewer application.
Before you begin
- Confirm that your network devices are configured to send Syslog messages to the SolarWinds Platform server IP address. For proper configuration of network devices, refer to the documentation supplied by the device vendor.
UDP port 514is open for IPv4 and IPv6.
- The message must be formatted according to the Request for Comments (RFC) requirements.
- If a long message is split into smaller parts, these parts should be formatted to not be skipped.
SolarWinds recommends setting up Enable RFC Relay in the service to
trueto allow the service to restructure the message by adding the default facility, severity, or date.