I opened a ticket on this, but I'm curious to see if anyone else is noticing this problem. I am using the Syslog Server pretty extensively for message storage and alerting. I've noticed a couple months ago that the messages were not being stored in the database properly. Messages will get stored with the wrong Message Type or store incorrect (or non-existent) FirstIP, SecondIP, ThirdIP data in those columns. For instance, I could have an SEC-AUTH message come in regarding a login to a Linux server, but it will be stored with Message Type PIX-xxxxxx, or a LINK-UPDOWN Type. This really screws around with our alerting.
Is anyone else noticing this and perhaps having the same problem? I was really hoping it would be fixed in 8.1, as my ticket was opened in late April. I've not gotten any updates on if/when it would be fixed.
I reported to SolarWinds support the same issue about syslog messages being stored with the wrong Message Type several months ago. They were also SEC-AUTH messages from our RADIUS server, being catagorized as various other Messages Types, that they clearly weren't. I, also, have not heard on any fix.
We, ultimately, quit using Orion to process these syslog messages because it isn't reliable.
Wow, that is terribly disappointing. I personally would like to have seen this fixed as opposed to new icons in the web console. (Although, I do like the new icons!)
I just set the syslog service up. After trying to find the small change in syntax required by SQL 2005, I installed the Orion add-in that feeds event logs to the syslog server. I get time, server name, priority, facility, etc with no problem. However, the message looks like straight binary. Any suggestions?
