02-13-2007 02:07 AM
Our Ciscoworks LMS2.6 is not logging syslog messages. I have followed all the various "redme's" etc with no success .
What could I be doing wrong ??.
02-13-2007 02:54 AM
Hi Scott,
is the syslog service started and working? Have a "netstat -na" take a look for UDP and TCP port 514.
For normal the syslog is listening to UDP only, but some systems have the ability to get messages on TCP 514, too.
In Common Services -> Server -> Admin -> Processes have a look for the status of the Syslog Analyser and Syslog Collector Services.
Best regards,
Frank
02-13-2007 03:24 AM
Hi,
Both services are shown as started and running, displaying "no messages received".
netstat -na shows
TCP 0.0.0.0:514 0.0.0.0 LISTENING
UDP 0.0.0.0:514 *:*
To my mind that seems to be correct ?.
02-13-2007 04:09 AM
Hi Scott,
just forgotten to ask:
Do you have any other syslog program on the server installed?
What OS do you have installed?
On Windows 2003 try netstat -nabv
This shows you the executed programs to the corresponding port.
On Windows 2000 try tcpview from www.systernals.com (it now leads to a microsoft Webpage)
Can you see the "CWCS Syslog Service" in the windows services list? And what status does it have?
Do you have a syslog.log file in the path PROGRAMDIR\CSCOpx\log ?
Best regards,
Frank
02-13-2007 04:51 AM
No other syslog program , Win2K box.
Yes there is a "syslog.log" file its 6GB in size !!
CWCS Service is "Started & Automatic"
02-13-2007 04:36 AM
Have you subscribed a syslog server in RME->Tools->Syslog->Syslog Collector Status ?
You can even do that to the local box.
02-13-2007 04:44 AM
02-13-2007 05:08 AM
Hi Scott,
6 GB large!! Gigabyte??
Just stop the LMS with "net stop crmdmgtd" command from the dos box.
rename the syslog.log to e.g. syslog.log.sav
restart LMS with net start crmdmgtd
Try the Setup of Backup und Purge Policies in RME -> Admin -> Syslog.
Good Luck
Frank
02-13-2007 05:40 AM
It says theres a sharing violation when I try to rename the file.
Going to stop all running services to see what happens
02-13-2007 05:56 AM
syslog file size = 6,507,566 !!!
Had to manually stop the CWCS syslog collector service before I could rename the log file.
but now I cannot amend the default purge job, I get an error message , it is
"SLCA0119: Syslog default purge job could not be edited. Check the log for details."
Me thhinks our LMS is a sick puppy :-(
02-13-2007 06:19 AM
Hi Scott,
just do me the favour:
Stop and Start the whole LMS App.
Or reboot the server.
Do you have a syslog.log file in the log dir now.
I guess not. Thats why the Purge Job may fail.
Best reagrds,
Frank
02-13-2007 06:32 AM
Rebooted . Log file exists Purge job set.
Log file has device entries in it , but thats as far as it goes, the dont show in Device Centre or any "syslog" Report Jobs.
I am going to give up on this, its burning too many cycles for no result.
Will have to use a seperate syslog" application on a seperate box, it means another application but I dont think i have a choice.
Very many thanks for your help !!!
02-13-2007 07:12 AM
Hi Scott,
since i do not know how you send the syslog messages from your devices to the LMS i may assume a little chance of a misconfiguration.
Maybe we can resolve it here. The Syslog Report only use the real syslog messages not the syslog traps from the devices!
Setup the "logging host" command on the devices.
Have in mind that the following syslog messages are filtered by default and have to be ebabled: Link Up/Down, PIX, Severity 7, and IOS Firewall Audit Trail.
Do not be sick about LMS 2.6 it is running fine now. The initial release of 2.5 was sometimes getting me nuts. But now the product is optimized and syslog should not be a problem.
Of course the Documentation for the LMS is sometimes a bit abstract and / or dry stuff.
;-))
Best regards,
Frank
02-13-2007 11:52 AM
Thanks for the encouragement !!!.
Here is a sample "logging" config fromone of our switches
CHASW37#sh logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)
Console logging: disabled
Monitor logging: disabled
Buffer logging: level informational, 378 messages logged
Exception Logging: size (4096 bytes)
File logging: disabled
Trap logging: level informational, 382 message lines logged
Logging to 172.26.1.254, 3 message lines logged
Logging to 172.26.2.21, 3 message lines logged
The syslog file on the LMS server is being populated. (see attachment), but this is the big but thats where it stops "device manager" shows no syslog entries and nor does "report generator".
So the process of LMS reading the log file and associating to device manager/report generator is not working.
I am stumped, but have a work around with a syslog app on another box, this works fine.
Scott.
02-13-2007 05:14 PM
Hi Scott,
it seems to me that the logging level is misconfigured.
Have a look into
RME -> Admin -> System Preferences -> Log Level Settings
Choose syslog Analyser and have a look to its value. Could it be set to 3 or 4?
Change to 7 again for a test.
Do you have setup the LMS as Syslog Collector?? This means you end the syslogs generated from the LMS to istself!! This should not be neccessary.
I have seen things like this:
Feb 13 13:53:11 127.0.0.1 100: <30> dmgt[143028]: 3007(I):Started application(jrm) "D:\PROGRA~1\CSCOpx\bin\cwjava.exe -Xms64m -Xmx128m -Dvbroker.se.iiop_tp.scm.iiop_tp.dispatcher.threadMax=128 -Dvbroker.se.default.socket.manager.connectionMax=300 -cp:p MDC\tomcat\shared\lib\MICE.jar;MDC\tomcat\shared\lib\NATIVE.jar;MDC\tomcat\shared\lib\jdom.jar;MDC\tomcat\shared\lib\xalan.jar;MDC\tomcat\shared\lib\xerces.jar;MDC\tomcat\common\lib\servlet.jar com.cisco.nm.cmf.jrm.Server" pid=33044.
I guess it was setup in the RME -> Admin -> Tools -> Syslog. Delete the Syslog Collector entry!
I am not at work so i have no access to my installation.
But dont be afraid if you change the setings and the reports are still empty! The syslog Analyzer starts analyzing from the moment he is correctly configured not into the past!!
I have seen this in LMS 2.5.1 and maybe this behaviour is still valid!
Good Luck
Frank
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide