Wrong format of a syslog message

Unanswered Question
Feb 19th, 2007

I get syslog messages from a catalyst 4500 L3 version 12.2(25)SG which seems to be in a wrong format, because my syslog server did not find the keyword. The message has the format:

2007-02-19 12:11:09 Local7.Warning switchname 6262: Feb 19 12:11:08: %C4K_IOSMODPORTMAN-4-FANTRAYPARTIALFAILURE: A fan or thermistor/s in system fan tray have failed

But normally the syslog messages has no number behind the i meas the value 6262 and not the date and the time behind this value. The number will be increased by every syslog message. Can i configure anything,that i get another format in the message?, or must i change the software?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (3 ratings)
David Stanford Mon, 02/19/2007 - 06:59

Looking into the format of the message, but if might be a good idea to replace the problem fantray module as this message has been sent over 6000 times.

jdavis Mon, 02/19/2007 - 07:50

Your syslog event message looks properly formatted. The 6262 number is a serialization number telling us that this device has generated 6262 syslog event messages - not necessarily 6262 fan fail messages. Since Syslog is pushed on a UDP transport the sequential numbering lets us know if we've missed a message.

What syslog server software are you using that missing the keyword?

b.hofmann Tue, 02/20/2007 - 21:55

I use Kiwi syslogd version 7.02 which normally shows not the number and not the date for a message. The normal format is like this:

2007-02-18 23:02:08 Local7.Notice switchname %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/18, changed state to up

b.hofmann Thu, 02/22/2007 - 01:19

I found my problem in the kiwi syslog daemon, I was using 2 filter, and have now added the 2 keywords for what i search in one filter, and now it works fine. Thank you for your help


This Discussion