Wrong format of a syslog message

b.hofmann · ‎02-19-2007

I get syslog messages from a catalyst 4500 L3 version 12.2(25)SG which seems to be in a wrong format, because my syslog server did not find the keyword. The message has the format:

2007-02-19 12:11:09 Local7.Warning switchname 6262: Feb 19 12:11:08: %C4K_IOSMODPORTMAN-4-FANTRAYPARTIALFAILURE: A fan or thermistor/s in system fan tray have failed

But normally the syslog messages has no number behind the i meas the value 6262 and not the date and the time behind this value. The number will be increased by every syslog message. Can i configure anything,that i get another format in the message?, or must i change the software?

David Stanford · ‎02-19-2007

Looking into the format of the message, but if might be a good idea to replace the problem fantray module as this message has been sent over 6000 times.

Jason Davis · ‎02-19-2007

Your syslog event message looks properly formatted. The 6262 number is a serialization number telling us that this device has generated 6262 syslog event messages - not necessarily 6262 fan fail messages. Since Syslog is pushed on a UDP transport the sequential numbering lets us know if we've missed a message.

What syslog server software are you using that missing the keyword?

b.hofmann · ‎02-20-2007

I use Kiwi syslogd version 7.02 which normally shows not the number and not the date for a message. The normal format is like this:

2007-02-18 23:02:08 Local7.Notice switchname %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/18, changed state to up

b.hofmann · ‎02-22-2007

I found my problem in the kiwi syslog daemon, I was using 2 filter, and have now added the 2 keywords for what i search in one filter, and now it works fine. Thank you for your help