Windows LMS 2.6 syslog problem

Unanswered Question
May 16th, 2007

Hi,

I've installed a LMS 2.6 over Windows and I 've configured the routers and switches for sending their syslog messages to the LMS server. When I see the file syslog.log, I can see all the all the syslog messages.

The problem is that no message appears when I launch a syslog report from RME/Reports/Syslog. All the time the message is the same: "no records".

It's the third Windows server where I see this. Neverthless, in Solaris everything runs perfectly.

I have checked that no filters are discarding messages, that SyslogCollector and SyslogAnalyzer are running, I hace also checked that the collector appears as up in "Syslog Collector Status" and that there are no conflicts with ports 3333 and 4444.

Can anyone help me, please?

Regards.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
David Stanford Wed, 05/16/2007 - 03:38

Can you try the following while enabling debugs for SyslogCollector and SyslogAnalyzer

Select one device that is a managed device in RME

Then go to the device and generate a config syslog message simply by entering conf t and then exit

Check the syslog.log to make sure this message makes it to the log. Then wait a few minutes before going to RME.

Now go to RME and select a syslog report (24 hour report)and select only this device. Run the report and do you see the message?

If not, look through the SyslogCollector.log and AnalyzerDebug.log to see if there are any messages related to this device or message.

Joe Clarke Wed, 05/16/2007 - 07:26

In addition to what Dave says (these steps are vital) since you said it works fine on Solaris, but does not work on Windows, this may be CSCsh66475 in which name resolution delays SyslogAnalyzer from coming up. The AnalyzerDebug.log that Save requested will help, but only after you enable SyslogAnalyzer debugging under RME > Admin > System Preferences > Loglevel Settings, then restart SyslogAnalyzer (pdterm SyslogAnalyzer/pdexec SyslogAnalyzer).

cmartinvalle Fri, 05/18/2007 - 01:10

I have solved my issue. I needed to subscribe the syslog collector. I think it wasn't necessary because it appears one called "ciscoworks".

Your both answers have been very useful because I realized looking at the AnalyzerDebug.log and SyslogCollector.log. There was a messahe like this: "No monitor collectors registered".

Thanks.

Actions

This Discussion