Okay, I looked and they are not in use. I tried again to subscribe, and again the log told me "unable to add monitor". When I go to subscribe, it gives me a box that talks about the certificate, and making sure it is on the peer server, but if it is the same server, do I need to do anything special? And when I look at Server-Security, it says that the self-signed certificate is found and valid, but whenever I log in with IE it says there is a problem with the certificate. I always ignore it and carry on, but I thought that information might be helpful.

Thank you,

Kari

Please post your SyslogCollector.log, SyslogAnalzyer.log, SyslogAnalyzerUI.log, and AnalyzerDebug.log.

The sysloganalyzer.log was completely empty.

And if there is a glaringly obvious error, I apologize. I know very little about syslog. That is why I am trying to get this configured, so I can learn.

There is nothing obvious here which means that SyslogCollector debugging needs to be enabled. This is done in the Collector.properties file which can be found by searching under NMSROOT. After enabling debug, pdterm/pdexec SyslogCollector, reproduce the problem, then post the new SyslogCollector.log.

At first I set it to debug. Then I stopped the service, set it to warning. Both times when I went into syslog status collector, it had the ip of the server and a bunch of NAs in the other fields. I clicked on subscribe, it asks for the ip. I have been giving it its ip. Clicked okay, it changed from the address to the name of the server.

Looks like it's working now. However, you may have a problem with your filters. Please include a screenshot of your syslog filters screen.

Honestly, I haven't done anything to the filters page. I thought that if I left it alone, all messages would be sent to the Analyzer. But when I run a report, I don't see anything. And after I change the debug back to info and go back into Collector and try to subscribe and go look at the log, it still says unable to add monitor. Is there some sort of delay in when the collector collects and the analyzer grabs it and analyzes?

Thanks for all the time you've spent posting.

Kari

There is a delay on Windows depending on the number of messages coming in per second. As soon as the message is written to the syslog.log file, SyslogCollector should process it, though. There is no delay in the Cisco pieces on Solaris.

I would still like to see screenshots from your filter page and from the Syslog Collector Status page.

I was hoping that if I left it alone, it would magically be working when I came back in today, but no. When I run a syslog report, there are no records. I can see from the syslog collector page that the devices are sending messages, it just isn't getting to the syslog analyzer.

The screenshot of the message filter is how it was configured originally. I did try clicking on Keep and enabling some of the filters (and on the syslog collector page, it shows that a lot of the messages were filtered), but that didn't seem to help either.

Alright, I'm an idiot, you're a genius. Thank you so much for your help. I can see it forwarding, and I can run reports.