Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
755
Views
0
Helpful
1
Replies

is it possible that syslog from the devices are never written?

thetnaing00
Level 1
Level 1

‎08-26-2007 08:43 PM

hi

is it possible that syslog from the devices are never written on syslog database so that the report is empty.or it is just a matter of time and it will show you one or two days later? thanks

Labels:
0 Helpful
1 Reply 1

Joe Clarke
Cisco Employee
Cisco Employee

‎08-27-2007 07:43 AM

There are numerous reasons why a syslog message from a device is not written to syslog.log. They include the device not generating the message (maybe due to a bug), the message not being severe enough to be sent as a syslog message, the message being sent on the wrong facility, a network issue preventing the message from reaching the server, and the syslog daemon not running on the server.

Once a message is written to the syslog.log file, it may then be ignored by the SyslogCollector if the message is not permitted by the configured syslog filters, or SyslogCollector is not running at the time the message is written to the log.

Once SyslogCollector processes the message and deems it to be interesting, it may not get written to the database if the SyslogAnalyzer is not running, or the database is corrupt or otherwise damaged.

0 Helpful
Customers Also Viewed These Support Documents