Running Cworks LMS 2.6 on Win2003. For the Syslog Collector running on RME 4.0.5, what is the criteria for an invalid message?
I'm trying to figure out why the following logging message for a front-end loopback test failure on a Cisco 2950 is not picked up by the collector:
Aug 28 12:50:12.023: Fa0/41 can't be brought up because it failed POST in loopback test
Is the facility, severity, and mnemonic required for the message to be successfully passed?
Windows servers typically get a lot of invalid messages since the dmgtd messages are also written to syslog.log, and those are not valid Cisco syslog messages.
The message above is also not valid. For a syslog message to be valid it must have what is called an EMBLEM header. This header consists of a FACILITY, SUB-FACILITY (can be null), SEVERITY, and MNEMONIC. It must also have a device name or IP address. In this case, the message lacks all components, and thus will be treated as invalid.