Syslog collector invalid criteria?

Answered Question
Aug 28th, 2007

Running Cworks LMS 2.6 on Win2003. For the Syslog Collector running on RME 4.0.5, what is the criteria for an invalid message?

I'm trying to figure out why the following logging message for a front-end loopback test failure on a Cisco 2950 is not picked up by the collector:

Aug 28 12:50:12.023: Fa0/41 can't be brought up because it failed POST in loopback test

Is the facility, severity, and mnemonic required for the message to be successfully passed?

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 9 years 3 months ago

Windows servers typically get a lot of invalid messages since the dmgtd messages are also written to syslog.log, and those are not valid Cisco syslog messages.

The message above is also not valid. For a syslog message to be valid it must have what is called an EMBLEM header. This header consists of a FACILITY, SUB-FACILITY (can be null), SEVERITY, and MNEMONIC. It must also have a device name or IP address. In this case, the message lacks all components, and thus will be treated as invalid.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Joe Clarke Tue, 08/28/2007 - 09:25

Windows servers typically get a lot of invalid messages since the dmgtd messages are also written to syslog.log, and those are not valid Cisco syslog messages.

The message above is also not valid. For a syslog message to be valid it must have what is called an EMBLEM header. This header consists of a FACILITY, SUB-FACILITY (can be null), SEVERITY, and MNEMONIC. It must also have a device name or IP address. In this case, the message lacks all components, and thus will be treated as invalid.

Actions

This Discussion