cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
853
Views
0
Helpful
1
Replies

Syslog collector invalid criteria?

david.fernandes
Level 1
Level 1

Running Cworks LMS 2.6 on Win2003. For the Syslog Collector running on RME 4.0.5, what is the criteria for an invalid message?

I'm trying to figure out why the following logging message for a front-end loopback test failure on a Cisco 2950 is not picked up by the collector:

Aug 28 12:50:12.023: Fa0/41 can't be brought up because it failed POST in loopback test

Is the facility, severity, and mnemonic required for the message to be successfully passed?

1 Accepted Solution

Accepted Solutions

Joe Clarke
Cisco Employee
Cisco Employee

Windows servers typically get a lot of invalid messages since the dmgtd messages are also written to syslog.log, and those are not valid Cisco syslog messages.

The message above is also not valid. For a syslog message to be valid it must have what is called an EMBLEM header. This header consists of a FACILITY, SUB-FACILITY (can be null), SEVERITY, and MNEMONIC. It must also have a device name or IP address. In this case, the message lacks all components, and thus will be treated as invalid.

View solution in original post

1 Reply 1

Joe Clarke
Cisco Employee
Cisco Employee

Windows servers typically get a lot of invalid messages since the dmgtd messages are also written to syslog.log, and those are not valid Cisco syslog messages.

The message above is also not valid. For a syslog message to be valid it must have what is called an EMBLEM header. This header consists of a FACILITY, SUB-FACILITY (can be null), SEVERITY, and MNEMONIC. It must also have a device name or IP address. In this case, the message lacks all components, and thus will be treated as invalid.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: