01-21-2008 07:17 AM
I am using an automated action to froward SYSLOG to another server. I am getting this message (Not a validaction) in the AnalyzerDeBug.log:
I am using the perl script and bat from a previous post.
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Attempting to process new syslogs from the collector
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Attempting to find the device id
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Preparing to find device id by assuming 10.116.11.131 as address
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Finding device id in the cache
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Device id found in the cache itself as 4837
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Found the device id as 4837
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Attempting to insert the syslog into database
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Preparing to hand of syslog to the database handler
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2], Time stamp of the syslog received is : Mon Jan 21 10:06:54 EST 2008 GMT 21 Jan 2008 15:06:54 GMT
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Insert into SYSLOG_20080021(Syslog_Device_Id,Syslog_Device_Name,Syslog_TimeStamp,Syslog_Facility,Syslog_SubFacility,Syslog_Severity, Syslog_Mnemonic,Syslog_Description )values ( '4837','10.116.11.131','2008-01-21 15:06:54','DOT11',null,'6','DISASSOC','Interface Dot11Radio0, Deauthenticating Station 0015.7024.a215 Reason: Sending station has left the BSS' )
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Recreated the statement object
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Added syslog to the database handler
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Insertion of syslog into database is done
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Attempting to find interested actions, bypassing
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Found 3 actions on the syslog
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Preparing to check with DM to invoke action on the device 4837
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],The device already granted by DM
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Statemanagement allowed actions on the syslog
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Attempting to hand off the syslog to action handlers
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Preparing to hand of syslog to the action processor
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Valid action: Script
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Parameters: D:/apps/CSCOpx/files/scripts/syslog/log.bat
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Not a valid action
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Not a valid action
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Syslog has at least one action, passing it to action handling processer
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Handed off syslog to the action processor
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Syslog handed off to action handlers
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Syslog Action Processor thread attempts to get next syslog from queue
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Attempting to read from the queue for new syslogs from collector
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Attempting to process new syslogs from the collector
[ Mon Jan 21 10:06:55 EST 2008 ],DEBUG,[Thread-2],Attempting to find the device id
01-21-2008 09:22 AM
Which version of RME is this?
Was log.bat created or modified?
01-21-2008 10:09 AM
Here is log.bat
@ECHO OFF
D:\apps\cscopx\bin\perl.exe d:\apps\CSCOpx\files\scripts\syslog\log.pl "%~2"
RME is 4.0.5
01-21-2008 11:06 AM
You need to provide the log.pl as well. Note, this message is typical, and does not necessarily indicate a problem. Are the messages not actually being forwarded?
01-21-2008 11:32 AM
log.pl
#!/opt/CSCOpx/bin/perl
use strict;
use Sys::Syslog qw(:DEFAULT setlogsock);
my $msg = $ARGV[0];
setlogsock('inet');
$Sys::Syslog::host = '10.129.20.236';
syslog('info|local7', $msg);
closelog;
I can live with the error if its normal....
Also, is there a way to direct the syslog to a particular directory and a name? ie /backup/ftpusr/cisco and the file needs to be named syslog.log.
01-21-2008 11:43 AM
In order for the messages to go to a certain file, you need to configure the receiving side to handle local7.info messages in the way desired. On UNIX systems, this will typically be done in /etc/syslog.conf.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide