CW LMS - Syslogs and DFM problems

Answered Question
Sep 17th, 2008

Hi gents


I have the following problem:


we've got CW LMS 2.6, RME 4.0.6, DFM 2.0.11.


Today I occassionaly noticed that CW doesn't have any received syslog messaged for one 3750 switch. I checked the switch and tested sending syslog messages to another syslog server - everything fine.


At the same time CW has syslog messages for all other devices.


I checked credentials for problem devices - fine, checked system configuration archive - ok, but if I try to get Fault History report for this switch in DFM I receive the following error:


"Cannot generate Fault History display.


User has no access to the device."


So, there is something incorrect configured at my server. any idea?


Thanks you,

Correct Answer by Joe Clarke about 8 years 5 months ago

Yes, you have to first verify the messages are making it to the server, then you need to check the SyslogCollector.log to make sure they're being processed correctly.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
agipkcolon Wed, 09/17/2008 - 04:57

just tried to remove and add it back - nothing changed. I still don't receive syslogs and still can't get fault history report.

Joe Clarke Wed, 09/17/2008 - 07:32

DFM has nothing to do with syslog. Do you want to look at the DFM fault history issue, or do you want to troubleshoot the syslog problem in this thread?

agipkcolon Wed, 09/17/2008 - 19:25

both. It was strange for me that both things don't work for the same device.

but syslog has more priority for me as we need to trace any changes.

Joe Clarke Wed, 09/17/2008 - 21:07

First, check the syslog message file to make sure this switch's messages are actually making it to the server. If so, post a message that makes it to this file, but does not appear in the syslog report. Also, post your NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/filters.dat

file.

agipkcolon Wed, 09/17/2008 - 22:16

1676: Sep 18 11:09:03 KZ: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (10.191.104.187)


This message is received by second configured logging server.


I already checked filters and don't see anything wrong. At least I receive the same syslog messages from other devices.




Attachment: 
Joe Clarke Wed, 09/17/2008 - 22:37

Yes, the filters are fine. What do you mean that the message is received by the second configured logging server? Does the message show up in the CiscoWorks' servers message file (i.e. /var/log/syslog_info on Solaris or syslog.log on Windows)?

agipkcolon Thu, 09/18/2008 - 01:59

I meant that I configured the second logging server on that switch just to make sure that swtich sends syslog messages.


How can I decrease the size of the syslog.log file? I run purge for syslog for all messages, but the size is still the same, 11Gb

Joe Clarke Thu, 09/18/2008 - 05:49

You can rotate the log file using NMSROOT\bin\logrot.pl. Logrot's documentation can be found in the Common Services online help. Just search for logrot. Basically, you'll configure logrot using NMSROOT\bin\perl NMSROOT\bin\logrot.pl -c. Once you have it configured, just run NMSROOT\bin\perl NMSROOT\bin\logrot.pl to rotate the configured log files.

agipkcolon Thu, 09/18/2008 - 07:16

ok, thank you. I will use your advice. for the moment I just renamed the old syslog.log file to new name and after starting cwcs syslog service I have got new syslog.log file.


And I see syslog messages coming from problem switch. So why I don't see them in CW?



Joe Clarke Thu, 09/18/2008 - 07:21

Now you need to edit NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Collector.properties, set the DEBUG_LEVEL to DEBUG. Then restart SyslogCollector. Generate a new message, and verify it makes it to the syslog.log. Then post the message and the SyslogCollector.log.

Joe Clarke Thu, 09/18/2008 - 21:06

pdterm SyslogCollector SyslogAnalyzer

pdexec SyslogCollector SyslogAnalyzer

agipkcolon Thu, 09/18/2008 - 21:22

I did it through CS>Server>Admin>Processes

but seems Syslog collector can't find collector.properties file.

and yes, I can see syslog message from problem device in syslog.log



Joe Clarke Thu, 09/18/2008 - 21:25

You need to restart the SyslogAnalyzer process as well so that SyslogCollector starts processing the syslog.log file. Use the commands I posted. You also need to post a message that was generated, and showing up in the syslog.log file, after you restart these processes.

agipkcolon Thu, 09/18/2008 - 21:43

here you are, Joe


Sep 19 10:36:12 10.191.88.38 3660: Sep 19 10:35:26 KZ: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (10.191.104.187)


but strange thing - I can see now this syslog message in CW. But before restarting both processes there was nothing.



Joe Clarke Thu, 09/18/2008 - 21:46

Yeah, it looks okay in the log. If the problem happens again, you'll know what to collect.

agipkcolon Thu, 09/18/2008 - 21:55

Joe, thanks a lot for helping.

The only thing that I did this morning is deleted and created that device again.

Probably after restarting syslog collector and analyzer processes problem was fixed.


But I have at least 5 more devices that I know have the same problem.


Will we go the whole troubleshooting process again?


I will try to recreate one more problem device, restart processes and check if the problem is fixed.

Correct Answer
Joe Clarke Thu, 09/18/2008 - 21:58

Yes, you have to first verify the messages are making it to the server, then you need to check the SyslogCollector.log to make sure they're being processed correctly.

Actions

This Discussion