LMS 3.0 - Syslog Report is empty

Unanswered Question
Dec 29th, 2008
User Badges:

we have a LMS 3.0 running on Solaris 9, and we have a problem with the syslog report function.


From RME, the syslog reports does not show any logs.


The collector status looks OK, there are logs being forwarded.


/var/log/syslog_info contains recent logs from the devices.


I checked the timezone settings:

* The switches and routers are configured with UTC time zone:

Dec 22 11:27:04 <device1> 15647028: Dec 22 03:27:03 UTC: %SEC-6-IPACCESSLOGP: list MBR-s1/7-Filter-in denied udp 192.168.24.165(137) -> 192.168.24.255(137), 1 packet


* The server is configured with SGT timezone (GMT+8)


* The syslog collector is configured with CCT timezone (GMT +8)


# Timezone related properties

TIMEZONE=CCT

COUNTRY_CODE=SGP

TIMEZONE_FILE=$NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/fcss/data/TimeZone.lst


# General properties

SYSLOG_FILES=/var/log/syslog_info

DEBUG_CATEGORY_NAME=SyslogCollector

DEBUG_FILE=/var/adm/CSCOpx/log/SyslogCollector.log


Need your expert advise what else do we need to check.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
Loading.
Joe Clarke Tue, 12/30/2008 - 00:06
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Check the unexpected devices report to see if the messages are showing up there. If the messages are being forwarded from the Collector to the Analyzer, then they must be getting into the database. If your standard report doesn't show them, then the unexpected report must.


If they are in the unexpected devices report, then RME is unable to map those messages to a managed device.

Joe Clarke Tue, 12/30/2008 - 17:41
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

In the Collector.properties file, set DEBUG_LEVEL to DEBUG, then restart SyslogCollector. Generate at least one syslog message that should be forwarded to the Analyzer, then post the SyslogCollector.log.

dany.datacraft Fri, 01/02/2009 - 01:58
User Badges:

Solved the problem by:

- Regenerate self-signed certificate

- Unsubscribe/subscribe the syslog collector

- Restarted syslog collector and syslog analyzer processes


thanks for all the pointers so far...

Actions

This Discussion