LMS 3.0 - Syslog Report is empty

dany.datacraft · ‎12-29-2008

we have a LMS 3.0 running on Solaris 9, and we have a problem with the syslog report function.

From RME, the syslog reports does not show any logs.

The collector status looks OK, there are logs being forwarded.

/var/log/syslog_info contains recent logs from the devices.

I checked the timezone settings:

* The switches and routers are configured with UTC time zone:

Dec 22 11:27:04 <device1> 15647028: Dec 22 03:27:03 UTC: %SEC-6-IPACCESSLOGP: list MBR-s1/7-Filter-in denied udp 192.168.24.165(137) -> 192.168.24.255(137), 1 packet

* The server is configured with SGT timezone (GMT+8)

* The syslog collector is configured with CCT timezone (GMT +8)

# Timezone related properties

TIMEZONE=CCT

COUNTRY_CODE=SGP

TIMEZONE_FILE=$NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/fcss/data/TimeZone.lst

# General properties

SYSLOG_FILES=/var/log/syslog_info

DEBUG_CATEGORY_NAME=SyslogCollector

DEBUG_FILE=/var/adm/CSCOpx/log/SyslogCollector.log

Need your expert advise what else do we need to check.

Joe Clarke · ‎12-30-2008

Check the unexpected devices report to see if the messages are showing up there. If the messages are being forwarded from the Collector to the Analyzer, then they must be getting into the database. If your standard report doesn't show them, then the unexpected report must.

If they are in the unexpected devices report, then RME is unable to map those messages to a managed device.

dany.datacraft · ‎12-30-2008

Checked, it's also empty.

Joe Clarke · ‎12-30-2008

In the Collector.properties file, set DEBUG_LEVEL to DEBUG, then restart SyslogCollector. Generate at least one syslog message that should be forwarded to the Analyzer, then post the SyslogCollector.log.

dany.datacraft · ‎01-02-2009

Solved the problem by:

- Regenerate self-signed certificate

- Unsubscribe/subscribe the syslog collector

- Restarted syslog collector and syslog analyzer processes

thanks for all the pointers so far...