01-09-2009 07:17 AM
I am no longer seeing any entries when I run a syslog severity level summary report. This appears to have stopped working on 11/25/08. I am attaching all logs I could find with syslog in the name. Let me know if I can provide anything else to help me troubleshoot. Thanks.
01-09-2009 11:39 AM
Please post the output of the pdshow command. Also, verify the messages are still making it to the server, and showing up in the syslog.log file. What do you see if you go to RME > Tools > Syslog > Collector Status?
01-09-2009 12:16 PM
The last entry in syslog.log is 12/5/2008. Looking through the event log, I noticed that these Microsoft patches were applied on 12/5:
KB957097
KB890830
KB954430
KB955069
KB958644
Are any of these know to cause problems?
The file size is also very large (13,410,370 could that be a problem too?) I am attaching pdshow output and screenshot of collector status. Thanks
01-09-2009 04:40 PM
This tells me the syslog.log file is not receiving new messages. Please post the output of:
netstat -a -n -o -b
You might also run:
logview E:\PROGRA~1\CSCOpx\log\syslog.log
And watch to make sure syslog messages are arriving in this file.
A syslog.log of 13 MB is not too bad. However, you can configure logrot to manage this file. Go to Common Services > Server > Admin > Log Rotation to configure it.
01-10-2009 11:30 AM
01-11-2009 09:01 AM
This indicates our syslog daemon is bound to udp/514. So if you don't see new messages in the syslog.log file, I wonder if there is a host-based firewall blocking them (e.g. Windows Firewall, CSA, etc.).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide