01-09-2009 07:17 AM
I am no longer seeing any entries when I run a syslog severity level summary report. This appears to have stopped working on 11/25/08. I am attaching all logs I could find with syslog in the name. Let me know if I can provide anything else to help me troubleshoot. Thanks.
01-09-2009 11:39 AM
Please post the output of the pdshow command. Also, verify the messages are still making it to the server, and showing up in the syslog.log file. What do you see if you go to RME > Tools > Syslog > Collector Status?
01-09-2009 12:16 PM
The last entry in syslog.log is 12/5/2008. Looking through the event log, I noticed that these Microsoft patches were applied on 12/5:
KB957097
KB890830
KB954430
KB955069
KB958644
Are any of these know to cause problems?
The file size is also very large (13,410,370 could that be a problem too?) I am attaching pdshow output and screenshot of collector status. Thanks
01-09-2009 04:40 PM
This tells me the syslog.log file is not receiving new messages. Please post the output of:
netstat -a -n -o -b
You might also run:
logview E:\PROGRA~1\CSCOpx\log\syslog.log
And watch to make sure syslog messages are arriving in this file.
A syslog.log of 13 MB is not too bad. However, you can configure logrot to manage this file. Go to Common Services > Server > Admin > Log Rotation to configure it.
01-10-2009 11:30 AM
01-11-2009 09:01 AM
This indicates our syslog daemon is bound to udp/514. So if you don't see new messages in the syslog.log file, I wonder if there is a host-based firewall blocking them (e.g. Windows Firewall, CSA, etc.).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: