View Syslog Messages

Unanswered Question
Jan 12th, 2009
User Badges:

Hi Experts,


I have configured Syslog Collector to run and devices to send syslog messages to Syslog Collector Address.


May I know the location to view Syslog Messages in Ciscoworks LMS3.0?


Thanks & Regards

Yi Shyuan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dany.datacraft Mon, 01/12/2009 - 01:57
User Badges:

You can view the syslog report from RME > Tools > Report Generator


The actual (unprocessed) syslog messages will be stored according to the settings under $NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Collector.properties

jeeyishyuan Mon, 01/12/2009 - 02:28
User Badges:

Hi,


Which is the correct one?

SYSLOG_FILES=$NMSROOT/log/syslog.log

- if this is the one, I don't see any relevant syslog messages from the device which I configured to send syslog.

- Most of the log entries are about CW LMS server applications.


DEBUG_FILE=$NMSROOT/log/SyslogCollector.log


DOWNTIME_DIR=$NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data


FILTER_DUMP_FILE=$NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/filters.dat

dany.datacraft Mon, 01/12/2009 - 05:33
User Badges:

This one:


SYSLOG_FILES=$NMSROOT/log/syslog.log


If you don't see any syslog message, then check:

- is the Ciscoworks Syslog service running? - If you have other syslog server software running, shut it down.

- do a sniffer trace on udp port 514 and check if the syslog packet reaches your syslog server.

- if you don't see any packet, check if any firewall blocking the packets.

jeeyishyuan Mon, 01/12/2009 - 07:54
User Badges:

Hi jclarke,


I have checked the log file and found the logs seem like firewall blocking the packets. I have posted a few strings in the text file attached with this post. Please advise.


Thanks & Regards,

Yi Shyuan



dany.datacraft Tue, 01/13/2009 - 01:50
User Badges:

Ok, so now you see your syslog messages in syslog.log?


If so, check your Syslog Collector status from Ciscoworks RME page. You need to see the number of forwarded message increasing.


If the number of forwarded message is increasing, and you don't see any messages under syslog report, check the unexpected device report.



jeeyishyuan Tue, 01/13/2009 - 06:31
User Badges:

Hi jclarke,


I have checked the forwarded messages number, it has remained the same for the past few days. Please advise.


Besides this, I also would like to clarify if Syslog collector must be remotely installed on another appliance? Or could it be running as one of the RME applications on LMS server?

dany.datacraft Wed, 01/14/2009 - 02:02
User Badges:

No, syslog collector can be running locally on the LMS server.


Re-generate the certificate:

- Common Services > Server > Security > Single-Server Management > Certificate Setup


Re-Subscribe the Collector

- Select Resource Manager Essentials > Tools > Syslog > Syslog Collector Status

- Select the current collector and click on unsubscribe

- Subscribe again the collector filling the appropriate information


Restart daemon manager

-Stop CiscoWorks daemon: net stop crmdmgtd

-wait 15 min than:

-Restart CiscoWorks daemon: net start crmdmgtd


If the number of forwarded message is still not increasing, enable debug:

- RME=>Admin=> System Preferences=> Loglevel Settings

- Select for "Syslog Analyzer" and "Syslog Analyzer User

Interface" "Logging level" = debug


Post the following files:

- \log\SyslogAnalyzer.log

- \log\SyslogAnalyzerUI.log

- \log\SyslogAnalyzerUI.log.1

- \log\SyslogAnalyzerUI.log.2

- \log\SyslogCollector.log

- \log\syslog_debug.log


jeeyishyuan Sun, 01/18/2009 - 06:37
User Badges:

Hi Dany,


Sorry for the delay to response. I have tried to unsubscribe the syslog collector which LMS has after installation. When I subscribed again the collector, it seems like the newly subscribed collector doesn't function at all.


The columns to display number of syslog messages are displaying Not Applicable. Even after I have left it for a few hours.


Is this normal? or should I try to stop and restart daemon manager after I have subscribed again the collector?

jeeyishyuan Sun, 01/18/2009 - 18:29
User Badges:

Hi Dany,


What job should I run after I have set the logging level to debug? Or should I re-subscribe the collector again?


As posted in my previous reply, I did not get a successful re-subscribe as the number of syslog messages forwarded is displayed as Not Applicable after re-subscribe. Currently, the collector is running as I did a restore from the latest backup.


What I am suspecting here is that,

Aft re-subscribe, name of Collector: LMS Server IP Address

Bef re-subscribe, name of Collector: LMS Server Name

Currently, the LMS server IP address is not resolvable with the LMS server name. Could this be the problem?


Actions

This Discussion