LMS 3.1 and ASA 5505

Answered Question
Jan 29th, 2009
User Badges:

I have an issue with an ASA 5505's syslog data being seen in RME. The data is arriving at the LMS server because the data is seen in the unidentified report. The other unusual symptom is the "Device Alert Identifier" has a red exclamation point after the ID number.... Version is 7.2(2)... I have another ASA 5505 running 8.0.(4) that is configured the same but is working correctly... Please don't tell me its a version issue. Thanks in advance.

Correct Answer by Joe Clarke about 8 years 5 months ago

Good. There is actually another bug filed for this problem, CSCsu88608. THAT bug should be fixed. The problem is once a device is added to the unexpected devices cache, it is not purged once it gets managed by RME. Therefore, SyslogAnalyzer must be manually restarted to purge the cache.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Thu, 01/29/2009 - 11:41
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

If messages are showing up in the unexpected devices report, then RME cannot map the messages to a managed device. How do the messages appear in the syslog message log on the server? How is the device showing up in LMS? Please post a screenshot showing this exclamation mark issue. This sounds like something completely unrelated to the syslog issue.

swhite2031 Thu, 01/29/2009 - 11:55
User Badges:

Thanks for the quick reply... the syslog message looks like the attachment syslog.txt. LMS does see the ASA.. It was discovered. You are right regarding the exclamation mark, it was an error that this morning the ASA became temporarily unreachable...



Attachment: 
swhite2031 Thu, 01/29/2009 - 13:07
User Badges:

Issue Resolved... found the answer in the release notes for RME. CSCSa57752 matched my issue exactly... Restarting the syslog analyzer process fixed the issue...

Correct Answer
Joe Clarke Thu, 01/29/2009 - 13:15
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Good. There is actually another bug filed for this problem, CSCsu88608. THAT bug should be fixed. The problem is once a device is added to the unexpected devices cache, it is not purged once it gets managed by RME. Therefore, SyslogAnalyzer must be manually restarted to purge the cache.

Actions

This Discussion