Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1366
Views
10
Helpful
5
Replies

Ciscoworks Syslog not showing any logs

Go to solution
dominic.colson
Level 1
Level 1

‎03-20-2009 03:23 AM

Facing problem with the syslog collector. No message counters are displaying or increasing in the forward of syslog collector. Able to receive the traps sent from all the devices within the KIWI syslog software which i had temparory installed on LMS server. Kiwi was just used to verify if the traps are reaching the ciscoworks server.I had even done the unsubscribe & subscribing the server in the syslog collector. User casusers has full rights to execute.Recently there was problem with the files of Syslogfirst.log,SyslogSecond.log & Syslogthird.log. I had used the DBSpaceReclaimer utility. The logs are not there for last 6 months.

Can anybody guide me for this problem faced.

Labels:
13896-SyslogCollector.log
145 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to dominic.colson

‎03-23-2009 09:23 AM

That's TCP port 514. There is nothing bound to UDP port 514. Run the following:

net start crmlog

You should then start to see syslog messages being written to syslog.log.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎03-20-2009 12:15 PM

What is the All Events filter specifically? What messages are you receiving in syslog.log that you think should be logged?

Go to solution
dominic.colson
Level 1
Level 1
In response to Joe Clarke

‎03-21-2009 01:55 PM

All events filter specify that it should get any traps(*) from any devices(*).

The syslog.log file is empty. not a single trap is present in it.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to dominic.colson

‎03-21-2009 02:00 PM

First, syslog messages are NOT traps. Traps are SNMP messages sent to udp/162. Syslog messages are textual messages sent to udp/514. The crmlog service binds to UDP port 514, and receives syslog messages only.

If you are sending syslog messages from your devices to the LMS server, make sure that Kiwi is shutdown, and make sure the CWCS syslog services (i.e. crmlog) is running. If you run netstat -a -n -o -b, you should see the crmlog.exe process bound to UDP port 514.

Once this has been verified, you should start seeing messages in syslog.log. Once that happens, SyslogCollector will read them, filter them, then pass them up to SyslogAnalyzer. SyslogAnalyzer will write the messages into the RME database.

Go to solution
dominic.colson
Level 1
Level 1
In response to Joe Clarke

‎03-23-2009 01:01 AM

After entering the netstat -a -n -o -b command , 514 port was assigned to crmrsh.exe. I had attached the output of the command

57 KB
0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to dominic.colson

‎03-23-2009 09:23 AM

That's TCP port 514. There is nothing bound to UDP port 514. Run the following:

net start crmlog

You should then start to see syslog messages being written to syslog.log.

0 Helpful
Customers Also Viewed These Support Documents