CWCS Syslog Service Stops Automatically when started

Unanswered Question

We are using LMS 3.0.1. Presently we are using a RSAC (remote syslog collector) and running the analyzer in the LMS server running RME. Recently we are experiencing that the CWCS Syslog Service fails to start by throwing a message "Some services stop if they don't have any work to do"whereas the pdshow command shows the SyslogAnalyzer service to be running. Also checked that none of the syslog database files (SyslogFirst.db, SyslogSecond.db and SyslogThird.db)are getting updated althouth the collector registration status is successfull and messages are also getting updated in the collector.

Pls help...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Tue, 05/19/2009 - 08:52

This typically points to some other service bound to UDP port 514. Check the output of netstat -a -n -o -b to see what process that is. Stop this process, then start crmlog, and syslog processing should start to work.

I tried this and found the service "crmsh.exe" running on port UDP 514 so i stopped the service "CWCS rsh/rcp service" and found that no service is running on port 514 and then tried starting the service "crmlog" using the command "net start crmlog" but it failed to start without even reporting any error.

Also when I look into the "SyslogAnalyzer.log" file under the log directory i found the below mentioned messages stating it could not connect to the DB. Pls help.

com.cisco.nm.rmeng.sa.common.SAException: Could not connect to DB!

at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.(SyslogAnalyzerEngine.java:299)

at com.cisco.nm.rmeng.sa.SyslogAnalyzerService.main(SyslogAnalyzerService.java:105)

Joe Clarke Tue, 05/19/2009 - 22:38

No, crmrsh binds to TCP port 514. This is fine. Post the output of netstat -a -n -o -b from this server along with the SyslogAnalyzer.log and the output of the pdshow command.

Joe Clarke Wed, 05/20/2009 - 08:27

There does not appear to be a current issue with SyslogAnalyzer. The problem with syslog is that crmlog is not starting. Check the Windows Event Viewer for any crmlog-related errors. Also, check the syslog_debug.log for any errors after you try and start the crmlog service.

Actions

This Discussion