LMS31 RME Analyzer not talking to Collector on same server

Unanswered Question
Jun 17th, 2009

Environment: LMS 3.1, Windows 2003, Syslog Analyzer and Collector processes running on the same server

All of my RME syslog reports are empty, but the syslog.log file has about 9MB of good syslogs in it.

I only have the default filters available, and all are set to disabled.

In the SyslogAnalyzer.log:

I'm getting the following message "Server certificate chain does not end with trusted root cert!" The Analyzer and Collector are on the same server, but we have ssl enabled with the certificate issued to the fully qualified name of the lms31 server. Initially, the collector status page listed only the hostname of the LMS server, so I deleted it and created a new one with the fully qualified name of the server, and rebooted. I'm still getting the "Server certificate chain does not end with trusted root cert!".

In the SyslogAnalyzerUI.log:

I'm getting "Unable to initialize logging infrastructure for localization".

The SyslogCollector.log:

says "Unable to resurrect connection to a subscriber.

I'm also receiving the Server certificate chain does not end with trusted root cert!" message in this log.

This log also contains a warning saying it can't find the collector properties file in the c:\Progra~1\CSCOpx\MDC\Tomcat\webapps\rme\WEB-INF\classes\C:\c:Progra~1\....\collector.properties. I checked and the collector.properties file is in the correct place and I didn't see anything unusual with the file.

I assume my problem is related to certificates, but I'm not sure what to try. When I connect from a browser on an other computer to the LMS server, I receive the SSL connection with no problem.

1. I was wondering if anyone could please suggest some troubleshooting steps.

2. I'm not sure if and how to trigger the Analyzer to get data from the collector after I make a change. This makes it a bit hard to troubleshoot since I don't know how long to wait to see the effect of my change. Once they synch up properly, does the Analyzer suck up all the old data from the collector, or does it only get the new messsages since they last synched up properly.

3. I'd like to perform direct SQL queries to the database to see if the database has any syslog information in it, but I'm not sure how to do this.

Thanks in advance!

--Max

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Wed, 06/17/2009 - 08:48

Your filters are the most likely problem. Please post NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/filters.dat.

Also, please post a screenshot of the RME > Tools > Syslog > Collector Status screen.

Joe Clarke Wed, 06/17/2009 - 09:44

Everything looks fine here. In fact, I see evidence that the syslog system is working. You should have 243 messages in your RME database since 6/17 0919 local time.

How are you running your syslog reports? What messages are in the syslog.log?

max12341234 Wed, 06/17/2009 - 10:57

Wow, that is very interesting.

I run the reports in RME by Reports->Report Generator Selecting Syslog on the first pull-down menu and the report on the second pull-down menu. Then I click on all devices and then Finish.

I've attached a sample report when I ran the "Custom Summary Report" but I get 0 results in all of the reports.

--Max

Joe Clarke Wed, 06/17/2009 - 11:13

None of these messages would match any of the custom reports. Try running the syslog 24 hour report for the past 24 hours. If you select all devices, that should show you something.

If it doesn't, there is a possibility that 10.4.9.251 is not being managed by RME. In that case, check the Syslog > Unexpected Devices Report.

max12341234 Wed, 06/17/2009 - 11:47

Hi JClarke,

Thanks for your input. I've been trying all of the reports, and I just tried both the 24 hour report and the unexpected devices report.

Neither returned any records.

Is there any way I can execute SQL querries against the database to check if there is any data in there?

--Max

Joe Clarke Wed, 06/17/2009 - 12:15

Direct database access is not supported. You could get a procedure for getting troubleshooting access by opening a TAC service request. You can also check the AnalyzerDebug.log for SyslogAnalyzer errors. The Collector is working fine, but perhaps there is a problem with the Analyzer not being able to insert messages into the RME database.

Actions

This Discussion