cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
720
Views
0
Helpful
7
Replies

LMS31 RME Analyzer not talking to Collector on same server

max12341234
Level 1
Level 1

Environment: LMS 3.1, Windows 2003, Syslog Analyzer and Collector processes running on the same server

All of my RME syslog reports are empty, but the syslog.log file has about 9MB of good syslogs in it.

I only have the default filters available, and all are set to disabled.

In the SyslogAnalyzer.log:

I'm getting the following message "Server certificate chain does not end with trusted root cert!" The Analyzer and Collector are on the same server, but we have ssl enabled with the certificate issued to the fully qualified name of the lms31 server. Initially, the collector status page listed only the hostname of the LMS server, so I deleted it and created a new one with the fully qualified name of the server, and rebooted. I'm still getting the "Server certificate chain does not end with trusted root cert!".

In the SyslogAnalyzerUI.log:

I'm getting "Unable to initialize logging infrastructure for localization".

The SyslogCollector.log:

says "Unable to resurrect connection to a subscriber.

I'm also receiving the Server certificate chain does not end with trusted root cert!" message in this log.

This log also contains a warning saying it can't find the collector properties file in the c:\Progra~1\CSCOpx\MDC\Tomcat\webapps\rme\WEB-INF\classes\C:\c:Progra~1\....\collector.properties. I checked and the collector.properties file is in the correct place and I didn't see anything unusual with the file.

I assume my problem is related to certificates, but I'm not sure what to try. When I connect from a browser on an other computer to the LMS server, I receive the SSL connection with no problem.

1. I was wondering if anyone could please suggest some troubleshooting steps.

2. I'm not sure if and how to trigger the Analyzer to get data from the collector after I make a change. This makes it a bit hard to troubleshoot since I don't know how long to wait to see the effect of my change. Once they synch up properly, does the Analyzer suck up all the old data from the collector, or does it only get the new messsages since they last synched up properly.

3. I'd like to perform direct SQL queries to the database to see if the database has any syslog information in it, but I'm not sure how to do this.

Thanks in advance!

--Max

7 Replies 7

Joe Clarke
Cisco Employee
Cisco Employee

Your filters are the most likely problem. Please post NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/filters.dat.

Also, please post a screenshot of the RME > Tools > Syslog > Collector Status screen.

Hi Jclarke,

Thanks a lot. The files are attached.

Everything looks fine here. In fact, I see evidence that the syslog system is working. You should have 243 messages in your RME database since 6/17 0919 local time.

How are you running your syslog reports? What messages are in the syslog.log?

Wow, that is very interesting.

I run the reports in RME by Reports->Report Generator Selecting Syslog on the first pull-down menu and the report on the second pull-down menu. Then I click on all devices and then Finish.

I've attached a sample report when I ran the "Custom Summary Report" but I get 0 results in all of the reports.

--Max

None of these messages would match any of the custom reports. Try running the syslog 24 hour report for the past 24 hours. If you select all devices, that should show you something.

If it doesn't, there is a possibility that 10.4.9.251 is not being managed by RME. In that case, check the Syslog > Unexpected Devices Report.

Hi JClarke,

Thanks for your input. I've been trying all of the reports, and I just tried both the 24 hour report and the unexpected devices report.

Neither returned any records.

Is there any way I can execute SQL querries against the database to check if there is any data in there?

--Max

Direct database access is not supported. You could get a procedure for getting troubleshooting access by opening a TAC service request. You can also check the AnalyzerDebug.log for SyslogAnalyzer errors. The Collector is working fine, but perhaps there is a problem with the Analyzer not being able to insert messages into the RME database.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: