Invalid Syslog Messages

Answered Question
Jul 1st, 2009

We are running Ciscoworks 3.1 with RME 4.2.0 and have about 600 devices sending syslog messages to the server. In the Syslog Collector Status we see a small number of Invalid messages.

How can I figure out which devices are sending the Invalid syslog messages? If I copy the syslog.log file from the server, what do I need to search for to identify Invalid messages and is there any documentation on CCO that defines what Ciscoworks Syslog Collector considers an Invalid message format?

I have this problem too.
0 votes
Correct Answer by yjdabear about 7 years 5 months ago

One possible source of invalid logs is PIX firewalls sending syslogs in non-EMBLEM format.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
yjdabear Wed, 07/01/2009 - 06:38

One possible source of invalid logs is PIX firewalls sending syslogs in non-EMBLEM format.

BRANDON PORTER Wed, 07/01/2009 - 07:53

We have an FWSM module and several ASA-5505 all reporting syslog messages to Ciscoworks successfully using the Emblem format.

I'll check with the rest of my group to see if there are any other PIX devices that we don't manage that might be configured to forward syslog messages to our Ciscoworks server.

Thanks.

BRANDON PORTER Wed, 07/01/2009 - 07:55

We have an FWSM module and several ASA-5505 all reporting syslog messages to Ciscoworks successfully using the Emblem format.

I'll check with the rest of my group to see if there are any other PIX devices that we don't manage that might be configured to forward syslog messages to our Ciscoworks server.

Thanks.

Actions

This Discussion