cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1068
Views
0
Helpful
21
Replies

Syslog messages

msalim
Level 1
Level 1

I have configured our switches with syslog traps and syslog server as LMS server, but I don't see any messages under "syslog Alerts" in RME module. The messages are collected fine on another linux box. I don't see much configuration of syslog server on LMS.

In RME, Syslog collector Status under Tools, shows 1855, 12, 1867 under Invalid,Filtered and Received respectively, but when I tried to run syslog report it doesn't show anything. I would like to collect all switches syslog messages on LMS box. Any help will be appreciated.

Thanks,

21 Replies 21

Joe Clarke
Cisco Employee
Cisco Employee

The Syslog Alerts module only shows sev 0, 1, and 2 messages. You may not have received any of these. Go to RME > Reports > Report Generator, and run a Syslog Standard Report for all your devices. Do you see anything?

I don't see any records. I did disconnect and reconnect one of the switch port to generate a message, but still didn't get anything. I did get that on another linux box.

Thanks,

Post a screenshot of RME > Tools > Syslog > Message Filters. Verify that the messages being sent by your devices are appearing in NMSROOT/log/syslog.log.

We are running LMS 3.1 on windows. What do you mean by verifing the messages being sent by your devices are appearing in NMSROOT/logs/syslog.log? I couldn't attach the screen shot file. Cut and paste of screen text is given below.

Message Filters Type: Drop Keep

Include interfaces of selected devices: Yes No

Showing 5 records

Name Status

1. Link Up/Down Message Filter Enabled

2. IOS Firewall Audit Trail Messages Enabled

3. PIX Firewall Audit Messages Disabled

4. Severity 7 Message Filter Enabled

5. Otsa switches message filter Enabled

Screen shot is attached with following thread message.

We are running LMS 3.1 on windows and not on linux. Screen shot file is attached.

Thanks,

What is the configuration for your Otsa switches filter? I know you're on Windows. The NMSROOT directory is the path into which you installed LMS. Within that directory there will be a log subdirectory. And in that subdirectory will be a file called syslog.log. Make sure your device messages are showing up in that file.

The syslog.log does show messages. Otsa switches filter screen shot is attached.

Thanks,

What are some of the messages appearing in syslog.log?

11:05:17 10.10.10.218 294: Aug 7 11:05:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/16, changed state to down

Aug 07 11:05:17 10.10.10.218 295: Aug 7 11:05:13: %LINK-3-UPDOWN: Interface GigabitEthernet0/16, changed state to down

Aug 07 11:05:21 10.10.10.218 296: Aug 7 11:05:17: %LINK-3-UPDOWN: Interface GigabitEthernet0/16, changed state to up

Aug 07 11:05:21 10.10.10.218 297: Aug 7 11:05:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/16, changed state to up

You have enabled the linkup/down filter which means those messages will be dropped. Disable this filter, generate some new messages, then run your syslog report. They should show up.

I have disabled all filters. Messages do show when I run report, but they still don't show on RME main screen under Syslog Alerts. It still shows "No Records Found".

As I said, the Syslog Alerts portlet only shows the most severe alerts (Severity 0, 1, and 2). If you are not receiving any of these, then nothing will show up in the portlet. This is actually a good thing as it means your network isn't experiencing any high-severity issues.

Is it possible to change severity level?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco