zero record syslog reports

Unanswered Question

I am getting reports of 0 records when running reports on at least one switch that is sending data to LMS. RME version is 4.1.1. I've viewed syslog.log and it contains the messages from the switch. I've disabled all message filters but still get nothing from any reports on the device. Ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Thu, 08/27/2009 - 12:18

Disabling all message filters is probably the problem. If you disable all filters, make sure the mode is set to KEEP instead of the default DROP.

Joe Clarke Thu, 08/27/2009 - 12:28

Post the output of the pdshow command as well as some of the sample messages not appearing in your syslog reports.

Joe Clarke Fri, 08/28/2009 - 09:31

This looks okay. Post the SyslogCollector.log and AnalyzerDebug.log.

Joe Clarke Fri, 08/28/2009 - 09:51

This all looks healthy. In fact, I'm seeing evidence that syslogs are being processed. Exactly what reports are you running, and how are you running them? Post a screenshot of RME > Tools > Syslog > Syslog Collector Status.

I'm trying to run 24 hour reports on the devices in question. But even standard reports return zero records. A show logging from the devices via telnet shows plenty of snmp authentication failures within the past 24 hours but all reports return zero records. The messages are in the syslog.log file... I just checked again. The only difference being that I run the report based on host name while the log file shows the IP address for the device. The server is getting the data but RME won't show it in a report. The messages I posted earlier should show up in a 24 hour report correct?

Joe Clarke Fri, 08/28/2009 - 10:16

Yes, they should. Try running an Unexpected Devices Report to see if the syslog messages show up there. Also, post the NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/filters.dat file.

Joe Clarke Fri, 08/28/2009 - 10:32

Enable SyslogAnalyzer debugging under RME > Admin > System Preferences > Loglevel Settings, regenerate some new messages, then re-post the AnalyzerDebug.log along with the messages that were generated.

Joe Clarke Mon, 08/31/2009 - 08:44

According to this, device device generating the SEC-6-IPACCESSLOGP message is not properly managed by RME. It is either in a suspended state or a conflicting state. You need to fix that problem by either resuming management of the device, or correcting the device type.

The same is true for the CONFIG_I message and the AUTHFAIL message.

Joe Clarke Mon, 08/31/2009 - 09:44

There must be a failure getting the current device state, then. Post the EssentialsDM_Server.log and EssentialsDM.log.


This Discussion