no syslog received on syslog.log

Unanswered Question
Sep 11th, 2009

I've LMS 2.6 (CS 3.0.5 and RME 4.0.5) on windows 2003 SP2. In the NMSROOT\log\syslog.log, i don't receive any syslog message. All my devices are well configured to send syslog to the LMS.

All CiscoWorks and CWCS services are well started.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
olivier.daures Fri, 09/11/2009 - 03:03

There are NO firewalls and no ACL between all the devices and the ciscoworks server.

Vinod Arya Fri, 09/11/2009 - 07:52

Please check if the crmlog services are started. Else execute net start crmlog from the server (commamd prompt).

try to delete the syslog.log (or rename if it has already some logs on it) from the server and restart daemon manger #

To Stop #

net stop crmdmgtd

To Start #

net start crmdmgtd

check the syslog.log should be there automatically and try generating some log messages on devices if they come through.

olivier.daures Fri, 09/11/2009 - 08:09

I've restarted the server and it is ok now, i receive syslog messages in the syslog.log file.

But when i try to generate a standard report from RME/Reports/Report Generator, i don't see any syslog messages.

In the attached file, u can see the config of the message filter

Attachment: 
Vinod Arya Fri, 09/11/2009 - 08:46

Check if the syslog collector is subscribed properly or not.

Check RME >Tools> Syslog> Syslog Collector status to check if the syslog collector has forwarded and other messages coming there or not.

Unsubscribe (is subscribed ) and resubscribe entring the LMS server IP Address.

wait for some time and check if the messages are there.

Only if the Syslog Collector is subscribed properly to collect messages

from syslog.log , the reports will be generated.

Vinod Arya Fri, 09/11/2009 - 09:15

So there should also be a report.

It could be if you are trying to generate a report for those devices which havent sent any syslog messges yet and they are not in the SyslogDb.

try generating a syslog report last 24 hour summary for all the devices and they should show all the syslog messges on it.

Check filter settings too.

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/syslog.html#wp1150419

olivier.daures Fri, 09/11/2009 - 09:51

I send you an extract of the syslog.log file

I send you a standard report which shows NO messages

I send you a screenshot of one of the device which sent a syslog seen in the syslog.log and well managed in RME

You can see that i still have a problem :-(

Vinod Arya Fri, 09/11/2009 - 12:17

Please check if the syslog Collector and analyzer is working properly or not.

Post the output of :

pdshow SyslogCollector && pdshow SyslogAnalyzer

(from command prompt and this is case sensitive)

Vinod Arya Tue, 09/15/2009 - 05:21

With this, all it points towards the filters issue.

Please check and refresh the filter settings if they are blocking all the syslog messages.

Try to keep all of them in Keep and Enable mode once and check if the reports are coming through.

Please post filters.dat and please check the syslog FAQ :

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/3.5/faq/ug_appa.html#wp1003948

Vinod Arya Tue, 09/15/2009 - 08:54

The filter seems to be stuck.

Refresh it, make it drop and restart daemon and then keep it again.

Vinod Arya Fri, 09/11/2009 - 09:48

So there should also be a report.

It could be if you are trying to generate a report for those devices which havent sent any syslog messges yet and they are not in the SyslogDb.

try generating a syslog report last 24 hour summary for all the devices and they should show all the syslog messges on it.

Check filter settings too.

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/syslog.html#wp1150419

Richard Burts Fri, 09/11/2009 - 03:48

Olivier

Is it possible that somewhere in the data path there are access lists or a firewall that are not permitting the syslog to get through? What is the topology between your devices and your server?

HTH

Rick

Actions

This Discussion