Syslog from devices NOT Cisco

Unanswered Question
Oct 13th, 2009
User Badges:

Is it possible to receive on LMS CW 3.1, syslogs from devices that are not Cisco?

We have tried it with some Cisco devices that where not on CW LMS, and they appear in the Unexpected Devices Report. Now we want to receive syslogs from Motorola and F5, but they don't appear anywhere.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Martin Ermel Tue, 10/13/2009 - 02:50
User Badges:
  • Blue, 1500 points or more

syslog messages must be in a specific format (EMBLEM) to show up in the unexpected device report.

on your server all incomming messages on UDP 514 will be stored in the syslog flat file which is located

on windows in

NMSROOT\log\syslog.log

on solaris

/var/log/syslog_info


(with NMSROOT being you installation directory, default is C:\Program Files\CSCOpx)


a process picks-up all messages in EMBLEM format applying the RME Syslog filter definition and stores the messages in the LMS syslog database. The RME reports are generated based on the infromation in the syslog database.

Thus said, i doubt that Motorola and F5 are sending in EMBLEM format, but for some devices (like Cisco ASA ) you can define the syslog format. But the messages should be in the flat file.


cmartinvalle Wed, 10/14/2009 - 06:49
User Badges:

Hi,

and could CiscoWorks read syslog messages from another syslog file?

Regards.

Martin Ermel Wed, 10/14/2009 - 08:32
User Badges:
  • Blue, 1500 points or more

CiscoWorks Syslog daemon can only read from one definite file. Per default it is called syslog.log (windows) or syslog_info (solaris). If you want to change this, there is a script available to do so:

NMSROOT/bin/syslogConf.pl


http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.2/user/guide/cwcli.html#wp1314640


I am not sure about what you want to achieve. All syslog messages that reach your LMS server are in the above mentioned file but only some will make their way into the syslog database of LMS. Only those messages being in the syslog DB can be shown in any of the syslog reports of RME.

I think your question is how to get other syslog messages (non Cisco) into the LMS syslog DB.

First, a message must be in EMBLEM format, second it must pass the syslog filter definitions in RME.

I would say the first will be the biggest problem because EMBLEM is a Cisco proprietary format.


Unfortunatly, I do not know of a way to achieve this in LMS.


(If I would be better in programming I would like to add a console (as a portlet?) to show up syslog messages in real-time (based on device grouping) beside the reports - if you know someone...)


Actions

This Discussion