syslog alerts and syslog message windows showing "NO DATA IS AVAILABLE"

Unanswered Question
Feb 1st, 2010

Hi folks,


I have a kiwi syslog server and it is working. I want to fordward the logs to Ciscoworks. On kiwi syslog, I entered the IP of CW server, but Im not seeing anything on syslog alerts and syslog message windows, both windows showing "NO DATA IS AVAILABLE". I've tested syslog polling on a test switch and I can get alerts etc, but not when fordward from kiwi syslog server?


What have I done wrong and what else can I try?


Thank you for your input...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Mon, 02/01/2010 - 07:23

How does Kiwi forward the messages?  That is, does it spoof the soure device IP, or does it use its own IP address for the source address?  If the latter, then what you are seeing is expected.  RME will have no way of tying the messages to the device that actually sent them.  If the former, then make sure the messages are first showing up in the LMS syslog log file (i.e. NMSROOT/log/syslog.log on Windows and /var/log/syslog_info on Solaris).

baotran09 Mon, 02/01/2010 - 07:54

Hi Joe,


Ive looked at NMSROOT/log/syslog.log and I can see kiwi logs is in syslog.log.


What do I need to configure in oder to view it in SYSLOGS ALERTS AND SYSLOG message porlet?

Joe Clarke Mon, 02/01/2010 - 11:46

Are the messages appearing in the log with the address of the device, or with that of the Kiwi server?

baotran09 Mon, 02/01/2010 - 19:16

The messages appearing in the log with the address of the devic. Below is the log in syslog.log:


Jan 28 17:26:12 Original Address= %ISDN-6-CONNECT: Interface Serial0/0/0:8 is now connected to xxxxxxxx N/A

Jan 28 17:26:35   Original Address= %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0/4, changed state to down

Jan 28 17:26:35   Original Address= %LINK-3-UPDOWN: Interface FastEthernet2/0/4, changed state to up

Jan 28 17:26:35   Original Address= %LINK-3-UPDOWN: Interface FastEthernet2/0/4, changed state to down


How come its not showing in the porlet? Did i miss something?


Thanks for your help Clarke

Joe Clarke Mon, 02/01/2010 - 20:16

The syslog message is not properly formatted.  The "Original Address" field is not part of a standard Cisco syslog message.  If Kiwi cannot transparently spoof the sender's IP, then you will not be able to forward syslogs from Kiwi to RME.

Actions

This Discussion