yjdabear Fri, 02/05/2010 - 11:46
User Badges:
  • Gold, 750 points or more

You mean you're getting those network syslogs while logged in on the LMS server? In that case, you probably have a misconfiguration in /etc/syslog.conf. Can you post /etc/syslog.conf in its entirety?


A second issue is that the device "rougrx1" has a CPU hog condition.

jorgelina.abraham Fri, 02/05/2010 - 12:23
User Badges:

Thanks very much!


Here the file:


[email protected] # more syslog.conf

#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */

#

# Copyright (c) 1991-1998 by Sun Microsystems, Inc.

# All rights reserved.

#

# syslog configuration file.

#

# This file is processed by m4 so be careful to quote (`') names

# that match m4 reserved words.  Also, within ifdef's, arguments

# containing commas must be quoted.

#

*.err;kern.notice;auth.notice                   /dev/sysmsg

*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages

*.alert;kern.err;daemon.err                     operator

*.alert                                         root

*.emerg                                         *

# if a non-loghost machine chooses to have authentication messages

# sent to the loghost machine, un-comment out the following line:

#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)

mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)

#

# non-loghost machines will use the following lines to cause "user"

# log messages to be logged locally.

#

ifdef(`LOGHOST', ,

user.err                                        /dev/sysmsg

user.err                                        /var/adm/messages

user.alert                                      `root, operator'

user.emerg                                      *

)

# Added for Cisco Syslog Analyzer (begin)

local7.info             /var/log/syslog_info

# Added for Cisco Syslog Analyzer (end)

#BEGIN CSCOmd - DO NOT EDIT THESE COMMENTS OR CONTENTS CONTAINED WITHIN - local1

1

#

local1.emerg;local1.alert;local1.crit;local1.err;local1.warning;local1.notice;lo

cal1.info;local1.debug  /var/adm/CSCOpx/log/dmgtd.log

#

#END CSCOmd DO NOT EDIT BEFORE THIS LINE  1

[email protected] #

[email protected] #

Joe Clarke Sat, 02/06/2010 - 09:17
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You want to add local7.none to some of those other lines.  For example


local7.none;*.alert          root


Any line which has "local7.none" on it will not receive messages from the local7 facility (i.e. syslog messages from your devices).

Actions

This Discussion