Syslog clarification LMS3.2

Answered Question
Apr 8th, 2010

Hi All,

I need some clarification about the syslog.

1) Syslog is enabled in LM3.2 installation time. where the log files are stored?

2) Syslog configuration is in which module?

3) Enabled the logging configuration int he switches, but i am nott getting the logs in the syslog .

Kindly advice how to enable syslog setting in the LMS.

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 6 years 8 months ago

According to these screenshots, syslog is working just fine.  You have 83 messages which were forwarded by the SyslogCollector to the SyslogAnalyzer, and should now be in the RME database.  You should be able to run a syslog report, and see those messages.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Thu, 04/08/2010 - 16:18

These questions are quite generic, and will have different answers based on things like platform, and aspects of "syslog."  It is true that no configuration is really required on the server to get syslog working (on either platform).

So, on what platform is LMS installed?  Exactly what do you need to know about syslog (e.g. logging to a raw file, reporting, actions, etc.)?  It sounds like you need to know about logging the messages to a raw file.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

subashmbi Fri, 04/09/2010 - 09:37

Hi Clarke,

Thanks for the update.

LMS is installed in the windows platform.

in my devices the logging severity is configured as informational. i need to get these device reports to the LMS syslog file..

Joe Clarke Fri, 04/09/2010 - 23:42

Then check the NMSROOT/log/syslog.log.  All messages sent to the LMS server should appear there.  Again, no configuration is required on the LMS server to make this happen.  If you do not see messages there, then the messages must not be making it to the LMS server.  Verify that UDP port 514 is open between the device and server.

subashmbi Sat, 04/10/2010 - 01:01

How the Syslog logging message sequence is working?

Kindly clarify the below questions:-


1)  it will store the log message locally in the device?


2) once the logging message is full in the local device (switch/router), it will check the external server LMS?

Joe Clarke Sun, 04/11/2010 - 09:57

1. If you have logging buffered enable (and it is by default), then messages will be seen in the "show log" output on the device.  The number of messages kept in this buffer depends on the size.  Typically this is 4096 bytes, but it can be increased with the "logging buffered" config command.

2. No.  LMS receives the syslog messages at the same time the logging buffer does.  LMS will only look at the syslog messages it sees in the syslog message file on the LMS server (NMSROOT/log/syslog.log on Windows).  When a messages shows up there, it will be read by the SyslogCollector daemon.  The SyslogCollector daemon will perform any required filtering on the message, then pass all unfiltered messages to the SyslogAnalyzer.  The SyslogAnalyzer will run any configured Automated Actions, and insert the message into the RME database.  Only then will you be able to run reports and see the message.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

subashmbi Sun, 04/11/2010 - 21:27

Hi Clarke,

Thanks for the information..

I am attaching my syslog.log file (copied only 12th March logs).

Actually where the device logs are comming which location.

Attaching the screen shorts of RME-Tools output.

Enabled all the devices logging server pointing to the LMS server.

Attachment: 
Correct Answer
Joe Clarke Sun, 04/11/2010 - 21:52

According to these screenshots, syslog is working just fine.  You have 83 messages which were forwarded by the SyslogCollector to the SyslogAnalyzer, and should now be in the RME database.  You should be able to run a syslog report, and see those messages.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

rtuttle Mon, 04/12/2010 - 07:59

To Add to Joe's response, be advised that I ran into an issue a while back in that although I was recieving the syslo

g file from the Cisco WLC controller, it was a "type" that was not recognized by the CW sylog analyzer. Therefore I

saw no log files in device manager syslog viewer.

This was supposedly fixed in the "next" release, but nothing yet.

So if you run into that, ensure you know what type of syslog message is being sent out.

Actions

This Discussion