Forwarding syslog messages from LMS server to another syslog server or email server

Unanswered Question
Jul 7th, 2010
User Badges:

Hello, we use LMS 2.6 on Windows server 2003 R2, SP2. Core router (cisco 7609)  is configured to send syslog messages to LMS server. We need to send all syslog messages from core router through the LMS SERVER to e-mail server or another syslog server. We mean precisely on the messages that can be found in application Device Center, referring to the core router, under "24-hour Syslog Message Summary"(img1).

It is now configured that DFM application send e-mail notifications to our e-mail server. Also DFM is configured to send syslog notifications and SMS trap to our external syslog server. These three groups messages is relating to identical events. These are messages of the status of interfaces and links on the core router (HighErrorRate, HighUtilization, Unresponsive, OperationallyDown etc.) that LMS server classified under severity Critical.

The problem is that we also need syslog messages that indicate the hardware alarms etc. These are messages that appear under Emergencies, Errors, Warnings, Notifications etc. (severity level 3-6) and these messages we want to send to email server or another syslog server (pls see img2-4, these messages have been recorded recently).

Please help,

Best regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ustanicka Thu, 07/08/2010 - 12:56
User Badges:

Thanks for the help.

I have set up to send email and syslog messages from the RME applications. LMS server immediately started to send messages to the email server but syslog messages are not forwarded to the syslog server. Everything was done according to your instructions except that the name of the first script ( is made consistent with what the second script (.bat) refer to ( What's the problem?  Do RME sends the standard syslog messages via UDP port 514?


Joe Clarke Thu, 07/08/2010 - 16:40
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Post your .bat and .pl files as well as your Automated Action definition.  The script will send out syslog messages using udp/514 to the specified server.

Joe Clarke Sat, 07/10/2010 - 14:29
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I wanted to see what filter you setup for the Automated Action.  Also, make sure casuser has Read & Execute permissions

on C:\WINDOWS\system32\cmd.exe.

ustanicka Tue, 07/13/2010 - 07:26
User Badges:

I have added "casuser" in the group Users (whose members has permissions to enter in folder Windows\System32), and permissions for "casuser" to execute file cmd.exe (Read & Execute permissions). After this settings the messages from LMS server still do not arrive to another syslog server. How to check does LMS server sends RME messages to syslog server at all?


Joe Clarke Tue, 07/13/2010 - 13:17
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I am still waiting to see your full Automated Action configuration.  However, if SyslogAnalyzer debugging is enabled, then the AnalyzerDebug.log will show SyslogAnalyzer executing an automated action on a given message.  If there are errors with the action, those will be seen there as well.

ustanicka Wed, 07/14/2010 - 06:23
User Badges:

In the AnalyzerDebug log file I found the following error

INFO ,[Thread-2],STDERR: Can't open perl script "C:\PROGRA~1\CSCOpx\files\scripts\syslog\": Permission denied

I have added permissions for "casuser" to execute file

After this settings the messages from LMS server has arrived to syslog server.

Thank you for your kind efforts and assistance.

Best regards.


This Discussion

Related Content