Forwarding syslog messages from LMS server to another syslog server or email server

ustanicka · ‎07-07-2010

Hello, we use LMS 2.6 on Windows server 2003 R2, SP2. Core router (cisco 7609) is configured to send syslog messages to LMS server. We need to send all syslog messages from core router through the LMS SERVER to e-mail server or another syslog server. We mean precisely on the messages that can be found in application Device Center, referring to the core router, under "24-hour Syslog Message Summary"(img1).

It is now configured that DFM application send e-mail notifications to our e-mail server. Also DFM is configured to send syslog notifications and SMS trap to our external syslog server. These three groups messages is relating to identical events. These are messages of the status of interfaces and links on the core router (HighErrorRate, HighUtilization, Unresponsive, OperationallyDown etc.) that LMS server classified under severity Critical.

The problem is that we also need syslog messages that indicate the hardware alarms etc. These are messages that appear under Emergencies, Errors, Warnings, Notifications etc. (severity level 3-6) and these messages we want to send to email server or another syslog server (pls see img2-4, these messages have been recorded recently).

Please help,

Best regards

Joe Clarke · ‎07-07-2010

See this document on how you can forward syslog messages from RME to another server.

https://supportforums.cisco.com/docs/DOC-11592

ustanicka · ‎07-08-2010

Thanks for the help.

I have set up to send email and syslog messages from the RME applications. LMS server immediately started to send messages to the email server but syslog messages are not forwarded to the syslog server. Everything was done according to your instructions except that the name of the first script (syslog_forward.pl) is made consistent with what the second script (.bat) refer to (forward1.pl). What's the problem? Do RME sends the standard syslog messages via UDP port 514?

Sincerely.

Joe Clarke · ‎07-08-2010

Post your .bat and .pl files as well as your Automated Action definition. The script will send out syslog messages using udp/514 to the specified server.

ustanicka · ‎07-10-2010

In the configuration dialog box (RME-Automated Action), I chose script syslog_forward.bat

Regards

Joe Clarke · ‎07-10-2010

I wanted to see what filter you setup for the Automated Action. Also, make sure casuser has Read & Execute permissions

on C:\WINDOWS\system32\cmd.exe.

ustanicka · ‎07-13-2010

I have added "casuser" in the group Users (whose members has permissions to enter in folder Windows\System32), and permissions for "casuser" to execute file cmd.exe (Read & Execute permissions). After this settings the messages from LMS server still do not arrive to another syslog server. How to check does LMS server sends RME messages to syslog server at all?

Regards

Joe Clarke · ‎07-13-2010

I am still waiting to see your full Automated Action configuration. However, if SyslogAnalyzer debugging is enabled, then the AnalyzerDebug.log will show SyslogAnalyzer executing an automated action on a given message. If there are errors with the action, those will be seen there as well.

ustanicka · ‎07-14-2010

In the AnalyzerDebug log file I found the following error

INFO ,[Thread-2],STDERR: Can't open perl script "C:\PROGRA~1\CSCOpx\files\scripts\syslog\forward1.pl": Permission denied

I have added permissions for "casuser" to execute file forward1.pl

After this settings the messages from LMS server has arrived to syslog server.

Thank you for your kind efforts and assistance.

Best regards.