CW LMS v2.6 syslog issue. I am receiving syslog records to the collector but they are not getting forwarded to the syslog analyzer.

Answered Question
Aug 19th, 2010

When I look at the syslogcollector.log file it is telling me it cannot find the following file -

SyslogCollector - [Thread: Thread-13] WARN , 18 Aug 2010 16:07:10,804, Unable to add monitor for usmelas039
NMSROOT is D:/PROGRA~1/CSCOpx
propFileD:/PROGRA~1/CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\D:\PROGRA~1\CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
Unable to find the file D:/PROGRA~1/CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\D:\PROGRA~1\CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
NMSROOT is D:/PROGRA~1/CSCOpx
propFileD:/PROGRA~1/CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties

I noticed that the NMSROOT is d:/program~..., shouldn't it be d:\program~...

I do have the file.

What should I do to resolve this.  I have unsubscribed and resubscribed.  I look at status and I see syslog records getting to the syslog.log file and getting filtered but no records being forwarded.

Help.

I have attached syslogcollector.log file.

also attached the collector.properties file.

Message was edited by: j.goff I attached the netstat.txt file.  From the command you sent there is no -o or -b option so I just ran it with -an.

I have this problem too.
0 votes
Correct Answer by Joel Monge about 6 years 3 months ago

The problem is you are dropping all the syslogs.  If you look at the collector status, you will see almost all of your syslogs are under the "Filtered" count.  You need to set the sylogs to "Keep" and then you will start seeing counts under the "Forwarded" category.  If all filters are disabled with Keep selected, that means ALL syslogs will be processed.  So you should enable some general filters and set it to Keep.  This way, it will only keep the syslogs specified in your filters and not ALL of them.

Message was edited by: Joel Monge

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joel Monge Thu, 08/19/2010 - 14:49

The path is correct.  Seems like something could be bound to the SyslogAnalyzer port.  First, make sure you are on RME 4.0.6 (want to avoid CSCsh66475).  If so, shutdown daemons (net stop crmdmgtd) and post the following file from your C drive:

netstat -anob > C:\netstat.txt
Joel Monge Thu, 08/19/2010 - 16:07

This looks fine.  Was the hostname recently changed?  Was this working before, did anything change?  What RME version are you on?  Post a screenshot of your filters and the syslog collector status.

j.goff Fri, 08/20/2010 - 08:18

No the hostname was not changed.  This worked for years.  Around June 2010 is when I noticed I was not getting any records in my syslog reports.  Took two months to get around to finding a resolution with no success.

The RME version is 4.0.6.

I am attaching screen shots.

Attachment: 
Correct Answer
Joel Monge Fri, 08/20/2010 - 08:25

The problem is you are dropping all the syslogs.  If you look at the collector status, you will see almost all of your syslogs are under the "Filtered" count.  You need to set the sylogs to "Keep" and then you will start seeing counts under the "Forwarded" category.  If all filters are disabled with Keep selected, that means ALL syslogs will be processed.  So you should enable some general filters and set it to Keep.  This way, it will only keep the syslogs specified in your filters and not ALL of them.

Message was edited by: Joel Monge

j.goff Fri, 08/20/2010 - 08:39

Thank you so much.  Man oh man was that too simple or what.  Thanks again.

I am now getting records forwarded.

Actions

This Discussion