LMS4 Syslog automated action anomaly

Unanswered Question
Jul 17th, 2012

LMS 4.2.1 on W2K8 R2

I just want to send an email for any sev 1 or 2 syslog messages received.  I set up an automated action that looks like this:

Automated Action Summary
Name: Critical Events Email
Devices: *
State: Enabled
Parameters: TO=John.Doe@example.com, SUB=LMS4 Syslog AA, TEXT=
Action Type: Email
Messages: *-*-1-*:* *-*-2-*:*

Yet I seem to be getting emails triggered by messages from ASA devices that are not severity 1 or 2, like:

%ASA-session-4-106023

%ASA-auth-3-109023

%ASA-auth-6-109001

Am I doing something wrong, or is there some sort of bug I am hitting?  I can't believe that I am the first person to try this.

Thanks,

-Jeff

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Martin Ermel Fri, 08/10/2012 - 09:01

I do not know what exactly you have done so far but in your situation I would enable the following debugs:

open that file in a text editor

NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties

and change the debug level from Info to Debug:

    DEBUG_LEVEL=DEBUG

also enable SyslogAnalyzer debugging here:

Admin > System > Debug Settings > Config and Image Management Debugging Settings

    Set Application Logging Levels >> SyslogAnalyzer (scroll down)

        set Syslog Analyzer and Syslog Analyzer User Interface from INFO to DEBUG

in a DOS box check the status of the following processes (the should be started) and restart them:

    pdshow SyslogAnalyzer SyslogCollector

    pdterm SyslogAnalyzer SyslogCollector

    pdexec SyslogAnalyzer SyslogCollector

    pdshow SyslogAnalyzer SyslogCollector

When the issue happens again check the following log files and post them on the forum:

    NMSROOT\log\SyslogCollector.log

    NMSROOT\log\AnalyzerDebug.log

jedavis Fri, 08/10/2012 - 09:05

I have a case open with TAC and I have supplied them with the debug logs.  Apparently I am not the only one to report this.  The case has been escalated and I am waiting for a solution.  I expect that a patch will be required.

Actions

Login or Register to take actions

This Discussion

Posted July 17, 2012 at 2:02 PM
Stats:
Replies:2 Avg. Rating:
Views:523 Votes:0
Shares:0

Related Content

Discussions Leaderboard