LMS4 Syslog automated action anomaly

Unanswered Question
Jul 17th, 2012
User Badges:

LMS 4.2.1 on W2K8 R2

I just want to send an email for any sev 1 or 2 syslog messages received.  I set up an automated action that looks like this:

Automated Action Summary
Name: Critical Events Email
Devices: *
State: Enabled
Parameters: [email protected], SUB=LMS4 Syslog AA, TEXT=
Action Type: Email
Messages: *-*-1-*:* *-*-2-*:*

Yet I seem to be getting emails triggered by messages from ASA devices that are not severity 1 or 2, like:




Am I doing something wrong, or is there some sort of bug I am hitting?  I can't believe that I am the first person to try this.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Martin Ermel Fri, 08/10/2012 - 09:01
User Badges:
  • Blue, 1500 points or more

I do not know what exactly you have done so far but in your situation I would enable the following debugs:

open that file in a text editor


and change the debug level from Info to Debug:


also enable SyslogAnalyzer debugging here:

Admin > System > Debug Settings > Config and Image Management Debugging Settings

    Set Application Logging Levels >> SyslogAnalyzer (scroll down)

        set Syslog Analyzer and Syslog Analyzer User Interface from INFO to DEBUG

in a DOS box check the status of the following processes (the should be started) and restart them:

    pdshow SyslogAnalyzer SyslogCollector

    pdterm SyslogAnalyzer SyslogCollector

    pdexec SyslogAnalyzer SyslogCollector

    pdshow SyslogAnalyzer SyslogCollector

When the issue happens again check the following log files and post them on the forum:



jedavis Fri, 08/10/2012 - 09:05
User Badges:

I have a case open with TAC and I have supplied them with the debug logs.  Apparently I am not the only one to report this.  The case has been escalated and I am waiting for a solution.  I expect that a patch will be required.


This Discussion

Related Content