I am trying to deploy CiscoWorks SNMS in my company and been having some issues.
First I installed it on WinXP machine just to try the installation. I added one device and could see it in both WUG and Essentials map OK. After I instaled it on Win2003 server when I add the devices, I can see it but the picture of the device is all black. Has enyone have an idea why is that ?
Secondly I am having problems with syslog. It seems that syslog captures only messages from PIX and router devices but does not want from switches. I have tryed running kiwi syslog on the same machine without changeing configuration on devices and it picked up all messages including from switches. The switches are 3550 series.
Last but not least is problem with configuration management. This time it works fine with a switch using telnet but I can not get it to work with PIX devices using ssh. In the PIX log I noticed ssh login went fine and after that there is "packet CRC check failed" and CW loggs off.
Finally I think I ran all available updates (IDU-13, SNMS_update_1, ..) but CW still doesnt recognise some devices eq. Cisco blade switch WS-CBS3020.
If anyone can help me in any of this things I would appreciate it very much.
Solved! Go to Solution.
if you can receive the messages with KIWI on the same server, they should also find their way to the SNMS syslog file in
where NMSROOT is you installation path (e.g. C:\Program Files\CSCOpx);
Stop the KIWI syslog service and have SNMS up and running, - check the file for incomming messages from switches;
if you see some messages, check the syslog message filters and look if there are any filters that could prevent the messages to be added to the syslog DB
Admin > Essentials > Syslog Analysis > Define Message Filter
for ssh if I remember well SNMS only speaks SSHv1 whereas your pix I assume wants SSHv2.
that is exactly what I did with syslogs. First started SNMS and there were no switch messages in syslog.log file. Stoped SNMS syslog service and started kiwi and got all the messages. I even tried forcing kiwi to write to the C:\Program Files\CSCOpx\log\syslog.log file hoping they would end up in syslog DB but nop (guessing not correct format).
There were some default filters but first I turned them off and after that deleted them altogether just to make sure.
Nevertheless I found one older topic here discussing syslog problems (altough different than mine) and they concluded that Win server didn't have regional settings set to English and that caused the problem.
In my case the Win server also didn't have English regional settings and when I set that the problem remained so maybe I should reinstall SNMS with correct regional settings.
Regarding SSH I tryed running SecureCRT with both protocols on both PIX (it's 515E-7.2.2) and could connect so it isn't that but good point.
if you had to change the system locale you should restart the server. If you have done this the problem still persist?
I think there should be a log file NMSROOT\log\SyslogAnalyzer.log - could you provide it ( if you haven't reinstalled yet..)
I forgot to mention that CW is instaled in virtual server on a Blade machine. The plan is to make new virtual server and install from scratch with english regional settings and if it works then replace the original installation.
I reinstalled CW with correct reg. settings and this resolved my syslog problem. Now I am getting messages from both switches and PIX devices.
Configuration management for PIX (and maybe for all ssh only devices) still doesn't work.
I my search for the answer I found some smallprint text: "Configuration Management: PIX Firewall is not supported by NetConfig or the Network Show commands."
Does that mean that I can't have Configuration management for PIX with SNMS !?
I attached SSH debug from PIX.
ok I have some more updates that might help someone trying to run SNMS save some time.
True messages from switches are now accepted by syslog BUT after some time I noticed that again there are no switch messages in log. After I turned off logging on pix device messages from switches once again begun to show in syslog.log file.
Is it possible that syslog in CW is NOT able to process that many messages so it drops some !!? I relly don't have a clue on this..
SSH configuration management works now. I had to use packet sniffer on CW server to collect stream at the same time CW was trying to update Config archive from PIX. I noticed these steps taking place:
1. CW logs in pix
2. executes enable
3. executes 'page 0' command
4. executes 'wr term' command
..the problem was step 3. The correct command (at least on 7.2.2 IOS) is 'terminal pager 0'.
This command is issued when somenone would want to write entitre config file without having to press space or enter when it reaches the end of termina window.
So once I entered that command on pix updates were succesful.
This is one nasty product and one shouldn't be losing so much time just to figure out how to make basic stuff work. I would expect this from some open source tool but this is not a freeware.
If anyone knows how to overcome messages being droped by syslog I would appreciate that.