I have the following problem:
we've got CW LMS 2.6, RME 4.0.6, DFM 2.0.11.
Today I occassionaly noticed that CW doesn't have any received syslog messaged for one 3750 switch. I checked the switch and tested sending syslog messages to another syslog server - everything fine.
At the same time CW has syslog messages for all other devices.
I checked credentials for problem devices - fine, checked system configuration archive - ok, but if I try to get Fault History report for this switch in DFM I receive the following error:
"Cannot generate Fault History display.
User has no access to the device."
So, there is something incorrect configured at my server. any idea?
Solved! Go to Solution.
just tried to remove and add it back - nothing changed. I still don't receive syslogs and still can't get fault history report.
DFM has nothing to do with syslog. Do you want to look at the DFM fault history issue, or do you want to troubleshoot the syslog problem in this thread?
both. It was strange for me that both things don't work for the same device.
but syslog has more priority for me as we need to trace any changes.
First, check the syslog message file to make sure this switch's messages are actually making it to the server. If so, post a message that makes it to this file, but does not appear in the syslog report. Also, post your NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/filters.dat
1676: Sep 18 11:09:03 KZ: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (10.191.104.187)
This message is received by second configured logging server.
I already checked filters and don't see anything wrong. At least I receive the same syslog messages from other devices.
Yes, the filters are fine. What do you mean that the message is received by the second configured logging server? Does the message show up in the CiscoWorks' servers message file (i.e. /var/log/syslog_info on Solaris or syslog.log on Windows)?
I meant that I configured the second logging server on that switch just to make sure that swtich sends syslog messages.
How can I decrease the size of the syslog.log file? I run purge for syslog for all messages, but the size is still the same, 11Gb
You can rotate the log file using NMSROOT\bin\logrot.pl. Logrot's documentation can be found in the Common Services online help. Just search for logrot. Basically, you'll configure logrot using NMSROOT\bin\perl NMSROOT\bin\logrot.pl -c. Once you have it configured, just run NMSROOT\bin\perl NMSROOT\bin\logrot.pl to rotate the configured log files.
ok, thank you. I will use your advice. for the moment I just renamed the old syslog.log file to new name and after starting cwcs syslog service I have got new syslog.log file.
And I see syslog messages coming from problem switch. So why I don't see them in CW?
Now you need to edit NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Collector.properties, set the DEBUG_LEVEL to DEBUG. Then restart SyslogCollector. Generate a new message, and verify it makes it to the syslog.log. Then post the message and the SyslogCollector.log.
You need to restart the SyslogAnalyzer process as well so that SyslogCollector starts processing the syslog.log file. Use the commands I posted. You also need to post a message that was generated, and showing up in the syslog.log file, after you restart these processes.
here you are, Joe
Sep 19 10:36:12 10.191.88.38 3660: Sep 19 10:35:26 KZ: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (10.191.104.187)
but strange thing - I can see now this syslog message in CW. But before restarting both processes there was nothing.
Joe, thanks a lot for helping.
The only thing that I did this morning is deleted and created that device again.
Probably after restarting syslog collector and analyzer processes problem was fixed.
But I have at least 5 more devices that I know have the same problem.
Will we go the whole troubleshooting process again?
I will try to recreate one more problem device, restart processes and check if the problem is fixed.