Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LMS 3.0 - Syslog Report is empty

we have a LMS 3.0 running on Solaris 9, and we have a problem with the syslog report function.

From RME, the syslog reports does not show any logs.

The collector status looks OK, there are logs being forwarded.

/var/log/syslog_info contains recent logs from the devices.

I checked the timezone settings:

* The switches and routers are configured with UTC time zone:

Dec 22 11:27:04 <device1> 15647028: Dec 22 03:27:03 UTC: %SEC-6-IPACCESSLOGP: list MBR-s1/7-Filter-in denied udp 192.168.24.165(137) -> 192.168.24.255(137), 1 packet

* The server is configured with SGT timezone (GMT+8)

* The syslog collector is configured with CCT timezone (GMT +8)

# Timezone related properties

TIMEZONE=CCT

COUNTRY_CODE=SGP

TIMEZONE_FILE=$NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/fcss/data/TimeZone.lst

# General properties

SYSLOG_FILES=/var/log/syslog_info

DEBUG_CATEGORY_NAME=SyslogCollector

DEBUG_FILE=/var/adm/CSCOpx/log/SyslogCollector.log

Need your expert advise what else do we need to check.

4 REPLIES
Cisco Employee

Re: LMS 3.0 - Syslog Report is empty

Check the unexpected devices report to see if the messages are showing up there. If the messages are being forwarded from the Collector to the Analyzer, then they must be getting into the database. If your standard report doesn't show them, then the unexpected report must.

If they are in the unexpected devices report, then RME is unable to map those messages to a managed device.

New Member

Re: LMS 3.0 - Syslog Report is empty

Checked, it's also empty.

Cisco Employee

Re: LMS 3.0 - Syslog Report is empty

In the Collector.properties file, set DEBUG_LEVEL to DEBUG, then restart SyslogCollector. Generate at least one syslog message that should be forwarded to the Analyzer, then post the SyslogCollector.log.

New Member

Re: LMS 3.0 - Syslog Report is empty

Solved the problem by:

- Regenerate self-signed certificate

- Unsubscribe/subscribe the syslog collector

- Restarted syslog collector and syslog analyzer processes

thanks for all the pointers so far...

198
Views
5
Helpful
4
Replies