LMS syslog

georgeef1 · ‎10-12-2009

Hi,

Our syslog stopped working and we fixed it by collector and analyzer restart.

But I noticed that the new syslog report does not have the syslog information for the last two days.

Does the syslog starts working again, will it not collect the information from where it stopped last from syslog.log.

Is there any other possiblities and issue which can cause this?

Is there a way I can force syslog to pick those entries from syslog.log for missing 1 or 2 days after collector and analyzer restart?

As it has happened twice.

Please advice.

-Thanks

Joe Clarke · ‎10-12-2009

No, SyslogCollector will not read only messages from the syslog log when it starts. It will simply start reading from the end of the file.

You can force it to read the messages, though. Stop SyslogCollector and Analyzer. Extract all the messages you wish to resubmit from the syslog log file. Clear out the syslog log file. Restart SyslogCollector and Analyzer. Then append the messages to the syslog log file. Something like:

NET STOP crmlog

TYPE newsyslogs.txt >> syslog.log

NET START crmlog

Should work under Windows. On Solaris, you can just do the append without restarting the syslogd:

cat newsyslogs.txt >> /var/log/syslog_info

Note: you may have to split the messages up so no more than 200 are written to the syslog log at one time.

georgeef1 · ‎10-19-2009

Thanks jclarke,

I just want to clear at last is, if the syslog service in RME somehow stops working and it again starts it will not pick the old syslog mesaged from the syslog file, but it will start taking the new logs entered after the syslog service started again?

Please advise.

-Thanks

Joe Clarke · ‎10-19-2009

This is correct.