Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LMS4 Syslog automated action anomaly

LMS 4.2.1 on W2K8 R2

I just want to send an email for any sev 1 or 2 syslog messages received.  I set up an automated action that looks like this:

Automated Action Summary
Name: Critical Events Email
Devices: *
State: Enabled
Parameters: TO=John.Doe@example.com, SUB=LMS4 Syslog AA, TEXT=
Action Type: Email
Messages: *-*-1-*:* *-*-2-*:*

Yet I seem to be getting emails triggered by messages from ASA devices that are not severity 1 or 2, like:

%ASA-session-4-106023

%ASA-auth-3-109023

%ASA-auth-6-109001

Am I doing something wrong, or is there some sort of bug I am hitting?  I can't believe that I am the first person to try this.

Thanks,

-Jeff

2 REPLIES

LMS4 Syslog automated action anomaly

I do not know what exactly you have done so far but in your situation I would enable the following debugs:

open that file in a text editor

NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties

and change the debug level from Info to Debug:

    DEBUG_LEVEL=DEBUG

also enable SyslogAnalyzer debugging here:

Admin > System > Debug Settings > Config and Image Management Debugging Settings

    Set Application Logging Levels >> SyslogAnalyzer (scroll down)

        set Syslog Analyzer and Syslog Analyzer User Interface from INFO to DEBUG

in a DOS box check the status of the following processes (the should be started) and restart them:

    pdshow SyslogAnalyzer SyslogCollector

    pdterm SyslogAnalyzer SyslogCollector

    pdexec SyslogAnalyzer SyslogCollector

    pdshow SyslogAnalyzer SyslogCollector

When the issue happens again check the following log files and post them on the forum:

    NMSROOT\log\SyslogCollector.log

    NMSROOT\log\AnalyzerDebug.log

New Member

LMS4 Syslog automated action anomaly

I have a case open with TAC and I have supplied them with the debug logs.  Apparently I am not the only one to report this.  The case has been escalated and I am waiting for a solution.  I expect that a patch will be required.

555
Views
0
Helpful
2
Replies
CreatePlease login to create content