Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LMS4 Syslog automated action anomaly

LMS 4.2.1 on W2K8 R2

I just want to send an email for any sev 1 or 2 syslog messages received.  I set up an automated action that looks like this:

Automated Action Summary
Name: Critical Events Email
Devices: *
State: Enabled
Parameters:, SUB=LMS4 Syslog AA, TEXT=
Action Type: Email
Messages: *-*-1-*:* *-*-2-*:*

Yet I seem to be getting emails triggered by messages from ASA devices that are not severity 1 or 2, like:




Am I doing something wrong, or is there some sort of bug I am hitting?  I can't believe that I am the first person to try this.




LMS4 Syslog automated action anomaly

I do not know what exactly you have done so far but in your situation I would enable the following debugs:

open that file in a text editor


and change the debug level from Info to Debug:


also enable SyslogAnalyzer debugging here:

Admin > System > Debug Settings > Config and Image Management Debugging Settings

    Set Application Logging Levels >> SyslogAnalyzer (scroll down)

        set Syslog Analyzer and Syslog Analyzer User Interface from INFO to DEBUG

in a DOS box check the status of the following processes (the should be started) and restart them:

    pdshow SyslogAnalyzer SyslogCollector

    pdterm SyslogAnalyzer SyslogCollector

    pdexec SyslogAnalyzer SyslogCollector

    pdshow SyslogAnalyzer SyslogCollector

When the issue happens again check the following log files and post them on the forum:



New Member

LMS4 Syslog automated action anomaly

I have a case open with TAC and I have supplied them with the debug logs.  Apparently I am not the only one to report this.  The case has been escalated and I am waiting for a solution.  I expect that a patch will be required.

CreatePlease login to create content