cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
730
Views
0
Helpful
5
Replies

syslog alerts and syslog message windows showing "NO DATA IS AVAILABLE"

baotran09
Level 1
Level 1

Hi folks,

I have a kiwi syslog server and it is working. I want to fordward the logs to Ciscoworks. On kiwi syslog, I entered the IP of CW server, but Im not seeing anything on syslog alerts and syslog message windows, both windows showing "NO DATA IS AVAILABLE". I've tested syslog polling on a test switch and I can get alerts etc, but not when fordward from kiwi syslog server?

What have I done wrong and what else can I try?

Thank you for your input...

5 Replies 5

Joe Clarke
Cisco Employee
Cisco Employee

How does Kiwi forward the messages?  That is, does it spoof the soure device IP, or does it use its own IP address for the source address?  If the latter, then what you are seeing is expected.  RME will have no way of tying the messages to the device that actually sent them.  If the former, then make sure the messages are first showing up in the LMS syslog log file (i.e. NMSROOT/log/syslog.log on Windows and /var/log/syslog_info on Solaris).

Hi Joe,

Ive looked at NMSROOT/log/syslog.log and I can see kiwi logs is in syslog.log.

What do I need to configure in oder to view it in SYSLOGS ALERTS AND SYSLOG message porlet?

Are the messages appearing in the log with the address of the device, or with that of the Kiwi server?

The messages appearing in the log with the address of the devic. Below is the log in syslog.log:

Jan 28 17:26:12 Original Address= %ISDN-6-CONNECT: Interface Serial0/0/0:8 is now connected to xxxxxxxx N/A

Jan 28 17:26:35   Original Address= %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0/4, changed state to down

Jan 28 17:26:35   Original Address= %LINK-3-UPDOWN: Interface FastEthernet2/0/4, changed state to up

Jan 28 17:26:35   Original Address= %LINK-3-UPDOWN: Interface FastEthernet2/0/4, changed state to down

How come its not showing in the porlet? Did i miss something?

Thanks for your help Clarke

The syslog message is not properly formatted.  The "Original Address" field is not part of a standard Cisco syslog message.  If Kiwi cannot transparently spoof the sender's IP, then you will not be able to forward syslogs from Kiwi to RME.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco