01-19-2009 04:28 AM
Hi Experts,
I found this logs in SyslogCollector.log.
NMSROOT is C:/PROGRA~2/CSCOpx
propFileC:/PROGRA~2/CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\C:\PROGRA~2\CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
Unable to find the file C:/PROGRA~2/CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\C:\PROGRA~2\CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
NMSROOT is C:/PROGRA~2/CSCOpx
propFileC:/PROGRA~2/CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
SyslogCollector - [Thread: main] INFO , 19 Jan 2009 17:31:31,500, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 19 Jan 2009 17:31:31,500, System Initialized.
SyslogCollector - [Thread: main] WARN , 19 Jan 2009 17:31:37,203, Unable to get the filters for subscriber ciscoworkProd. Default value will be used.
NMSROOT is C:/PROGRA~2/CSCOpx
propFileC:/PROGRA~2/CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\C:\PROGRA~2\CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
Unable to find the file C:/PROGRA~2/CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\C:\PROGRA~2\CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
NMSROOT is C:/PROGRA~2/CSCOpx
propFileC:/PROGRA~2/CSCOpx\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
SyslogCollector - [Thread: main] INFO , 19 Jan 2009 17:41:22,093, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 19 Jan 2009 17:41:22,093, System Initialized.
SyslogCollector - [Thread: main] INFO , 19 Jan 2009 17:41:22,171, Subscriber list is empty!
Can the Experts advise me why is the collector properties file is not found? I have checked the NMS root directory, the file is there.
Secondly, how can I re-subscribe the collector? Unsubscribe the collector for troubleshooting purpose.
I really appreciate it greatly if the Experts can show me some light. Thanks a billion!!!
Regards,
Yi Shyuan
Solved! Go to Solution.
01-20-2009 10:50 PM
This filter will match any message. If you enable this filter, you will need to set your mode to KEEP to receive any messages. That said, you could also disable or remove all filters, set the mode to KEEP, and achieve the same result.
01-20-2009 10:59 PM
01-20-2009 11:04 PM
Are new messages being written to the syslog.log file? What does the Syslog Collector Status page look like?
01-20-2009 11:08 PM
01-20-2009 11:15 PM
According to this, new messages are being written to syslog.log. The Collector has forwarded 483 messages to the Analyzer for database insertion since the server was rebooted. Why exactly do you think it's not working?
01-20-2009 11:21 PM
As I don't see any syslog messages from other devices beside the ASA devices in syslog.log
However, I am able to view records for switches in the recent generated 24 hour report.
As I need to achieve all the received syslog messages for audit purpose, I need to make sure that all the syslog messages are received in the log file (if I'm not wrong, syslog.log should be the one).
If possible, you can advise me on the archive portion too?
Thank you very much!!!
01-20-2009 11:25 PM
The messages must be making it to syslog.log, then. There is no other log file. Messages are first written to syslog.log by crmlog. Then, the SyslogCollector reads the messages from that file, and applies filters. If the messages pass the filters, then they are forwarded to the Analyzer which inserts the messages into the database.
Since you can run reports, and see the desired messages, they must be in syslog.log. You can use the logview command to tail syslog.log in real-time to look at incoming messages. For example:
C:\> logview C:\PROGRA~1\CSCOpx\log\syslog.log
01-20-2009 11:38 PM
Yes, the logview command does show me the log from syslog.log but the logs shown are not real time as well. I have refreshed the syslog collector status a few times, where the number of the received message doesn't seem to increase in short duration as well.
I find this strange as more syslog messages are received by Kiwi Syslog Server.
01-21-2009 08:47 AM
In order to scale, the crmlog daemon doesn't immediately write the syslog messages it receives to syslog.log. It buffers then, then does periodic flushes, or writes when the buffer becomes full. It depends on the amount of syslog messages being received as to how often it writes out the messages. There are ways to increase this flush period. If you open a TAC service request, those techniques can be explained to you.
01-21-2009 05:39 PM
Thanks jclarke for the info!
I would like to ask for question in archiving Syslog 24 hour report. Should I start a new conversation or continue here?
My question is how can I view the report once it is archived? As I realized that the output file format is not readable using notepad.
Thanks & Regards
YS
01-21-2009 06:02 PM
Syslog messages that are purged from the database, and written to a flat file can be viewed simply by opening the archive files in a text editor/browser. The syslog messages are stored in a format similar to that of syslog.log.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide