Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Syslog messages not able to find in reports

Hi

I am facing the following problem with syslog messages:

I am using Cisco IOS nodes my environment,In IOS node I did the following configuration

Sys logging on

Syslogging host 10.60.165.67(IP address of ciscoworks)

I am able to find the messages processed in RME->Syslog collector status ,messages processed :12563 and messages filted 0,invalid 0

I am not able see them in in any kind of reports[custom/standard/custom summary repot].Do I need make any changes to find the syslog messages in reports

Any kind of help is appreciated

Thanks

Ravi

13 REPLIES
Red

Re: Syslog messages not able to find in reports

Which version of Resource Manager Essentials are you running? Is it on Windows or Solaris?

New Member

Re: Syslog messages not able to find in reports

Ravi,

Check the following file: C:\Program Files\CSCPpx\log\syslog.log (if running on windows box)

See if you can find syslogs coming from your device here.

If yes, you can follow the steps in the following link to troubleshoot syslog:

http://www.cisco.com/en/US/partner/products/sw/cscowork/ps2073/products_user_guide_chapter09186a0080357718.html#wp1037688

New Member

Re: Syslog messages not able to find in reports

Ravi, you need to also tell the router what interfaces IP address to use as the source. Usually you use a loopback interface. Use the following command:

logging source-interface loopback0 (or whatever interface you want)

You also need to make sure that the source IP address that you use for the syslog resolves to the same name as the IP address that you added the device into ciscoworks as. So if you add "Router1" and it resolves to 1.1.1.1 you need to make sure the the reverse lookup for 1.1.1.1 resolves to "Router1" otherwise it will not know what device to associate the syslog msg with.

I just went through this for the past few days. I hope this makes sense.

Mike

New Member

Re: Syslog messages not able to find in reports

If you don't configure logging source-interface loopback0, or whatever interface, what other kind of issues did or could you see?

I'm in the process of configuring a few thousand devices of many different models to log to a syslog server. I think the messages are coming in but I can't be 100% sure they are...

The RME servers we have are getting messages from a remote syslog server which is using the Remote Syslog Analyzer Collector (RSAC) software to do this. I just found out today from nhabib that the messages don't get written to a file on the RME server but in turn get written directly to the DB.

It would really be a drag if I have to go back through all of those devices and add the source-interface statement.

New Member

Re: Syslog messages not able to find in reports

Hi Mapones,

I did enter the logging source-interface valan XX ,But could not find the messages in reports,when i give sh logging in the routers I can see messages getting forwarded to my ciscoworks!!!,but cannot see them in the RME-Syslogmessgaes->standard/custom reports

And I discovered the devices/entered the devices into RME inventory by Ip address,so name to Ip address resolution doesnot come in to picture.!!!!

Does any one have any other solution??

PLease help

New Member

Re: Syslog messages not able to find in reports

Do the messages show up in the Unexpected Device Report under RME > Syslog Analysis > Unexpected Device Report?

New Member

Re: Syslog messages not able to find in reports

Perhaps the messages are getting filtered out by the message filter....

New Member

Re: Syslog messages not able to find in reports

Well,this is a new installation and I have not applied any filter till now,

I can see the syslogs messages in unexpected messages,but those messages are from the devices that are not being monitored by LMS ,like firewall and undiscovered devices.

I am having problem with the devices that are being monitored[CISCO IOS 6509 and 7206 with IOS 12.2(17d)sxb8] nodes

New Member

Re: Syslog messages not able to find in reports

on an IOS devices, I'm using:

logging on

logging 1.1.1.1

logging trap information (logs level 6,5,4,3,2,1 and 0)

I noticed you were missing the last statement.

Also, check through the link the guy posted earlier:

http://www.cisco.com/en/US/partner/products/sw/cscowork/ps2073/products_user_guide_chapter09186a0080357718.html#wp1037688

Good luck.

Red

Re: Syslog messages not able to find in reports

Just to clarify. If one configures the IOS device using:

logging trap informational

then the command will not show up in the running configuration

In this case, the messages seem to be making it to the CiscoWorks server (based on the first post in the thread, number of processed messages is non-zero), but are not getting displayed.

A couple of reasons for this:

- the messages are not getting mapped properly to the device (incorrect source ip address migh tbe the reason)

- RME database is corrupt

New Member

Re: Syslog messages not able to find in reports

Ravi, nhabib is correct. My experiance has been that the first reason he gives, it is not getting mapped to the device properly.

Regarding your qestion about not using source-interface command, if you dont use that command the source of the syslog packet will could be any interface (mostly the interface the packet leaves the device on). If you use the command the packet will ALWAYS be sourced from the same interface. And that IP is what you need entered into Ciscoworks.

Did you ever tell us what version of Ciscoworks you are using and on what platform (Solaris or Windows)? This will help in the troubleshooting.

You NEED to make sure that the IP address (you said you were not using dns) you added the device into Ciscoworks with is the same IP that the syslog packet comes from. So that IP needs to be in the source-interface statement.

Mike

New Member

Re: Syslog messages not able to find in reports

Hi Mike,

Let me clear few things

with the help of previous replies,I configured on cisco IOS nodes the following configuration

i)Logging on

ii)Logging host 192.168.0.1[Ip addrress of Ciscoworks/RME)

iii)Logging source-host vlan191(This is the management valn,this Vlan has only one Interface and the Ip 10.60.191.0X under vlan 191,The discovery was made on the same IP address and found the discovery)

iii)Logging trap informational

2,I dont suspect any problem with the RME database as I am able to see the syslogs getting logged into ciscoworks from firewalls and other undiscovered nodes)

3.I am using ciscoworks LMS 2.2 with RME 3.5 with IDU 13.0 on WINDOWS box

4) syslog service is running under start->access-

>services

Please let me know if you need any information on this.

Thanks

RR

New Member

Re: Syslog messages not able to find in reports

ravirepaka, sorry I was unable to reply for a while. I was out of town.

Is this still an issue? If so look in the "install directory"/log/syslog.txt (I think it is .txt, but it will be called syslog). See if you can create a syslog entry from the device you are having issues with. Ususally I just do a config t and then exit. That will generate a config change message in syslog. Look in the syslog to make sure you see it going out. Then open the syslog.txt file on the server and you should see the syslog message come in. Note the IP address and make sure it is what you think it is (10.60.191.0X).

Let me know if you get that far and then we can check some other things.

Mike

227
Views
0
Helpful
13
Replies