Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Syslog messages

I have configured our switches with syslog traps and syslog server as LMS server, but I don't see any messages under "syslog Alerts" in RME module. The messages are collected fine on another linux box. I don't see much configuration of syslog server on LMS.

In RME, Syslog collector Status under Tools, shows 1855, 12, 1867 under Invalid,Filtered and Received respectively, but when I tried to run syslog report it doesn't show anything. I would like to collect all switches syslog messages on LMS box. Any help will be appreciated.

Thanks,

21 REPLIES
Cisco Employee

Re: Syslog messages

The Syslog Alerts module only shows sev 0, 1, and 2 messages. You may not have received any of these. Go to RME > Reports > Report Generator, and run a Syslog Standard Report for all your devices. Do you see anything?

New Member

Re: Syslog messages

I don't see any records. I did disconnect and reconnect one of the switch port to generate a message, but still didn't get anything. I did get that on another linux box.

Thanks,

Cisco Employee

Re: Syslog messages

Post a screenshot of RME > Tools > Syslog > Message Filters. Verify that the messages being sent by your devices are appearing in NMSROOT/log/syslog.log.

New Member

Re: Syslog messages

We are running LMS 3.1 on windows. What do you mean by verifing the messages being sent by your devices are appearing in NMSROOT/logs/syslog.log? I couldn't attach the screen shot file. Cut and paste of screen text is given below.

Message Filters Type: Drop Keep

Include interfaces of selected devices: Yes No

Showing 5 records

Name Status

1. Link Up/Down Message Filter Enabled

2. IOS Firewall Audit Trail Messages Enabled

3. PIX Firewall Audit Messages Disabled

4. Severity 7 Message Filter Enabled

5. Otsa switches message filter Enabled

New Member

Re: Syslog messages

Screen shot is attached with following thread message.

New Member

Re: Syslog messages

We are running LMS 3.1 on windows and not on linux. Screen shot file is attached.

Thanks,

Cisco Employee

Re: Syslog messages

What is the configuration for your Otsa switches filter? I know you're on Windows. The NMSROOT directory is the path into which you installed LMS. Within that directory there will be a log subdirectory. And in that subdirectory will be a file called syslog.log. Make sure your device messages are showing up in that file.

New Member

Re: Syslog messages

The syslog.log does show messages. Otsa switches filter screen shot is attached.

Thanks,

Cisco Employee

Re: Syslog messages

What are some of the messages appearing in syslog.log?

New Member

Re: Syslog messages

11:05:17 10.10.10.218 294: Aug 7 11:05:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/16, changed state to down

Aug 07 11:05:17 10.10.10.218 295: Aug 7 11:05:13: %LINK-3-UPDOWN: Interface GigabitEthernet0/16, changed state to down

Aug 07 11:05:21 10.10.10.218 296: Aug 7 11:05:17: %LINK-3-UPDOWN: Interface GigabitEthernet0/16, changed state to up

Aug 07 11:05:21 10.10.10.218 297: Aug 7 11:05:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/16, changed state to up

Cisco Employee

Re: Syslog messages

You have enabled the linkup/down filter which means those messages will be dropped. Disable this filter, generate some new messages, then run your syslog report. They should show up.

New Member

Re: Syslog messages

I have disabled all filters. Messages do show when I run report, but they still don't show on RME main screen under Syslog Alerts. It still shows "No Records Found".

Cisco Employee

Re: Syslog messages

As I said, the Syslog Alerts portlet only shows the most severe alerts (Severity 0, 1, and 2). If you are not receiving any of these, then nothing will show up in the portlet. This is actually a good thing as it means your network isn't experiencing any high-severity issues.

New Member

Re: Syslog messages

Is it possible to change severity level?

Cisco Employee

Re: Syslog messages

No, the severity levels for the portlet are hardcoded. However, LMS 3.2 offers a new portlet called Syslog Summary which displays the 24-hour syslog event distribution as a pie graph along with the specific syslog counts.

New Member

Re: Syslog messages

We bought LMS 3.1 this year, do you know if we can upgrade to 3.2 without any additional cost.

Thanks,

Cisco Employee

Re: Syslog messages

Sure. Just to go http://www.cisco.com/go/lms/ and download the eval. You can then use your 3.1 license without any additional cost.

New Member

Re: Syslog messages

So my understanding is that after installing the LMS3.1 license it will remain 3.2. I hope LMS3.2 will accept 3.1 license key.

I will try and let you know. Thanks for your help.

New Member

Re: Syslog messages

I hope installing 3.2 eval would not mess up any current configuration or data collection.

Thanks,

Cisco Employee

Re: Syslog messages

Not at all. If you install the eval on a licensed copy of LMS 3.1, it will simply upgrade your copy to a licensed install of 3.2. There won't be any eval involved in that case.

New Member

Re: Syslog messages

Thanks for that info. I couldn't download 3.2 eval, but I have contacted our sales rep for assistance. This matter can be considered resolved.

Thanks,

274
Views
0
Helpful
21
Replies
CreatePlease to create content