cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
953
Views
8
Helpful
3
Replies

Windows LMS 2.6 syslog problem

cmartinvalle
Level 1
Level 1

Hi,

I've installed a LMS 2.6 over Windows and I 've configured the routers and switches for sending their syslog messages to the LMS server. When I see the file syslog.log, I can see all the all the syslog messages.

The problem is that no message appears when I launch a syslog report from RME/Reports/Syslog. All the time the message is the same: "no records".

It's the third Windows server where I see this. Neverthless, in Solaris everything runs perfectly.

I have checked that no filters are discarding messages, that SyslogCollector and SyslogAnalyzer are running, I hace also checked that the collector appears as up in "Syslog Collector Status" and that there are no conflicts with ports 3333 and 4444.

Can anyone help me, please?

Regards.

3 Replies 3

David Stanford
Cisco Employee
Cisco Employee

Can you try the following while enabling debugs for SyslogCollector and SyslogAnalyzer

Select one device that is a managed device in RME

Then go to the device and generate a config syslog message simply by entering conf t and then exit

Check the syslog.log to make sure this message makes it to the log. Then wait a few minutes before going to RME.

Now go to RME and select a syslog report (24 hour report)and select only this device. Run the report and do you see the message?

If not, look through the SyslogCollector.log and AnalyzerDebug.log to see if there are any messages related to this device or message.

Joe Clarke
Cisco Employee
Cisco Employee

In addition to what Dave says (these steps are vital) since you said it works fine on Solaris, but does not work on Windows, this may be CSCsh66475 in which name resolution delays SyslogAnalyzer from coming up. The AnalyzerDebug.log that Save requested will help, but only after you enable SyslogAnalyzer debugging under RME > Admin > System Preferences > Loglevel Settings, then restart SyslogAnalyzer (pdterm SyslogAnalyzer/pdexec SyslogAnalyzer).

I have solved my issue. I needed to subscribe the syslog collector. I think it wasn't necessary because it appears one called "ciscoworks".

Your both answers have been very useful because I realized looking at the AnalyzerDebug.log and SyslogCollector.log. There was a messahe like this: "No monitor collectors registered".

Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: