Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Syslog messages not shown on CW2K

I have set up all my switches and routers to log to the CW2K syslog, but I am only getting firewall messages and the occasional message from a switch. Each device that gets a syslog message into CW2K is shown as the CW2K server originating the message - it does not show the IP address or DNS name of the switch.

I have set up an alternative syslog server in the place of the CW2K one and it gets all the messages with IP addresses as I would expect.

Does anybody have any ideas of what is going wrong?

Thanks

5 REPLIES
New Member

Re: Syslog messages not shown on CW2K

Hi simonthompson,

Please verify that syslogs are being sent out to the specified ip address of the CiscoWorks Server.

Best test is have term mon configured on your router

and type,

config t

end

this should generate a SYS-5-CONFIG-I message for

configuration attempt

once you see the outgoing packet, then log on to

the server itself.

If CiscoWorks is installed on

Windows platform, check:

the syslog.log file, default location would be,

C:\Program Files\CSCOpx\log

Unix platform, check:

the syslog_info file, default location would be,

var/log

Now we can compare the message as CiscoWorks receives

it. CiscoWorks receives the syslog into a flat file before storing them into the syslog database.

If the syslog message matches, now we know it's not getting altered at this point.

Verify if all the Cisco devices are managed in RME inventory, RME treats syslogs for unknown devices differently.

New Member

Re: Syslog messages not shown on CW2K

Hi even i am facing the same problem of syslog messages not appearing in the syslog reports.

I have configured the routers and switches normally:

1.logging on

2.logging 192.168.10.1(ciscoworks server)

3.logging trap informational.

On the RME ,i jave configured the syslog analyzer normallly.

When i check the syslog reports it says meeages with invalid format.

I even tried having the service timestamp debug msec localtime show timezone

service timestamp log msec localtime show timezone

but still no luck.routers are looging the messages to RME , ic an confirm that.

Anybody has any other ideas????

Regards,

AMit.

New Member

Re: Syslog messages not shown on CW2K

Make sure the management name you use in ciscoworks matches DNS. When the syslog message arives as a ip address ciscoworks does a reverse lookup and tries to match the dns name to the management name. If no match is found it lists it in the unexpected device report. Also on a router with more than one interface you can use the command logging source-interface . The interface should be the ip address of the management name

New Member

Re: Syslog messages not shown on CW2K

Make sure you use NTP on your network as well. If the timestamp in the Syslog message is after the current time on the CW2K server, CW2K will put the message in the unexpected device report.

New Member

Re: Syslog messages not shown on CW2K

make sure cw2k can hit your routers and switches with dns reverse lookup. if you already have "logging " on routers and switches, there are couple of places to verify messages are getting to cw2k server.

for example cw2k installed on c:\

c:\cscopx\log\syslog.log

this is a text file which will give you an idea whether syslog messages are being log. if you see ip addresses rather than hostnames, good indication dns reverse lookup isn't working.

Or

open ciscoworks, goto RME, Syslog Analysis, Unexpected Device Report. if you see syslogs here but Device Names are IPs, then you definately have a dns reverse lookup problem.

also it would be good to have correct timestamp.

service timestamps log datetime localtime

good luck

99
Views
0
Helpful
5
Replies