CiscoWorks LMS 4.1, syslog analyzer parsing non-Cisco device.

Hello.
Can Syslog Analyzer parse syslog messages coming from a Non-Cisco device?
I'm trying to parse message from a HP Virtual Connect module without success.
Thanks.
Andrea

Hi Andrea,
You could use syslog-ng to write a generic mnemonic into the message and forward it to LMS.
Something like:
syslog-ng->add fac-sev-mne: message->lms
However, I would also caution you that LMS is *not* meant to be a "syslog" manager - there are usually way to many syslog messages in most environments for it to handle that many - which is why most syslog managers are standalone servers.
In order to make sure that the NMS systems that syslog-ng forward messages to receive the correct source, syslog-ng needs to be compiled with the source spoof option. This will allow messages received on other NMS’s (such as LMS) to appear to come from the original devices rather than from the syslog-ng server.
Compiling from source:
Install the syslog-ng prerequisites from Balabit
You must configure syslog-ng with --enable-spoof-source in order to enable the spoof source feature (which is disabled by default).
./configure --enable-spoof-source
make && make install
If you run into any issues during the installation, you can refer to the syslog-ng forum  or you can refer to the syslog-ng knowledge base
Lastly, here's a great paper on syslog management:
Building Scalable Syslog Management Solutions

Similar Messages

  • Non-Cisco devices support in LMS 4.1

    Hi! How i could import third party MIB file for my devices? Is there any guide/manual for working with non-cisco devices?

    Specifically which module are you talking about?
    The most flexibile module is HUM which has support for third party devices
    Most modules do not support non cisco devices, compelte list is here:
    http://www.cisco.com/en/US/products/ps11200/products_device_support_tables_list.html
    Regards
    Farrukh

  • What non cisco devices can be monitored by MARS

    We are in the process or purchasing the MARS 110R and was wondering what other non cisco devices on our network can be monitored by MARS for intance our exchange servers.

    You can monitor the security event logs (as well as most other windows event logs) using MARS. I'm not sure it understands Exchange specific event logs, but it should be able to parse the normal authentications that take place in an Exchange environment (and are logged to the security event log). Here is the list:
    http://www.cisco.com/en/US/docs/security/security_management/cs-mars/4.3/compatibility/local_controller/dtlc43x.html

  • Cisco Prime - non Cisco devices

    Hi
    We have started using Cisco Prime for our network management. On our sites we have a few devices managed by other vendors which are non cisco devices, we would like to keep these in the diagrams on cisco prime but since we don't manage them we don't want them to use up our licenses.
    Is there a way to retain the device info maybe as a note or something on the side of the diagram without the device using up a seat in the license?

    Which Prime? LMS or Infrastructure? ..or one of the others.
    LMS for example doesn't ever display a non-Cisco device in the Topology view. It does limited management of non-Cisco devices and they do not consume device licenses.

  • Auto Smartports with non-Cisco devices

                       I have used auto smartports in the past and have been successful creating macros that use mac-addresses.
    My question is can I create a macro that works with non-Cisco devices that are CDP capable? 
    We have Motorolla access points that use CDP and I would like to use auto smartports to put them on their own VLANs.
    Can it be done using CDP?  What version of the IOS would I need to be on?  Currently the 3750-Xs are on 12.2.(55).
    Are there any guides or configuration examples?  I've searched but have been unsuccessful in find anything so far.
    I have seen some articles that reference device sensors and device profiles, but have no idea where to begin.
    Thanks in advance for your support.

    You may need to create a Cisco TAC case for this.
    If not, then move this thread to the EEM section.  If the Moto AP supports CDP then you can get someone (like Joe Clark) to build a small EEM script.
    EEM is supported up to the 3560/3750.

  • Can WAE be integrated with non-cisco devices?

    So far, all documentation that I read, WAE is used in conjunction with Cisco devices.  Can WAE be integrated with non-cisco devices? 
    I guess, In-line mode should work ok, but how about off-path mode?  An example or link will be appreciated.
    Thanks!
    Joe

    Hi Joe,
    It should be possible to use WAAS with non-cisco routers, as long as they support WCCP.
    There are no documents on this because, the configuration from WAAS point of view would be the same, and the router configuration would depend on the vendor.
    Regards
    Daniel

  • Need assistance in Ciscoworks LMS 3.2 for enable monitoring of cisco switches

    Hello,
    I am new to the ciscoworks LMS 3.2. I have a task to add a devices in ciscoworks and configure the SNMP on the devices and ciscoworks both. My company has bought the ciscoworks LMS3.2 in 2009 december since then one engineer has configured some devices in it but not fully. I tried to look into the guides and documentation but has huge stuff. My infrastructure lead also not familiar of ciscoworks tool. I know there is lot of documentation in it but I have very less time say this weekend I have to activate monitoring of devices in ciscoworks LMS 3.2. Can anyone please provide me the screenshots or step-by-step procedure to how to enable a device for monitoring who has prior experience on ciscoworks LMS 3.2.
    Regards,
    Ahmed

    Regarding SNMP reachabilty, you are the man........ thats true the firewall is blocking, because the subnets for the swithces which i m trying to add into the ciscoworks are not added into the firewall. Those subnets are different than the other 20 switches which are shown as reachable.
    and regarding the swithces which are already seen reachable, based on the document you have provided me for alert and monitoring of a device. I checked the DFM and configured as it is but still i didn't see any of the alert when I turned off one of the 4506E power supply. Is there something I am missing it.
    What do you need from my side to provide information or screenshot so that we can sort out the issue of monitoring of the device. Should I get an alert even if the device goes down?
    regards
    Ahmed

  • Syslog server for Monitoring Cisco devices

    I am looking for Syslog server to log all logs from Cisco devices. We have more than 800 cisco devices. Can anyone tell me what syslog server should i use to log these files.
    Thank you.

    Has anyone used the Cisco recommendation of Buliding Scalable Syslog Solutions?
    http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html#wp9000318
    I used this in another organaztion and we were very successful, we currenlty use Netcool that feeds from a syslog and we get several non-actionable alarms and it's very time consuming for 13,000 devices.  I would only like to alert on 0-5 Cisco Syslog messages.  Below is the response from my Netcool Administrator (What are your thoughts?):
    From my Netcool Administrator:
    Regarding, using the Cisco syslog severity for alert control, I feel that is not the best way to control the work in Netcool.
    1. -- Cisco is not consistent with the use of this value.
        Examples:
            In this case the important message is the lower severity alert: I would consider the BGP-3-NOTIFICATION of a 6 level of Informational
            Aug  4 03:10:01 rtgara02r01m04-lb0.us.bank-dns.com 001458: Aug  4 03:10:01: %BGP-5-ADJCHANGE: neighbor 10.93.69.106 Down BGP Notification sent
            Aug  4 03:10:02 rtgara02r01m04-lb0.us.bank-dns.com 001459: Aug  4 03:10:01: %BGP-3-NOTIFICATION: sent to neighbor 10.93.69.106 4/0 (hold time expired) 0 bytes   
            This one is near the top level of serverity per Cisco but not all that severe in reality, further this syslog has a bug where the threshold is not even exceeded
            %ENVMON-1-CPU_WARNING_OVERTEMP: Critical Warning: CPU temperature 107C exceeds threshold 110C.  Please resolve system cooling immediately to prevent system damage
            This one is reporting a standard condition:
            %ILPOWER-5-POWER_GRANTED: Interface Fa0/24: Power granted
            Here is an example of a 1 where the voice group says that nothing is wrong:
            Aug  4 13:08:42 rtgcaa75u01-01.sw.us.bank-dns.com 047489: Aug  4 11:08:41: %IVR-1-APP_PARALLEL_INVALID_LIST: Call terminated.  Huntgroup \'1\' does not contain enough valid SIP end-points to proceed with a parallel call.

  • Ciscoworks LMS 3.2 unable to run Software or Device Update

    I am not able to run software or device update.  Initially I thought it was my proxy (Bluecoat) problem.  so I bypassed the proxy and still getting the same error.  based on the PSU.log, I am getting 404 error which ususally HTTP Not Found.  I am wondering if the URLs have been moved?  I've attached a sample of TCP stream in plain text.
    with proxy credential:
    [ Mon Mar 05 18:56:20 PST 2012 ] INFO   [SwUpdateAction : selectAllUpdates]  : Validated Cisco.com credentials..
    [ Mon Mar 05 18:56:23 PST 2012 ] ERROR  [CcoDownloadAdapter : getXmlFileList]  : failed to connect to Cisco.com:RespCode=404, RespMsg=Not Found
    [ Mon Mar 05 18:56:23 PST 2012 ] ERROR  [RemoteRepSync : downloadPsuHeadersAsXml]  : VDSException thrown com.cisco.nm.xms.vds.VDSException: CcoDownloadAdapter::getfileList():failed to connect to Cisco.com.
    [ Mon Mar 05 18:56:23 PST 2012 ] INFO   [SwUpdateAction : selectAllUpdates]  : removing SwUpdateLock, due to exception..
    bypass proxy:
    [ Tue Mar 06 14:57:24 PST 2012 ] INFO   [SecurityHandler : getCSProxyLogin]  : No proxy User Name configured
    [ Tue Mar 06 14:57:27 PST 2012 ] INFO   [SwUpdateAction : selectAllUpdates]  : Validated Cisco.com credentials..
    [ Tue Mar 06 14:57:27 PST 2012 ] ERROR  [CcoDownloadAdapter : getXmlFileList]  : failed to connect to Cisco.com:RespCode=404, RespMsg=Not Found
    [ Tue Mar 06 14:57:27 PST 2012 ] ERROR  [RemoteRepSync : downloadPsuHeadersAsXml]  : VDSException thrown com.cisco.nm.xms.vds.VDSException: CcoDownloadAdapter::getfileList():failed to connect to Cisco.com.
    [ Tue Mar 06 14:57:27 PST 2012 ] INFO   [SwUpdateAction : selectAllUpdates]  : removing SwUpdateLock, due to exception..

    it seems, your problem is bugID CSCto46927; you can download the patch for windows here: cwcs33x-win-CSCto46927-1.zip
    Also, consider to update LMS 3.2 to version LMS 3.2.1 and apply alls other application patches and point patches available;
    LMS 3.2 SP1:
              ciscoworks_lms321_win_k9.zip

  • CiscoWorks LMS 4.0.1 and devices other than Cisco.

    Hello.
    Can I use some CiscoWorks LMS functions like config management, topology, with devices other than Cisco?
    Thanks.
    Andrea

    No, RME, Campus and DFM are still hardcoded to restrict to cisco devices.
    HUM and IPSLA are more open.
    The functionality from the HUM will allow you to monitor availablilty, interfaces and you can add OID's yourself.
    IPSLA can use non cisco devices as a target for their tests.
    Cheers,
    Michel

  • Migrating from CiscoWorks LMS 3.1 to Cisco Prime LMS 4.2

    Hi Everyone
    My client was formerly having CiscoWorks LMS 3.1. Recently, they purchased Cisco Prime Infrastructure v1.2, which comes with Cisco Prime LMS 4.2. Can I migrate the database (equipment list, usernames etc.) of the CiscoWorks LMS 3.1 to Cisco Prime LMS 4.2? If yes, how do I do this? Please kindly advice.
    Shown below, were the Part Numbers quoted to the end client.
    R-PI12-UP-K9
    LMS 2.x/3.x to Cisco Prime Infrastructure 1.2 Major Upgrade
    L-PI12-LF-1.5K-LIC
    Prime Infrastructure 1.2 - Lifecycle - 1.5K Device Lic PAK
    L-PILMS42-1.5K-U
    Prime Infrastructure LMS 4.2 - 1.5K Device Maj Upg Lic
    R-PI12-BASE-K9
    Prime Infrastructure 1.2 Base License and Software
    L-PI12-1.5K-UP
    LMS 2.x/3.x to Prime Infrastructure 1.2 Maj Upg 1.5K Device
    Regards,
    Ram

    Thanks Marvin for your advice. Just one last question, there's a statement in the URL that you've provided
    "Ensure that the passwords, HTTPS port and SMTP server details are same in both LMS 3.2 SP1, LMS 4.0.1 or LMS 4.1 server and LMS 4.2 server with Symantec Veritas implementation, while migrating data from non-HA to HA environment."
    Does this mean my client need to purchase Symantec Veritas, as well?

  • Cisco LMS 3.2 SYSLOG not storing after 10 days

    Hi ,
    Im facing one issue with Cisco LMS 3.2
    Issue : The logs is generating only for 10 days and post that im not able to see the logs. I have not done any config changes. The only change i have done is i have completely reinstalled the LMS. i did multiple troubleshoot but not able to resolve this isse. It would be great If any some one is  able to help me in this isse.  Thanks.
    Regards,
    Juliet

    Dear Vinod
    Thanks for ur response and the problem has been resolved.
    The purge policy was set to 60 days only .The problem in reports viewing setting.
    Syslog folder under LMS would store syslog reports of both the device as well as applications for defined folder size , which in your case was 1 MB ( same can be viewed under log generator option).  The  older reports would get deleted from the folder upon reaching the limit.
    The only way to view device syslog is under following option :  Reports -> Reports Generator  in LMS  GUI where we will have to choose syslog with desired attribute.
    Regards,
    Juliet

  • Non CISCO unknown devices are being discovered in LMS

    Hi!
    I have had no problem with discovery which was used on cdp basis so far.
    Now the CDP packets do not arrive via new MPLS backbone network.  I have to use the "ping sweep feature in IP range" feature. I had to enter more than 400 subnet from file before there are more than 400 branches. ( etc. 10.31-9.1-50.252 255.255.255.252 )
    I have experienced two problems
    1. The discovery never end ( now this is not important ) :-)
    2. The common services -- device management shows discovered unknown devices whose ip addresses out side the range what are entered by me in the ping sweep range and theirs OID is not CISCO.
    (  1.3.6.1.4.1.2001.1.1.1.1  ,  1.3.6.1.4.1.11.2.3.9.1  ,  1.3.6.1.4.1.674.10892.2  , 1.3.6.1.4.1.18334.1.1.1.2.1.7.1.2 and even more )
    Due to more than 300 unknown devices the LMS device number is beyond the license number!!!!!
    Our questions.
    Why does lms add the unknown devices ( non cisco devices ) to the inventory ?
    How could lms discover  these devices ??? ) ( theirs IP are out of ping sweep range and non cdp capable devices )
    Thanks in advance!

    Thank you!
    The unknown devices were in unreachable state and they were added to DCR.
    I don't use include or exclude filter what were referred by bug.
    In spite of i use seed device list from file the LMS ping sweep debug log shows that LMS try to ping other IP addresses!!!!
    You're right, it is not normally operation may be TAC will be needed to  solve it.
    ( whether who tested it ?)
    Regards,

  • Interconnecting cisco switches with non-cisco switches

    I need help concerning interconnecting two Cisco switches (3550’s) using a non-Cisco switch or hub on the LAN. I have noticed that the two Cisco switches connected using a non-Cisco switch are able to communicate well, however a PC connected to the non-Cisco switch/hub can not ping any device on the LAN. The non-Cisco device is a working one. When the two Cisco switches are connected using a Cisco switch, PCs connected to the interconnecting switch are able to ping. What’s the explanation? Please help.

    Building configuration...
    Current configuration : 3342 bytes
    ! No configuration change since last restart
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    clock timezone GMT -2
    ip subnet-zero
    ip rcmd rcp-enable
    ip rcmd remote-username cwuser
    spanning-tree mode pvst
    spanning-tree extend system-id
    interface FastEthernet0/1
    switchport mode dynamic desirable
    interface FastEthernet0/2
    switchport mode dynamic desirable
    interface FastEthernet0/3
    switchport mode dynamic desirable
    interface FastEthernet0/4
    switchport mode dynamic desirable
    interface FastEthernet0/5
    switchport mode dynamic desirable
    interface FastEthernet0/6
    switchport mode dynamic desirable
    interface FastEthernet0/7
    switchport mode dynamic desirable
    interface FastEthernet0/8
    switchport mode dynamic desirable
    interface FastEthernet0/9
    switchport mode dynamic desirable
    interface FastEthernet0/10
    switchport mode dynamic desirable
    interface FastEthernet0/11
    switchport mode dynamic desirable
    interface FastEthernet0/12
    switchport mode dynamic desirable
    interface FastEthernet0/13
    switchport mode dynamic desirable
    interface FastEthernet0/14
    switchport mode dynamic desirable
    interface FastEthernet0/15
    switchport mode dynamic desirable
    interface FastEthernet0/16
    switchport mode dynamic desirable
    interface FastEthernet0/17
    switchport mode dynamic desirable
    interface FastEthernet0/18
    switchport mode dynamic desirable
    interface FastEthernet0/19
    switchport mode dynamic desirable
    interface FastEthernet0/20
    switchport mode dynamic desirable
    interface FastEthernet0/21
    switchport mode dynamic desirable
    interface FastEthernet0/22
    switchport mode dynamic desirable
    interface FastEthernet0/23
    switchport mode dynamic desirable
    interface FastEthernet0/24
    switchport mode dynamic desirable
    interface GigabitEthernet0/1
    switchport mode dynamic desirable
    interface GigabitEthernet0/2
    switchport mode dynamic desirable
    interface Vlan1
    ip address
    ip default-gateway
    ip classless
    ip http server
    snmp-server community
    snmp-server community
    snmp-server location
    snmp-server system-shutdown
    snmp-server enable traps snmp authentication warmstart linkdown linkup coldstart
    snmp-server enable traps config
    snmp-server enable traps entity
    snmp-server enable traps flash insertion removal
    snmp-server enable traps bridge
    snmp-server enable traps stpx
    snmp-server enable traps rtr
    snmp-server enable traps port-security
    snmp-server enable traps vtp
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps envmon fan shutdown supply temperature status
    snmp-server enable traps MAC-Notification
    snmp-server enable traps hsrp
    snmp-server enable traps cluster
    snmp-server enable traps copy-config
    snmp-server enable traps syslog
    snmp-server enable traps vlan-membership
    line con 0
    line vty 0 4
    login
    line vty 5 15
    login
    ntp clock-period 17180064
    end

  • Log Analyzer for Cisco devices

    Hi all:
    Could you please help me finding a Log Analyzer tool for Cisco devices (preferably, free).
    Thanks!
    W.

    In the free arena, many people recommend the Kiwi Syslog Analyzer. Solarwinds bought the product last year and now market a licensed version; but they stil offer a free version as well. See:
    http://www.solarwinds.com/products/freetools/kiwi_syslog_server/

Maybe you are looking for