CiscoWorks log overflooded

Hi all
I have two logs which are overflooded. Can anyone tell me what these records indicate, and what to do?
In dmgtDbg.log these INFO records come again and again:
[Tue Nov 04 07:05:31 W. Europe Standard Time 2008][dmgrDbg]##### INFO ##### re-evaluate DbgLevel=0x0
[Tue Nov 04 07:05:37 W. Europe Standard Time 2008][dmgrDbg][dmgrDbg] getenv(PX_DBG)=NULL
[Tue Nov 04 07:05:37 W. Europe Standard Time 2008][dmgrDbg][dmgrDbg] getenv(PX_MY_DEBUG)=NULL
[Tue Nov 04 07:05:37 W. Europe Standard Time 2008][dmgrDbg][dmgrDbg] getenv(PX_MY_TRACE)=NULL
[Tue Nov 04 07:05:37 W. Europe Standard Time 2008][dmgrDbg][dmgrDbg] getenv(PX_DBG_LEVEL)=NULL
The CSDiscovery.log is growing very fast (maybe this is normal?)with records like this:
070027 GeneralSystemAGI@45: [EvalTask-DiscoveryThreadPool-19/10.200.2.15]GeneralSystemAGI: eval() >>>
070027 GeneralSystemAGI@63: [EvalTask-DiscoveryThreadPool-19/10.200.2.15]GeneralSystemAGI: eval() <<<
070027 GeneralIpAddrAGI@42: [EvalTask-DiscoveryThreadPool-19/10.200.2.15]GeneralIpAddrAGI: eval() >>>
I regularly run the logbackup.pl that emptys the log. But the recomended filesize of 1024KBytes is soon reaced again.

The messages in dmgtDbg.log are typical. You will just need to rotate this file when it gets too big. The log file size recommendations are on the low side, so I wouldn't worry about those.
As for the CSDiscovery.log, go to Common Services > Server > Admin > CS Log Configurations, and make sure CS Discovery debugging is disabled.

Similar Messages

  • CiscoWorks log export

    So my organization got a logging solution called Logrhythm a while back. the operator of this server is asking if the Ciscoworks LMS syslogs can be exported to it. I'm not much of a Ciscoworks guy yet but can they be exported to another logging solution?
    Also...has anyone ever heard of Logrhythm? So far I haven't met anyone. If so what's you're take on it?
    Thanks

    Hello Applesmash,
    I would suggest you  to post this question under network management forum, where you can find better answers
    Hope to help
    Giuseppe

  • Logs overflooding

    1,6GB of logs (kernel.log, everything.log, ...) generated in one hour until low memory and finally kernel panic.
    My firewall was made by some online generator.
    Can I change the log level for iptables?
    Apr 5 16:57:33 skywalker ipt# bledne_pakiety IN=eth0 OUT= MAC=00:e0:4c:e9:c6:d6:00:15:f9:64:1a:c1:08:00 SRC=128.142.160.33 DST=156.17.234.114 LEN=52 TOS=0x00 PREC=0x0
    0 TTL=44 ID=44307 DF PROTO=TCP SPT=80 DPT=34172 WINDOW=1888 RES=0x00 ACK RST URGP=0
    Apr 5 16:57:34 skywalker ipt# bledne_pakiety IN=eth0 OUT= MAC=00:e0:4c:e9:c6:d6:00:15:f9:64:1a:c1:08:00 SRC=163.1.242.50 DST=156.17.234.114 LEN=52 TOS=0x00 PREC=0x00
    TTL=36 ID=35758 DF PROTO=TCP SPT=80 DPT=54445 WINDOW=2184 RES=0x00 ACK RST URGP=0
    Apr 5 16:58:02 skywalker ipt# bledne_pakiety IN=eth0 OUT= MAC=00:e0:4c:e9:c6:d6:00:15:f9:64:1a:c1:08:00 SRC=128.142.160.33 DST=156.17.234.114 LEN=52 TOS=0x00 PREC=0x0
    0 TTL=44 ID=44308 DF PROTO=TCP SPT=80 DPT=34172 WINDOW=1888 RES=0x00 ACK RST URGP=0
    Apr 5 16:58:04 skywalker ipt# bledne_pakiety IN=eth0 OUT= MAC=00:e0:4c:e9:c6:d6:00:15:f9:64:1a:c1:08:00 SRC=163.1.242.50 DST=156.17.234.114 LEN=52 TOS=0x00 PREC=0x00
    TTL=36 ID=35759 DF PROTO=TCP SPT=80 DPT=54445 WINDOW=2184 RES=0x00 ACK RST URGP=0
    Apr 5 17:02:04 skywalker syslog-ng[4032]: Log statistics; processed='center(queued)=2862', processed='center(received)=981', processed='destination(console)=0', proce
    ssed='destination(mail)=0', processed='destination(user)=0', processed='destination(uucp)=0', processed='destination(messages)=301', processed='destination(news)=0', p
    rocessed='destination(iptables)=579', processed='destination(everything)=978', processed='destination(lpr)=0', processed='destination(cron)=0', processed='destination(
    syslog)=32', processed='destination(authlog)=3', processed='destination(errors)=23', processed='destination(kernel)=946', processed='destination(daemon)=0', processed=
    'source(src)=981'
    Apr 5 17:02:56 skywalker ipt# INPUT:99 IN=eth0 OUT= MAC=00:e0:4c:e9:c6:d6:00:15:f9:64:1a:c1:08:00 SRC=153.107.41.159 DST=156.17.234.114 LEN=512 TOS=0x00 PREC=0x00 TTL
    =48 ID=65027 PROTO=UDP SPT=30936 DPT=1026 LEN=492
    Apr 5 17:05:57 skywalker ipt# INPUT:99 IN=eth0 OUT= MAC=00:e0:4c:e9:c6:d6:00:15:f9:64:1a:c1:08:00 SRC=156.17.162.177 DST=156.17.234.114 LEN=64 TOS=0x00 PREC=0x00 TTL=
    43 ID=31662 DF PROTO=TCP SPT=3920 DPT=5800 WINDOW=53760 RES=0x00 SYN URGP=0
    Apr 5 17:06:01 skywalker ipt# INPUT:99 IN=eth0 OUT= MAC=00:e0:4c:e9:c6:d6:00:15:f9:64:1a:c1:08:00 SRC=156.17.162.177 DST=156.17.234.114 LEN=64 TOS=0x00 PREC=0x00 TTL=
    43 ID=33162 DF PROTO=TCP SPT=1557 DPT=1433 WINDOW=53760 RES=0x00 SYN URGP=0
    Apr 5 17:06:56 skywalker ipt# INPUT:99 IN=eth0 OUT= MAC=00:e0:4c:e9:c6:d6:00:15:f9:64:1a:c1:08:00 SRC=75.4.174.64 DST=156.17.234.114 LEN=126 TOS=0x00 PREC=0x00 TTL=11
    3 ID=16149 PROTO=UDP SPT=24253 DPT=14826 LEN=106
    Apr 5 17:08:41 skywalker active!
    Apr 5 17:08:41 skywalker release_dev: ptm0: read/write wait queue active!
    Apr 5 17:08:41 skywalker release_dev: ptm0: read/write wait queue active!
    Apr 5 17:08:41 skywalker release_dev: ptm0: read/write wait queue active!
    Apr 5 17:08:41 skywalker release_dev: ptm0: read/write wait queue active!
    Apr 5 17:08:41 skywalker release_dev: ptm0: read/write wait queue active!
    Apr 5 17:08:41 skywalker release_dev: ptm0: read/write wait queue active!
    Apr 5 17:08:41 skywalker release_dev: ptm0: read/write wait queue active!
    10km :-o
    Apr 5 18:03:30 skywalker release_dev: ptm0: read/write wait queue active!
    Apr 5 18:03:30 skywalker release_dev: ptm0: read/write wait queue active!
    Apr 5 18:03:30 skywalker release_dev: ptm0: read/write wait queue active!
    Last edited by Kardell (2007-05-20 20:28:11)

    jerem wrote:
    You might want to only log connection attemps, by matching only the SYN flag(ACK being unarmed), which should heavily reduce what is logged.
    You can also fine tune logrotate to rotate every half hour...
    Thx ;-)
    firewall.sh from /etc/iptables/
    #!/bin/sh
    # Konfiguracja #
    F="/usr/sbin/iptables"
    LOG="ipt#"
    #interfejs globalny - dla sieci zewnetrznej
    G_NET_NAME="eth0"
    G_NET_IP="<censored>"
    #ustawienie modulow i konfiguracji jadra
    /usr/sbin/modprobe ip_tables
    /usr/sbin/modprobe ip_conntrack
    /usr/sbin/modprobe ip_nat_ftp
    /usr/sbin/modprobe ip_conntrack_ftp
    echo "1" > /proc/sys/net/ipv4/ip_forward
    #dynamiczny przydzial adresu
    #echo "1" > /proc/sys/net/ipv4/ip_dynaddr
    #ignorowanie ICMP echo request wysylanych na adres rozgloszeniowy
    echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
    #ochrona przed SYN flood
    echo "1" > /proc/sys/net/ipv4/tcp_syncookies
    #refuse source routed packets
    echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
    echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
    #walidacja zrodla za pomoca reversed path (RFC1812).
    echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
    #logowanie pakietow z nieprawidlowych adresow
    echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
    # INICJALIZACJA #
    echo "Ustawienia polityki dla lancuchow standardowych..."
    $F -P INPUT ACCEPT
    $F -P FORWARD ACCEPT
    $F -P OUTPUT ACCEPT
    $F -t nat -P PREROUTING ACCEPT
    $F -t nat -P OUTPUT ACCEPT
    $F -t nat -P POSTROUTING ACCEPT
    $F -t mangle -P PREROUTING ACCEPT
    $F -t mangle -P OUTPUT ACCEPT
    $F -t mangle -P INPUT ACCEPT
    $F -t mangle -P FORWARD ACCEPT
    $F -t mangle -P POSTROUTING ACCEPT
    echo "Czyszczenie regul dla lancuchow standardowych..."
    $F -F
    $F -t nat -F
    $F -t mangle -F
    echo "Kasowanie wszystkich niestandardowych lancuchow..."
    $F -X
    $F -t nat -X
    $F -t mangle -X
    if [ "$1" = "stop" ]
    then
    echo "Firewall zostal wylaczony."
    exit 0
    fi
    echo "Ustawienia polityki lancuchow standardowych..."
    $F -P INPUT DROP
    $F -P OUTPUT DROP
    $F -P FORWARD DROP
    echo "Tworzenie niestandardowych lancuchow regul..."
    $F -N bledne_pakiety
    $F -N bledne_pakiety_tcp
    $F -N pakiety_icmp
    $F -N tcp_wchodzace
    $F -N tcp_wychodzace
    $F -N udp_wchodzace
    $F -N udp_wychodzace
    # bledne_pakiety #
    echo "Tworzenie regul dla lancucha bledne_pakiety..."
    $F -A bledne_pakiety -p ALL -m state --state INVALID -j LOG --log-prefix "$LOG bledne_pakiety "
    $F -A bledne_pakiety -p ALL -m state --state INVALID -j DROP
    $F -A bledne_pakiety -p tcp -j bledne_pakiety_tcp
    $F -A bledne_pakiety -p ALL -j RETURN
    # bledne_pakiety_tcp #
    echo "Tworzenie regul dla lancucha bledne_pakiety_tcp..."
    #dla gate
    $F -A bledne_pakiety_tcp -p tcp -i $L_NET_NAME -j RETURN
    $F -A bledne_pakiety_tcp -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$LOG bledne_pakiety_tcp "
    $F -A bledne_pakiety_tcp -p tcp ! --syn -m state --state NEW -j DROP
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "$LOG bledne_pakiety_tcp "
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags ALL NONE -j DROP
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "$LOG bledne_pakiety_tcp "
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags ALL ALL -j DROP
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix "$LOG bledne_pakiety_tcp "
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "$LOG bledne_pakiety_tcp "
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$LOG bledne_pakiety_tcp "
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$LOG bledne_pakiety_tcp "
    $F -A bledne_pakiety_tcp -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
    $F -A bledne_pakiety_tcp -p tcp -j RETURN
    # pakiety_icmp #
    echo "Tworzenie regul dla lancucha pakiety_icmp..."
    $F -A pakiety_icmp --fragment -p ICMP -j LOG --log-prefix "$LOG pakiety_icmp fragmenty "
    $F -A pakiety_icmp --fragment -p ICMP -j DROP
    #pingowanie i logowanie pingowania
    # $F -A pakiety_icmp -p ICMP -s 0/0 --icmp-type 8 -j LOG --log-prefix "$LOG pakiety_icmp "
    # $F -A pakiety_icmp -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
    #ping - zachaszowac w przypadku odsloniecia powyzszych regul
    $F -A pakiety_icmp -p ICMP -s 0/0 --icmp-type 8 -j DROP
    #Time Exceeded
    $F -A pakiety_icmp -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
    $F -A pakiety_icmp -p ICMP -j RETURN
    # tcp_wchodzace #
    echo "Tworzenie regul dla lancucha tcp_wchodzace..."
    #ident request
    #reject zamiast drop w celu unikniecia opoznien przy polaczeniach
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 113 -j REJECT
    #FTP client (data port non-PASV)
    $F -A tcp_wchodzace -p TCP -s 0/0 --source-port 20 -j ACCEPT
    #FTP control
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 21 -j ACCEPT
    # Passive FTP
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 62000:64000 -j ACCEPT
    #ssh
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 22 -j ACCEPT
    #HTTP
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 80 -j ACCEPT
    #HTTPS
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 443 -j ACCEPT
    #SMTP
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 25 -j ACCEPT
    #POP3
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 110 -j ACCEPT
    #SSL POP3
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 995 -j ACCEPT
    #IMAP4
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 143 -j ACCEPT
    #SSL IMAP4
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 993 -j ACCEPT
    #ICQ File Transfers & Other Advanced Features
    #$F -A tcp_wchodzace -p TCP -s 0/0 --destination-port : -j ACCEPT
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 119 -j ACCEPT
    #User specified allowed TCP protocol
    $F -A tcp_wchodzace -p TCP -s 0/0 --destination-port 4662 -j ACCEPT
    #nie pasujace: powrot i logowanie
    $F -A tcp_wchodzace -p TCP -j RETURN
    # tcp_wychodzace #
    echo "Tworzenie regul dla lancucha tcp_wychodzace..."
    #nie pasujace ACCEPT
    $F -A tcp_wychodzace -p TCP -s 0/0 -j ACCEPT
    # udp_wchodzace #
    echo "Tworzenie regul dla lancucha udp_wchodzace..."
    #Drop netbios calls
    $F -A udp_wchodzace -p UDP -s 0/0 --destination-port 137 -j DROP
    $F -A udp_wchodzace -p UDP -s 0/0 --destination-port 138 -j DROP
    #ident - reject zamiast drop w celu unikniecia opoznien w polaczeniach
    $F -A udp_wchodzace -p UDP -s 0/0 --destination-port 113 -j REJECT
    #DNS
    $F -A udp_wchodzace -p UDP -s 0/0 --destination-port 53 -j ACCEPT
    #dopuszczalny zakres portow udp
    $F -A udp_wchodzace -p UDP -s 0/0 --destination-port 4672 -j ACCEPT
    #nie pasujace - powrot i logowanie
    $F -A udp_wchodzace -p UDP -j RETURN
    # udp_wychodzace #
    echo "Tworzenie regul dla lancucha udp_wychodzace..."
    #nie pasujace ACCEPT
    $F -A udp_wychodzace -p UDP -s 0/0 -j ACCEPT
    # INPUT #
    echo "Tworzenie regul dla lancucha INPUT..."
    $F -A INPUT -p ALL -i lo -j ACCEPT
    $F -A INPUT -p ALL -j bledne_pakiety
    #DOCSIS compliant cable modems
    #Drop without logging.
    $F -A INPUT -p ALL -d 224.0.0.1 -j DROP
    #Ustanowione polaczenia
    $F -A INPUT -p ALL -i $G_NET_NAME -m state --state ESTABLISHED,RELATED -j ACCEPT
    #reszta do odpowiednich lancuchow
    $F -A INPUT -p ICMP -i $G_NET_NAME -j pakiety_icmp
    $F -A INPUT -p TCP -i $G_NET_NAME -j tcp_wchodzace
    $F -A INPUT -p UDP -i $G_NET_NAME -j udp_wchodzace
    #zatrzymanie rozgloszen
    $F -A INPUT -p ALL -d 255.255.255.255 -j DROP
    #nie pasujace - logowanie
    $F -A INPUT -j LOG --log-prefix "$LOG INPUT:99 "
    # FORWARD #
    #dla gate caly
    echo "Tworzenie regul dla lancucha FORWARD..."
    #nie pasujace - loguj
    $F -A FORWARD -j LOG --log-prefix "$LOG FORWARD:99 "
    # OUTPUT #
    echo "Tworzenie regul dla lancucha OUTPUT..."
    $F -A OUTPUT -m state -p icmp --state INVALID -j DROP
    $F -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
    $F -A OUTPUT -p ALL -o lo -j ACCEPT
    $F -A OUTPUT -p ALL -o $G_NET_NAME -j ACCEPT
    #nie pasujace - loguj
    $F -A OUTPUT -j LOG --log-prefix "$LOG OUTPUT:99 "
    # mangle table #
    echo "Tworzenie regul dla mangle table..."
    Last edited by Kardell (2007-04-12 00:19:25)

  • CiscoWorks: Not receiving syslogs, since we change CiscoWorks server IP Address

    Hi,
    We  are using CiscoWorks 3.2.1. We have changed CiscoWorks server IP  Address, since then we are not receiving syslogs from Devices. Although  devices configurations have also been changed so that they log to new IP  Address e.g. logging new IP Address. But we are not getting syslogs now.
    Rest  all operations of CiscoWorks are working ok. E.g. We can access it from  IE, inventory/config collection working, we can deploy configs etc. But  we are not getting syslogs.
    Also :
    Test Collector Subscription Status
    SSL certificate status   SSL certificates are valid and properly imported
    Collector status       Collector Server_IP_Address is up and reachable.
    but I am not seeing any new alerts receiving here.
    When I do start the SyslogCollector.log/SyslogAnalyzer.log from server, I get below message;
    E:\Ciscoworks\log>net start crmlog
    The requested service has already been started.
    More help is available by typing NET HELPMSG 2182.
    E:\Ciscoworks\log>pdexec SyslogCollector.log
    ERROR: cmd failed. Server reason: Application SyslogCollector.log is not registe
    red.  All requests to operate on this application will be ignored.
    E:\Ciscoworks\log>pdexec SyslogAnalyzer.log
    ERROR: cmd failed. Server reason: Application SyslogAnalyzer.log is not register
    ed.  All requests to operate on this application will be ignored.
    E:\Ciscoworks\log>
    Please advise what need to be changed on CiscoWorks in reference to new IP Address.Its required urgently.
    Thanks

    We have already remove the logging on old IP from devices, and now about 4000 devices are logging to new IP.
    Above mentioned problem is on CiscoWorks only, as its not collecting the syslogs. Below error message might suggest some solution.
    E:\Ciscoworks\log>net start crmlog
    The requested service has already been started.
    More help is available by typing NET HELPMSG 2182.
    E:\Ciscoworks\log>pdexec SyslogCollector.log
    ERROR: cmd failed. Server reason: Application SyslogCollector.log is not registered.  All requests to operate on this application will be ignored.
    E:\Ciscoworks\log>pdexec SyslogAnalyzer.log
    ERROR: cmd failed. Server reason: Application SyslogAnalyzer.log is not registered.  All requests to operate on this application will be ignored.
    E:\Ciscoworks\log>

  • CSDiscovery Log

         Hi
    See the following in the CSDiscovery log
    log4j:WARN No appenders could be found for logger (com.cisco.nm.csdiscovery.CSDiscoveryManager).
    log4j:WARN Please initialize the log4j system properly.
    Is this a problem as I am trying to get to the bottom of an issue with Phones numbers.
    Thanks

    Short answer :This is "normal".
    Unfortunately many ciscoworks logs are swapped with errors and warnings when everything is just fine.
    It is not a cisco or ciscoworks problem but it is rather "normal" for a lot of these java apps out there. A lot of developers nowadays are more then happy if their shit compiles in their IDE. Fixing the mess is too expensive.
    On top of that a lot of the log messages written into the log are just meant to fill logfiles (because the spec said so) rather then provide clues as to what is not working. (Yeah, maybe if you know where in the source code this message was sent, it could help you)
    I assume cisco outsources the development and that hurts quality. I really feel some parts are designed by someone that understands what he is trying to do, other parts are designed by someone who has no clue, build according to the spec, minimal implementation. Whether that "saves money" in the long run remains to be seen. 
    Cheers,
    Michel

  • LMS 2.6 - SyslogCollector.log failed during routine backup

    Hi,
    We have an issue whereby the routing server backup keep failing (incomplete) and showing below status everytime:-
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:10.0pt;
    font-family:"Times New Roman","serif";}
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:10.0pt;
    font-family:"Times New Roman","serif";}
    Unable to open file. (FILE=D:\CiscoWorks\log\SyslogCollector.log.3, EC=Access is denied.)
    Can anyone advise whether the file is crucial for recovery? If not then is there anyway it can be filter during backup?
    Thanks,
    Edward

    This file can simply be deleted.  It is an archived log file.  The only reason you would needthis file is if you're trying to diagnose a problem with SyslogCollector.

  • Intermitent Loss of Network Connectivity

    Lately, some users in our network (a gigabit switched network) have been experiencing intermitent loss of connectivity to their network servers/resources. The message reads: "The connection to the remote computer was broken. This may have been caused by a network error...."
    A review of the core switches'logs revealed nothing out of the ordinary and CiscoWorks logged nothing. Does anybody know what else I might be missing here in trying to troubleshoot this problem??

    Mparek is on the right track here, check the logs on the server that you are getting the error connecting to. It MIGHT be the network, but often it is the server, either being too busy to respond, or having a malfunction of some type. If it's on a broad range of servers, check the switch closest to that block, but check the pc's first.

  • Ciscoworks 3.1 syslog.log filtering

    Hello Cisco community!
    I would like to ask a question about syslog.log file in Ciscoworks 3.1.
    I was able to forward my syslog messages to another syslog server ( with a syslog-agent forwarding the content of the syslog.log file ), but in the syslog.log file there is other syslog messages that i don't want to forward ( about processes and other things ). I only want to forward the syslog messages that the devices's sent to CW.
    Can i somehow filter out in Ciscoworks the messages that i don't want to forward?
    Thanks for help.

    You mean you can't find the syslog.log file? A trip to regedit may be in order:
    http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_tech_note09186a00800a7275.shtml
    On a Windows System, the location is defined in the registry [ which can be viewed from regedit]:
    \system\currentControlSet\Services\CRMlog\Parameters
    LogFile = "CSCOpx\log\syslog.log"

  • Unable to log in to CSM.

    Hi All,
    I am getting an error while trying to log in to the CSM. The error is as follows:
    "CMF session-id cannot be assigned. Please confirm the server is running."
    All the services are running and I restarted the service and server as well.
    tried the steps mentioned in the discussion https://supportforums.cisco.com/thread/2035094 already.
    When I try to log in to the CiscoWorks home page  the following message is displayed:
    Forbidden
    You don't have permission to access /cwhp/LiaisonServlet on this server.
    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
    CSM version is 3.3.0.
    Please assist me with this.
    Regards,
    Faiz

    If you've followed all the steps in the linked thread without success, you'll most likely need to contact the TAC to get it fixed.

  • Follow-up on "LastSeen" field of UserTracking in CM of CiscoWorks

    Found this discussion here ("LastSeen"  field of UserTracking table in Campus Manager of CiscoWorks).
    Here is a few follow-up questions:
    If UT acquisition is scheduled to run everyday, and a user end host (PC workstation) is online all the time on the same port, does the LastSeen column change everyday?
    If the LastSeen field stales, what could be the reason(s)? I guess the troubleshooting should start with the log files. What should one look for?
    If a user end host powers down everyday during the UT acquisition, what happens?
    Thanks!
    Wei

    1. Yes.
    2. If it stales, it could be that Data Collection is not running properly (there is a bug in CM 5.2.1 where this can happen if wireless devices are in the network), or it could be that the end host could not be found.  The log would be ut.log for UT acquisition, and ani.log for Data Collection.
    3. If the user power downs their host before UT acquisition can see it, then the last seen field will not be updated.  This kind of thing is why we added Dynamc UT.  Dynamic UT allows UT to get notified when users enter or exit the network in near real-time.

  • Error while trying to open RME home in Ciscoworks LMS 3.2

    Dear friends,
    I get the following error while trying to open RME home.
    "Error occurred while fetching Out-of-Sync count"
    Here's the exact error message:
    HOME0004: Error occurred while fetching Out-of-Sync count. Check RMEHome.log for more details.
    Pls advise.
    Thanks a lot
    Gautam

    Dear Jason,
    Now, i dont get this error and the home page opens but i get the following message in red text for some portions of RME:
    You are not authorized to view the detailsI also tried creating another user with full privileges and used his login but still i see the same results.I had installed LMS the first time in non-ACS mode and the second time i re-installed on top of the previous installation again because i got some Apache errors. I dont think that the reinstall prompted me for the ACS mode but from what i see, it is local and not ACS.Do you think that i should try to reinstall again Ciscoworks? Is reinstall better or uninstall and a subsequent fresh install?

  • User tracking not finding any hosts in Ciscoworks LMS 3.1

    L.S.
    Our test-configuration is as follows:
    Application versions:
    Ciscoworks LMS 3.1
    Ciscoworks Common Services 3.2.0
    Campus Manager 5.1.4
    We have 31 managed devices in Campus Manager (data has been collected on all),
    Edit: All of them show up green in the topology window.
    The device are: 2 6509 cores (running IOS s72033_rp-IPSERVICESK9_WAN-M version 12.2(18)SXF8), 1 ASA firewall (running ASA-OS version 8.0.5) and 29 switches (2960 and 3560 models both running ios version 12.2(52)SE). The switches are connected as follows:
    User tracking jobs are running normally, but aren't finding any end-hosts or IP phones at all (I suspect around 250-500 hosts+ on these switches)
    We are running SNMP v3 on the switches and have added the following configuration items to all the switches:
    snmp-server group readonly v3 auth context vlan-1
    <repeat for all present snmp-contexts as shown in show snmp context output>
    snmp-server group readonly v3 auth context vlan-83
    Debugging is enabled in CM->Admin->Debugging Options->User Tracking Server
    This is the UT.log file of the last major acquisition:
    messages will remian logged to file: D:\PROGRA~1\CSCOpx\log\ut.log
    2010/01/13 14:00:01 main MESSAGE ProcessInitializer: Properties will be read from D:\PROGRA~1\CSCOpx\campus\etc\cwsi\ut.properties
    I= 0value *.*.*.*
    I= 1value 6
    I= 2value 1
    2010/01/13 14:00:01 main MESSAGE DBConnection: Created new Database connection [hashCode = 10969598]
    PartialOrderNode tree dump: time base = VMPSMajor
    <root>
        VMPSMajor: <root>
        VMPSMajor:     VMPSMajor.GetXMLData
        VMPSMajor:         VMPSMajor.PingSweep
        VMPSMajor:         VMPSMajor.PopulateFromDCR
        VMPSMajor:             VMPSMajor.GetPortStatus
        VMPSMajor:                 VMPSMajor.GetBridgeTable
        VMPSMajor:             VMPSMajor.Sweep
        VMPSMajor:                 VMPSMajor.GetIpXlateTable
        VMPSMajor:                 VMPSMajor.GetIpv6XlateTable
        VMPSMajor:                     VMPSMajor.GenerateTable6
        VMPSMajor:                         VMPSMajor.GenerateTable
    SMFunction evaluation order: time base = VMPSMajor
      VMPSMajor.GetXMLData  Major
      VMPSMajor.PingSweep  Minor
      VMPSMajor.PopulateFromDCR  Major
      VMPSMajor.GetPortStatus  Minor
      VMPSMajor.Sweep  Major
      VMPSMajor.GetBridgeTable  Minor
      VMPSMajor.GetIpXlateTable  Minor
      VMPSMajor.GetIpv6XlateTable  Minor
      VMPSMajor.GenerateTable6  Major
      VMPSMajor.GenerateTable  Major
    Time base VMPSMajor has 5 major nodes and 3 minor traversals.
    log4j:ERROR No appenders could be found for category (CTM.common).
    log4j:ERROR Please initialize the log4j system properly.
    In classlist loader
    In classlist loader processing sub classes
    updation done
    In classlist loader completed
    2010/01/13 14:00:03 main MESSAGE DBConnection: Created new Database connection [hashCode = 12524859]
    Calling default
    Subnet to SubnetData Map Size :73
    2010/01/13 14:01:31 DBConnecton-Reaper MESSAGE DBConnection: Closed Database connection [hashCode = 12524859]
    2010/01/13 14:01:31 DBConnecton-Reaper MESSAGE DBConnection: Closed Database connection [hashCode = 10969598]
    2010/01/13 14:04:50 main MESSAGE DCRDevWrapper: Closing DCRProxy
    I'm slowly getting to a dead end here. What am I missing?

    Well, our problem was resolved finally through a weird coincendence after having a websession with a Cisco TAC engineer (TAC case SR 613376661)
    We changed the
    snmp-server group readonly v3 auth context vlan-xxxx
    commands in the switches to:
    snmp-server group writeonly v3 auth context vlan-xxxx
    that is: use the writestring in the snmp-server groups instead of the read string.
    After we changed that, all of the User Tracking mysteriously started working.
    As far as I know, the writestring should not be needed, but apparently it is....
    Is there any explanation for this?

  • Where can I find an explanation of Processes and Log files for LMS 3.2?

    Being fairly new to Ciscoworks, I've been scouting for documentation that explains the processes as enumerated by the "pdshow" command. Also, when there are problems, I find myself hunting through the log files without a clear understanding of which log file most likely contains the data I need for troubleshooting purposes.
    Is there a document, preferably in table format, that has at least a brief explanation of each of these items? I can probably eventually glean this information from reading all of the documentation, but that would be a lengthy task.
    Thanks in advance.

    Hi John,
    Kindly refer to below doc by Joseph Clarke which have detailed explanation for all the daemons of CiscoWorks .
    https://supportforums.cisco.com/docs/DOC-8798
    Hope it helps.
    Thanks,
    Gaganjeet

  • Error about Ciscoworks JRM process

    Hi All,
    I just reinitallize my database to get rid of some error message. But still have some issue with my Ciscoworks. My version is CS 3.1.0 Campus Manager 5.0.1. DFM 3.0.1
    There is one error at "Job Information Status" in CS tab.
    "Exception when getting Job information from  JRM Could not locate the following Object: repository id :  IDL:jrm/JrmServiceManager:1.0 object name : JrmServiceManager_hostname host  name : hostname"
    And also I have 3 down processes: CTMJrmServer, DFMCTMStartup, DataPurge
    It appears these 3 processes are all related to JRM. I checked my jrm process:
    Process= jrm
    State  = Running normally
    Pid    = 8844
    RC     = 0
    Signo  = 0
    Start  = 3/3/2010 8:21:24 AM
    Stop   = Not applicable
    Core   = Not applicable
    Info   = Server started by admin request
    It's working fine.
    I checked jrm.log and found there is one error:
    [Wed Mar 03 08:54:27 CST 2010] ERROR: CORBAREGISTRY:Unable to connect to ManagerControl object.  Reason: org.omg.CORBA.OBJECT_NOT_EXIST:
      Could not locate the following Object:
         repository id : IDL:manager/ManagerControl:1.0
           object name : ManagerControl
             host name : hostname
      vmcid: 0x0  minor code: 0  completed: No
    1267628067371 March 3, 2010 8:54:27 AM jrm hostname Error EDSSY0012: Cannot connect to EDS.
    I found one post dealing with this similar issue but they have wrong hostname configured. It appears mine is correct. So not sure why jrm throw this error. Please help!
    Thanks a lot!!!
    Lou

    I changed some services to manual start and the job information status error disappear. Right now I have only 2 processes can't be started at boot:
    DFMCTMStartup, DataPurge
    And the weird thing now is "InCharge" erorr shows up again in Event Viewer. I remember it disappeared after I upgrade DFM and CM to 3.0.1 and 5.0.1. I don't understand why it comes back again now after I adjusted service start mode.
    Did anyone have this issue before?
    Thanks.
    Lou

  • URN_NOT_FOUND : urn "ogs_server_urn" : Not found - daemonsbackup.log

    Hi,
    I've been trying to pinpoint why our LMS 3.2 Ciscoworks server shuts down all LMS processes on occasion.
    The following is displayed repeatedly within the daemonsbackup.log
    08/Nov/2009 03:17:16:265 ERROR ? ? - URN_NOT_FOUND : urn "ogs_server_urn" : Not found !!
    com.cisco.nm.xms.ctm.common.CTMException: URN_NOT_FOUND : urn "ogs_server_urn" : Not found !!
    at com.cisco.nm.xms.ctm.client.CTMCall.establishIPC(CTMCall.java:238)
    at com.cisco.nm.xms.ctm.client.CTMCall.<init>(CTMCall.java:218)
    at com.cisco.nm.xms.ctm.client.CTMClientProxy.<init>(CTMClientProxy.java:64)
    at com.cisco.nm.xms.ctm.client.CTMClientProxy.getProxy(CTMClientProxy.java:180)
    at com.cisco.nm.xms.ogs.client.OGSServerProxy.init(OGSServerProxy.java:179)
    at com.cisco.nm.xms.ogs.client.OGSServerProxy.init(OGSServerProxy.java:98)
    at com.cisco.nm.xms.ogs.client.OGSServerProxy.<init>(OGSServerProxy.java:85)
    at com.cisco.nm.trx.nos.server.EPMPoller.ogsVerifyService(EPMPoller.java:212)
    at com.cisco.nm.trx.nos.server.EPMPoller.<init>(EPMPoller.java:144)
    at com.cisco.nm.trx.nos.server.NOSServer.initializeEPMPoller(NOSServer.java:244)
    at com.cisco.nm.trx.nos.server.NOSServer.<init>(NOSServer.java:107)
    at com.cisco.nm.trx.nos.server.NOSServer.main(NOSServer.java:259)
    08/Nov/2009 03:17:17:804 ERROR ? ? - URN_NOT_FOUND : urn "ogs_server_urn" : Not found !!
    08/Nov/2009 03:17:17:805 ERROR ? ? - URN_NOT_FOUND : urn "ogs_server_urn" : Not found !!
    08/Nov/2009 03:17:17:806 ERROR ? ? - URN_NOT_FOUND : urn "ogs_server_urn" : Not found !!
    In EPMOgsAdapter:since isOGSup is not true
    In EPMOgsAdapter:EPMOgsadapter is sleeping. Waiting for OGSServer to come up com.cisco.nm.xms.ctm.common.CTMException: URN_NOT_FOUND : urn "ogs_server_urn" : Not found !!
    Has anyone else experienced this and how can I stop this error from appearing.
    Cheers,
    Sigfrid

    This is most likely related to CSCsx23656 which is fixed by applying the patch for CSCta56151 from http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=3.2.0&mdfid=282640771&sftType=CiscoWorks+Device+Fault+Manager+Patches&optPlat=Solaris&nodecount=2&edesignator=null&modelName=CiscoWorks+Device+Fault+Manager+3.2&treeMdfId=268439477&treeName=Network+Management&modifmdfid=&imname=&hybrid=Y&imst=N&lr=Y .

Maybe you are looking for

  • New Customer with DVR Capacity questions

    I just ordered FIOS and was promised by the sales person that came to my door that a dvr that would hold 300 standard recording hours and 88 HD recording hours.  I called verizon to verify this and I can not get a straight answer.  I see on the veriz

  • How do I make individual dynamic links for my users?

    So they can fill in something one day, and a month later change their "registration" again? Is that possible? Do I need some extra features?

  • Spilled a whole bunch of coffee on my mbp, 2 days later, working but sticky

    It happened last thursday... i just about fainted. Anyway... took the battery out, inverted it, stuck a fan on it for 2 days, crossed my fingers, and turned it on. It seems to be working, except the backlight on the keyboard doesn't seem to reach all

  • Arch Linux first impressions

    Hello all, I have just recently decided to try arch linux. For a long while I have been running my own LinuxFromScratch system, but I have been looking for a little while for a nice KDE based system *with package management*. So here I am now with an

  • V1.6 - Problems loading Firefox

    Edit - I was playing around with several settings. It must've been updating or something, but I managed to fix it. So delete this post. Hello, I recently upgraded my system to the 1.6 SDK (in order to properly use jar files with a project I'm working