Ciscoworks RME Syslog Automation Actions

Similar Messages

• RME Syslog Automated Actions with exclude Filter

  Dear all,
  It's possible to realise a Filter with "exclude string"?
  I search how to for Create action for all Severity 2 without "FAN-FAULT" mnemonic...
  Best regards

  You can create a filter for the FAN-FAULT and select drop to disregard the messages.  Ensure for Message Filter type, you select DROP.
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/syslog.html#wp1150419

• Syslog Automated Action

  Hi,
  LMS 4.2.3
  The syslog automated action work if we send to one e-mail address the messages.
  Once we set two email-adresses ( comma separeted ) in "send to field", the messages are not received.
  Thanks

  One of the logfiles that gives understandable messages mostly.  :-)
  Cheers,
  Michel

• LMS 4.2.5 Syslog/Automated Action/Config mgmt issue

  LMS 4.2.5 on Windows
  We use the server as it's own Syslog server. The Syslog collector status is fine. I see syslogs coming into the server. However, I just made some changes on a router so ran a syslog report on it, but nothing was returned. I Tested the Collector Subscription and everything was fine.
  We also have Automated Actions configured on certain syslog messages (duplex mismatch for example). There is an AA configured to send my team e-mails when this event occurs. There was a device that had two days worth of syslog messages complaining about this issue. Yet, we only received about 10 e-mails from the LMS system on it.
  Another issue is with Configuration Mgmt. I fixed the duplex mismatch listed above and went to check the config tree to see if or when something changed. The last config archive was pretty old and I know changes were made on the device since then. This tells me that the LMS server didn't get notified of the config change or it would have gone out and checked it.
  The one thing in common on all of the above is Syslog messages. LMS will take actions based on receiving these messages and those actions don't seem to be firing.
  Any ideas would be greatly appreciated.
  Thanks,
  Mike S.

  To confirm if the device is sending the syslogs and they are being received by LMS server properly, check the $NMSROOT/log/syslog.log and see it has the syslog from the device.
  Unless syslog is there on syslog.log, we don't expect LMS to react on any AA. 
  For configuration backup, try to sync the device config by initiating a manual job to update the latest configuration from device. Even if there is no Automated Action working, you should still have a reoccurring/scheduled job configured to archive configuration backup periodically.
  Following is a document I created for Syslog troubleshooting :
  Ciscoworks LMS : Syslog in a Nutshell!
  -Thanks
  Vinod
  **Encourage Contributors. RATE Them.**

• Syslog automated action is not working

  Hi,
  I set the automated actions for EIGRP NBRCHANGE message  ( DUAL-5-NBRCHANGE )
  I would like to get email notifications from CW but it is not working. I've checked that syslog messages arrived to CW.
  Other  e-mail funtions ar working like DFM and RME job email notifications.
  how can i troubleshoot what happened?
  Regards,

  What version of RME are you using?  Make sure the message shows up in the RME syslog Standard Report.  If the message isn't making it to the database, then it will definitely not trigger an automated action.  Check your SMTP settings under Common Services > Server > Admin > System Preferences, and use a sniffer to capture tcp/25 traffic when one of these messages arrives to see if the SMTP server is accepting the email message.

• LMS4 Syslog automated action anomaly

  LMS 4.2.1 on W2K8 R2
  I just want to send an email for any sev 1 or 2 syslog messages received.  I set up an automated action that looks like this:
  Automated Action Summary
  Name:
  Critical Events Email
  Devices:
  State:
  Enabled
  Parameters:
  TO=[email protected], SUB=LMS4 Syslog AA, TEXT=
  Action Type:
  Email
  Messages:
  *-*-1-*:* *-*-2-*:*
  Yet I seem to be getting emails triggered by messages from ASA devices that are not severity 1 or 2, like:
  %ASA-session-4-106023
  %ASA-auth-3-109023
  %ASA-auth-6-109001
  Am I doing something wrong, or is there some sort of bug I am hitting?  I can't believe that I am the first person to try this.
  Thanks,
  -Jeff

  I do not know what exactly you have done so far but in your situation I would enable the following debugs:
  open that file in a text editor
  NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
  and change the debug level from Info to Debug:
      DEBUG_LEVEL=DEBUG
  also enable SyslogAnalyzer debugging here:
  Admin > System > Debug Settings > Config and Image Management Debugging Settings
      Set Application Logging Levels >> SyslogAnalyzer (scroll down)
          set Syslog Analyzer and Syslog Analyzer User Interface from INFO to DEBUG
  in a DOS box check the status of the following processes (the should be started) and restart them:
      pdshow SyslogAnalyzer SyslogCollector
      pdterm SyslogAnalyzer SyslogCollector
      pdexec SyslogAnalyzer SyslogCollector
      pdshow SyslogAnalyzer SyslogCollector
  When the issue happens again check the following log files and post them on the forum:
      NMSROOT\log\SyslogCollector.log
      NMSROOT\log\AnalyzerDebug.log

• RME syslog automate action not functioning.

  I want syslog to send me an email message when a user enter priviledge mode.
  Ive enable syslog on my switch (3560-8PC)
  logging on
  logging (CW serverIP>
  logging facility local7
  logging trap
  service timestamps log datetime msec localtime show-timezone.
  I can see the logging history on the switch.
  Ive automated syslog action on CW
  Name:
  syslogcapture
  Devices:
  <Switch IP>
  State:
  Enabled
  Parameters:
  TO=[email protected], SUB=syslog capture on CW, TEXT=
  Action Type:
  Email
  Messages:
  MGMT-*-7-*:LOGINPASS MGMT-*-6-*:ENABLEPASS
  WHy it isnt working?
  Thanks you in advance for your guidance.

  Where is this "syslog portal" you were referring to? Is it at RME -> Tools -> Syslog -> Syslog Collector Status ( http://server-name:1741/rme/SyslogCollectorStatus.do )? If not, what does Syslog Collector Status show currently?
  What version of RME are you using? What OS is LMS on?
  What "process state" are SyslogAnalyzer and SyslogCollector in, at Common Services -> Server -> Admin -> Processes ( http://server-name:1741/cwhp/processMgt.do )?

• LMS 3.1 Syslog Automated Action - How to pass variables to script?

  I would like to pass variables to a windows bat file for processing.  The help seems to suggest that there are 2 available, device and message.  I would like to know how to reference them and what syntax to use to pass them to the batch file.  Are Facility, Sub-facility, Severity, Mnemonic and Description also availble? If so, how would they be referenced?  Thanks in advance.

  The syntax for referencing these variables is discussed in the online help.  Essentially, you'll want to use %~1 and %~2 in your batch script to get the device and message respectively.  The message will be the full message, so you will need to do additional processing on that to extract the facility, severity, and mnemonic.

• Prime 4.1 Automated Action To Email

    i have setup a syslog automated action
  Automated Action Summary
  Name:
  config
  Devices:
  172.24.1.2
  State:
  Enabled
  Parameters:
  TO=[email protected], SUB=Config Exit, TEXT=A config exit event
  Action Type:
  Email
  Messages:
  SYS-*-5-CONFIG_I:*
  i dont get emails when the event occurs - i connected to one of the switches entered config mode and then exited , term mon showed   SYS-*-5-CONFIG_I ,but no email
  email settings are OK (i get other emails from the system)
  what am i missing?

  It'll be helpful if you share what you see, based on which we can suggest what may be missing.
  For easy reference just check the LMS guide once to see you followed the right steps :
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.1/user/guide/admin/useNotif.html#wp1074029
  -Thanks
  Vinod
  **Rating Encourages contributors, and its really free. **

• LMS 2.6 / RME : automated action for syslog

  HI,
  Is it possible to find a configure file or properties file for automate action which can be editable.
  I lost automated action configuration and I would like to configure as before.
  Many thanks, Elisabeth

  I'd think AA lost in the GUI would be erased from the flat file (such as filters.dat for syslog filters) as well, in which case the only way to restore it would be from an older LMS backup.

• CiscoWorks and automated action

  I use CiscoWorks VMS 2.1 on Windows 2000.
  I try setup automated action. All works fine, but when I try send $M (The entire message is passed to the script) and $D (The device name is passed to the script) I recived $M and $D. What must I do to resolve this problems?

  I noticed that Syslog Analyzer is not able to pass $M and $D to any scripts. What you could try is to use $* in the script.

• CiscoWorks RME 4.3 syslog forwarding

  Hello,
  We are running CiscoWorks RME 4.3 and forwarding syslog messages to another syslog server. To forward messages we use script from https://supportforums.cisco.com/docs/DOC-11592
  All is working great at the begining of month. With growing of syslog.log file, forwarded messages are delayed more and more. Because of Syslog Analyzer monthly reports we have log rotate at every 1st day of month.
  So question:
  Is it possible to write syslogs to two different files? One which will rotate as described above, and other which will be used by syslog_forward.pl and rotated every day?
  Thanks in advance!
  Regards!
  Marko

  You cannot do this on Windows with the LMS syslog server.  All messages will be written to one file.  Logrot in LMS can archive the log files instead of just rotating them.  This way, you can keep messages as long as you want.  Just specify a non-zero number of backups when configuring Log Rotation.  The archived files will be created with a numeric extension (e.g. syslog.log.1, syslog.log.2, etc.).  Those files can be further archived manually to long-term storage.

• Shutdown a remote iMac using Apple Remote Desktop and Automator action

  Hi,
  I have my iMac and my wife's iMac connected to the same UPS. There is only one USB connector for the UPS that notifies my iMac when its time to shutdown due to a power cut out.
  Is there a way for my iMac to then send a command to my wife's iMac (which may be asleep; the iMac not my wife!) and instruct it to shutdown (forcefully)?
  The Belkin UPS software enables me to launch an automator action before it shuts down my computer.
  Your help would be appreciated,
  Tony

  Unless you already have Apple Remote Desktop, it will almost certainly be cheaper to just buy a second UPS for your wife's iMac than it will be to purchase ARD.
  If you do have ARD 3 already, then it looks like it would be possible to create an Automator workflow that would select your wife's iMac and then send the Unix command "shutdown" (look at the man page for shutdown for the usage). I haven't tried doing this, though, so I can't say for sure, but it looks like it would work.

• How can I edit an Automator action for Word?

  I'm running Word 2008 on a Macbook Pro, Mac OS 10.5.
  Word comes with a selection of Automator actions, including one to find and replace text in Word. I often want to convert standard numerals to old-style numerals, which are part of the extended glyphs set in fonts I use. Automator will allow me to set up ten find/replace actions (for the numbers 0-9) that successfully replace all the numerals with old-style numerals. But it only does it for the main body of the document, not for the footnotes. I need to be able to do it for all the footnotes.
  I thought I might find a workaround by adding an AppleScript to my workflow, which would shift the focus in Word to the footnotes and rerun the find/replace actions. I mapped the menu item View/Footnotes to the keystroke command-) and inserted this AppleScript into the Automator workflow:
  tell application "Microsoft Word"
  tell application "Microsoft Word" to activate
  tell application "System Events"
  tell process "Microsoft Word"
  keystroke ")" using command down
  end tell
  end tell
  end tell
  But the find/replace actions simply repeat what they'd done before, converting the numerals in the main body but not in the footnotes. I then thought that perhaps I should have an AppleScript to do the find/replace itself, once the footnotes have been selected, so I created the following (command-H accesses the find/replace dialog box in Word 2008):
  tell application "Microsoft Word"
  tell application "Microsoft Word" to activate
  tell application "System Events"
  tell process "Microsoft Word"
  keystroke "H" using command down
  keystroke "1"
  keystroke tab
  keystroke ""
  end tell
  end tell
  end tell
  The character after the fourth keystroke command is the glyph for old-style numeral 1. For some reason Word reinterprets this as the letter a. So using AppleScript I can only replace the numerals 1-9 with the letters a-i.
  I'm pretty hopeless at even this very basic level of programming, but I presume that there's something in the Automator action 'Find and replace in Word' that specifically tells it not to look anywhere but the footnotes. I also presume it's possible to insert a command to tell it to operate on the footnotes (and headers and footers: everywhere!) too.
  Does anyone know a way to edit an Automator action? I'm willing to experiment and fiddle with one until I find a way that works, if nobody knows the exact changes that I'd need to make, but I just don't know how to edit an Automator action in the first place. A bit of googling suggests that I could do it in XCode, and that that is bundled with my Mac, but I don't have it.
  This all used to work when Office used to allow VBA (and I was using a horrible Windoze machine). Maybe someone would prefer just to find a way of creating a solution our of the old code, so here's one part of what I used (to change the number 1):
  For Each aStory In ActiveDocument.StoryRanges
  With aStory.Find
  .ClearFormatting
  With .Replacement
  .ClearFormatting
  End With
  .Execute FindText:="1", ReplaceWith:=ChrW(63281), _
  Format:=True, MatchCase:=True, Replace:=wdReplaceAll
  End With
  Next aStory
  Thanks in advance for any help.

  Thanks to all three contributors for their generous help so far. Mac people are lovely.
  BDAqua's suggestion wouldn't work, I think, because copying footnote text into another application and then back into Word would lose all the associations between footnote references in the body and the footnotes themselves. I wish I could do what Klaus1 says, but Word 2008 won't allow the creation of Macros any more. They've shut off support for their creation. Nice MS. red_menace's suggestion seems very plausible and I'll look into a way of mapping the old style numerals to specific keystrokes. That might do it.
  Reflecting on what you all said, I looked again through Word's help menus and eventually got pointed towards this page of 'help': <http://tinyurl.com/6398l6>. This is completely impenetrable for me, though it does compare a VBA script for Word 2004 to an AppleScript. This encourages me to hope that it should be possible to translate my original VBA script (part of which I included in my first message) into AppleScript, though I don't know how to do it because I don't really understand the language in the first place (the VBA script was put together by someone else).

• Using Automator action/workflow to create a poster in iPhoto

  I'm using Jim Heid's Mac iLife 'lifeposter' idea [which comes from Mike Matas] and I keep getting a message taht says "the workflow was saved with an older version of 'get Selected items' some behavior may have changed. and also another ref. 'import files into iPhoto" -- I didn't find a more recent Automator action 'Create Thumbnail Poster" online nor updated information at Matas's blog or Heid's book...any suggestions for how to fix this? I last used it a few years ago and would like to use it again.

  Unless you got a message about it, the original Create Thumbnail Poster may work with the version of iPhoto that you have. As for the other actions, they sound like standard actions that have just been updated - you can open the older application and recompile it using the newer actions.