Ciscoworks syslog collector issue
Hi All,
In a central location i have a ciscoworks syslog collector version 3.5. The issue is not all the logs generated in the device are collected by ciscoworks including the devices connected in LAN. The major issue is on Cisco6500 series switches where i see multiple interface flaps in log but only few are found in syslog.
Regards,
Sathvik
Hi,
check here Admin > Collection Settings > Syslog > Syslog Collector Status , see if messages are falling under fitered or Invalid
then check the filter:
Admin > Network > Notification and Action Settings > Syslog Message Filters
I would suggest you to create a filter with all * and see if that helps.
you can look at this thread as well:
https://supportforums.cisco.com/thread/2244888?tstart=60
Thanks-
Afroz
[Do rate the useful post]
Similar Messages
-
Dear all,
I'm having some issues with the syslog application on Ciscoworks
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tabla normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
the records on CiscoWorks are whit a different hour compared to the cisco devices, for example below you will find the record on Ciscoworks, and the record for the same event on the router, you could see that we have 4 hours diference between the records.
CISCOWORKS
May 23 2011 03:29:21
DUAL
5
NBRCHANGE
EIGRP-IPv4 1: Neighbor 172.20.127.14 (Serial0/3/0:0) is up: new adjacency
May 23 2011 03:29:16
CONTROLLER
5
UPDOWN
Controller E1 0/3/0, changed state to up
May 23 2011 03:29:13
CONTROLLER
5
UPDOWN
Controller E1 0/3/0, changed state to down (AIS detected)
ROUTER VOICE GW
May 23 07:29:21.344 Bolivia: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.127.14 (Serial0/3/0:0) is up: new adjacency
May 23 07:29:16.396 Bolivia: %CONTROLLER-5-UPDOWN: Controller E1 0/3/0, changed state to up
May 23 07:29:13.396 Bolivia: %CONTROLLER-5-UPDOWN: Controller E1 0/3/0, changed state to down (AIS detected)
I look at the windows server where CW it's installed and it's on the same timezone that the router, searching on internet i found that on CW syslog had a properties files where I should put the rigth country code, but I don't know where to find this file o maybe I just to point my windows server to he same ntp server as I did with my switches and routers.
Any help?
Regards,
Luis MartinezHi, On the file syslog.properties I configure to use the following time zone PRT GMT-4 that it's the same tha we use in Bolivia, before was PST GMT-8. It seems to work fine now
It's necesary to edit the timezone list file and put on it Bolivia -4?
Thansk for your help.
Regards,
Luis Martinez -
Syslog Collector w/ File Connector Parsing Issue
Dear all,
Recently, I had a requirement from a customer.
They have various Linux systems. They want to pass all syslog to
sentinel, but not by syslog connector for some reasons.
Therefore, they throw us those syslog in text file, and ftp it for
sentinel reading.
The problem is that this.RXBufferstring could not be 100% parsed in all
kinds of messages. Sometimes there would be error.
But when they use Syslog connector. Every event fields seem to be parsed
correctly.
So is there any methods to use syslog collector w/file connector
correctly?
Or how do people handle this kind of problem?
Please assist. Thanks a lot.
andy_ho
andy_ho's Profile: https://forums.netiq.com/member.php?userid=4568
View this thread: https://forums.netiq.com/showthread.php?t=51453On 08/01/2014 04:26 AM, andy ho wrote:
>
> Dear all,
>
> Recently, I had a requirement from a customer.
>
> They have various Linux systems. They want to pass all syslog to
> sentinel, but not by syslog connector for some reasons.
> Therefore, they throw us those syslog in text file, and ftp it for
> sentinel reading.
>
> The problem is that this.RXBufferstring could not be 100% parsed in all
> kinds of messages. Sometimes there would be error.
> But when they use Syslog connector. Every event fields seem to be parsed
> correctly.
>
> So is there any methods to use syslog collector w/file connector
> correctly?
> Or how do people handle this kind of problem?
No supported way, no. The testing between collector and connector is done
so that certain methods are easy, reliable, and supported. Just because
data are grabbed from one media (network, syslog specifically) and written
to another (file) does not mean that nothing else is changed, and the
syslog collectors may be assuming other properties (such as the event
source IP address) are there when they are not.
You can probably make this work, but you'll likely need to customize the
collector in order to do it. The alternative is to use the debugging
feature of the collector to find out what is wrong with certain events and
possibly modify them on the event source side. Either way, you're going
to have a scenario that is not supported so it may be worth revisiting the
requirement to use a file vs. syslog just in case support matters more
than the "for some reasons" that they want to go with a file.
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below... -
LMS 3.2 Syslog Collector error
Hi,
At RME: ToolsSyslogSyslog Collector Status screen at table Collector Status No records.
I had changed hostname on this server and i have ran /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/hostnamechange.pl script with proprer parameters.
Now I cannot add collector, because of "SSL certificate status" error:
SSL certificate issue occurred, check if:
1. The Self-signed Certificates are valid. For example, Check the certificate expiry date on the servers.
2. The Self-signed Certificates of this server are copied to the Syslog Collector server and vice-versa.
To do this, go to Common Services > Server > Security > Multi-Server Trust Management > Peer Server Certificate Setup. and add the certificate. See the User Guide for CiscoWorks Common Services for more details..
3.The SyslogCollector process on Syslog Collector server and the SyslogAnalyzer process in the current working server are restarted after Step 2.
4.Both hosts are reachable by host name.
Collector status : Could not connect to the collector _myhostname_._mydomainname_ due to SSL certificate issue
I use an third party Certificate, and https access is working propery for user access.
I want to run Syslog Collector locally, syslog file is a local server hence I use syslog-ng for other reason.
This is my SyslogCollector log:
SyslogCollector - [Thread: main] INFO , 24 Mar 2011 16:47:45,305, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 24 Mar 2011 16:47:45,308, System Initialized.
SyslogCollector - [Thread: main] INFO , 24 Mar 2011 16:47:45,408, Queue Cap 100000
SyslogCollector - [Thread: main] INFO , 24 Mar 2011 16:47:47,699, Service started...
How can I correct this situation, how can I run Syslog Collector.
BalazsTry unsubscribing and subscribing the collector so it can accept the updated info. If that does not work, post the SyslogAnalyzerUI.log and SyslogCollector.log from CSCOpx/log directory.
-
LMS 4.2 Syslog Collector doesn't work
Hi fellas,
I need a few help for my LMS 4.2, syslog collector on LMS doesnt working even service syslog collector running normaly and also i saw in syslog_info is working to collect syslog from all router but not show up in dashboard monitoring.
I have setting on every router to logging (ip address LMS) but on LMS no any syslog from router can collect.
if you was face problem same with me or know how to solved this issue please share to me
i did a selftest from LMS there are all PASS except nslookup fail, it is has relation with syslog not show up on dashboard??Hi ngoldwat,
thanks for concern my issue.
there are packet capture syslog_info that i get :
May 2 19:07:29 10.29.246.47 62893: 161406: May 2 12:01:57.134 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 2 19:08:23 10.29.246.47 62894: 161407: May 2 12:02:51.170 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 2 19:08:23 10.29.246.47 62895: 161408: May 2 12:02:51.174 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 3 16:42:28 10.29.246.47 62897: 161410: May 3 09:36:54.806 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 3 16:42:28 10.29.246.47 62896: 161409: May 3 09:36:54.774 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 3 16:42:28 10.29.246.47 62898: 161411: May 3 09:36:55.750 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 3 16:43:23 10.29.246.47 62899: 161412: May 3 09:37:49.846 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 3 16:43:23 10.29.246.47 62900: 161413: May 3 09:37:50.018 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 3 16:54:59 10.29.246.47 62902: 161415: May 3 09:49:27.031 UTC: %BGP-3-NOTIFICATION: sent to neighbor 10.29.252.85 4/0 (hold time expired) 0 bytes
May 3 16:54:59 10.29.246.47 62901: 161414: May 3 09:49:27.031 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Down BGP Notification sent
May 3 16:55:29 10.29.246.47 62904: 161417: May 3 09:49:55.731 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 3 16:55:29 10.29.246.47 62905: 161418: May 3 09:49:55.923 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 3 16:55:30 10.29.246.47 62906: 161419: May 3 09:49:56.803 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 3 16:57:12 10.29.246.47 62907: 161420: May 3 09:51:38.859 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Up
May 3 16:57:24 10.29.246.47 62908: 161421: May 3 09:51:50.875 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 3 16:57:24 10.29.246.47 62909: 161422: May 3 09:51:50.891 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 07:57:31 10.29.246.47 62910: 161423: May 6 00:51:53.214 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 07:57:31 10.29.246.47 62911: 161424: May 6 00:51:53.274 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 07:57:31 10.29.246.47 62912: 161425: May 6 00:51:54.122 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 07:58:26 10.29.246.47 62913: 161426: May 6 00:52:48.291 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 07:58:26 10.29.246.47 62914: 161427: May 6 00:52:48.319 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 08:04:32 10.29.246.47 62915: 161428: May 6 00:58:53.743 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 08:04:32 10.29.246.47 62916: 161429: May 6 00:58:53.867 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 08:04:33 10.29.246.47 62917: 161430: May 6 00:58:54.747 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 08:05:27 10.29.246.47 62919: 161432: May 6 00:59:49.043 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 08:05:27 10.29.246.47 62918: 161431: May 6 00:59:48.819 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 10:59:36 10.29.246.47 62921: 161434: May 6 03:53:56.510 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 10:59:36 10.29.246.47 62920: 161433: May 6 03:53:56.466 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 10:59:36 10.29.246.47 62922: 161435: May 6 03:53:57.422 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 11:00:30 10.29.246.47 62923: 161436: May 6 03:54:51.542 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 11:00:30 10.29.246.47 62924: 161437: May 6 03:54:51.562 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:10:31 10.29.246.47 62925: 161438: May 6 12:04:52.034 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:10:31 10.29.246.47 62926: 161439: May 6 12:04:52.142 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:10:32 10.29.246.47 62927: 161440: May 6 12:04:53.038 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:11:26 10.29.246.47 62928: 161441: May 6 12:05:47.110 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:11:26 10.29.246.47 62929: 161442: May 6 12:05:47.346 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:21:32 10.29.246.47 62930: 161443: May 6 12:15:52.870 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:21:32 10.29.246.47 62931: 161444: May 6 12:15:52.970 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:21:32 10.29.246.47 62932: 161445: May 6 12:15:53.818 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:22:27 10.29.246.47 62934: 161447: May 6 12:16:47.974 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:22:27 10.29.246.47 62933: 161446: May 6 12:16:47.946 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:27:32 10.29.246.47 62935: 161448: May 6 12:21:53.326 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:27:32 10.29.246.47 62936: 161449: May 6 12:21:53.518 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:27:33 10.29.246.47 62937: 161450: May 6 12:21:54.462 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:28:27 10.29.246.47 62938: 161451: May 6 12:22:48.402 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:28:27 10.29.246.47 62939: 161452: May 6 12:22:48.442 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 7 15:46:37 10.29.246.47 62940: 161453: May 7 08:40:56.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 7 15:46:37 10.29.246.47 62941: 161454: May 7 08:40:56.679 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 7 15:46:37 10.29.246.47 62942: 161455: May 7 08:40:57.575 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 7 15:47:32 10.29.246.47 62943: 161456: May 7 08:41:51.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 7 15:47:32 10.29.246.47 62944: 161457: May 7 08:41:51.659 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 7 19:13:37 10.29.246.47 62945: 161458: May 7 12:07:56.576 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 7 19:13:37 10.29.246.47 62946: 161459: May 7 12:07:56.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 7 19:13:38 10.29.246.47 62947: 161460: May 7 12:07:57.688 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 7 19:14:32 10.29.246.47 62948: 161461: May 7 12:08:51.652 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 7 19:14:32 10.29.246.47 62949: 161462: May 7 12:08:51.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 8 12:23:38 10.29.246.47 62950: 161463: May 8 05:17:56.001 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 8 12:23:38 10.29.246.47 62952: 161465: May 8 05:17:56.877 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 8 12:23:38 10.29.246.47 62951: 161464: May 8 05:17:56.029 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 8 12:24:33 10.29.246.47 62953: 161466: May 8 05:18:51.074 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 8 12:24:33 10.29.246.47 62954: 161467: May 8 05:18:51.126 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 11 00:39:10 10.29.246.47 62955: 161468: May 10 17:33:23.758 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 00:50:32 10.29.246.32 144502: 6296699: May 10 17:44:45.413 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 00:52:24 10.29.246.21 305: 000307: May 10 17:46:36.954 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 19:28:22 10.29.246.47 62956: 161469: May 11 12:22:34.195 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:28:27 10.29.246.32 144503: 6305725: May 11 12:22:39.494 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:28:56 10.29.246.21 306: 000308: May 11 12:23:08.019 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:38:21 10.29.246.47 62957: 161470: May 11 12:32:32.744 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:38:25 10.29.246.32 144504: 6305806: May 11 12:32:37.346 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:38:26 10.29.246.21 307: 000309: May 11 12:32:37.666 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:51:41 10.29.246.47 62958: 161471: May 11 12:45:52.641 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:51:54 10.29.246.32 144505: 6305911: May 11 12:46:06.395 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 20:01:45 10.29.246.21 308: 000310: May 11 12:55:57.175 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 13 09:17:48 10.29.246.47 62959: 161472: May 13 02:11:56.894 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 13 09:17:48 10.29.246.47 62960: 161473: May 13 02:11:57.034 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 09:17:49 10.29.246.47 62961: 161474: May 13 02:11:57.962 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 13 09:18:43 10.29.246.47 62962: 161475: May 13 02:12:51.966 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 13 09:18:43 10.29.246.47 62963: 161476: May 13 02:12:52.046 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 13 10:23:48 10.29.246.47 62966: 161479: May 13 03:17:57.681 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 13 10:23:48 10.29.246.47 62964: 161477: May 13 03:17:56.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 13 10:23:48 10.29.246.47 62965: 161478: May 13 03:17:56.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 10:24:43 10.29.246.47 62967: 161480: May 13 03:18:51.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 13 10:24:43 10.29.246.47 62968: 161481: May 13 03:18:51.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 13 16:23:00 10.29.246.32 144506: 6327510: May 13 09:17:08.851 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 2 19:07:29 10.29.246.47 62893: 161406: May 2 12:01:57.134 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 2 19:08:23 10.29.246.47 62894: 161407: May 2 12:02:51.170 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 2 19:08:23 10.29.246.47 62895: 161408: May 2 12:02:51.174 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 3 16:42:28 10.29.246.47 62897: 161410: May 3 09:36:54.806 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 3 16:42:28 10.29.246.47 62896: 161409: May 3 09:36:54.774 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 3 16:42:28 10.29.246.47 62898: 161411: May 3 09:36:55.750 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 3 16:43:23 10.29.246.47 62899: 161412: May 3 09:37:49.846 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 3 16:43:23 10.29.246.47 62900: 161413: May 3 09:37:50.018 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 3 16:54:59 10.29.246.47 62902: 161415: May 3 09:49:27.031 UTC: %BGP-3-NOTIFICATION: sent to neighbor 10.29.252.85 4/0 (hold time expired) 0 bytes
May 3 16:54:59 10.29.246.47 62901: 161414: May 3 09:49:27.031 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Down BGP Notification sent
May 3 16:55:29 10.29.246.47 62904: 161417: May 3 09:49:55.731 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 3 16:55:29 10.29.246.47 62905: 161418: May 3 09:49:55.923 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 3 16:55:30 10.29.246.47 62906: 161419: May 3 09:49:56.803 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 3 16:57:12 10.29.246.47 62907: 161420: May 3 09:51:38.859 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Up
May 3 16:57:24 10.29.246.47 62908: 161421: May 3 09:51:50.875 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 3 16:57:24 10.29.246.47 62909: 161422: May 3 09:51:50.891 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 07:57:31 10.29.246.47 62910: 161423: May 6 00:51:53.214 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 07:57:31 10.29.246.47 62911: 161424: May 6 00:51:53.274 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 07:57:31 10.29.246.47 62912: 161425: May 6 00:51:54.122 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 07:58:26 10.29.246.47 62913: 161426: May 6 00:52:48.291 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 07:58:26 10.29.246.47 62914: 161427: May 6 00:52:48.319 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 08:04:32 10.29.246.47 62915: 161428: May 6 00:58:53.743 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 08:04:32 10.29.246.47 62916: 161429: May 6 00:58:53.867 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 08:04:33 10.29.246.47 62917: 161430: May 6 00:58:54.747 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 08:05:27 10.29.246.47 62919: 161432: May 6 00:59:49.043 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 08:05:27 10.29.246.47 62918: 161431: May 6 00:59:48.819 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 10:59:36 10.29.246.47 62921: 161434: May 6 03:53:56.510 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 10:59:36 10.29.246.47 62920: 161433: May 6 03:53:56.466 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 10:59:36 10.29.246.47 62922: 161435: May 6 03:53:57.422 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 11:00:30 10.29.246.47 62923: 161436: May 6 03:54:51.542 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 11:00:30 10.29.246.47 62924: 161437: May 6 03:54:51.562 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:10:31 10.29.246.47 62925: 161438: May 6 12:04:52.034 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:10:31 10.29.246.47 62926: 161439: May 6 12:04:52.142 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:10:32 10.29.246.47 62927: 161440: May 6 12:04:53.038 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:11:26 10.29.246.47 62928: 161441: May 6 12:05:47.110 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:11:26 10.29.246.47 62929: 161442: May 6 12:05:47.346 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:21:32 10.29.246.47 62930: 161443: May 6 12:15:52.870 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:21:32 10.29.246.47 62931: 161444: May 6 12:15:52.970 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:21:32 10.29.246.47 62932: 161445: May 6 12:15:53.818 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:22:27 10.29.246.47 62934: 161447: May 6 12:16:47.974 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:22:27 10.29.246.47 62933: 161446: May 6 12:16:47.946 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:27:32 10.29.246.47 62935: 161448: May 6 12:21:53.326 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:27:32 10.29.246.47 62936: 161449: May 6 12:21:53.518 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:27:33 10.29.246.47 62937: 161450: May 6 12:21:54.462 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:28:27 10.29.246.47 62938: 161451: May 6 12:22:48.402 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:28:27 10.29.246.47 62939: 161452: May 6 12:22:48.442 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 7 15:46:37 10.29.246.47 62940: 161453: May 7 08:40:56.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 7 15:46:37 10.29.246.47 62941: 161454: May 7 08:40:56.679 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 7 15:46:37 10.29.246.47 62942: 161455: May 7 08:40:57.575 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 7 15:47:32 10.29.246.47 62943: 161456: May 7 08:41:51.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 7 15:47:32 10.29.246.47 62944: 161457: May 7 08:41:51.659 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 7 19:13:37 10.29.246.47 62945: 161458: May 7 12:07:56.576 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 7 19:13:37 10.29.246.47 62946: 161459: May 7 12:07:56.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 7 19:13:38 10.29.246.47 62947: 161460: May 7 12:07:57.688 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 7 19:14:32 10.29.246.47 62948: 161461: May 7 12:08:51.652 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 7 19:14:32 10.29.246.47 62949: 161462: May 7 12:08:51.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 8 12:23:38 10.29.246.47 62950: 161463: May 8 05:17:56.001 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 8 12:23:38 10.29.246.47 62952: 161465: May 8 05:17:56.877 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 8 12:23:38 10.29.246.47 62951: 161464: May 8 05:17:56.029 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 8 12:24:33 10.29.246.47 62953: 161466: May 8 05:18:51.074 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 8 12:24:33 10.29.246.47 62954: 161467: May 8 05:18:51.126 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 11 00:39:10 10.29.246.47 62955: 161468: May 10 17:33:23.758 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 00:50:32 10.29.246.32 144502: 6296699: May 10 17:44:45.413 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 00:52:24 10.29.246.21 305: 000307: May 10 17:46:36.954 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 19:28:22 10.29.246.47 62956: 161469: May 11 12:22:34.195 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:28:27 10.29.246.32 144503: 6305725: May 11 12:22:39.494 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:28:56 10.29.246.21 306: 000308: May 11 12:23:08.019 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:38:21 10.29.246.47 62957: 161470: May 11 12:32:32.744 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:38:25 10.29.246.32 144504: 6305806: May 11 12:32:37.346 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:38:26 10.29.246.21 307: 000309: May 11 12:32:37.666 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:51:41 10.29.246.47 62958: 161471: May 11 12:45:52.641 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:51:54 10.29.246.32 144505: 6305911: May 11 12:46:06.395 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 20:01:45 10.29.246.21 308: 000310: May 11 12:55:57.175 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 13 09:17:48 10.29.246.47 62959: 161472: May 13 02:11:56.894 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 13 09:17:48 10.29.246.47 62960: 161473: May 13 02:11:57.034 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 09:17:49 10.29.246.47 62961: 161474: May 13 02:11:57.962 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 13 09:18:43 10.29.246.47 62962: 161475: May 13 02:12:51.966 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 13 09:18:43 10.29.246.47 62963: 161476: May 13 02:12:52.046 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 13 10:23:48 10.29.246.47 62966: 161479: May 13 03:17:57.681 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 13 10:23:48 10.29.246.47 62964: 161477: May 13 03:17:56.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 13 10:23:48 10.29.246.47 62965: 161478: May 13 03:17:56.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 10:24:43 10.29.246.47 62967: 161480: May 13 03:18:51.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 13 10:24:43 10.29.246.47 62968: 161481: May 13 03:18:51.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 13 16:23:00 10.29.246.32 144506: 6327510: May 13 09:17:08.851 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 13 16:23:55 10.29.246.32 144507: 6327524: May 13 09:18:03.847 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 16:23:55 10.29.246.32 144508: 6327525: May 13 09:18:04.695 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 13 16:23:55 10.29.246.32 144507: 6327524: May 13 09:18:03.847 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 16:23:55 10.29.246.32 144508: 6327525: May 13 09:18:04.695 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
i have Subscribed the service correct, you can see ss in my new upload
apparently the last captured syslog 13 May 2013 and not collecting again.
i will appreciate all suggest for this issue. -
No syslog message appear at Ciscoworks syslog report
Hi,
We just installed new Ciscoworks LMS 3.2, and sent all switches syslog message to this Ciscoworks LMS 3.2 and old Ciscoworks LMS 2.5 server.
Old Ciscowork LMS 2.5 server can receive syslog message and syslog appear at old LMS 2.5 syslog report, but no syslog appear at new LMS 3.2 syslog report for some devices. I checked syslog collector, it seems ok, I used WireShark to check the new Ciscoworks LMS 3.2 server have received syslog message sent from device, and only use default syslog filter at new Ciscoworks LMS 3.2 server.
Please help to advice me how to troubleshooting this problem.
Best Regards,
Jackson KuIs your collector subscribed? You could verify this under RME -> Tools -> Syslog -> Syslog Collector Status. Please post the screen shoot of this page.
Do you see the syslog messages in syslog.log/syslog_info file on the server? -
Integrate Remote Syslog Collector with LMS 4.1
We have LMS 4.1 in our network. We had recently installed Remote Syslog Collector on a new Server to collect logs from all the devices. How can we integrate the Remote Syslog Collector with the LMS Server?
Thanks in Advance.You simply have to subscribe the IP address of the Remote Syslog Collector in Ciscowork LMS server under :
Admin > Collection Settings > Syslog > Syslog Collector Status
Once it is subscribed, it should start working, simialar to how it works when Syslog Collector is Local on LMS server.
For more details see docuement :
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.1/install/guide/appendc.html#wp1049873
-Thanks -
LMS 4.2 – Missing messages in Remote Syslog Collector
Remote syslog Collector are dropping syslog messages - randomly. During analyzing we found out that syslog messages are stored in RSAC in file: /var/log/syslog_info
According to information from /etc/rsyslog.conf are the same syslog messages stored again in other files: /var/log/messages, /var/log/boot.log
In every file are missing the same messages. Load of RSAC and physical server is very low. When we send messages to more syslog servers (for example to other debian server in the same or different vlan) in the same physical server in vmware, we always receive every message.
We are using LMS 4.2.3 (Soft appliance) and for syslog messages RSAC 5.2 (linux in vmware). We receive approximately 200-300k syslog messages per day and RSAC drop approximately 100k.
Please what we have to change to receive all messages?
Why RSAC store the same messages more times?
Thanks
MilosI think this should change what you want - if not, revert it to the default:
for security, make a backup of the following file and open it in a text editor:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
change the following to a value that might fit your needs but be careful this can affect system performance:
QUEUE_CAPACITY=100000
save the file and restart the following syslog processes:
in a DOS box check the status of the following processes (they should be started) and restart them:
pdshow SyslogAnalyzer SyslogCollector
pdterm SyslogAnalyzer SyslogCollector
pdexec SyslogAnalyzer SyslogCollector
pdshow SyslogAnalyzer SyslogCollector
now, try to re-run your report. -
Syslog Collector failure with third party SSL certificate
Hello,
We recently replaced our self-signed SSL certificates with certificates provided by our agency. After the change subscription attempts to the collector in [RME>Tools>Syslog>Syslog Collector Status] failed: SCLA0126: Could not subscribe to the Collector.
I believe the problem originates with the way the CSRs are handeled. An identification number rather than the actual FQDN must be provided in the common name field and this number is expected by the CA. A chain was built with multiple government CAs, and warnings received that the chain does not end in a trusted CA. My hands are bound by this policy - is there a way to make this work or any suggested workaround? Tried a DNS CNAME with the id number. No joy. I haven't tried renaming the host to the id number but I might if you think it might work and then will just cname the current hostname. We are running Solaris 10 systems. Here is the error from AnalyzerDebug.log:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:678)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at java.io.ObjectInputStream$PeekInputStream.read(ObjectInputStream.java:2213)
at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2226)
at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2694)
at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:761)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:277)
at com.cisco.nm.rmeng.fcss.common.FcssSyslogCollector.<init>(FcssSyslogCollector.java:95)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.notifySubscribers(SyslogAnalyzerEngine.java:975)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.start(SyslogAnalyzerEngine.java:1031)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerService.main(SyslogAnalyzerService.java:55)
Thanks....!!!
= Uwe =The subscriber list is empty because we could not add the subscription after the swapping the certs. Sorry, was asked to obscure the host names - it shows host name only not FQDN.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:33,198, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:33,201, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:36,694, Service started...
SyslogCollector - [Thread: Thread-9] WARN , 14 Feb 2010 10:42:04,383, Unable to add monitor for
SyslogCollector - [Thread: SyslogObjectForwarder] ERROR, 14 Feb 2010 11:07:42,369, Could not send syslogs, removing the subscriber...Connection refused
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,499, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,501, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,850, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:06,047, Service started...
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:33,732, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:33,735, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:34,148, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:37,352, Service started...
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,112, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,115, System Initialized.
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,565, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:38,168, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:43,806, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:43,816, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:44,220, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:47,493, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,424, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,427, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,781, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:04,007, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:33,851, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:33,854, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:34,303, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:37,834, Service started...
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,156, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,166, System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,516, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:54,734, Service started...
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:33,673, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:33,676, System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:34,130, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:37,759, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,526, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,533, System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,886, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:46,111, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,144, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,147, System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,604, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:38,116, Service started...
Our secondary host shows a subscriber, however no syslog packets are seen. Also, this subscriber can not be unsubscribed (deleted).
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:19,098, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:19,101, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:09:22,723, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:22,770, Service started...
SyslogCollector - [Thread: Thread-11] WARN , 18 Feb 2010 16:14:07,828, Unable to add monitor for
SyslogCollector - [Thread: Thread-13] WARN , 18 Feb 2010 16:14:08,008, Unable to add monitor for
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:29,557, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:29,560, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:32:33,205, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:32:33,263, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:33,277, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:33,728, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:33,733, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 23:59:37,786, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 23:59:37,857, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:37,869, Service started... -
Can I and then how do I subscribe my LMS 4.02 to my LMS 3.2 syslog collector?
We are migrating to LMS 4.0.2, but our syslogs are curerently being sent to our LMS 3.2 server. Can I subscribe to our LMS3.2 syslog collector? Or
read this:
http://support.apple.com/kb/HT2109 -
Bad time zone in Syslog Collector Status screen
Hi, we have a LMS 4.0 and we are watching a wrong time zone in the Syslog Collector Status screen, it says GMT +2 but it should be GMT +1. In the Windows operating system, time settings are well configured; can anyone help me to fix this, please?
Regards.Hi,
please find attached some screenshots: one with the LMS time, another one with the OS time and the last one with the syslog collector time. The only problem is that they have been taken at different times but it can be seen that OS time zone is UTC + 1 and Syslog Collector time zone is GMT + 2.
Kind regards. -
CiscoWorks Syslog and TFTP servers
Hi!
Is it possible to disable CiscoWorks syslog and tftp servers and thus
free ports 514 and 69 for other applications?
Thank you,
Oleg Tipisov,
REDCENTER,
MoscowThe problem is that I don't know what service needs to be stopped.
Do I need to kill the process (crmlog, crmtftp) ? -
Syslog collector status...invalid messages
hi,
In RME->Administration->Syslog Analysis->Syslog Collector Analysis
i see a lot of (almost 40-50%)message count under the "invalid messages" column.
I wonder if this needs to be considered seriously, and if yes, please guide me as to what steps do i need to take in order to solve this..I imagine it'd be those that do not conform to syslog msg format specifications, such as those described
here: http://www.ciscopress.com/articles/article.asp?p=426638 -
Sentinel 6.1 will not parse my feed from Ciscoworks. All network syslog
data is collected by ciscoworks and stored in a file syslog.log. This
file can be pulled by the collector manager as a file source or pushed
via Snare to the collector mgr.. the data cannot be parsed using either
method using standard Cisco Collector (Cisco IOS Router xx Cisco Switch
and Router 6.1r2).
Is there a working collector or do I have to build one?
eisensee
eisensee's Profile: http://forums.novell.com/member.php?userid=98444
View this thread: http://forums.novell.com/showthread.php?t=425629OK, hmm...
1) At issue is more likely the Collector version, not so much the
platform version. The old Collectors made an attempt at correcting some
weird syslog formats, but the feature ended up being too confusing and
error prone for us to support. The new Collectors only support proper
RFC-compliant syslog, for a number of reasons which we can get into if
you like.
2) I may be wrong, but I believe a customer told me that latter-day
versions of CiscoWorks introduced a syslog forwarding option. I poked
around on Cisco for a bit, but there are hundreds of specific products
with the 'CiscoWorks' label so I don't know what applies.
3) OK, so here's the deal. RFC-compliant syslog message are constructed
as:
MMM DD HH:MM:SS hostid message
The original message from your switch should look something like:
Nov 11 15:30:17 172.253.248.33
\/\/426174\/801DF193ED75\/CCAPI\/cc_api_call_connected:
It actually looks like (guessing a bit, here:
Nov 11 15:30:17 172.253.248.33 2182635: 418971: Nov 11 15:30:14.739:
\/\/426174\/801DF193ED75\/CCAPI\/cc_api_call_connected:
Which indicates that a couple numbers and another timestamp are being
injected into the "message" portion. May or may not be an issue, if the
Collector handles it that way - review the Collector doc for proper
configuration details.
But then your Epilog gets a hold of the message, and inserts *another*
header:
Nov 11 15:30:54 10.101.251.4 sm-ciscowks.smad2.savemart.com\t\t0\tNov
11 15:30:17 172.253.248.33 2182635: 418971: Nov 11 15:30:14.739:
\/\/426174\/801DF193ED75\/CCAPI\/cc_api_call_connected:
This violates RFC3164 in a number of ways, namely:
- it's not supposed to modify the original message IN ANY WAY if it's
already a proper syslog message (of course, Epilog may assume it's NOT a
syslog message, since it's in a file)
- It's using a fully-qualified hostname in its header, which is NOT
VALID
- There are tab characters after the header, which aren't proper syslog
characters
If I couldn't configure Epilog to not be stupid, what I would do is
create a little 'custom.js' script, and define my customerPreparse()
method to strip off the entire ugly Epilog header, something like:
Record.prototype.customPreparse = function() {
this.s_RXBufferString =
this.s_RXBufferString.substr(this.s_RXBufferString .lastIndexOf("\t"));
(You may need to do the same thing to rec.s_Body as well, and note that
I haven't tested this code at all!).
Then just follow the normal process to inject custom.js into your
Collectors, set the Execution Mode to 'custom', and you'll be up and
running.
NOTE: the major thing that Epilog is breaking here, however, is not the
Collector - the Syslog Connector also does some minimal parsing of the
input and will automatically create Event Source nodes based on the
syslog header. The syslog header is supposed to list the hostid of the
ORIGINAL event source as it's second element (after the timestamp), and
by injecting the ciscoworks device hostid, Epilog breaks that (in our
parlance, that's the Reporter, not the Observer).
If you look directly at the file on the CiscoWorks device, what does it
look like? Everything after the \t\t0\t in the sample you sent?
You might ditch Epilog entirely and use something like tail -F or
'netcat' instead, which won't add silly stuff to the messages.
DCorlette
DCorlette's Profile: http://forums.novell.com/member.php?userid=4437
View this thread: http://forums.novell.com/showthread.php?t=425629 -
CiscoWorks IPM - collectors stuck in pending state
I have IPM 2.6 running on ciscoworks, the first collector i created as a test worked perfectly and started running immediately. Now when i've come to start the project proper to configure 400 collectors only 4 collectors show up. Cisco's recommended collectors per ipm server is 1000 so i'm well within the figure.
I even left it overnight thinking it might be database synching issues. Still can't find all the collectors, worst of all when i try to create new collectors it sees them as duplicates.
The source device is reachable and the ipm process is running, any pointers please?Hi
I also facing the same issues as you, User Entitlement Attestation process don't work.
Did you able to fix it now ?
Thanks in advanced
Thanks
John
Maybe you are looking for
-
Hi, my Ipod Schuffle (4 gen) dissapears from windows vista right after I execute Itunes, I've change the drive letter, erase temps in App data file, verified USB drivers, etc... Can someone guide on how to solve this?
-
How do I create an update form, in a search.asp page.
I have a search.asp page which when submitted transfers to the results.asp page. In the search I would like to also create an insert statement. The search.asp page has the following. Form: searchForm (Post) Text Field: KeywordSearch List Menu: Catego
-
Separate program to send a smartform converted into pdf, thru mail
Hi Folks, I had created a smartform and converted it into a PDF format. Now I want a separate program where in if i submit this program it should sent it throuogh mail. Note:-<b>I want a separate program not the one where in you design a smartform,co
-
Network speed WAY down for internet - help??
I have 3 airport extreme's set up as a WDN. It all works great. Internet is fast through a cable modem attached to the main stations WAN port. It seems though that when "certain" users are getting into heavy internet traffic, seemingly large continuo
-
I have two cases for my iPhone, one is a hard plastic case from In Case, the other is a rubberized case from Speck. My question -- my phone seems to get really hot when it's in either of the cases. Should I be concerned about my iPhone overheating?