Limit Syslog DB size Cisco Prime
Hi All,
I have an issue with my Cisco Prime 4.1.
I have a log file for syslog who’s getting bigger and bigger every day. We have created a purge policy to limit the size to 1 gigabyte. This seamed to be a good solution.
But at the same time, I have a database located under Cscopx/database/rmeng/syslog.db, in three parties, syslogfirst, second and third. The problem is that those files grow and never stop growing (5GB and more), until the disk space is full.
At the start the syslog db didn't grow anymore since I configured the purge job for the syslog file. But after a while the syslog db began to grow again.
Are those 2 (syslog file and DB) related in any way? Does anyone has the same problem? I suppose there is an easy way to limit the size of the syslog db.
Thanks,
Best Regards,
Joris
Syslog.log and Syslog*.db are connected to each other. Syslogs sent from device are received in syslog.log and then processed and written in syslog db. All syslog reports come from Db.
To control the log file the logrot utility is used and to control the db the syslog purge and other administrative fuctions are used.
For more details on logrot configuration see :
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.1/user/guide/admin/server.html#wp1055307
For details on administring syslog see :
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.1/user/guide/admin/purgeset.html#wp1060237
Attached is an Syslog Acrhitecture for LMS, hopefully it will be helpful.
-Thanks
Similar Messages
-
Hi friends,
I have a question about my syslog from Cisco Prime LMS 4.1, the hours from this syslog in the LMS is diferent from my switch log. I dont kown why.. I verified the hours betewen switch y the Cisco Prime is the same(the LMS is over Windows Server 2008R2) . both are the same log but in diferent hours about 5 hours.
maybe I have to configure the hours for Syslog in the Cisco Prime.
Log from Switch
Log from Cisco Prime LMSIf you have LMS, i am not sure, but if you have PI 1.2. Take a look at my post.
Basically, syslog feature doesn't work well. I could see couple of syslog through event / alarm, but syslog itself is not working properly.
https://supportforums.cisco.com/message/3861981#3861981 -
Configure the syslog of ASA 5512-X for display on Cisco Prime Infrastructure 2.1
Hi, I'm working on implementing the Cisco Prime Infrastructure 2.1 and want to display the syslog about ASA5512-X with Software Version 9.2.
What would be the procedure for configuring?
Thanks in advance.Hi,
Enable "logging host x.x.x.x " command to enable logging
check the below link:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/monitor_syslog.html#68764
FYI: Prime Infrastructure support only SEV 0,1,2 syslogs as of now.
Operate > alarm and events > syslogs
Thanks-
Afroz
****Ratings Encourages Contributors ***** -
Can Cisco Prime Infra 2.1 work as syslog server
Hello all,
Customer want Cisco Prime Infra 2.1 to work as syslog server. they want to query text in syslog and get raw log file from Cisco Prime Infra. but when i see in user interface. I think that it cannot query and search text in syslog. but i am not sure whether we can get raw log file per devices from Cisco Prime Infra. Can anyone know about this.?
thanks
sompojHi Sompoj,
In the prime infrastructure Syslogs are directly read from udp port 514 and then filtered
, the non SEV1 and SEV2 syslogs will be dropped and will not be entered into db . The
syslog messages will not be saved into log files .
Thanks-
Afroz
****Ratings Encourages Contributors **** -
Limit Number of active sessions for wlan user in Cisco Prime
Is there a way to limit the number of logins from a particular set of credentials in Cisco Prime 2.1? I want to set a maximum of 2 logins from a particular user on the wlan. I have a guest wlan using layer 3 security and an internal wlan using RADIUS (Windows). Would appreciate the help
There is, but it isn't due to PI. It is a function of the WLC itself.
Under Security, there is a Concurrent User Login, set to 0(which is default) it is unlimited logins. This value can be changed to be the number of concurrent logins that work for your situation.
Be advised, this is not a Per WLAN setting, it is a controller wide setting.
HTH,
Steve -
Where are syslogs stored, if I point my devices to Cisco Prime acting as my syslog server? I am running 2.0
thanks, JerryHi ,
As of now , this feature is not available , I mean PI will not work as syslog server.
Syslog messages received by PI from managed devices are found under Monitor > Alarms and Events > Syslogs
as you are using PI 2.2 , you will be able to see all device syslog messages (0-7 severity)
That display will show you up to 200,000 messages at a time.
Check the below link for other related details proved by Marvin :
https://supportforums.cisco.com/discussion/12486126/cisco-prime-syslog-functionality#sthash.Wbj2a3lj.dpuf
Thanks-
Afroz
***Ratings Encourages Contributors **** -
Syslog Email forwarding on Cisco Prime Infrastructure
Hi everybody,
We are performing a migration from LMS 4.2 to Prime Infrastructure 2.1 and we are realizing that some features are not in this new platform.
I suspect that one of them is syslog forwarding by email. In our old LMS we collect some syslog messages, we filtrate them and we email some of them, based on a criteria. Some of them we email to someone, and some of them are droped.
Does someone know if this feature is avaliable in Cisco Prime? I think we can collect syslog messages and view them, but we can not process. Am I right?
Regards and thank you in advance,
DavidHi David,
Yes , unfortunately so far syslog forwarding is not supported.
Also so far only SEV 0.,1 and 2 syslogs are supported in PI. Hoping to have these features in PI 2.2
Thanks-
Afroz
*****Ratings Encourages Contributors **** -
Is cisco prime infrastructure support / can be run as syslog server?
Dear All,
is cisco prime infrastructure support / can be run as syslog server?
and,
where i can see network topology diagram, using cisco prime infrastructure?
many thanks,
JerriHello. Cisco Prime LMS will be replaced by Cisco Prime Infrastructure in the near future.
In the current release of Cisco Prime Infrastructure you can't use topology diagrams. This feature is in roadmap.
About syslog, you can send syslogs to Cisco Prime Infrastructure, but I don't recommend using it as syslog server. Please see this link for more information https://supportforums.cisco.com/thread/2179520
Please rate if this helps -
Cisco Prime - create a Fault Alarm for Syslog Messages
Is it possible to generate an alarm for especific Syslog Messges sent to Cisco Prime?
Admin > Network > Notification and Action Settings > Syslog Automated Actions
Here is possible to send an email. But I would like to see the alarm in the Monitoring dashboard.Hi Leonardo,
unfortunately ,Automated action that you create on syslog will not show in the Monitoring dashboard :(
Thanks-
Afroz
****Ratings Encourages Contributors **** -
Is it possible to generate an alarm for especific Syslog Messges sent to Cisco Prime?
Admin > Network > Notification and Action Settings > Syslog Automated Actions
Here is possible to send an email. But I would like to see the alarm in the Monitoring dashboard.It's a bit kludgey but one of the available automated actions is to run a script. The script could be a homegrown utility to generate a trap which is subsequently forwarded to the server itself. The server will then will parse this new "trap" and then display it on the dashboard.
See this document for example. -
Cisco prime syslog functionality
Hello All,
I have added devices in cisco prime. I can see logging option in cisco prime under Administration > Logging . I have given one server IP (10.18.89.43) where I wanted logs to get saved but I am not sure whether prime is acting as a syslog server and if its really collecting those syslog. Also how do I know where its saving those logs on server. (See attached image)
Please help me with exact configuration.Thanks Marvin for valuable reply. I can see Prime generated syslog message for one of added switch under Inventory > Device Management > Network Audit.
But it was just one message as follows:
Syslog Message<189>92196: Apr 21 17:33:55: %SYS-5-CONFIG_I: Configured from console by 5588648 on vty0 (10.18.83.170)
How do I configure Prime so i can increase buffer for these messages. -
Download devices syslogs of Cisco Prime Infrastructure 2.2
Hello,
I'm working with Cisco Prime Infrastructure 2.2, wish I could download to my PC syslog captured by PI.Hi ,
In the prime infrastructure Syslogs are directly read from udp port 514 and then filtered , the non SEV1 and SEV2 syslogs will be dropped and will not be entered into db . The syslog messages will not be saved into log files .
Thanks-
Afroz
***Ratings Encourages Contributors **** -
Cisco Prime Soft Appliance not saving changes to syslog.conf
Greetings,
I'm having an issue with the syslog.conf file on a Cisco Prime LMS 4.2.4 soft appliance with a Solaris base. My workplace uses local4 as the logging facility for its network devices, and according to a discussion I found on this site, I need to add the line:
local4.info /var/log/syslog_info
I have attempted this several times; we're approaching at least 5 attempts today. I have attached text files created from putty logs where I've attempted to make the necessary change. I appreciate any assistance the community can provide.
Regards,
RobHi, Afroz,
I really appreciate your assistance, but I'm afraid my hopes have been dashed. The syslog.conf reverted to its original configuration. I will go through my steps to be sure that I understood your suggestion properly.
I edited the syslog.conf to put all messages from local4 in /opt/CSCOpx/conf/syslog-entries.txt. Then, I exited the shell to the console, issued the 'write mem' command, and closed the session. Upon my reconnection, I found that my changes to the syslog.conf were not saved.
Did I make the correct edits in the correct places? Another question, is this bug present in the versions of Prime LMS running Linux and/or Windows, or does it only exist in the soft appliance running Solaris?
Regards,
Rob
Edit:
I'm reading the "Installation and Migration of Cisco Prime" PDF, and it gives me the impression that Cisco Prime is only supported as Windows, Solaris, and soft appliance installations. Is that correct? If it is correct, then installation of Cisco Prime LMS is not supported on other Linux distros such as Ubuntu Server, CentOS, Fedora, etc.?
My thanks. -
Hi all,
What's the best way to tune cleanup in Cisco Prime LMS 4.2.2?
The following files are growing really large in my setup.
\CSCOpx\log\SyslogCollector.log.1 (60GB)
\CSCOpx\databases\rmeng\SyslogThird.db (30GB)
\CSCOpx\databases\rmeng\SyslogSeccond.db (30GB)
How can I cleanup those files and in the future limit their size?Create a syslog purge policy. Here is the reference link:
http://www.cisco.com/en/US/customer/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/purgeset.html#wp1060297 -
Cisco Prime Infrastructure 2.0 - no traps/info are pushed from devices
Good evening,
I have setup Cisco Prime Infrastructure 2.0 and, though I have added manually my 4 network cores as devices without any problem, I can't get a single trap or a single SNMP information to be pushed into my Cisco Prime Infra.
Here is my SNMP config on my core :
snmp-server user *edited* *edited* v3
snmp-server group *edited* v3 noauth notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server community *edited* RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps rf
snmp-server enable traps memory
snmp-server enable traps cpu_threshold
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps flex-links status
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps ether-oam
snmp-server enable traps aaa_server
snmp-server enable traps flash insertion removal
snmp-server enable traps l2tc threshold sys-threshold
snmp-server enable traps power-ethernet police
snmp-server enable traps rep
snmp-server enable traps vswitch dual-active vsl
snmp-server enable traps udld link-fail-rpt status-change
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
snmp-server enable traps port-security
snmp-server enable traps ethernet evc status create delete
snmp-server enable traps energywise
snmp-server enable traps ipsla
snmp-server enable traps vstack
snmp-server enable traps bfd
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps errdisable
snmp-server enable traps ethernet cfm alarm
snmp-server enable traps vlan-membership
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host *ip-address-edited* version 3 noauth *edited*
Basically all traps are enabled but absolutely nothing is showing up in my Prime Infra except that my 4 devices are "Reachable".
Here is a show snmp on the same device :
sh snmp
Chassis: *S/N Edited*
38554534 SNMP packets input
0 Bad SNMP version errors
14 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
38453185 Number of requested variables
0 Number of altered variables
17790703 Get-request PDUs
20583581 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
38490708 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
38371069 Response PDUs
13 Trap PDUs
SNMP global trap: enabled
SNMP agent enabled
SNMP logging: enabled
Logging to *edited*, 0/10, 13 sent, 0 dropped.
Can anyone point out what is wrong or missing in my configuration? I can't seem to single it out myself.
Thanks
JeremyHi Jeremy,
SNMP traps are shown in the events and alerts section of PI.
SNMP config looks fine. Can you run the SNMP debug (debug snmp packets ) .check the logs and see if the device is actually sending the TRAPS to the PI server.
Thanks-
Afroz
[Do rate the useful post]
****Ratings Encourages Contributors ****
Maybe you are looking for
-
How to connect my perfectly-working 20-year-old Apple Personal Laserwriter 320 to my iMac running Mountain Lion? Thank you, Morty S.
-
I have a file that looks like this with out the *'s lastName firstName number lastName firstName number2 lastName firstName number3 lastname = (string) an actual last name like smith same for first name number = an actual number (int) like 90 or 120
-
HP 7520 all in one printer does not print photos well-Does with my Windows machines
I have several computers. Everything works great with printer in Windows environment. I have an iPad and a MACbook PRO with Maverick 10.9.4. The photos are terrible when I print with either of these devices. It almost looks like a negative imag
-
i had this problem before. i went to the IT department in my school and they fixed but i dont know how. now it's happening again and i don't know what to do. i've been using internet explorer so i do have internet connection, but i mozilla is way fas
-
My account settings deleted & cannot get mail, how to reset?
My Account settings were deleted apparently when a key was touched by mistake. The Server settings are gone. All I have left are the Outgoing Server (which is same as the Incoming server, which is no longer there) and Junk Settings and Disk Space. Lo