LMS 3.2 Syslog Collector error

Hi,
At RME: ToolsSyslogSyslog Collector Status screen at table Collector Status No records.
I had changed hostname on this server and i have ran /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/hostnamechange.pl script with proprer parameters.
Now I cannot add collector, because of "SSL certificate status" error:
SSL certificate issue occurred, check if:
1. The Self-signed Certificates are valid. For example, Check the certificate expiry date on the servers.
2. The Self-signed Certificates of this server are copied to the Syslog Collector server and vice-versa.
To do this, go to Common Services > Server > Security > Multi-Server Trust Management > Peer Server Certificate Setup. and add the certificate. See the User Guide for CiscoWorks Common Services for more details..
3.The SyslogCollector process on Syslog Collector server and the SyslogAnalyzer process in the current working server are restarted after Step 2.
4.Both hosts are reachable by host name.
Collector status : Could not connect to the collector _myhostname_._mydomainname_ due to SSL certificate issue
I use an third party Certificate, and https access is working propery for user access.
I want to run Syslog Collector locally, syslog file is a local server hence I use syslog-ng for other reason.
This is my SyslogCollector log:
SyslogCollector - [Thread: main] INFO , 24 Mar 2011 16:47:45,305, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 24 Mar 2011 16:47:45,308, System Initialized.
SyslogCollector - [Thread: main] INFO , 24 Mar 2011 16:47:45,408, Queue Cap 100000
SyslogCollector - [Thread: main] INFO , 24 Mar 2011 16:47:47,699, Service started...
How can I correct this situation, how can I run Syslog Collector.
Balazs

Try unsubscribing and subscribing the collector so it can accept the updated info. If that does not work, post the SyslogAnalyzerUI.log and SyslogCollector.log from CSCOpx/log directory.

Similar Messages

LMS 4.2 Syslog Collector doesn't work

Hi fellas,
I need a few help for my LMS 4.2, syslog collector on LMS doesnt working even service syslog collector running normaly and also i saw in syslog_info is working to collect syslog from all router but not show up in dashboard monitoring.
I have setting on every router to logging (ip address LMS) but on LMS no any syslog from router can collect.
if you was face problem same with me or know how to solved this issue please share to me
i did a selftest from LMS there are all PASS except nslookup fail, it is has relation with syslog not show up on dashboard??

Hi ngoldwat,
thanks for concern my issue.
there are packet capture syslog_info that i get :
May 2 19:07:29 10.29.246.47 62893: 161406: May 2 12:01:57.134 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 2 19:08:23 10.29.246.47 62894: 161407: May 2 12:02:51.170 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 2 19:08:23 10.29.246.47 62895: 161408: May 2 12:02:51.174 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 3 16:42:28 10.29.246.47 62897: 161410: May 3 09:36:54.806 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 3 16:42:28 10.29.246.47 62896: 161409: May 3 09:36:54.774 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 3 16:42:28 10.29.246.47 62898: 161411: May 3 09:36:55.750 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 3 16:43:23 10.29.246.47 62899: 161412: May 3 09:37:49.846 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 3 16:43:23 10.29.246.47 62900: 161413: May 3 09:37:50.018 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 3 16:54:59 10.29.246.47 62902: 161415: May 3 09:49:27.031 UTC: %BGP-3-NOTIFICATION: sent to neighbor 10.29.252.85 4/0 (hold time expired) 0 bytes
May 3 16:54:59 10.29.246.47 62901: 161414: May 3 09:49:27.031 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Down BGP Notification sent
May 3 16:55:29 10.29.246.47 62904: 161417: May 3 09:49:55.731 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 3 16:55:29 10.29.246.47 62905: 161418: May 3 09:49:55.923 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 3 16:55:30 10.29.246.47 62906: 161419: May 3 09:49:56.803 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 3 16:57:12 10.29.246.47 62907: 161420: May 3 09:51:38.859 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Up
May 3 16:57:24 10.29.246.47 62908: 161421: May 3 09:51:50.875 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 3 16:57:24 10.29.246.47 62909: 161422: May 3 09:51:50.891 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 07:57:31 10.29.246.47 62910: 161423: May 6 00:51:53.214 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 07:57:31 10.29.246.47 62911: 161424: May 6 00:51:53.274 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 07:57:31 10.29.246.47 62912: 161425: May 6 00:51:54.122 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 07:58:26 10.29.246.47 62913: 161426: May 6 00:52:48.291 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 07:58:26 10.29.246.47 62914: 161427: May 6 00:52:48.319 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 08:04:32 10.29.246.47 62915: 161428: May 6 00:58:53.743 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 08:04:32 10.29.246.47 62916: 161429: May 6 00:58:53.867 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 08:04:33 10.29.246.47 62917: 161430: May 6 00:58:54.747 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 08:05:27 10.29.246.47 62919: 161432: May 6 00:59:49.043 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 08:05:27 10.29.246.47 62918: 161431: May 6 00:59:48.819 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 10:59:36 10.29.246.47 62921: 161434: May 6 03:53:56.510 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 10:59:36 10.29.246.47 62920: 161433: May 6 03:53:56.466 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 10:59:36 10.29.246.47 62922: 161435: May 6 03:53:57.422 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 11:00:30 10.29.246.47 62923: 161436: May 6 03:54:51.542 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 11:00:30 10.29.246.47 62924: 161437: May 6 03:54:51.562 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:10:31 10.29.246.47 62925: 161438: May 6 12:04:52.034 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:10:31 10.29.246.47 62926: 161439: May 6 12:04:52.142 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:10:32 10.29.246.47 62927: 161440: May 6 12:04:53.038 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:11:26 10.29.246.47 62928: 161441: May 6 12:05:47.110 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:11:26 10.29.246.47 62929: 161442: May 6 12:05:47.346 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:21:32 10.29.246.47 62930: 161443: May 6 12:15:52.870 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:21:32 10.29.246.47 62931: 161444: May 6 12:15:52.970 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:21:32 10.29.246.47 62932: 161445: May 6 12:15:53.818 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:22:27 10.29.246.47 62934: 161447: May 6 12:16:47.974 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:22:27 10.29.246.47 62933: 161446: May 6 12:16:47.946 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:27:32 10.29.246.47 62935: 161448: May 6 12:21:53.326 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:27:32 10.29.246.47 62936: 161449: May 6 12:21:53.518 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:27:33 10.29.246.47 62937: 161450: May 6 12:21:54.462 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:28:27 10.29.246.47 62938: 161451: May 6 12:22:48.402 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:28:27 10.29.246.47 62939: 161452: May 6 12:22:48.442 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 7 15:46:37 10.29.246.47 62940: 161453: May 7 08:40:56.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 7 15:46:37 10.29.246.47 62941: 161454: May 7 08:40:56.679 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 7 15:46:37 10.29.246.47 62942: 161455: May 7 08:40:57.575 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 7 15:47:32 10.29.246.47 62943: 161456: May 7 08:41:51.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 7 15:47:32 10.29.246.47 62944: 161457: May 7 08:41:51.659 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 7 19:13:37 10.29.246.47 62945: 161458: May 7 12:07:56.576 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 7 19:13:37 10.29.246.47 62946: 161459: May 7 12:07:56.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 7 19:13:38 10.29.246.47 62947: 161460: May 7 12:07:57.688 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 7 19:14:32 10.29.246.47 62948: 161461: May 7 12:08:51.652 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 7 19:14:32 10.29.246.47 62949: 161462: May 7 12:08:51.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 8 12:23:38 10.29.246.47 62950: 161463: May 8 05:17:56.001 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 8 12:23:38 10.29.246.47 62952: 161465: May 8 05:17:56.877 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 8 12:23:38 10.29.246.47 62951: 161464: May 8 05:17:56.029 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 8 12:24:33 10.29.246.47 62953: 161466: May 8 05:18:51.074 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 8 12:24:33 10.29.246.47 62954: 161467: May 8 05:18:51.126 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 11 00:39:10 10.29.246.47 62955: 161468: May 10 17:33:23.758 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 00:50:32 10.29.246.32 144502: 6296699: May 10 17:44:45.413 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 00:52:24 10.29.246.21 305: 000307: May 10 17:46:36.954 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 19:28:22 10.29.246.47 62956: 161469: May 11 12:22:34.195 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:28:27 10.29.246.32 144503: 6305725: May 11 12:22:39.494 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:28:56 10.29.246.21 306: 000308: May 11 12:23:08.019 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:38:21 10.29.246.47 62957: 161470: May 11 12:32:32.744 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:38:25 10.29.246.32 144504: 6305806: May 11 12:32:37.346 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:38:26 10.29.246.21 307: 000309: May 11 12:32:37.666 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:51:41 10.29.246.47 62958: 161471: May 11 12:45:52.641 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:51:54 10.29.246.32 144505: 6305911: May 11 12:46:06.395 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 20:01:45 10.29.246.21 308: 000310: May 11 12:55:57.175 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 13 09:17:48 10.29.246.47 62959: 161472: May 13 02:11:56.894 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 13 09:17:48 10.29.246.47 62960: 161473: May 13 02:11:57.034 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 09:17:49 10.29.246.47 62961: 161474: May 13 02:11:57.962 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 13 09:18:43 10.29.246.47 62962: 161475: May 13 02:12:51.966 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 13 09:18:43 10.29.246.47 62963: 161476: May 13 02:12:52.046 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 13 10:23:48 10.29.246.47 62966: 161479: May 13 03:17:57.681 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 13 10:23:48 10.29.246.47 62964: 161477: May 13 03:17:56.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 13 10:23:48 10.29.246.47 62965: 161478: May 13 03:17:56.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 10:24:43 10.29.246.47 62967: 161480: May 13 03:18:51.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 13 10:24:43 10.29.246.47 62968: 161481: May 13 03:18:51.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 13 16:23:00 10.29.246.32 144506: 6327510: May 13 09:17:08.851 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 2 19:07:29 10.29.246.47 62893: 161406: May 2 12:01:57.134 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 2 19:08:23 10.29.246.47 62894: 161407: May 2 12:02:51.170 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 2 19:08:23 10.29.246.47 62895: 161408: May 2 12:02:51.174 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 3 16:42:28 10.29.246.47 62897: 161410: May 3 09:36:54.806 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 3 16:42:28 10.29.246.47 62896: 161409: May 3 09:36:54.774 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 3 16:42:28 10.29.246.47 62898: 161411: May 3 09:36:55.750 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 3 16:43:23 10.29.246.47 62899: 161412: May 3 09:37:49.846 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 3 16:43:23 10.29.246.47 62900: 161413: May 3 09:37:50.018 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 3 16:54:59 10.29.246.47 62902: 161415: May 3 09:49:27.031 UTC: %BGP-3-NOTIFICATION: sent to neighbor 10.29.252.85 4/0 (hold time expired) 0 bytes
May 3 16:54:59 10.29.246.47 62901: 161414: May 3 09:49:27.031 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Down BGP Notification sent
May 3 16:55:29 10.29.246.47 62904: 161417: May 3 09:49:55.731 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 3 16:55:29 10.29.246.47 62905: 161418: May 3 09:49:55.923 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 3 16:55:30 10.29.246.47 62906: 161419: May 3 09:49:56.803 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 3 16:57:12 10.29.246.47 62907: 161420: May 3 09:51:38.859 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Up
May 3 16:57:24 10.29.246.47 62908: 161421: May 3 09:51:50.875 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 3 16:57:24 10.29.246.47 62909: 161422: May 3 09:51:50.891 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 07:57:31 10.29.246.47 62910: 161423: May 6 00:51:53.214 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 07:57:31 10.29.246.47 62911: 161424: May 6 00:51:53.274 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 07:57:31 10.29.246.47 62912: 161425: May 6 00:51:54.122 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 07:58:26 10.29.246.47 62913: 161426: May 6 00:52:48.291 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 07:58:26 10.29.246.47 62914: 161427: May 6 00:52:48.319 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 08:04:32 10.29.246.47 62915: 161428: May 6 00:58:53.743 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 08:04:32 10.29.246.47 62916: 161429: May 6 00:58:53.867 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 08:04:33 10.29.246.47 62917: 161430: May 6 00:58:54.747 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 08:05:27 10.29.246.47 62919: 161432: May 6 00:59:49.043 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 08:05:27 10.29.246.47 62918: 161431: May 6 00:59:48.819 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 10:59:36 10.29.246.47 62921: 161434: May 6 03:53:56.510 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 10:59:36 10.29.246.47 62920: 161433: May 6 03:53:56.466 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 10:59:36 10.29.246.47 62922: 161435: May 6 03:53:57.422 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 11:00:30 10.29.246.47 62923: 161436: May 6 03:54:51.542 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 11:00:30 10.29.246.47 62924: 161437: May 6 03:54:51.562 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:10:31 10.29.246.47 62925: 161438: May 6 12:04:52.034 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:10:31 10.29.246.47 62926: 161439: May 6 12:04:52.142 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:10:32 10.29.246.47 62927: 161440: May 6 12:04:53.038 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:11:26 10.29.246.47 62928: 161441: May 6 12:05:47.110 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:11:26 10.29.246.47 62929: 161442: May 6 12:05:47.346 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:21:32 10.29.246.47 62930: 161443: May 6 12:15:52.870 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:21:32 10.29.246.47 62931: 161444: May 6 12:15:52.970 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:21:32 10.29.246.47 62932: 161445: May 6 12:15:53.818 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:22:27 10.29.246.47 62934: 161447: May 6 12:16:47.974 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 6 19:22:27 10.29.246.47 62933: 161446: May 6 12:16:47.946 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:27:32 10.29.246.47 62935: 161448: May 6 12:21:53.326 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 6 19:27:32 10.29.246.47 62936: 161449: May 6 12:21:53.518 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 6 19:27:33 10.29.246.47 62937: 161450: May 6 12:21:54.462 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 6 19:28:27 10.29.246.47 62938: 161451: May 6 12:22:48.402 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 6 19:28:27 10.29.246.47 62939: 161452: May 6 12:22:48.442 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 7 15:46:37 10.29.246.47 62940: 161453: May 7 08:40:56.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 7 15:46:37 10.29.246.47 62941: 161454: May 7 08:40:56.679 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 7 15:46:37 10.29.246.47 62942: 161455: May 7 08:40:57.575 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 7 15:47:32 10.29.246.47 62943: 161456: May 7 08:41:51.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 7 15:47:32 10.29.246.47 62944: 161457: May 7 08:41:51.659 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 7 19:13:37 10.29.246.47 62945: 161458: May 7 12:07:56.576 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 7 19:13:37 10.29.246.47 62946: 161459: May 7 12:07:56.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 7 19:13:38 10.29.246.47 62947: 161460: May 7 12:07:57.688 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 7 19:14:32 10.29.246.47 62948: 161461: May 7 12:08:51.652 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 7 19:14:32 10.29.246.47 62949: 161462: May 7 12:08:51.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 8 12:23:38 10.29.246.47 62950: 161463: May 8 05:17:56.001 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 8 12:23:38 10.29.246.47 62952: 161465: May 8 05:17:56.877 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 8 12:23:38 10.29.246.47 62951: 161464: May 8 05:17:56.029 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 8 12:24:33 10.29.246.47 62953: 161466: May 8 05:18:51.074 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 8 12:24:33 10.29.246.47 62954: 161467: May 8 05:18:51.126 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 11 00:39:10 10.29.246.47 62955: 161468: May 10 17:33:23.758 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 00:50:32 10.29.246.32 144502: 6296699: May 10 17:44:45.413 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 00:52:24 10.29.246.21 305: 000307: May 10 17:46:36.954 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
May 11 19:28:22 10.29.246.47 62956: 161469: May 11 12:22:34.195 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:28:27 10.29.246.32 144503: 6305725: May 11 12:22:39.494 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:28:56 10.29.246.21 306: 000308: May 11 12:23:08.019 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
May 11 19:38:21 10.29.246.47 62957: 161470: May 11 12:32:32.744 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:38:25 10.29.246.32 144504: 6305806: May 11 12:32:37.346 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:38:26 10.29.246.21 307: 000309: May 11 12:32:37.666 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:51:41 10.29.246.47 62958: 161471: May 11 12:45:52.641 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 19:51:54 10.29.246.32 144505: 6305911: May 11 12:46:06.395 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 11 20:01:45 10.29.246.21 308: 000310: May 11 12:55:57.175 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
May 13 09:17:48 10.29.246.47 62959: 161472: May 13 02:11:56.894 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 13 09:17:48 10.29.246.47 62960: 161473: May 13 02:11:57.034 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 09:17:49 10.29.246.47 62961: 161474: May 13 02:11:57.962 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 13 09:18:43 10.29.246.47 62962: 161475: May 13 02:12:51.966 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 13 09:18:43 10.29.246.47 62963: 161476: May 13 02:12:52.046 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 13 10:23:48 10.29.246.47 62966: 161479: May 13 03:17:57.681 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 13 10:23:48 10.29.246.47 62964: 161477: May 13 03:17:56.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
May 13 10:23:48 10.29.246.47 62965: 161478: May 13 03:17:56.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 10:24:43 10.29.246.47 62967: 161480: May 13 03:18:51.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
May 13 10:24:43 10.29.246.47 62968: 161481: May 13 03:18:51.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 13 16:23:00 10.29.246.32 144506: 6327510: May 13 09:17:08.851 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
May 13 16:23:55 10.29.246.32 144507: 6327524: May 13 09:18:03.847 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 16:23:55 10.29.246.32 144508: 6327525: May 13 09:18:04.695 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
May 13 16:23:55 10.29.246.32 144507: 6327524: May 13 09:18:03.847 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
May 13 16:23:55 10.29.246.32 144508: 6327525: May 13 09:18:04.695 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
i have Subscribed the service correct, you can see ss in my new upload
apparently the last captured syslog 13 May 2013 and not collecting again.
i will appreciate all suggest for this issue.

Can I and then how do I subscribe my LMS 4.02 to my LMS 3.2 syslog collector?

We are migrating to LMS 4.0.2, but our syslogs are curerently being sent to our LMS 3.2 server. Can I subscribe to our LMS3.2 syslog collector? Or

read this:
http://support.apple.com/kb/HT2109

LMS 4.2 Syslog Collector for Windows Server 2008SR2 ?

Hi together.
Is there an .ISO file for installing on Windows Server20888SR2 ?
I only found the version for RedHat Linux.......
Thanks for your answers
Greets
Mike

The windows LMS 4.2 install medai comes with in build packaged RSAC.
You can run the LMS 4.2 exe file, it before giving you a first screen would extract itself in temp files. In those temp extracted files you can see RSAC folder, which you can copy to other directory and terminate installation for LMS 4.2.
To go to TEMP dir, you can got to start > run > (type) %temp%.
-Thanks

LMS 4.2 – Missing messages in Remote Syslog Collector

Remote syslog Collector are dropping syslog messages - randomly. During analyzing we found out that syslog messages are stored in RSAC in file: /var/log/syslog_info
According to information from /etc/rsyslog.conf are the same syslog messages stored again in other files: /var/log/messages, /var/log/boot.log
In every file are missing the same messages. Load of RSAC and physical server is very low. When we send messages to more syslog servers (for example to other debian server in the same or different vlan) in the same physical server in vmware, we always receive every message.
We are using LMS 4.2.3 (Soft appliance) and for syslog messages RSAC 5.2 (linux in vmware). We receive approximately 200-300k syslog messages per day and RSAC drop approximately 100k.
Please what we have to change to receive all messages?
Why RSAC store the same messages more times?
Thanks
Milos

I think this should change what you want - if not, revert it to the default:
for security, make a backup of the following file and open it in a text editor:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
change the following to a value that might fit your needs but be careful this can affect system performance:
    QUEUE_CAPACITY=100000
save the file and restart the following syslog processes:
in a DOS box check the status of the following processes (they should be started) and restart them:
    pdshow SyslogAnalyzer SyslogCollector
    pdterm SyslogAnalyzer SyslogCollector
    pdexec SyslogAnalyzer SyslogCollector
    pdshow SyslogAnalyzer SyslogCollector
now, try to re-run your report.

Integrate Remote Syslog Collector with LMS 4.1

We have LMS 4.1 in our network. We had recently installed Remote Syslog Collector on a new Server to collect logs from all the devices. How can we integrate the Remote Syslog Collector with the LMS Server?
Thanks in Advance.

You simply have to subscribe the IP address of the Remote Syslog Collector in Ciscowork LMS server under :
Admin > Collection Settings > Syslog > Syslog Collector Status
Once it is subscribed, it should start working, simialar to how it works when Syslog Collector is Local on LMS server.
For more details see docuement :
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.1/install/guide/appendc.html#wp1049873
-Thanks

LMS 3.2 Syslog is not showing Report

Hello,
I have LMS 3.2 that is having Syslog reporting problem. The syslog messages are being sent to LMS and i can see them in the CSCOpx->log->syslog.log but when i try to generate a 24-hour report,the report is generated without any records.
1- i tried to solved the problem by stopping the cisco works Daemon manger and CWCS syslog services then delete the syslog.log file.
So after restarting these services the report worked for 4-5 mins and then stopped. Therfore the 24-hour report started displaying only the syslog
messages are were pulled within the 4-5 mins that LMS worked.
2- I repeated the process again but this time with no luck at all.
3- I checked the Syslog Collector Status and it showed the following :
SSL certificate status
SSL certificates are valid and properly imported
Collector status
Collector 10.0.1.132 is up and reachable
i have posted the SyslogAnalyzer and SyslogCollector.log
Please if anyone can help i would be appreciated .
Regards,
George

Hi,
Its still possible that some services on server might be using the ports. Another possibility is to have improper SSL certificates. Try to re-generate SSL certificates with the host name of the server and not the FQDN even though server is now part of AD.
Here is the procedure to re-generate SSL Certificates from CLI :-
a.Stop Daemons
C:\net stop crmdmgtd
b. Remove server.* under NMSROOT\MDC\Apache\conf\ssl
c. Run the following commands:
CSCOpxMDC\Apache\perl ConfigSSL.pl -disable
CSCOpx\MDC\Apache\perl ConfigSSL.pl -enable (fill up the certificate info) when you will be prompt to enter server host name. kindly enter the server name and not FQDN.
If you are not using SSL connectivity to CiscoWorks
CSCOpx\MDC\Apache\bin\ConfigSSL.pl -disable
d.Restart Daemons
c:\net start crmdmgtd.
Since the server is now part of the domain, kindly make sure you have server FQDN entry into the server host file at location :- WINDOWS\system32\drivers\etc\host
If it still dont work then we need to enable the debugging for Syslog Collector. This can achieved by changing the INFO to DEBUG in Collector.propert
ies file. Here is the procedure.
1> Stop syslog collector process on the server (you can do this from the command line prompt):
> pdterm SyslogCollector
2. Open and edit the
CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/csco/nm/rmeng/csc/data/Collector.propert
ies file, and change the line from
DEBUG_LEVEL=INFO
to
DEBUG_LEVEL=DEBUG
Then, save the file.
3. Restart syslog collector process.
> pdexec SyslogCollector
Try to reproduce the issue and send debug log from location :- CSCOpx/log/SyslogCollector.log
Thanks,
Gaganjeet

LMS 3.2 - Syslog Config fetch not working

Hello,
the syslog config fetch on my LMS 3.2 with RME 4.3.0 is not working.
I get syslog messages from devices and the count in the syslog collector status is okay.
But in the syslog message summary in device center the count is not getting higher with every message.
And the config fetch is not working.
I changed the logging level in the collector-properties to "debug" and got the following messages for a device which I want to fetch:
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, FcssEmblemProcessor - About to process the syslog string : Jun 07 14:40:23 10.155.224.102 53: Jun 7 14:39:57: %SYS-5-CONFIG_I: Configured from console by shru1307 on vty0 (4.26.16.20)
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.FcssEmblemAFormatParser@13bd574
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.FcssEmblemBFormatParser@13adc56
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@157aa53
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.CSSSyslogFormatParser@6f50a8
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, EmblemA not valid.
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, EmblemB not valid.
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, EmblemA valid.
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Setting daemon date
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, After adjusting the offset Mon Jun 07 14:40:23 CEST 2010 GMT 7 Jun 2010 12:40:23 GMT
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parsed using the parser : com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@157aa53
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, FcssEmblemProcessor - Valid EMBLEM format. Passing on...
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Converted syslog to filter string. Filter string is 10.155.224.102;;;SYS-5-CONFIG_I: Configured from console by shru1307 on vty0 (4.26.16.20)
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, ^((10\.161\.1\.45);;;(\S+)(-(\S+))?-(.*)(-(.*\s*))?\s*:\s*.*)$
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, FcssFilterPatternSet- inside 6
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, getInterestedSubscribers() - Incrementing filtered count for HNW2K3CISCO03
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, getInterestedSubscribers() - No interested subscribers. Returning null.
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Entered zero size
I attached the AnalyzerDebug.log, syslog_debug.log, SyslogAnalyzer.log and SyslogCollector.log for further informations.
Thanks for any advice!
Sven

After I restarted the processes the syslog queue is empty and the config fetch works :-)
Output from syslog.log:
Jun 15 09:37:51 4.72.80.13 3131: Jun 15 09:36:59.881: %SYS-5-CONFIG_I: Configured from console by shru1307 on vty0 (4.26.16.20)
Output from AnalyzerDebug.log:
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,74,Invoking Config collection for syslog message
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,81,Before triggering syslog config fetch
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,83,Syslog Timestamp Tue Jun 15 09:37:51 CEST 2010
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,85,DCMA Endtime String 2010-06-10 00:51:02.94
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,90,DCMA Endtime String after formatting Thu Jun 10 00:51:02 CEST 2010
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,98,Buffer Time after adding 5 minutes Thu Jun 10 00:56:02 CEST 2010
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,101,Triggering fetch on syslog since Timestamp > bufferTime
My last question is now, what can I do that the syslog queue will not getting full one more time?
Is logrot a solution? My syslog.log will be rotated at 128 MB.
Thanks a lot!
Sven

Syslog Collector w/ File Connector Parsing Issue

Dear all,
Recently, I had a requirement from a customer.
They have various Linux systems. They want to pass all syslog to
sentinel, but not by syslog connector for some reasons.
Therefore, they throw us those syslog in text file, and ftp it for
sentinel reading.
The problem is that this.RXBufferstring could not be 100% parsed in all
kinds of messages. Sometimes there would be error.
But when they use Syslog connector. Every event fields seem to be parsed
correctly.
So is there any methods to use syslog collector w/file connector
correctly?
Or how do people handle this kind of problem?
Please assist. Thanks a lot.
andy_ho
andy_ho's Profile: https://forums.netiq.com/member.php?userid=4568
View this thread: https://forums.netiq.com/showthread.php?t=51453

On 08/01/2014 04:26 AM, andy ho wrote:
>
> Dear all,
>
> Recently, I had a requirement from a customer.
>
> They have various Linux systems. They want to pass all syslog to
> sentinel, but not by syslog connector for some reasons.
> Therefore, they throw us those syslog in text file, and ftp it for
> sentinel reading.
>
> The problem is that this.RXBufferstring could not be 100% parsed in all
> kinds of messages. Sometimes there would be error.
> But when they use Syslog connector. Every event fields seem to be parsed
> correctly.
>
> So is there any methods to use syslog collector w/file connector
> correctly?
> Or how do people handle this kind of problem?
No supported way, no. The testing between collector and connector is done
so that certain methods are easy, reliable, and supported. Just because
data are grabbed from one media (network, syslog specifically) and written
to another (file) does not mean that nothing else is changed, and the
syslog collectors may be assuming other properties (such as the event
source IP address) are there when they are not.
You can probably make this work, but you'll likely need to customize the
collector in order to do it. The alternative is to use the debugging
feature of the collector to find out what is wrong with certain events and
possibly modify them on the event source side. Either way, you're going
to have a scenario that is not supported so it may be worth revisiting the
requirement to use a file vs. syslog just in case support matters more
than the "for some reasons" that they want to go with a file.
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

Syslog Collector failure with third party SSL certificate

Hello,
We recently replaced our self-signed SSL certificates with certificates provided by our agency. After the change subscription attempts to the collector in [RME>Tools>Syslog>Syslog Collector Status] failed: SCLA0126: Could not subscribe to the Collector.
I believe the problem originates with the way the CSRs are handeled. An identification number rather than the actual FQDN must be provided in the common name field and this number is expected by the CA. A chain was built with multiple government CAs, and warnings received that the chain does not end in a trusted CA. My hands are bound by this policy - is there a way to make this work or any suggested workaround? Tried a DNS CNAME with the id number. No joy. I haven't tried renaming the host to the id number but I might if you think it might work and then will just cname the current hostname. We are running Solaris 10 systems. Here is the error from AnalyzerDebug.log:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:678)
        at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
        at java.io.ObjectInputStream$PeekInputStream.read(ObjectInputStream.java:2213)
        at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2226)
        at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2694)
        at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:761)
        at java.io.ObjectInputStream.<init>(ObjectInputStream.java:277)
        at com.cisco.nm.rmeng.fcss.common.FcssSyslogCollector.<init>(FcssSyslogCollector.java:95)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.notifySubscribers(SyslogAnalyzerEngine.java:975)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.start(SyslogAnalyzerEngine.java:1031)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerService.main(SyslogAnalyzerService.java:55)
Thanks....!!!
= Uwe =

The subscriber list is empty because we could not add the subscription after the swapping the certs. Sorry, was asked to obscure the host names - it shows host name only not FQDN.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:33,198, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:33,201, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:36,694, Service started...
SyslogCollector - [Thread: Thread-9] WARN , 14 Feb 2010 10:42:04,383, Unable to add monitor for
SyslogCollector - [Thread: SyslogObjectForwarder] ERROR, 14 Feb 2010 11:07:42,369, Could not send syslogs, removing the subscriber...Connection refused
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,499, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,501, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,850, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:06,047, Service started...
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:33,732, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:33,735, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:34,148, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:37,352, Service started...
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,112, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,115, System Initialized.
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,565, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:38,168, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:43,806, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:43,816, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:44,220, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:47,493, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,424, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,427, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,781, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:04,007, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:33,851, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:33,854, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:34,303, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:37,834, Service started...
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,156, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,166, System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,516, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:54,734, Service started...
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:33,673, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:33,676, System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:34,130, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:37,759, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,526, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,533, System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,886, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:46,111, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,144, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,147, System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,604, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:38,116, Service started...
Our secondary host shows a subscriber, however no syslog packets are seen. Also, this subscriber can not be unsubscribed (deleted).
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:19,098, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:19,101, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:09:22,723, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:22,770, Service started...
SyslogCollector - [Thread: Thread-11] WARN , 18 Feb 2010 16:14:07,828, Unable to add monitor for
SyslogCollector - [Thread: Thread-13] WARN , 18 Feb 2010 16:14:08,008, Unable to add monitor for
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:29,557, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:29,560, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:32:33,205, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:32:33,263, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:33,277, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:33,728, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:33,733, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 23:59:37,786, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 23:59:37,857, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:37,869, Service started...

Bad time zone in Syslog Collector Status screen

Hi, we have a LMS 4.0 and we are watching a wrong time zone in the Syslog Collector Status screen, it says GMT +2 but it should be GMT +1. In the Windows operating system, time settings are well configured; can anyone help me to fix this, please?
Regards.

Hi,
please find attached some screenshots: one with the LMS time, another one with the OS time and the last one with the syslog collector time. The only problem is that they have been taken at different times but it can be seen that OS time zone is UTC + 1 and Syslog Collector time zone is GMT + 2.
Kind regards.

CiscoPrime LMS 4.1 Syslog Report Empty

I have a new install of LMS 4.1 on a Windows server I'm trying out. I have switches and firewalls syslogging to the system, but when I run any kind of Syslog report (Reports > Fault and Event > Syslog) it's always blank. I ran a Wireshark capture on the server and it's definitely receiving a ton of syslog data from the systems. What am I missing here? :-)

perhaps this is of some help for anybody....
I just troublshoot a LMS 4.2.1 installation on windows where the syslog report did not show any syslog message ("no data available") nor did any syslog report had any data.
SyslogCollector and SyslogAnalyzer where running fine and the server itself was successfully subscribed to the SyslogCollector (Admin > Collection Settings > Syslog > Syslog Collector Status). What was really suprising was the fact, that the counter for "Forwarded" messages was rising when syslogs arrived in the syslog.log file.
In the end it turns out, that this was a fresh installation of LMS 4.2 (updated to LMS 4.2.1) and the effort to restore the database from the old LMS 3.2.1 system failed. To get the minimum data form the old LMS system, only the devices were exported form the old system and imported into the new system - a discovery was never done.
In the AnalyzerDebug.log I found that while the system was trying to insert the messages into the syslog db the process fails because it could not associate a DcrId to the IP which was sending the syslog message.
Also DNS was running in round-robin mode in the network. I finially added the devices to the hosts file, did run a discovery and the syslog messages started to show up in the report.
to see the relevant messages in the AnalyzerDebug.log, debugging for SyslogAnalyzer must be turned on.
these are the troubleshooting steps and this is what I saw in the AnalyzerDebug.log:
=======================================
enable debugging
Admin > System > Debug Settings > Config and Image Management Debugging Settings
Set Application Logging Levels >> SyslogAnalyzer (scroll down)
set Syslog Analyzer and Syslog Analyzer User Interface from INFO to DEBUG
(do not foret to reset debugging when finished!)
NMSROOT\log\AnalyzerDebug.log
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],com.cisco.nm.rmeng.util.DCRWrapperAPIs,getResultFromQuery,4008,Counter : 17
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],com.cisco.nm.rmeng.inventory.InvAPIs,getDeviceIdsFromIPAddresses,3038,For IP Address: 192.168.x.x Device id is:null
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Device id not found even in the inventory
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Found the device id as null
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Attempting to insert the syslog into database
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Preparing to hand of syslog to the database handler
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Syslog length=1
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3], Time stamp of the syslog received is : Fri Aug 10 14:34:02 CEST 2012 GMT 10 Aug 2012 12:34:02 GMT
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Inside execute mothod
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Insert into SYSLOG_20120710(Syslog_Device_Id,Syslog_Device_Name,Syslog_TimeStamp,Syslog_Facility,Syslog_SubFacility,Syslog_Severity, Syslog_Mnemonic,Syslog_Description )values(?,?,?,?,?,?,?,?)
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Inside Retry count
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Connection is now false
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Recreated the statement object
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Row count 1
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Added syslog to the database handler
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Insertion of syslog into database is done
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Attempting to find interested actions, bypassing
[ Fri Aug 10 14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Syslog is found to be unexpected. No actions will be taken, returing
[ Fri Aug 10 14:36:33 CEST 2012 ],DEBUG,[Thread-15],Preparing to get collector status
[ Fri Aug 10 14:36:33 CEST 2012 ],DEBUG,[Thread-15],Current no. of collectors is 1
[ Fri Aug 10 14:36:33 CEST 2012 ],DEBUG,[Thread-15],Processing for the subscription LMSServerNmeLMSServerName
[ Fri Aug 10 14:36:33 CEST 2012 ],DEBUG,[Thread-15],getCollector =192.168.y.y
[ Fri Aug 10 14:36:33 CEST 2012 ],DEBUG,[Thread-15],Port4444
[ Fri Aug 10 14:36:33 CEST 2012 ],DEBUG,[Thread-15],Connected to the collector 192.168.y.y@4444
[ Fri Aug 10 14:36:33 CEST 2012 ],DEBUG,[Thread-15],Gathered status from collector
[ Fri Aug 10 14:36:33 CEST 2012 ],DEBUG,[Thread-15],Captured the status from the collector
[ Fri Aug 10 14:36:33 CEST 2012 ],DEBUG,[Thread-15],Done with the status collection
==================================================

Cisco LMS 3.2 SYSLOG not storing after 10 days

Hi ,
Im facing one issue with Cisco LMS 3.2
Issue : The logs is generating only for 10 days and post that im not able to see the logs. I have not done any config changes. The only change i have done is i have completely reinstalled the LMS. i did multiple troubleshoot but not able to resolve this isse. It would be great If any some one is able to help me in this isse. Thanks.
Regards,
Juliet

Dear Vinod
Thanks for ur response and the problem has been resolved.
The purge policy was set to 60 days only .The problem in reports viewing setting.
Syslog folder under LMS would store syslog reports of both the device as well as applications for defined folder size , which in your case was 1 MB ( same can be viewed under log generator option). The older reports would get deleted from the folder upon reaching the limit.
The only way to view device syslog is under following option : Reports -> Reports Generator in LMS GUI where we will have to choose syslog with desired attribute.
Regards,
Juliet

Ciscoworks syslog collector issue

Hi All,
In a central location i have a ciscoworks syslog collector version 3.5. The issue is not all the logs generated in the device are collected by ciscoworks including the devices connected in LAN. The major issue is on Cisco6500 series switches where i see multiple interface flaps in log but only few are found in syslog.
Regards,
Sathvik

Hi,
check here Admin > Collection Settings > Syslog > Syslog Collector Status , see if messages are falling under fitered or Invalid
then check the filter:
Admin > Network > Notification and Action Settings > Syslog Message Filters
I would suggest you to create a filter with all * and see if that helps.
you can look at this thread as well:
https://supportforums.cisco.com/thread/2244888?tstart=60
Thanks-
Afroz
[Do rate the useful post]

Syslog collector status...invalid messages

hi,
In RME->Administration->Syslog Analysis->Syslog Collector Analysis
i see a lot of (almost 40-50%)message count under the "invalid messages" column.
I wonder if this needs to be considered seriously, and if yes, please guide me as to what steps do i need to take in order to solve this..

I imagine it'd be those that do not conform to syslog msg format specifications, such as those described
here: http://www.ciscopress.com/articles/article.asp?p=426638

LMS 3.2 Syslog Collector error

Similar Messages

Maybe you are looking for