LMS 4.0 syslog problem

Similar Messages

• Cisco LMS 3.2 SYSLOG not storing after 10 days

  Hi ,
  Im facing one issue with Cisco LMS 3.2
  Issue : The logs is generating only for 10 days and post that im not able to see the logs. I have not done any config changes. The only change i have done is i have completely reinstalled the LMS. i did multiple troubleshoot but not able to resolve this isse. It would be great If any some one is  able to help me in this isse.  Thanks.
  Regards,
  Juliet

  Dear Vinod
  Thanks for ur response and the problem has been resolved.
  The purge policy was set to 60 days only .The problem in reports viewing setting.
  Syslog folder under LMS would store syslog reports of both the device as well as applications for defined folder size , which in your case was 1 MB ( same can be viewed under log generator option).  The  older reports would get deleted from the folder upon reaching the limit.
  The only way to view device syslog is under following option :  Reports -> Reports Generator  in LMS  GUI where we will have to choose syslog with desired attribute.
  Regards,
  Juliet

• LMS 4.2 Syslog Collector doesn't work

  Hi fellas,
  I need a few help for my LMS 4.2, syslog collector on LMS doesnt working even service syslog collector running normaly and also i saw in syslog_info is working to collect syslog from all router but not show up in dashboard monitoring.
  I have setting on every router to logging (ip address LMS) but on LMS no any syslog from router can collect.
  if you was face problem same with me or know how to solved this issue please share to me
  i did a selftest from LMS there are all PASS except nslookup fail, it is has relation with syslog not show up on dashboard??

  Hi ngoldwat,
  thanks for concern my issue.
  there are packet capture syslog_info that i get :
  May  2 19:07:29 10.29.246.47 62893: 161406: May  2 12:01:57.134 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  2 19:08:23 10.29.246.47 62894: 161407: May  2 12:02:51.170 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  2 19:08:23 10.29.246.47 62895: 161408: May  2 12:02:51.174 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  3 16:42:28 10.29.246.47 62897: 161410: May  3 09:36:54.806 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  3 16:42:28 10.29.246.47 62896: 161409: May  3 09:36:54.774 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  3 16:42:28 10.29.246.47 62898: 161411: May  3 09:36:55.750 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  3 16:43:23 10.29.246.47 62899: 161412: May  3 09:37:49.846 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  3 16:43:23 10.29.246.47 62900: 161413: May  3 09:37:50.018 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  3 16:54:59 10.29.246.47 62902: 161415: May  3 09:49:27.031 UTC: %BGP-3-NOTIFICATION: sent to neighbor 10.29.252.85 4/0 (hold time expired) 0 bytes
  May  3 16:54:59 10.29.246.47 62901: 161414: May  3 09:49:27.031 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Down BGP Notification sent
  May  3 16:55:29 10.29.246.47 62904: 161417: May  3 09:49:55.731 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  3 16:55:29 10.29.246.47 62905: 161418: May  3 09:49:55.923 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  3 16:55:30 10.29.246.47 62906: 161419: May  3 09:49:56.803 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  3 16:57:12 10.29.246.47 62907: 161420: May  3 09:51:38.859 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Up
  May  3 16:57:24 10.29.246.47 62908: 161421: May  3 09:51:50.875 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  3 16:57:24 10.29.246.47 62909: 161422: May  3 09:51:50.891 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 07:57:31 10.29.246.47 62910: 161423: May  6 00:51:53.214 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 07:57:31 10.29.246.47 62911: 161424: May  6 00:51:53.274 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 07:57:31 10.29.246.47 62912: 161425: May  6 00:51:54.122 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 07:58:26 10.29.246.47 62913: 161426: May  6 00:52:48.291 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 07:58:26 10.29.246.47 62914: 161427: May  6 00:52:48.319 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 08:04:32 10.29.246.47 62915: 161428: May  6 00:58:53.743 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 08:04:32 10.29.246.47 62916: 161429: May  6 00:58:53.867 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 08:04:33 10.29.246.47 62917: 161430: May  6 00:58:54.747 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 08:05:27 10.29.246.47 62919: 161432: May  6 00:59:49.043 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 08:05:27 10.29.246.47 62918: 161431: May  6 00:59:48.819 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 10:59:36 10.29.246.47 62921: 161434: May  6 03:53:56.510 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 10:59:36 10.29.246.47 62920: 161433: May  6 03:53:56.466 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 10:59:36 10.29.246.47 62922: 161435: May  6 03:53:57.422 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 11:00:30 10.29.246.47 62923: 161436: May  6 03:54:51.542 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 11:00:30 10.29.246.47 62924: 161437: May  6 03:54:51.562 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 19:10:31 10.29.246.47 62925: 161438: May  6 12:04:52.034 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 19:10:31 10.29.246.47 62926: 161439: May  6 12:04:52.142 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 19:10:32 10.29.246.47 62927: 161440: May  6 12:04:53.038 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 19:11:26 10.29.246.47 62928: 161441: May  6 12:05:47.110 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 19:11:26 10.29.246.47 62929: 161442: May  6 12:05:47.346 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 19:21:32 10.29.246.47 62930: 161443: May  6 12:15:52.870 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 19:21:32 10.29.246.47 62931: 161444: May  6 12:15:52.970 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 19:21:32 10.29.246.47 62932: 161445: May  6 12:15:53.818 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 19:22:27 10.29.246.47 62934: 161447: May  6 12:16:47.974 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 19:22:27 10.29.246.47 62933: 161446: May  6 12:16:47.946 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 19:27:32 10.29.246.47 62935: 161448: May  6 12:21:53.326 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 19:27:32 10.29.246.47 62936: 161449: May  6 12:21:53.518 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 19:27:33 10.29.246.47 62937: 161450: May  6 12:21:54.462 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 19:28:27 10.29.246.47 62938: 161451: May  6 12:22:48.402 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 19:28:27 10.29.246.47 62939: 161452: May  6 12:22:48.442 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  7 15:46:37 10.29.246.47 62940: 161453: May  7 08:40:56.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  7 15:46:37 10.29.246.47 62941: 161454: May  7 08:40:56.679 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  7 15:46:37 10.29.246.47 62942: 161455: May  7 08:40:57.575 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  7 15:47:32 10.29.246.47 62943: 161456: May  7 08:41:51.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  7 15:47:32 10.29.246.47 62944: 161457: May  7 08:41:51.659 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  7 19:13:37 10.29.246.47 62945: 161458: May  7 12:07:56.576 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  7 19:13:37 10.29.246.47 62946: 161459: May  7 12:07:56.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  7 19:13:38 10.29.246.47 62947: 161460: May  7 12:07:57.688 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  7 19:14:32 10.29.246.47 62948: 161461: May  7 12:08:51.652 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  7 19:14:32 10.29.246.47 62949: 161462: May  7 12:08:51.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  8 12:23:38 10.29.246.47 62950: 161463: May  8 05:17:56.001 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  8 12:23:38 10.29.246.47 62952: 161465: May  8 05:17:56.877 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  8 12:23:38 10.29.246.47 62951: 161464: May  8 05:17:56.029 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  8 12:24:33 10.29.246.47 62953: 161466: May  8 05:18:51.074 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  8 12:24:33 10.29.246.47 62954: 161467: May  8 05:18:51.126 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May 11 00:39:10 10.29.246.47 62955: 161468: May 10 17:33:23.758 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
  May 11 00:50:32 10.29.246.32 144502: 6296699: May 10 17:44:45.413 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
  May 11 00:52:24 10.29.246.21 305: 000307: May 10 17:46:36.954 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
  May 11 19:28:22 10.29.246.47 62956: 161469: May 11 12:22:34.195 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
  May 11 19:28:27 10.29.246.32 144503: 6305725: May 11 12:22:39.494 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
  May 11 19:28:56 10.29.246.21 306: 000308: May 11 12:23:08.019 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
  May 11 19:38:21 10.29.246.47 62957: 161470: May 11 12:32:32.744 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 11 19:38:25 10.29.246.32 144504: 6305806: May 11 12:32:37.346 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 11 19:38:26 10.29.246.21 307: 000309: May 11 12:32:37.666 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 11 19:51:41 10.29.246.47 62958: 161471: May 11 12:45:52.641 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 11 19:51:54 10.29.246.32 144505: 6305911: May 11 12:46:06.395 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 11 20:01:45 10.29.246.21 308: 000310: May 11 12:55:57.175 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 13 09:17:48 10.29.246.47 62959: 161472: May 13 02:11:56.894 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May 13 09:17:48 10.29.246.47 62960: 161473: May 13 02:11:57.034 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May 13 09:17:49 10.29.246.47 62961: 161474: May 13 02:11:57.962 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May 13 09:18:43 10.29.246.47 62962: 161475: May 13 02:12:51.966 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May 13 09:18:43 10.29.246.47 62963: 161476: May 13 02:12:52.046 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May 13 10:23:48 10.29.246.47 62966: 161479: May 13 03:17:57.681 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May 13 10:23:48 10.29.246.47 62964: 161477: May 13 03:17:56.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May 13 10:23:48 10.29.246.47 62965: 161478: May 13 03:17:56.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May 13 10:24:43 10.29.246.47 62967: 161480: May 13 03:18:51.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May 13 10:24:43 10.29.246.47 62968: 161481: May 13 03:18:51.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May 13 16:23:00 10.29.246.32 144506: 6327510: May 13 09:17:08.851 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  2 19:07:29 10.29.246.47 62893: 161406: May  2 12:01:57.134 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  2 19:08:23 10.29.246.47 62894: 161407: May  2 12:02:51.170 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  2 19:08:23 10.29.246.47 62895: 161408: May  2 12:02:51.174 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  3 16:42:28 10.29.246.47 62897: 161410: May  3 09:36:54.806 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  3 16:42:28 10.29.246.47 62896: 161409: May  3 09:36:54.774 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  3 16:42:28 10.29.246.47 62898: 161411: May  3 09:36:55.750 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  3 16:43:23 10.29.246.47 62899: 161412: May  3 09:37:49.846 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  3 16:43:23 10.29.246.47 62900: 161413: May  3 09:37:50.018 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  3 16:54:59 10.29.246.47 62902: 161415: May  3 09:49:27.031 UTC: %BGP-3-NOTIFICATION: sent to neighbor 10.29.252.85 4/0 (hold time expired) 0 bytes
  May  3 16:54:59 10.29.246.47 62901: 161414: May  3 09:49:27.031 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Down BGP Notification sent
  May  3 16:55:29 10.29.246.47 62904: 161417: May  3 09:49:55.731 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  3 16:55:29 10.29.246.47 62905: 161418: May  3 09:49:55.923 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  3 16:55:30 10.29.246.47 62906: 161419: May  3 09:49:56.803 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  3 16:57:12 10.29.246.47 62907: 161420: May  3 09:51:38.859 UTC: %BGP-5-ADJCHANGE: neighbor 10.29.252.85 Up
  May  3 16:57:24 10.29.246.47 62908: 161421: May  3 09:51:50.875 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  3 16:57:24 10.29.246.47 62909: 161422: May  3 09:51:50.891 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 07:57:31 10.29.246.47 62910: 161423: May  6 00:51:53.214 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 07:57:31 10.29.246.47 62911: 161424: May  6 00:51:53.274 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 07:57:31 10.29.246.47 62912: 161425: May  6 00:51:54.122 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 07:58:26 10.29.246.47 62913: 161426: May  6 00:52:48.291 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 07:58:26 10.29.246.47 62914: 161427: May  6 00:52:48.319 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 08:04:32 10.29.246.47 62915: 161428: May  6 00:58:53.743 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 08:04:32 10.29.246.47 62916: 161429: May  6 00:58:53.867 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 08:04:33 10.29.246.47 62917: 161430: May  6 00:58:54.747 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 08:05:27 10.29.246.47 62919: 161432: May  6 00:59:49.043 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 08:05:27 10.29.246.47 62918: 161431: May  6 00:59:48.819 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 10:59:36 10.29.246.47 62921: 161434: May  6 03:53:56.510 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 10:59:36 10.29.246.47 62920: 161433: May  6 03:53:56.466 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 10:59:36 10.29.246.47 62922: 161435: May  6 03:53:57.422 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 11:00:30 10.29.246.47 62923: 161436: May  6 03:54:51.542 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 11:00:30 10.29.246.47 62924: 161437: May  6 03:54:51.562 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 19:10:31 10.29.246.47 62925: 161438: May  6 12:04:52.034 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 19:10:31 10.29.246.47 62926: 161439: May  6 12:04:52.142 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 19:10:32 10.29.246.47 62927: 161440: May  6 12:04:53.038 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 19:11:26 10.29.246.47 62928: 161441: May  6 12:05:47.110 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 19:11:26 10.29.246.47 62929: 161442: May  6 12:05:47.346 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 19:21:32 10.29.246.47 62930: 161443: May  6 12:15:52.870 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 19:21:32 10.29.246.47 62931: 161444: May  6 12:15:52.970 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 19:21:32 10.29.246.47 62932: 161445: May  6 12:15:53.818 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 19:22:27 10.29.246.47 62934: 161447: May  6 12:16:47.974 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  6 19:22:27 10.29.246.47 62933: 161446: May  6 12:16:47.946 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 19:27:32 10.29.246.47 62935: 161448: May  6 12:21:53.326 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  6 19:27:32 10.29.246.47 62936: 161449: May  6 12:21:53.518 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  6 19:27:33 10.29.246.47 62937: 161450: May  6 12:21:54.462 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  6 19:28:27 10.29.246.47 62938: 161451: May  6 12:22:48.402 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  6 19:28:27 10.29.246.47 62939: 161452: May  6 12:22:48.442 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  7 15:46:37 10.29.246.47 62940: 161453: May  7 08:40:56.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  7 15:46:37 10.29.246.47 62941: 161454: May  7 08:40:56.679 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  7 15:46:37 10.29.246.47 62942: 161455: May  7 08:40:57.575 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  7 15:47:32 10.29.246.47 62943: 161456: May  7 08:41:51.647 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  7 15:47:32 10.29.246.47 62944: 161457: May  7 08:41:51.659 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  7 19:13:37 10.29.246.47 62945: 161458: May  7 12:07:56.576 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  7 19:13:37 10.29.246.47 62946: 161459: May  7 12:07:56.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  7 19:13:38 10.29.246.47 62947: 161460: May  7 12:07:57.688 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  7 19:14:32 10.29.246.47 62948: 161461: May  7 12:08:51.652 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  7 19:14:32 10.29.246.47 62949: 161462: May  7 12:08:51.776 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May  8 12:23:38 10.29.246.47 62950: 161463: May  8 05:17:56.001 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May  8 12:23:38 10.29.246.47 62952: 161465: May  8 05:17:56.877 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May  8 12:23:38 10.29.246.47 62951: 161464: May  8 05:17:56.029 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May  8 12:24:33 10.29.246.47 62953: 161466: May  8 05:18:51.074 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May  8 12:24:33 10.29.246.47 62954: 161467: May  8 05:18:51.126 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May 11 00:39:10 10.29.246.47 62955: 161468: May 10 17:33:23.758 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
  May 11 00:50:32 10.29.246.32 144502: 6296699: May 10 17:44:45.413 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
  May 11 00:52:24 10.29.246.21 305: 000307: May 10 17:46:36.954 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.17)
  May 11 19:28:22 10.29.246.47 62956: 161469: May 11 12:22:34.195 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
  May 11 19:28:27 10.29.246.32 144503: 6305725: May 11 12:22:39.494 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
  May 11 19:28:56 10.29.246.21 306: 000308: May 11 12:23:08.019 UTC: %SYS-5-CONFIG_I: Configured from console by srte@m on vty0 (10.132.17.186)
  May 11 19:38:21 10.29.246.47 62957: 161470: May 11 12:32:32.744 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 11 19:38:25 10.29.246.32 144504: 6305806: May 11 12:32:37.346 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 11 19:38:26 10.29.246.21 307: 000309: May 11 12:32:37.666 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 11 19:51:41 10.29.246.47 62958: 161471: May 11 12:45:52.641 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 11 19:51:54 10.29.246.32 144505: 6305911: May 11 12:46:06.395 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 11 20:01:45 10.29.246.21 308: 000310: May 11 12:55:57.175 UTC: %SYS-5-CONFIG_I: Configured from console by 1445000 on vty0 (10.132.17.186)
  May 13 09:17:48 10.29.246.47 62959: 161472: May 13 02:11:56.894 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May 13 09:17:48 10.29.246.47 62960: 161473: May 13 02:11:57.034 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May 13 09:17:49 10.29.246.47 62961: 161474: May 13 02:11:57.962 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May 13 09:18:43 10.29.246.47 62962: 161475: May 13 02:12:51.966 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May 13 09:18:43 10.29.246.47 62963: 161476: May 13 02:12:52.046 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May 13 10:23:48 10.29.246.47 62966: 161479: May 13 03:17:57.681 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May 13 10:23:48 10.29.246.47 62964: 161477: May 13 03:17:56.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
  May 13 10:23:48 10.29.246.47 62965: 161478: May 13 03:17:56.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May 13 10:24:43 10.29.246.47 62967: 161480: May 13 03:18:51.689 UTC: %TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
  May 13 10:24:43 10.29.246.47 62968: 161481: May 13 03:18:51.801 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May 13 16:23:00 10.29.246.32 144506: 6327510: May 13 09:17:08.851 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Standby -> Active
  May 13 16:23:55 10.29.246.32 144507: 6327524: May 13 09:18:03.847 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May 13 16:23:55 10.29.246.32 144508: 6327525: May 13 09:18:04.695 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  May 13 16:23:55 10.29.246.32 144507: 6327524: May 13 09:18:03.847 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Active -> Speak
  May 13 16:23:55 10.29.246.32 144508: 6327525: May 13 09:18:04.695 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/2 Grp 10 state Speak -> Standby
  i have Subscribed the service correct, you can see ss in my new upload
  apparently the last captured syslog 13 May 2013 and not collecting again.
  i will appreciate all suggest for this issue.

• LMS 4.2 Syslog PDF Report problem

  Hi,
  when I generate a Syslog 24 hour report and export the result to pdf the font size of the pdf is much too big so I get one page per line.
  The same thing happens when I send the report via email attachment (pdf).
  So the reports are not usable.
  Can I change the settings? (fontsize?)
  Other pdf-reports are ok, e.g. inventory etc.
  regards
  Notker          

  Hi,
  when I generate a Syslog 24 hour report and export the result to pdf the font size of the pdf is much too big so I get one page per line.
  The same thing happens when I send the report via email attachment (pdf).
  So the reports are not usable.
  Can I change the settings? (fontsize?)
  Other pdf-reports are ok, e.g. inventory etc.
  regards
  Notker          

• LMS 3.2 Syslog is not showing Report

  Hello,
  I have LMS 3.2 that is having Syslog reporting problem. The syslog messages are being sent to LMS and i can see them in the CSCOpx->log->syslog.log but when i try to generate a 24-hour report,the report is generated without any records.
  1- i tried to solved the problem by stopping the cisco works Daemon manger and CWCS syslog services then delete the syslog.log file.
      So after restarting these services the report worked for 4-5  mins and then stopped. Therfore the 24-hour report started displaying only the syslog
      messages are were pulled within the 4-5 mins that LMS worked.
  2- I repeated the process again but this time with no luck at all.
  3- I checked the Syslog Collector Status and it showed the following :
  SSL certificate status 
  SSL certificates are valid and properly imported
  Collector status 
  Collector 10.0.1.132 is up and reachable
  i have posted the SyslogAnalyzer and SyslogCollector.log
  Please if anyone can help i would be appreciated .
  Regards,
  George

  Hi,
  Its still possible that some services on server might be using the ports. Another possibility is to have improper SSL certificates. Try to re-generate SSL certificates with the host name of the server and not the FQDN even though server is now part of AD.
  Here is the procedure to re-generate SSL Certificates from CLI :-
  a.Stop Daemons
  C:\net stop crmdmgtd
  b. Remove server.* under NMSROOT\MDC\Apache\conf\ssl
  c. Run the following commands:
  CSCOpxMDC\Apache\perl ConfigSSL.pl -disable
  CSCOpx\MDC\Apache\perl ConfigSSL.pl -enable (fill up  the certificate info) when you will be prompt to enter server host name. kindly enter the server name and not FQDN.
  If you are not using SSL connectivity to CiscoWorks
  CSCOpx\MDC\Apache\bin\ConfigSSL.pl -disable
  d.Restart Daemons
  c:\net start crmdmgtd.
  Since the server is now part of the domain, kindly make sure you have server FQDN entry into the server host file at location :- WINDOWS\system32\drivers\etc\host
  If it still dont work then we need to enable the debugging for Syslog Collector. This can achieved by changing the INFO to DEBUG in Collector.propert
  ies file. Here is the procedure.
  1> Stop syslog collector process on the server (you can do this from the command line prompt):
  > pdterm SyslogCollector
  2. Open and edit the
  CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/csco/nm/rmeng/csc/data/Collector.propert
  ies file, and change the line from
  DEBUG_LEVEL=INFO
  to
  DEBUG_LEVEL=DEBUG
  Then, save the file.
  3. Restart syslog collector process.
  > pdexec SyslogCollector
  Try to reproduce the issue and send debug log from location :- CSCOpx/log/SyslogCollector.log
  Thanks,
  Gaganjeet

• LMS 3.2 Syslog purge job failed.

  We installed LMS 3.2 on windows server 2003 enterprise edition. RME version is 4.3.1. We have created daily syslog purge job from RME> Admin> Syslog> Set Purge Policy. This job failes with the following error.
  "Drop table failed:SQL Anywhere Error -210: User 'DBA' has the row in 'SYSLOG_20100516' locked 8405 42W18
  [ Sat Jun 19  01:00:07 GMT+05:30 2010 ],ERROR,[main],Failed to purge syslogs"
  After server restart job will again execute normally for few days.
  Please check attached log file of specified job.
  Regards

  The only reports of this problem in the past has been with two jobs being created during an upgrade.  This would not have been something you would have done yourself.  I suggest you open a TAC service request so database locking analysis can be done to find what process is keeping that table locked.

• LMS 3.2 Notification problem

  Hi,
  we have some routers with poor bandwith, and lot of HighUtilizaton SYSLOG messages.
  I create new event set for them in DFM, I unchecked the HighUtilizaton message, but I still got the HighUtilization messages.
  What could be the problem? Thanks for your help.

  Post a sample of the messages you are recieving.

• LMS 4.2 Syslog File Size and Management

  Hello All
  i have LMS 4.2 in Network with 100 devices, all of my devices have ACL so, there are too many logs in syslog
  after a while the size of the log files in /var/log files (boot.log, messages.log) going to have huge size, something about 20G for each one
  I'm looking for a way to reduce the size, is it possible to use Log Rotation or not??
  Best Regards
  John Mayer

  Ideall Logs are supposed to fill the syslog file sooner or later. Though logrot is amongst a best way to keep the Syslog file size in check.
  You can check the procedure for Logrot here :
  Configuring Log Files Rotation
  Additionally, there are some more Syslog Administrative Tasks which can keep your syslog in control. You can perform the following Administrative tasks:
  •Back up Syslog messages (see Setting the Syslog Backup Policy).
  •Purge Syslog messages (see Setting the Syslog Purge Policy).
  •Perform a Forced Purge (see Performing a Syslog Forced Purge).
  -Thanks

• LMS 3.2 - Syslog Config fetch not working

  Hello,
  the syslog config fetch on my LMS 3.2 with RME 4.3.0 is not working.
  I get syslog messages from devices and the count in the syslog collector status is okay.
  But in the syslog message summary in device center the count is not getting higher with every message.
  And the config fetch is not working.
  I changed the logging level in the collector-properties to "debug" and got the following messages for a device which I want to fetch:
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, FcssEmblemProcessor - About to process the syslog string  : Jun 07 14:40:23 10.155.224.102 53: Jun  7 14:39:57: %SYS-5-CONFIG_I: Configured from console by shru1307 on vty0 (4.26.16.20)
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.FcssEmblemAFormatParser@13bd574
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.FcssEmblemBFormatParser@13adc56
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@157aa53
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.CSSSyslogFormatParser@6f50a8
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, EmblemA not valid.
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, EmblemB not valid.
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, EmblemA valid.
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Setting daemon date
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, After adjusting the offset Mon Jun 07 14:40:23 CEST 2010 GMT 7 Jun 2010 12:40:23 GMT
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parsed using the parser : com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@157aa53
  SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, FcssEmblemProcessor - Valid EMBLEM format. Passing on...
  SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Converted syslog to filter string. Filter string is 10.155.224.102;;;SYS-5-CONFIG_I: Configured from console by shru1307 on vty0 (4.26.16.20)
  SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, ^((10\.161\.1\.45);;;(\S+)(-(\S+))?-(.*)(-(.*\s*))?\s*:\s*.*)$
  SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, FcssFilterPatternSet- inside 6
  SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, getInterestedSubscribers() - Incrementing filtered count for HNW2K3CISCO03
  SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, getInterestedSubscribers() - No interested subscribers. Returning null.
  SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Entered zero size
  I attached the AnalyzerDebug.log, syslog_debug.log, SyslogAnalyzer.log and SyslogCollector.log for further informations.
  Thanks for any advice!
  Sven

  After I restarted the processes the syslog queue is empty and the config fetch works :-)
  Output from syslog.log:
  Jun 15 09:37:51 4.72.80.13 3131: Jun 15 09:36:59.881: %SYS-5-CONFIG_I: Configured from console by shru1307 on vty0 (4.26.16.20)
  Output from AnalyzerDebug.log:
  [ Tue Jun 15  09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,74,Invoking Config collection for syslog message
  [ Tue Jun 15  09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,81,Before triggering syslog config fetch
  [ Tue Jun 15  09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,83,Syslog Timestamp Tue Jun 15 09:37:51 CEST 2010
  [ Tue Jun 15  09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,85,DCMA Endtime String 2010-06-10 00:51:02.94
  [ Tue Jun 15  09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,90,DCMA Endtime String after formatting Thu Jun 10 00:51:02 CEST 2010
  [ Tue Jun 15  09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,98,Buffer Time after adding 5 minutes Thu Jun 10 00:56:02 CEST 2010
  [ Tue Jun 15  09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,101,Triggering fetch on syslog since Timestamp > bufferTime
  My last question is now, what can I do that the syslog queue will not getting full one more time?
  Is logrot a solution? My syslog.log will be rotated at 128 MB.
  Thanks a lot!
  Sven

• LMS 3.2 Syslog DBSpaceReclaimer Tool

  Hello
  Does anybody knows what can be done after run the DBSpaceReclaimer tool?, I only can delete the SyslogSecond.db
  The SyslogFirst, and SyslogThird cannot be deleted, I do not why.
  Is another thing more that I can do?, the LMS version is 3.2
  Thanks for your help
  Regards

  Hi Ricardo,
  Note: Be careful while you access the DBREADER. if you have any doubt , you can open TAC case to follow the below steps..
  You need to go to the dbreader(database) to delete the syslogs tables and put the following in the AD-hoc page:
  http://<hostname/ip address>:1741/dbreader/dbreader.html
  or
  https://<hostname/ip address>:443/dbreader/dbreader.html
  User Id: DBA
  Password: rmeng db password (default is C2kY2k)
  Database Name: rmeng
  And click the get tables button.
  In the tables look for the SYSLOG_* type of tables and note their names.
   example:   
  SYSLOG_20090631          
  SYSLOG_20090701
  Then go back to the Ad-hoc page and issue the following sql statement:
  DROP TABLE SYSLOG_20090701
  Delete all the SYSLOG_ files and then issue the below command on the ciscoworks server:
  then you need to re-run the DBSPACERECLAIMER script.
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ***

• LMS 3.2 discovery problem

  Hi
  I am doing a POC at one of the customer location for LMS 3.2
  Now the problem i am fcaing is that when i have enabled the discovery based on CDP i am only able to discover two to 3 cisoc device only.
  The customer has around 75 cisco devices including routers.
  Its is not able to discovers the MPLS router across WAN however it is discovering the router where peer to peer link is there.
  Am i missing something
  I have enabled CDP in all the devices but still it is not able to discover the devoves.
  I am using the evaluation version.
  Thanks

  Make sure the SNMP credentials you have configured in Discovery are the correct ones, and that the LMS server is capable of polling these missing devices with SNMP.  You can use a sniffer trace filtering on udp/161 traffic to see what Discovery is sending, and whether or not the devices are replying correctly.
  Yes, Discovery will pick up firewalls with the ICMP module provided the firewall allows LMS to ping it, and poll it with SNMP.

• Can I and then how do I subscribe my LMS 4.02 to my LMS 3.2 syslog collector?

  We are migrating to LMS 4.0.2, but our syslogs are curerently being sent to our LMS 3.2 server.  Can I subscribe to our LMS3.2 syslog collector?  Or

  read this:
  http://support.apple.com/kb/HT2109

• Cisco ASA 5585-X SSP-20 8.4(2) - TCP Syslog problem

  Hi,
  We have a firewall service environment where logging is handled with UDP at the moment.
  Recently we have noticed that some messages get lost on the way to the server (Since the server doesnt seem to be under huge stress from syslog traffic). We decided to try sending the syslog via TCP.
  You can imagine my surprise when I enabled the "logging host <interface name> <server ip> tcp/1470" on an ASA Security context and find out that all the connections through that firewall are now being blocked. Granted, I could have checked the command reference for this specific command but I never even thought of the possibility of a logging command beeing able to stop all traffic on a firewall.
  The TCP syslog connection failing was caused by a missmatched TCP port on the server which got corrected quickly. Even though I could now view log messages from the firewall in question in real time, the only message logged was the blocking of new connections with the following syslog message:
  "%ASA-3-201008: Disallowing new connections."
  Here start my questions:
  - New connections are supposed to be blocked when the the TCP Syslog server aint reachable. How is it possible that I am seeing the TCP syslog sent to the server and the ASA Security Context is still blocking the traffic?
  - I configured the "logging permit-hostdown" after I found the command and it supposedly should prevent the above problem/situation from happening. Yet after issuing this command on the Security Context in question, connections were still being blocked with the same syslog message. Why is this?
  - Eventually I changed the logging back to UDP. This yet again caused no change to the situation. All the customer connections were still being blocked. Why is this?
  - After all the above I removed all possible logging configurations from the Security Context. This had absolutely no effect on the situation either.
  - As a last measure I changed to the system context of the ASA and totally removed the syslog interface from the Security Context. This also had absolutely no effect on the situation.
  At the end I was forced to save the configuration on the ASAs Flash -memory, remove the Security Context, create the SC again, attach the interfaces again and load the configuration from the flash into the Security Context. This in the end corrected the problem.
  Seems to me this is some sort of bug since the syslog server was receiving the syslog messages from the SC but the ASA was still blocking all new connections. Even the command "logging permit-hostdown" command didnt help or changing back to UDP.
  It seems the Security Context in question just simply got stuck and continued blocking all connections even though in the end it didnt have ANY logging configurations on.
  Seems to me that this is quite a risky configuration if you are possibly facing cutting all traffic for hundreds of customers when the syslog connection is lost or the above situation happens and isnt corrected by any of the above measures we took (like the command "logging permit-hostdown" which is supposed to avoid this situation alltogether).
  - Jouni

  Hi,
  I FINALLY had the time to look at this issue as I was testing something else in our lab too.
  In short, here is what I did:
  I configured the TCP logging in the same way as in the original post
  I configured the TCP logging giving the commands in different order
  Did some other tests related to the proble
  Device used: ASA 5585-X
  Software: 8.4(2)
  Original Device and software : ASA 5585-X running 8.4(1)9
  Heres the above scenarions and what actually happened
  Original situation
  Before doing any changes the test firewall context in question is working normally and the log sent by UDP/514 is arriving to the Syslog server as usual.
  I now change the syslog to TCP by giving a command "logging host tcp/1471" (actual port being TCP/1470)
  The firewall immediatly starts blocking all connections going through it.
  I change the configuration to the correct port TCP/1470 after which log starts appearing in my realtime view on the syslog server. The firewall context in question is still sending only the message "Disallowing new connections" even though the TCP -port on the Syslog server is clearly reachable and the connection is active.
  After this I try to do the suggest "clear local-host all" command. This has no effect on the firewall context. No connections are getting through. No connections/xlates are formed on the firewall. I can only see the firewall doing DNS queries with its outside interface (related to another configuration).
  After this I try to start correcting the situation the same way as before. I add "logging permit-hostdown" command which has no effect on the situation. I remove all logging configurations and it doesnt have any effect on the situation.
  After this I activate UDP logging and can see the logs arriving on the syslog server but again I can only see "Disallowing new connections" message.
  In the end I have no other option (to my knowledge) other than to delete the Security Context and create it again with same interfaces and with the configuration saved to the Flash -memory of the ASA.
  After this the connections work like usual. (UDP logging in the saved configuration)
  Giving the configurations in different order
  After I've created the firewall again and all is working I have another try in configuring the TCP Syslog while giving the commands in different order.
  First I add the command "logging permit-hostdown" command
  Then I add the command "logging host tcp/1470"
  After this logs start arriving on the syslog server and connections work as usual. Seems giving the "logging permit-hostdown" first before any other configurations is the right way to go.
  Removing the "logging permit-hostdown" command
  After I saw that everything was working I tried to remove the "logging permit-hostdown" command and see what happens. Everything worked fine.
  Configuring wrong TCP port to "logging host" command
  I decide to try and change the TCP port used to a wrong one and see if anything happens. (logging permit-hostdown is active). Firewall works as usual. Naturally no logs can be viewed at the syslog server.
  Configuring the TCP Syslogging without "logging permit-hostdown" but with correct port
  Finally I tried to configure the TCP Syslogging on ASA with the correct TCP port without issuing the "logging permit-hostdown" command. Everything seemed to work fine after this.
  So in conclusion it seems that IF you don't have the "logging permit-hostdown" command issued before you start configuring "logging host tcp/xxxx" , you might run into problems IF you don't have matching settings on the ASA sending the log and the Syslog server receiving the log.
  There doesnt seem to be any easy way to correct the situation (with the connections getting blocked) after you have once messed up the configurations. Seems your only option is to reconfigure the Security Context (which is easy) or if this problem exists in the same way in a single ASA you will have to reboot the device which means longer downtime than reconfiguring a context.
  There would still be a couple of things to test but at the moment I have no more time for this. I will update if there is any new information.
  - Jouni

• CiscoWorks LMS 4.1, syslog analyzer parsing non-Cisco device.

  Hello.
  Can Syslog Analyzer parse syslog messages coming from a Non-Cisco device?
  I'm trying to parse message from a HP Virtual Connect module without success.
  Thanks.
  Andrea

  Hi Andrea,
  You could use syslog-ng to write a generic mnemonic into the message and forward it to LMS.
  Something like:
  syslog-ng->add fac-sev-mne: message->lms
  However, I would also caution you that LMS is *not* meant to be a "syslog" manager - there are usually way to many syslog messages in most environments for it to handle that many - which is why most syslog managers are standalone servers.
  In order to make sure that the NMS systems that syslog-ng forward messages to receive the correct source, syslog-ng needs to be compiled with the source spoof option. This will allow messages received on other NMS’s (such as LMS) to appear to come from the original devices rather than from the syslog-ng server.
  Compiling from source:
  Install the syslog-ng prerequisites from Balabit
  You must configure syslog-ng with --enable-spoof-source in order to enable the spoof source feature (which is disabled by default).
  ./configure --enable-spoof-source
  make && make install
  If you run into any issues during the installation, you can refer to the syslog-ng forum  or you can refer to the syslog-ng knowledge base
  Lastly, here's a great paper on syslog management:
  Building Scalable Syslog Management Solutions

• CiscoPrime LMS 4.1 Syslog Report Empty

  I have a new install of LMS 4.1 on a Windows server I'm trying out.  I have switches and firewalls syslogging to the system, but when I run any kind of Syslog report (Reports > Fault and Event > Syslog) it's always blank.  I ran a Wireshark capture on the server and it's definitely receiving a ton of syslog data from the systems.  What am I missing here? :-)

  perhaps this is of some help for anybody....
  I just troublshoot a LMS 4.2.1 installation on windows where the syslog report did not show any syslog message ("no data available") nor did any syslog report had any data.
  SyslogCollector and SyslogAnalyzer where running fine and the server itself was successfully subscribed to the SyslogCollector (Admin > Collection Settings > Syslog > Syslog Collector Status). What was really suprising was the fact, that the counter for "Forwarded" messages was rising when syslogs arrived in the syslog.log file.
  In the end it turns out, that this was a fresh installation of LMS 4.2 (updated to LMS 4.2.1) and the effort to restore the database from the old LMS 3.2.1 system failed. To get the minimum data form the old LMS system, only the devices were exported form the old system and imported into the new system - a discovery was never done.
  In the AnalyzerDebug.log I found that while the system was trying to insert the messages into the syslog db the process fails because it could not associate a DcrId to the IP which was sending the syslog message.
  Also DNS was running in round-robin mode in the network. I finially added the devices to the hosts file, did run a discovery and the syslog messages started to show up in the report.
  to see the relevant messages in the AnalyzerDebug.log, debugging for SyslogAnalyzer must be turned on.
  these are the troubleshooting steps and this is what I saw in the AnalyzerDebug.log:
  =======================================
  enable debugging
  Admin > System > Debug Settings > Config and Image Management Debugging Settings
      Set Application Logging Levels >> SyslogAnalyzer (scroll down)
          set Syslog Analyzer and Syslog Analyzer User Interface from INFO to DEBUG
  (do not foret to reset debugging when finished!)
  NMSROOT\log\AnalyzerDebug.log
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],com.cisco.nm.rmeng.util.DCRWrapperAPIs,getResultFromQuery,4008,Counter : 17
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],com.cisco.nm.rmeng.inventory.InvAPIs,getDeviceIdsFromIPAddresses,3038,For IP Address: 192.168.x.x Device id is:null
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Device id not found even in the inventory
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Found the device id as null
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Attempting to insert the syslog into database
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Preparing to hand of syslog to the database handler
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Syslog length=1
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3], Time stamp of the syslog received is : Fri Aug 10 14:34:02 CEST 2012 GMT 10 Aug 2012 12:34:02 GMT
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Inside execute mothod
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Insert into SYSLOG_20120710(Syslog_Device_Id,Syslog_Device_Name,Syslog_TimeStamp,Syslog_Facility,Syslog_SubFacility,Syslog_Severity, Syslog_Mnemonic,Syslog_Description )values(?,?,?,?,?,?,?,?)
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Inside Retry count
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Connection is now false
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Recreated the statement object
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Row count 1
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Added syslog to the database handler
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Insertion of syslog into database is done
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Attempting to find interested actions, bypassing
  [ Fri Aug 10  14:34:54 CEST 2012 ],DEBUG,[ActionThread3],Syslog is found to be unexpected. No actions will be taken, returing
  [ Fri Aug 10  14:36:33 CEST 2012 ],DEBUG,[Thread-15],Preparing to get collector status
  [ Fri Aug 10  14:36:33 CEST 2012 ],DEBUG,[Thread-15],Current no. of collectors is 1
  [ Fri Aug 10  14:36:33 CEST 2012 ],DEBUG,[Thread-15],Processing for the subscription LMSServerNmeLMSServerName
  [ Fri Aug 10  14:36:33 CEST 2012 ],DEBUG,[Thread-15],getCollector =192.168.y.y
  [ Fri Aug 10  14:36:33 CEST 2012 ],DEBUG,[Thread-15],Port4444
  [ Fri Aug 10  14:36:33 CEST 2012 ],DEBUG,[Thread-15],Connected to the collector 192.168.y.y@4444
  [ Fri Aug 10  14:36:33 CEST 2012 ],DEBUG,[Thread-15],Gathered status from collector
  [ Fri Aug 10  14:36:33 CEST 2012 ],DEBUG,[Thread-15],Captured the status from the collector
  [ Fri Aug 10  14:36:33 CEST 2012 ],DEBUG,[Thread-15],Done with the status collection
  ==================================================