LMS 4.2.5 Syslog/Automated Action/Config mgmt issue

Similar Messages

• Syslog Automated Action

  Hi,
  LMS 4.2.3
  The syslog automated action work if we send to one e-mail address the messages.
  Once we set two email-adresses ( comma separeted ) in "send to field", the messages are not received.
  Thanks

  One of the logfiles that gives understandable messages mostly.  :-)
  Cheers,
  Michel

• Ciscoworks RME Syslog Automation Actions

  I set up RME several years ago on our Ciscoworks several running LMS 3.2 to notify us on any BGP flaps via email notification.
  I noticed the last couple maintenance period where we had perform Circuit work with our ISP's. We haven't received any emails....I verified those
  routers are configured to send notifications in the Device Selector and even checked the router logs.
  004161: Nov 20 05:04:52 EST: %BGP-5-ADJCHANGE: neighbor X.X.X.X Down BGP Notification sent
  004162: Nov 20 05:04:52 EST: %BGP-3-NOTIFICATION: sent to neighbor X.X.X.X 4/0 (hold time expired) 0 bytes
  The syslog collector status appears to be normal.....is there anything I need to do the fix this?

  Hi,
  Are you receiving any emails from your LMS server?  If not, navigate to  Common Services > Server > Admin > System Preferences to enter your SMTP settings.
  Identifying the syslog message is one step but there are more.
  AUTOMATED ACTIONS
  Set Up
  By default, Automated Actions are used to notify via email, using the `sampleEmailScript.pl`  as the script to run. If you do not want to use this, you could write  or use your own scripts to perform the action that you really want. In  this case please note that we do not provide support for any custom  scripts if the problem seems to be related to the script that you are  using.
  You still need the following settings:
  1.   Select Devices
  In *RME > Tools > Syslog > Automated Actions* and click on create and select the devices that you wish to use.
  2.   Define Message Type
  Please  give a name to the Automated Action and then click on add to define a  message type. In here, please specify the following values:
      Facility: BGP
      Sub-facility: *
      Severity: 5
      Mnemonic: ADJCHANGE
      Description: *
  3.  Select Automated Action
  Select the default script or the script that you wish to use.  Please note that this script must be located in the *CSCOpx/files/scripts/syslog* file and needs to have only write/execute permissions for casuser/Administrator in Windows.
  This way when a message matching the above is generated, the Automated Action is triggered and this will run the script that you choose and do the commands that it has specified.
  Here is an example:
  If you verify that your setup is correctly configured then take a look at the smtp.log found under ../CSCOpx/log. 
  Thanks.

• LMS4 Syslog automated action anomaly

  LMS 4.2.1 on W2K8 R2
  I just want to send an email for any sev 1 or 2 syslog messages received.  I set up an automated action that looks like this:
  Automated Action Summary
  Name:
  Critical Events Email
  Devices:
  State:
  Enabled
  Parameters:
  TO=[email protected], SUB=LMS4 Syslog AA, TEXT=
  Action Type:
  Email
  Messages:
  *-*-1-*:* *-*-2-*:*
  Yet I seem to be getting emails triggered by messages from ASA devices that are not severity 1 or 2, like:
  %ASA-session-4-106023
  %ASA-auth-3-109023
  %ASA-auth-6-109001
  Am I doing something wrong, or is there some sort of bug I am hitting?  I can't believe that I am the first person to try this.
  Thanks,
  -Jeff

  I do not know what exactly you have done so far but in your situation I would enable the following debugs:
  open that file in a text editor
  NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
  and change the debug level from Info to Debug:
      DEBUG_LEVEL=DEBUG
  also enable SyslogAnalyzer debugging here:
  Admin > System > Debug Settings > Config and Image Management Debugging Settings
      Set Application Logging Levels >> SyslogAnalyzer (scroll down)
          set Syslog Analyzer and Syslog Analyzer User Interface from INFO to DEBUG
  in a DOS box check the status of the following processes (the should be started) and restart them:
      pdshow SyslogAnalyzer SyslogCollector
      pdterm SyslogAnalyzer SyslogCollector
      pdexec SyslogAnalyzer SyslogCollector
      pdshow SyslogAnalyzer SyslogCollector
  When the issue happens again check the following log files and post them on the forum:
      NMSROOT\log\SyslogCollector.log
      NMSROOT\log\AnalyzerDebug.log

• Syslog automated action is not working

  Hi,
  I set the automated actions for EIGRP NBRCHANGE message  ( DUAL-5-NBRCHANGE )
  I would like to get email notifications from CW but it is not working. I've checked that syslog messages arrived to CW.
  Other  e-mail funtions ar working like DFM and RME job email notifications.
  how can i troubleshoot what happened?
  Regards,

  What version of RME are you using?  Make sure the message shows up in the RME syslog Standard Report.  If the message isn't making it to the database, then it will definitely not trigger an automated action.  Check your SMTP settings under Common Services > Server > Admin > System Preferences, and use a sniffer to capture tcp/25 traffic when one of these messages arrives to see if the SMTP server is accepting the email message.

• LMS 3.1 Syslog Automated Action - How to pass variables to script?

  I would like to pass variables to a windows bat file for processing.  The help seems to suggest that there are 2 available, device and message.  I would like to know how to reference them and what syntax to use to pass them to the batch file.  Are Facility, Sub-facility, Severity, Mnemonic and Description also availble? If so, how would they be referenced?  Thanks in advance.

  The syntax for referencing these variables is discussed in the online help.  Essentially, you'll want to use %~1 and %~2 in your batch script to get the device and message respectively.  The message will be the full message, so you will need to do additional processing on that to extract the facility, severity, and mnemonic.

• RME Syslog Automated Actions with exclude Filter

  Dear all,
  It's possible to realise a Filter with "exclude string"?
  I search how to for Create action for all Severity 2 without "FAN-FAULT" mnemonic...
  Best regards

  You can create a filter for the FAN-FAULT and select drop to disregard the messages.  Ensure for Message Filter type, you select DROP.
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/syslog.html#wp1150419

• Prime 4.1 Automated Action To Email

    i have setup a syslog automated action
  Automated Action Summary
  Name:
  config
  Devices:
  172.24.1.2
  State:
  Enabled
  Parameters:
  TO=[email protected], SUB=Config Exit, TEXT=A config exit event
  Action Type:
  Email
  Messages:
  SYS-*-5-CONFIG_I:*
  i dont get emails when the event occurs - i connected to one of the switches entered config mode and then exited , term mon showed   SYS-*-5-CONFIG_I ,but no email
  email settings are OK (i get other emails from the system)
  what am i missing?

  It'll be helpful if you share what you see, based on which we can suggest what may be missing.
  For easy reference just check the LMS guide once to see you followed the right steps :
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.1/user/guide/admin/useNotif.html#wp1074029
  -Thanks
  Vinod
  **Rating Encourages contributors, and its really free. **

• LMS 2.6 / RME : automated action for syslog

  HI,
  Is it possible to find a configure file or properties file for automate action which can be editable.
  I lost automated action configuration and I would like to configure as before.
  Many thanks, Elisabeth

  I'd think AA lost in the GUI would be erased from the flat file (such as filters.dat for syslog filters) as well, in which case the only way to restore it would be from an older LMS backup.

• Syslog triggered fetch config

  Hi,
  I have an issue with syslog triggered fetch config feature. The problem is that LMS expects Sub-facility to be a part of the syslog message.
  I have set the Facility to be SYS and severity 5. Result? Nothing is happening, because none of our devices send Sub-facility and therefore the automated action will never take place.
  Name:  mail notif
  Devices:  *
  State:  Enabled
  Parameters:  TO=[email protected], SUB=CW RME Syslog AA, TEXT=TEST !
  Action Type:  Email
  Messages:  SYS-*-5-*:*
  The devices send *-*-*:*  messages and not *-*-*-*:*
  If you have any solutions for this silly problem I am all yours
  Martin

  Hi Martin,
  okay....now I understand :-)
  Maybe it is a little bit bad description of syslog messages....but the allocation of the variables is as I wrote before.
  %SYS-5-CONFIG_I: Configure....
  means:
  Facility: SYS
  Sub-Facility: not present -> so it will be a * in the filter
  Severity: 5
  Mnemonic: CONFIG_I
  Description: Configuration..... -> so it will be a * in the filter because I am not sure if there are different descriptions between device types.
  I never saw a syslog message with sub-facility, so I can't tell you how this would look like.
  Is the default auto action for config fetch enabled?
  Do the messages arrive at the LMS server?
  I had the same problem with config fetch some times ago.
  https://supportforums.cisco.com/thread/2026181?tstart=0
  Please check if the auto action for another syslog message is working? If you have a test device you can create a filter for that single device and filter for a special syslog message and send an email to you.
  If this is not working, too, it is possible that you have the same analyser problem then me.
  Sven

• Prime LMS 4.1: changing syslog facility

  Hi,
  I have to set up Prime LMS 4.1 soft appliance to a network containing devices that send syslog messages with facility local.6.
  Devices logging to 3rd party NMS too, so canging the facility back back to the default value local.7 is not an option.
  By default LMS stores and process syslog messages with facility local.7.
  Is it possible to change this behaviour?
  I changed config file /etc/syslog.conf manualy by adding the following line:
  local6.info     /var/log/syslog_info
  It had benn working well until I restarted the server.
  After reload the contet os syslog.conf is reverted back. The line with local6.info is missing.
  How should I permanently chang/add the receiving facilty?
  Thanks,
  Csaba Garai

  Hi Marvin,
  Thanks for the suggestion.
  I tried to run the script but it did not solve the problem. After reload the syslog.conf reverted back without the line local.6.
  Anyway the syslog daemon of the Soft Appliance OS receives and store incoming messages with ANY facility to file /var/log/messages.
  The problem is that tha DFM only shows messeges  stored in file /var/log/syslog_info.
  Any other idea?
  Regards,
  Csaba

• CiscoWorks and automated action

  I use CiscoWorks VMS 2.1 on Windows 2000.
  I try setup automated action. All works fine, but when I try send $M (The entire message is passed to the script) and $D (The device name is passed to the script) I recived $M and $D. What must I do to resolve this problems?

  I noticed that Syslog Analyzer is not able to pass $M and $D to any scripts. What you could try is to use $* in the script.

• Shutdown a remote iMac using Apple Remote Desktop and Automator action

  Hi,
  I have my iMac and my wife's iMac connected to the same UPS. There is only one USB connector for the UPS that notifies my iMac when its time to shutdown due to a power cut out.
  Is there a way for my iMac to then send a command to my wife's iMac (which may be asleep; the iMac not my wife!) and instruct it to shutdown (forcefully)?
  The Belkin UPS software enables me to launch an automator action before it shuts down my computer.
  Your help would be appreciated,
  Tony

  Unless you already have Apple Remote Desktop, it will almost certainly be cheaper to just buy a second UPS for your wife's iMac than it will be to purchase ARD.
  If you do have ARD 3 already, then it looks like it would be possible to create an Automator workflow that would select your wife's iMac and then send the Unix command "shutdown" (look at the man page for shutdown for the usage). I haven't tried doing this, though, so I can't say for sure, but it looks like it would work.

• How can I edit an Automator action for Word?

  I'm running Word 2008 on a Macbook Pro, Mac OS 10.5.
  Word comes with a selection of Automator actions, including one to find and replace text in Word. I often want to convert standard numerals to old-style numerals, which are part of the extended glyphs set in fonts I use. Automator will allow me to set up ten find/replace actions (for the numbers 0-9) that successfully replace all the numerals with old-style numerals. But it only does it for the main body of the document, not for the footnotes. I need to be able to do it for all the footnotes.
  I thought I might find a workaround by adding an AppleScript to my workflow, which would shift the focus in Word to the footnotes and rerun the find/replace actions. I mapped the menu item View/Footnotes to the keystroke command-) and inserted this AppleScript into the Automator workflow:
  tell application "Microsoft Word"
  tell application "Microsoft Word" to activate
  tell application "System Events"
  tell process "Microsoft Word"
  keystroke ")" using command down
  end tell
  end tell
  end tell
  But the find/replace actions simply repeat what they'd done before, converting the numerals in the main body but not in the footnotes. I then thought that perhaps I should have an AppleScript to do the find/replace itself, once the footnotes have been selected, so I created the following (command-H accesses the find/replace dialog box in Word 2008):
  tell application "Microsoft Word"
  tell application "Microsoft Word" to activate
  tell application "System Events"
  tell process "Microsoft Word"
  keystroke "H" using command down
  keystroke "1"
  keystroke tab
  keystroke ""
  end tell
  end tell
  end tell
  The character after the fourth keystroke command is the glyph for old-style numeral 1. For some reason Word reinterprets this as the letter a. So using AppleScript I can only replace the numerals 1-9 with the letters a-i.
  I'm pretty hopeless at even this very basic level of programming, but I presume that there's something in the Automator action 'Find and replace in Word' that specifically tells it not to look anywhere but the footnotes. I also presume it's possible to insert a command to tell it to operate on the footnotes (and headers and footers: everywhere!) too.
  Does anyone know a way to edit an Automator action? I'm willing to experiment and fiddle with one until I find a way that works, if nobody knows the exact changes that I'd need to make, but I just don't know how to edit an Automator action in the first place. A bit of googling suggests that I could do it in XCode, and that that is bundled with my Mac, but I don't have it.
  This all used to work when Office used to allow VBA (and I was using a horrible Windoze machine). Maybe someone would prefer just to find a way of creating a solution our of the old code, so here's one part of what I used (to change the number 1):
  For Each aStory In ActiveDocument.StoryRanges
  With aStory.Find
  .ClearFormatting
  With .Replacement
  .ClearFormatting
  End With
  .Execute FindText:="1", ReplaceWith:=ChrW(63281), _
  Format:=True, MatchCase:=True, Replace:=wdReplaceAll
  End With
  Next aStory
  Thanks in advance for any help.

  Thanks to all three contributors for their generous help so far. Mac people are lovely.
  BDAqua's suggestion wouldn't work, I think, because copying footnote text into another application and then back into Word would lose all the associations between footnote references in the body and the footnotes themselves. I wish I could do what Klaus1 says, but Word 2008 won't allow the creation of Macros any more. They've shut off support for their creation. Nice MS. red_menace's suggestion seems very plausible and I'll look into a way of mapping the old style numerals to specific keystrokes. That might do it.
  Reflecting on what you all said, I looked again through Word's help menus and eventually got pointed towards this page of 'help': <http://tinyurl.com/6398l6>. This is completely impenetrable for me, though it does compare a VBA script for Word 2004 to an AppleScript. This encourages me to hope that it should be possible to translate my original VBA script (part of which I included in my first message) into AppleScript, though I don't know how to do it because I don't really understand the language in the first place (the VBA script was put together by someone else).

• Using Automator action/workflow to create a poster in iPhoto

  I'm using Jim Heid's Mac iLife 'lifeposter' idea [which comes from Mike Matas] and I keep getting a message taht says "the workflow was saved with an older version of 'get Selected items' some behavior may have changed. and also another ref. 'import files into iPhoto" -- I didn't find a more recent Automator action 'Create Thumbnail Poster" online nor updated information at Matas's blog or Heid's book...any suggestions for how to fix this? I last used it a few years ago and would like to use it again.

  Unless you got a message about it, the original Create Thumbnail Poster may work with the version of iPhoto that you have. As for the other actions, they sound like standard actions that have just been updated - you can open the older application and recompile it using the newer actions.