Recivining and analyzing syslog messages from facility local3 on LMS4.2 soft appliance.

Similar Messages

• Unterstanding syslog messages from our wlc

  Hello,
  we use two wlc 4402 (4.1.181.0) and several leightweight accesspoints (AIR-AP1010-E-K9 and AIR-AP1030-E-K9 ) connected to them.
  On our syslog server we get a lot of messages from the two wlc, and there are 3 message types which I am a little bit afraid of.
  1. ca. 10 times per hour we get the message
  apf_80211.c:4792 APF-6-NO_CONFIG_CHANGES: Not saving 'apf.cfg' - no config changes."
  Cisco system message guide:
  Error Message %APF-6-NO_CONFIG_CHANGES: Not saving '[chars]' - no config changes.
  Explanation Not saving - no config changes.
  Recommended Action No action is required.
  Does anybody know why we get this messages and if it's possibly to suppress them?
  2. Intermittently (several times a day) we get the following message types:
  a) [ERROR] spam_l2.c 723: Max retransmissions reached on AP 00:0B:85:56:63:40 (CONFIGURE_COMMAND^M , 2)"
  b) [ERROR] spam_tmr.c 569: Did not receive hearbeat reply from AP 00:0b:85:56:ae:40"
  The MAC address is not every time the same but one of our accesspoints.
  On our network management system we get the following trap messages with nearly exactly the same timestamp:
  14.01.2008 04:21:56 CET
  AP ''00.0b.85.56.63.40'', interface ''0x1'' is down.
  When Airespace AP's interface operation status goes down this trap will be sent.
  bsnAPDot3MacAddress = 00.0b.85.56.63.40
  bsnAPIfSlotId = 0x1
  14.01.2008 04:21:56 CET
  AP disassociated from Switch.
  When an Airespace AP disassociates from a Airespace Switch, the AP disassociated notification will be sent with the dot3 MAC address of the Airespace AP. This will notify the management system to remove Airespace AP from this Airespace Switch.
  bsnAPMacAddrTrapVariable =
  14.01.2008 04:22:25 CET
  AP associated with Switch.
  When an Airespace AP Associates to a Airespace Switch, the AP associated notification will be sent with the dot3 MAC address of the Airespace AP. This will help the management system to discover the Airespace AP and add it to system.
  bsnAPMacAddrTrapVariable =
  bsnAPPortNumberTrapVariable = 1
  Cisco system message guide:
  a) Error Message %LWAPP-3-TX_ERR3: Max retransmissions for LWAPP control message reached on AP [hex]:[hex]:[hex]:[hex]:[hex]:[hex] for [chars] (number of pending messages is [dec])
  Explanation Maximum number of times an LWAPP control packet is transmitted before declaring the AP dead has been reached for this AP. The AP may not be on the network, or might have rebooted.
  Recommended Action Check if the AP has rebooted or if it has been removed from the network, or if there are connectivity issues between the AP and the controller.
  b) Error Message %LWAPP-3-ECHO_ERR: Did not receive heartbeat reply; AP: [hex]:[hex]:[hex]:[hex]:[hex]:[hex]
  Explanation Controller did not get a response for the AP heartbeat message. There may be connectivity issues between the AP and the controller.
  Recommended Action Check if the AP has rebooted or if it has been removed from the network, or if there are connectivity issues between the AP and the controller.
  Because we don't see any network problems I'm wondering why the connection is lost.
  Does anybody have an idea, perhaps CSCsh13928 (http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsh13928, but we don't have much traffic on the wlans) ?
  Is there any possibility to remotely check if the accesspoint rebooted?
  If you need further information please give me a short feedback.
  Many thanks in advance,
  Thorsten Steffen

  Thanks for the help.
  I have set up to send email and syslog messages from the RME applications. LMS server immediately started to send messages to the email server but syslog messages are not forwarded to the syslog server. Everything was done according to your instructions except that the name of the first script (syslog_forward.pl) is made consistent with what the second script (.bat) refer to (forward1.pl). What's the problem?  Do RME sends the standard syslog messages via UDP port 514?
  Sincerely.

• Do you have an option for block all incoming message and request EXCEPTED messages from my contacts?

  Please help!!To whom it may concernDear Madam/Sir who works for Skype & Microsoft  Dear all who can really help,  Do you have an option for block all incoming message and request EXCEPTED messages from my contacts? or Do you have any solution to solve my problem from begin to now in present time?  Even though, I set the Privacy settings: - Allow calls from... "people in my Contact list only"- Automatically received video and share screens with "people in my Contact list only"- Allow IMs from "people in my Contact list only"  I still received unknow users sent me messages in every day, contact requests etc. And they're all clearly spammings and identity thefts.  I only wanna contact with my family and my freinds here with Skype via my Windows device and my mobile phone (w/Android OS).  And this is the only way to contact with them, because they could use Skype only in overseas.  BUT I don't need new friend from other unknow Skype member.   I keep blocked all unknow spammers in every day.  However in this morning, I feel so scared with Skype on my mobile, I looked at my mobile Skype, I saw it automatically showed me the list of all blocked members. BUT they were all unblocked (contact unblocked) by my mobile (Android version) Skype itself automatically, and listed them one by one on the screen, and about 30 seconds later, they all were disappeared suddenly.  I don't know what do to now, is it indicating my account was hacked?And how could I found out all those members again and block them again and delete all of them for ever?  I appreciate if you would improve the privacy protection. Thank you very very very much. 

  Hrm... that may be true and this may be a function of the phone email client that Apple just doesn't do.
  No, I can easily MANUALLY delete the messages. I would prefer if I didn't have to do it twice, tho. Once on the mail server and once on the phone.
  What I think the phone needs to do is, when it checks the POP, anything NOT there should be removed locally. I think you are correct on POP; the phone will poll the mx (mail exchanger) and the mx will pass off the messages to the phone. The phone then keeps ALL of that unitl you manually delete it.
  If, say, I remove a message from the mx, I would like the phone, when next polls, to see that that particular message isn't on the server anymore and remove it locally.
  Perhaps it's just me but if I delete the message on the mx itself, via my ISP's webmail interface, I really don't want to have to remove it again from my phone.
  thxs!
  cheers
  rOot

• Some how do not enter sign was added beside contact, now all messages previously received messages are gone and no new messages from this sender will appear.

  I have been receiving messages from this sender fine and then all of a sudden for some reason there was a do not enter sign beside her name. I didn't know how or why it got there, some button got bumped or the mouse, and I didn't know how to take it off so I just left it. Since then, thunderbird has been reopened and all messages that I had received have disappeared and no new messages from this sender appear even though I know she has sent them to me. I have checked into filters and I have none set so it is not that. I can't figure out how the do not enter sign got beside the contact, but I'm sure it's the reason for my problems and I don't know how to fix it. Thanks

  In order to better assist you with your issue please provide us with a screenshot. If you need help to create a screenshot, please see [[How do I create a screenshot of my problem?]]
  Once you've done this, attach the saved screenshot file to your forum post by clicking the '''Browse...''' button below the ''Post your reply'' box. This will help us to visualize the problem.
  Thank you!

• How do I backup and view text messages from my iphone 4?

  How do I backup and view text messages from my iphone 4? I want to know where and how to backup and view text messages and all other personal files, including voicemail, recent calls, etc. from my iphone. Is this function in iTunes and/or does iTunes already backup this stuff when I sync?
  I really just want the answer to how and where this works.
  Thanks

  Apple provides functionality in the backup done via iTunes to backup the device and text messages.  There is no functionality to view the text messages on the computer.
  About iOS backups
  Other programs are available which can extract text messages from the device or the iTunes created backup and then be viewed on the computer.  To my knowledge, no program exists which can force backed up text messages into the device once they've been removed.
  Google is your friend when looking for 3rd party software related to text messages.

• How do I retrieve and view text messages from icloud

  How can I view and retrieve text messages from my ICloud?

  Apple provides functionality in the backup done via iTunes to backup the device and text messages.  There is no functionality to view the text messages on the computer.
  About iOS backups
  Other programs are available which can extract text messages from the device or the iTunes created backup and then be viewed on the computer.  To my knowledge, no program exists which can force backed up text messages into the device once they've been removed.
  Google is your friend when looking for 3rd party software related to text messages.

• How can I send and receive a message from  a queue using standalone program

  Hi,
  I want to write a standalone Java program which has to post a message to a queue and receive a message from a queue thats specified as a replyto queue.I want to have my application to be completely standalone without the need of a Application server.What all the Jars do I need to include in the application.My aim is to have the application standalone and portable so that the application runs on any machine that has a JRE.
  Thanks in advance,
  Prathima

  Hi,
  You can get quite simple standalone MQ Java programs from this site http://www.capitalware.biz/mq_code_java.html.
  Also regarding the jars required for your application depends on the API being used. If you use MQI API few jars are required and if you decide to use JMS API you'll require few other jars. But you got to either install Websphere MQ Java Client, which will copy the jars to the respective location, or you can choose to copy the jars from some other machine manually.
  Eventually, all the jars related to MQI and JMS API will reside under /usr/mqm/java/lib/ or /var/mqm/java/lib/ UNIX Environment. And in case of WINTEL, you should find the jars under C:\Program Files\IBM\WebSphere MQ\Java\lib.
  Trust it clarifies...
  Naren

• TS3899 I have an iphone5 and the reply, forward and writing a message from the mail app doesn't work. I can check my mail but can't reply to it. What's going on?

  I have an iphone5 and the reply, forward and writing a message from the mail app doesn't work. I can check my mail but can't reply to it. What's going on?

  Try a reset: hold down the home button along with the sleep/wake button until you see the apple, then let go. (No data loss)

• Send and Receive SMS messages from US to South Kor...

  I want to be able to receive and send SMS messages from my skype to my friend's cell phone in Korea
  When I send it they receive it, but they can't respond it back to me because it is an international text.
  Is there anyway that I can buy a Korean online number when I'm living in US?
  and with that number will I be able to talk and send/receive messages with my friend?

  @ sberman -Hi-I have my settings as you described and I do have a text msg. plan with At&T. I'm still puzzled, however; I had the same plan with he former phone-the ancient 3Gs and with it, I was able to send/receive text, photos, etc. to non-Iphone users via WiFi as long as I was home and within distance of the connection. I did not have to have my cell data "on" in order to send/receive anything. Everything transmitted through WiFi-and did not impact my  charges or cell data limits.. I know I must use the cell data ON when I'm away, but don't understand why/how I can't do the same as before I upgraded to the 5c. Admittedly, I am certainly NOT in the stratospheric league as so many phone experts here-I do make the attempt to understand, though..
  I read on one of the numerous help/answer sites that apparently someone else had registered the same complaint with Apple and now has a pending lawsuit-and hoping to get class-action status on the issue. I'm fairly sure this is the same-although I cannot be 100% certain given my lack of expertise.
  I certainly appreciate your rapid response-as a newbie to these communities, I didn't expect any answers to my questions so quickly.Thanks for taking the time to post-have a great weekend.

• I recently bought a neew ipad mini and have sync messages from my iphone. Which worked fine.  I just picked it up and I have only to messages and can't figure out how to get back to the screen with the inbox and other folders?

  I recently bought a mini IPAD and have sync messages from my iphone.  Now I am stuck under group message and can't get back to the main screen that has the inbox and the various folders.  Help??? 

  youngkristen wrote:
  So, our hope was we could just hook up the external to the mac and have it transfer seamlessly.  Is there any hope of that? 
  Yes there is, scroll down to the bottom of the following Switch 101 article and click on the arrow next to Manually migrating.
  Switch 101: Migrate your Windows files or system to your Mac

• I went into iMessage and a weird message from someone else's phone was on my phone saying it was from me

  I went into iMessage and a weird message from someone else's phone was on my phone saying it was from me

  Well the best thing you can do is call an apple specialist tomorrow because there closed today or talk straight up to the person that is currently hacking your apple ID. You can also change your password just try to login to apple id on a computer and say forgot password and it will lead you from there. Tell your family and Friends or who you were texting that thats not you.
  I really hope the hacker goes away! I also hope this answered you question But also what type of things aree they saying just to be clear

• Analyzing Syslog Messages

  Hello All,
  I've configured my ASA to send its log messages to Unix syslog server, and I can show all the messages from the server with no issues.
  As the file is getting so big, it will be hard to analyze it manually. I'm looking for log messages analyzer which can give me at lease some basic reports or statistics.
  Requesting your help on this!!
  Thanks,

  Hi All,
  I thought it is a good idea to share the workaround my colleague came up with for this prolem. there is a file called syslog-entries.txt under /opt/CSCOpx/conf. he added all the entries we needed like :
  local3.*     /var/log/syslog_info
  local5.*   /var/log/syslog_info
  the change was automatically reflected on syslog.conf
  now we receve alerts from facilities 3 and 5 besides 7.  hope this helps anyone who run into the same issue.

• Can't get syslog messages from Remote SA520 over VPN

  I'm trying to set up a central logging server on a debian system running rsyslog.
  The syslog server is local & I have a branch office connected via a VPN. Both buildings have SA520 routers.
  I have set up both firewalls to allow ANY from each network 192.168.150.X & 19.168.160.X
  (also tried to add a rule for UDP514 but that didn't help)
  The debian system is new & has no iptables set up
  I've entered the syslog server IP in remote logging.
  I've set up facilities in Send to syslog for both routers.
  I am logging messages from the local router but don't see anything from the remote.
  I've checked with wireshark & see no syslog packages from the remote (I do see SSL negotiation & others when using the web admin and of course the functioning vpn)
  I rebooted the router to see if that mae a difference but no luck.
  Any ideas why I can't get the syslog traffic across the VPN?

  I do have the correct IP address of the syslog server set up. I do not want email logs so have not enabled that.
  My setup is
  remote lan > SA520-remote (192.168.160.1) > [ site to site IPSec VPN over WAN ] > SA520-local (192.168.150.1) > syslog server (192.168.150.25) & local lan
  Firewall is set up to allow ANY IN & OUT to local lan on both routers.
  I have also set up specific rules for UDP 514 Syslog traffic (no difference, currently disabled)
  syslog server has -no- firewall at the moment.
  Syslog server is receiving messages from the local router with no issues.
  Log Severity is set to Information &  Log Facility is set up to send to Syslog.
  I have also setup a SNMP trap on the syslog server & pointed the remote router to it in hopes of diagnosing the issue.
  Both routers have the latest firmware applied.
  Using wireshark on the syslog server I see no traffic on UDP 514 (syslog) or UDP 162 (snmp)
  I can use the WUI for the remote & ping the 160.1 with no problem. Both ping & TLS/TCP traffic show up in wireshark on the syslog server when I do so.
  It looks to me like there is a problem routing the syslog messages out of the router & then back through the VPN.
  Worst case I'll set up another syslog server on an old machine at the remote location & then cron the logs to the central syslog server but it really seems I shouldn't have to.

• Receive syslog messages from remote system

  I want to replace my ancient and aging Slackware 12.0 server with an Arch server. One of the hurdles is to receive syslog messages (UDP/IP, port 514) over the network from a Cisco 678 DSL modem/router, and from a DD-WRT based wireless access point.
  How do I go about getting a systemd-based Arch server to receive syslog-formatted messages from the network on UDP port 514?
  I'm not looking to view the Arch system's journal over the network, but rather to receive non-local messages and log them.
  Last edited by bediger4000 (2013-08-01 15:44:48)

  WonderWoofy: I hope you mean "man systemd-journal-gatewayd", as I find that man page, but not "systemd-journal-gateway".  systemd-journal-gatewayd works the other way. According to the man page it "serves journal events over the network. Clients must connect using HTTP."
  sbmomeni: I agree that your reference says the systemd journal provides the same function - but how?  And does "this functionality" refer to the logging part of syslog-ng, or to the receiving messages from other machines part?

• How do I get syslog messages from an AP350 sent to my Ciscoworks2000?

  I am running Ciscoworks2000 and trying to get my Access Point's to send messages to the RME. I have enabled SNMP and created user's with the correct SNMP strings? Any help in getting as much information from the AP's to Ciscoworks would be greatly appreciated.

  Darcy,
  The setup for syslog is different to setting up SNMP. Refer to the following URL re the 'Event Notifications Setup Page'. http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch7.htm#1037065
  In particular, please make sure that you check the 'Yes' button for 'Should Syslog Messages use the Cisco EMBLEM Format', otherwise RME will not recognise the format of the syslog messages that it receives.
  As mentioned by one of the other respondants, you must also check that the AP is recognised in the RME Inventory as a Managed Device.
  A list of what devices are supported in the various versions of RME can be found on CCO at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000e/dev_sup/index.htm