Trouble in Syslog Validation (send log)
I am doing a project to to capture the Syslog from the switches and routers, so for most of devices i can generate the syslog by giving the command " send log" and so that i would receive the same locally as well in the tool.
Note : These devices are in production.
We have a monitoring tool " Stablenet v6.72" i think syslog is also the same(same utility in Stablenet)
The problem iam facing is, for many devices i am not able to give the test command as they are running an IOS c3560-ipbase-mz.122-25.SED1.bin.
I have configured the syslog server on all the devices and there is reachability and port 514 is opened though,
I do make you know that we have many firewalls in the network and i belive tat all the devices have reachability to the Syslog server, ( My firewall blocks the Ping traffic and traceroute traffic) so i unable to find out which firewall blocks.( if it is so)
Please let me know how do i validate remaining 1200 devices. :(
Please help me,
Nithin M
Hi Nithin
my advice is to issue a command on each device that will initiate a syslog message. At least this way you can be sure its working, since you will always expect the same kind of syslog message. I know for example if you have the syslog severity set to level 5 you will get "configuration change" messages. To set your level enter this command:
'logging trap notifications'
And then , by entering into config mode ( "conf t" ) as well as exit out of config mode a CONF_I syslog message will be sent immediately as you exit out configuration mode.
hope it helps.
Cheers
Pierre
Similar Messages
-
Sending Logs to Multiple Syslog Servers
Hi Team ,
is it doable to send log messages recorded on various cisco devices to multiple syslog servers by discriminating the severity level ?, for example I want to send all the critical and alerts logs to x.x.x.x server, but for other severities, I want to send the logs to y.y.y.y server.
Thanks.Hi Team ,
is it doable to send log messages recorded on various cisco devices to multiple syslog servers by discriminating the severity level ?, for example I want to send all the critical and alerts logs to x.x.x.x server, but for other severities, I want to send the logs to y.y.y.y server.
Thanks. -
How to configure IPS 4240 - K9 to send log file to syslog server
I am looking for the commands in how to configure IPS 4240-k9 to send log file to SYSLOG server. If anybody has or came across similer issue please advice.
Thanks in advanced.Ali -
I am sorry to tell you, but the Cisco IPS Sensors do not send Syslog messages. Your only options for sending signature event information are:
SDEE (an TLS Encrypted XML formatted message) the sensor is the SDEE Host and your event receiver (MARS, IME, Intelitactics, etc) is the client.
SNMP Traps - You need to set the "Action" on each signature you want the sensor to send a trap.
- Bob -
Enable syslog debug level 7 and send logs to syslog
Hi,
on cisco ASA, I've to enable syslog debug level 7 and send logs to syslog. how to do that?Unless you have been fiddling with logging levels previously, most ACE's will be using the cisco default logging, and at debug/7 level most of those will generate syslog entries. Don't forget that "show access-list" will show hits counts for the individual entries as well, independently of any syslog output.
Lastly, if a reload is an option, in your situation what I would do if modifying 3k lines was needed is:
1) copy startup-config a.txt
2) export a.txt by TFTP or SSH or USB or whatever
3) edit the configuration using offline tools with regular-expression capabilities such as textpad (windows) or vi or emacs or perl or ...
4) import the revised b.txt config
5) copy b.txt startup-config and reload
-- Jim Leinweber, WI State Lab of Hygiene -
Configuring syslog and generating logs for a particular period.
Hi...
I have configured syslog server and the loggin enabled on ASA device... I want to generate the complete logs for a particular period of time. How can I generate this report.. Please help meHello,
I have an idea how it might work, but it is not certainly the best solution so if you will not find any other, this might work for you.
Enable sending logs to syslog server:
logging source-interface loopback
logging
configure EEM script to run "show log" periodicaly:
event manager applet test
event timer watchdog name test_name time 60 ! in seconds -> every minute
action 1.0 cli command "show log"
Best Regards
Please rate all helpful posts and close solved questions -
Hello
I would like to pass the logs and the quarantine from the c370 to the m160
I read the manual and the logs I think I know how to do it but I want to be sure.
in the "system administration" on the "log subscription" i have to select the log and syslog push or scp push. not quite sure.....
and for the quarantine I log on the M160 and then go to "managemente appliance" then "centralized services" and I select " Spam Quarantine".
but as above I am not sure.
to resume
i want to send logs and the quaratine from the c370 to the m160.
Regards.Hi,
for pushing the logs from the C370 you will need to configure the SCP host in the log subscriptions and specify a directory on the M-Series.
For enabling the centralized ISQ, yes you need to add the C370 in the M-Series configuration. Go to "Cenetralized Services - Security Appliances" and click on "Add Email Security Appliance". On the C370 configure the external quarantine under "Security Services - External Spam Quarantine" and disable the local Spam quarantine under "Monitor - Quarantines".
Best regards,
Enrico -
Linksys "Send log to:" support in Leopard?
Is there any way to get a Linksys router log capured by OS X? I can "Send log to:" my IP address, but how can I get it captured? Kiwi Syslog Daemon is a Windows only application; if there were a Mac equivalent I could use KiwiLogViewer-OSX to see the Linksys data. Thanks for any ideas.
Yes, that is exactly the purpose of syslogd.conf.
The syslog protocol has what is called 'log levels' and then severity levels. You can use these values to filter off things to different files.
So for instance, if you configured your router to send syslog data as local7.crit, you can either filter that off to a critical file or just do local7.* to send all traffic on that level to another file.
The configuration of syslog hasn't changed in AGES. Starting it by default, I agree, is going to be different in Leopard. However, manually getting it to function is the first step before automating its startup.
Since it's already running, you'll want to kill syslogd (sudo killall syslogd) and then restart it with the necessary parameters to start listening on the network.
netstat -anp udp | grep 514
... will tell you if it's listening on the network or not. When that command returns data (probably say udp4 0 0 *.514) you then then try hitting it from your remote device. -
Your session is no longer valid. Log on again - no long time
Hi guys, I´m working with a CRM upgrade, and working with the e-commerce solution, when I transfer an item to the cart 2 or 3 seconds later the app gives me an error message like this "Your session is no longer valid. Log on again." I do not have access to NWA because administrative issues and already ask for logs but it will take long time. Were I can search the possible reasons for a close session if I do not have access to logs ? It seems to me, to be a configuration problem with the server, maybe the url .
0306E4C3EEE002900000021000051DB0004976177A782F9#1292344781734#System.err#sap.com/home~inventarios#System.err#J2EE_GUEST#0##n/a##bfd86e3907a011e096ae00001009c8aa#SAPEngine_Application_Thread[impl:3]_22##0#0#Error##Plain###com.sap.engine.services.servlets_jsp.server.exceptions.WebServletException: Error in JSP.
at com.sap.engine.services.servlets_jsp.server.jsp.PageContextImpl.handleErrorPage(PageContextImpl.java:744)
at com.sap.engine.services.servlets_jsp.server.jsp.PageContextImpl.handlePageException(PageContextImpl.java:702)
at jsp_CategoriesISA1291912921888._jspService(jsp_CategoriesISA1291912921888.java:65535)
at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1069)
at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:455)
at com.sap.isa.core.RequestProcessor.processForwardConfig(RequestProcessor.java:267)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:279)
at com.sap.isa.core.RequestProcessor.process(RequestProcessor.java:391)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at com.sap.isa.core.ActionServlet.process(ActionServlet.java:243)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
at com.tealeaf.capture.LiteFilter.doFilter(Unknown Source)
at com.sap.isa.isacore.TealeafFilter.doFilter(TealeafFilter.java:61)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by: java.lang.NullPointerException
at com.sap.isa.catalog.uiclass.CategoriesUI.getCurrentArea(CategoriesUI.java:128)
at jsp_CategoriesISA1291912921888._jspService(jsp_CategoriesISA1291912921888.java:102)
... 35 more
#1.5 #00306E4C3EEE003100000002000051DB0004976199A75D2D#1292345352138#System.err#sap.com/home~inventarios#System.err#J2EE_GUEST#0##n/a##13eb28a707a211e09bb100001009c8aa#SAPEngine_Application_Thread[impl:3]_23##0#0#Error##Plain###com.sap.engine.services.servlets_jsp.server.exceptions.WebServletException: Error in JSP.
at com.sap.engine.services.servlets_jsp.server.jsp.PageContextImpl.handleErrorPage(PageContextImpl.java:744)
at com.sap.engine.services.servlets_jsp.server.jsp.PageContextImpl.handlePageException(PageContextImpl.java:702)
at jsp_organizer_2d_nav_2d_doc_2d_search1291912871451._jspService(jsp_organizer_2d_nav_2d_doc_2d_search1291912871451.java:65535)
at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1069)
at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:455)
at com.sap.isa.core.RequestProcessor.processForwardConfig(RequestProcessor.java:267)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:279)
at com.sap.isa.core.RequestProcessor.process(RequestProcessor.java:391)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at com.sap.isa.core.ActionServlet.process(ActionServlet.java:243)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
at com.tealeaf.capture.LiteFilter.doFilter(Unknown Source)
at com.sap.isa.isacore.TealeafFilter.doFilter(TealeafFilter.java:61)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by: com.sap.engine.services.servlets_jsp.server.exceptions.InvalidSessionException: Method [getAttribute()] is called in an invalid session.
at com.sap.engine.services.servlets_jsp.server.runtime.client.ApplicationSession.getAttribute(ApplicationSession.java:684)
at com.sap.isa.core.util.WebUtil.translate(WebUtil.java:624)
at com.sap.isa.core.util.WebUtil.translate(WebUtil.java:689)
at com.sap.isa.core.util.WebUtil.translate(WebUtil.java:672)
at jsp_organizer_2d_nav_2d_doc_2d_search1291912871451._jspService(jsp_organizer_2d_nav_2d_doc_2d_search1291912871451.java:75)
Edited by: Isaac Mena on Dec 18, 2010 12:37 AM -
Sending log data to two different files using log4j
Hi,
Can some one please help me with my problem I have here?
I want to send log data to two diffrent files depending on the logging level such as DEBUG and WARN.
How can you configure this in log4j.properties.
Please post sample code for log4j.properties to achieve this.
Thanks in advance.
rsreddychHi,
Finally, I found the solution to this problem my self.
What you need to do is define two loggers in the application, and set two priority levels to these loggers and define two out put files to these loggers. Deploy the war file, restart application server and you are good to go.
This seems to be working for me. Only glitch I found is, the out put in
the second file is displaying one space character at the start of line starting from second line (First line don't have this problem). This is odd. It may be because of my faulty code. Any how thanks for you all.
rsreddych -
Windows Event forwarding - What is a "Valid destination log"
Hi all,
I'm currently setting up a centralization infrastructure for Windows events using the built-in event forwarding capabilities available in Windows Server 2008 R2.
One of my requirements is to be able to create several subscriptions on the collector machine and to store forwarded events in different log files. For that, I tested creating a custom log (called CustomLog). This log appears in the Event Viewer, under the
"Applications and Services Logs".
However, I am not able to redirect forwarded events to this CustomLog. CustomLog does not appear in the list of possible destination in the Event Viewer GUI to create a subscription.
To try what could be wrong, I left it with the default ForwardedEvents as destination and I tried to change it via Powershell. I ran the following command supposed to set the destination log as CustomLog:
wecutil ss "Collect from both sources" /lf:CustomLog
It ran without error. Though, no events were logged into CustomLog, and when I go back to the GUI to create/modify subscriptions and I try to open the subscription I set, I get a pop-up stating the following:
"The destination log defined in this subscription cannot be found in the list of valid destination logs on this computer. verify that this log exists on the computer and is valid as a destination for forwarded events. Note that classic logs, analytic
and debug logs and the Security log cannot be used as destination."
Does anybody know what a "valid destination log" is and how I could turn my CustomLog into such a valid destination?
Kind regards,
Mike
P.S. How can I verify my account in order to be able to post screenshots?MikeSec, did you ever get an answer to this? I'm facing the same and wondered how to setup a custom log location for event forwarding also. Getting the same error as you "The destination log defined in this subscription cannot be found in the list of
valid destination logs on this computer. Verify that this log exists on the computer and is valid as a destination for forwarded events. Note that classic logs, analytic and debug logs and the Security log cannot be used as destinations."
Seems that there isn't a way to register new event-logs as valid destinations or channels for event-forwarding. -
Sending log files for scheduled jobs as attachment through mail
Hi All,
Can any one please help me out to write a pl/sql program to send log files for scheduled jobs as attachment through mail.
Thanks.Why would anyone do that as this code has already been posted here a thousand times, it is all over the Internet, and the only thing you need to do is to search for it?
I agree it would cost you some effort, but you are getting paid for it, and we are not getting paid for delivering it on a golden plate on your doorstep, as you can not be bothered to use online resources.
Sybrand Bakker
Senior Oracle DBA -
Having trouble scanning pictures and sending to computer
Having trouble scaning photos and sending them to my computer. I have HP Envy 700-300z DT. Printer is a officejet all in one. Printer does everything it should do except scanning to send to computer.
Hi,
You may have to start from your computer first:
Double click printer icon on desktop,
Select Manage Scan to Computer
Click Enable -
You can start this automatically with Windows BUT you will get an arror message if you turn on the computer BEFORE the printer.
Regards.
BH
**Click the KUDOS thumb up on the left to say 'Thanks'**
Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem. -
FFLOGCRT Send Log Report with Critical Transactions Only
Hi ,
I have configured FF (SPM) where in Controllers are getting FF ID login notifications through Emails. Now I have a requirement to stop these notifications and send them only for critical transactions.I have configured critical transactions in table /VIRSA/ZVIRTCODE.
In order to get notifications only for critical transactions I have updated the configuration as below.
CHGLOG Retrieve Change Log YES
FFAUTH Firefighter Owner Additional Authorization YES
FFCNTL Firefighter Controller Additional Authorization YES
FFLOGCRT Send Log Report with Critical Transactions Only YES
FFLOGIM Send Log Report Execution Notification Immediately NO
FFLOGNOTI Send Log Report Execution Notification NO
FFNOTIM Send Firefighter Login Notification Immediately NO
MAIL Send FirefightId Login Notification NO
RFC Remote Function Call LOCAL
My controllers are not getting notified for critical transactions with above config. Please can you suggest where am I going wrong.
SOST/SCOT working fine.
ps: I have gone through the note Note 1065048 - Firefighter Log Not sent in Email to Controller.pdf
Thanks!!
ARD
Edited by: Abhijeet Deshmukh on Sep 17, 2010 5:20 PMHi Simon,
I am not using risk analysis and remediation's critical transactions table. My FF (SPM) specific crtitcal transactions are in table
/VIRSA/ZVIRTCODE.
CTRAN Critical Transaction Table from Compliance Calibrator(VRAT) NO.
I am under impression that table /VIRSA/ZVIRTCODE is used by FF for critical transactions.
Thanks!!
ARD -
Sa520 not sending logs through email . unable to send log
runSmtpClient failed
Component: PLATFORM
Could not execute the smtpClient. adpCmdExec failed. Exiting.
Component: LOGGING
waht shoud be the resolutionHi Subir,
We are able to send logs successfully through email (see attachment). Could you please provide more details on the issue reported. Can you also let me know which firmware version are you using on SA500? The latest firmware is 2.1.51 and can be downloaded from www.cisco.com
Also please provide us dbglogs when the issue occurs. Please change / remove all passwords before providing the dbglogs. To get dbglogs, log into SA500 web UI and in the URL type the following:
https://IP_address_of_SA500/scgi-bin/dbglog.cgi
Thanks,
Nitin -
Can I configure the MSE to send logs to a logging server
Does anyone know if that is possible?
I've looked through the manuals to see if the MSE can send logs to a logging server and cannot find it anywhere. I am being asked to send login attempts to a logging server. Can't find it anywhere.
Has anyone else tried and figured it out?Downloading Mobility Services Engine Log Files
If you need to analyze mobility services engine log files, you can use WCS to download them to your system. WCS downloads a zip file containing the log files.
To download a zip file containing the log files, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility services engine to view its status.
Step 3 From the left sidebar menu, click Logs.
Step 4 Click Download Logs.
Step 5 Follow the instructions in the File Download dialog box to open the file or save the zip file to your system.
Please check the below link for configuration,
http://www.cisco.com/en/US/docs/wireless/wcs/7.0MR1/configuration/guide/mse.html#wp1074202
Maybe you are looking for
-
Can anyone awnser this?
-
How to connect Macbook to TV through Dvi to VGA adapter.
I recently got s Macbook and was wondering how to connect it to my 32 inch sony tv. I have the dvi to vga adapter and recently bought an adapter that converts the VGA into RGA adapters + S video (all of which my tv has) When I connect the TV with the
-
Hi Experts, Please understand my issue/requirement that, I have to make the item conditions tab in display or deactivate mode to prevent users to change or create the price or conditions while posting VF01. As std, system allows users to create or ch
-
Can't sync music to my iphone 5
after making changes to my playlist, I synched my iphone 5, but it wiped off all the music. Now it wont sync my playlists to my phone. I have tried resetting phone to factory settings, and have deleted and reinstalled itunes on my laptop, but still
-
hi, I have create a report and i run that on web. so the format of the report is not proper. main problem with lines which we have drawn with text just like this ------------ or ========== this type of two lines are there.