Trouble in Syslog Validation (send log)

I am doing a project to to capture the Syslog from the switches and routers, so for most of devices i can generate the syslog by giving the command " send log" and so that i would receive the same locally as well in the tool.
Note : These devices are in production.
We have a monitoring tool " Stablenet v6.72" i think syslog is also the same(same utility in Stablenet)
The problem iam facing is, for many devices i am not able to give the test command as they are running an IOS c3560-ipbase-mz.122-25.SED1.bin.
I have configured the syslog server on all the devices and there is reachability and port 514 is opened though,
I do make you know that we have many firewalls in the network and i belive tat all the devices have reachability to the Syslog server, ( My firewall blocks the Ping traffic and traceroute traffic) so i unable to find out which firewall blocks.( if it is so)
Please let me know how do i validate remaining 1200 devices. :(
Please help me,
Nithin M

Hi Nithin
my advice is to issue a command on each device that will initiate a syslog message. At least this way you can be sure its working, since you will always expect the same kind of syslog message. I know for example if you have the syslog severity set to level 5 you will get "configuration change" messages.  To set your level enter this command: 
'logging trap notifications'
And then , by entering into config mode ( "conf t" ) as well as exit out of config mode a CONF_I syslog message will be sent immediately as you exit out configuration mode.
hope it helps.
Cheers
Pierre

Similar Messages

  • Sending Logs to Multiple Syslog Servers

    Hi Team ,
    is it doable to send log messages recorded on various cisco devices to multiple syslog servers by discriminating the severity level ?, for example I want to send all the critical and alerts logs to x.x.x.x server, but for other severities, I want to send the logs to y.y.y.y server.
    Thanks.

    Hi Team ,
    is it doable to send log messages recorded on various cisco devices to multiple syslog servers by discriminating the severity level ?, for example I want to send all the critical and alerts logs to x.x.x.x server, but for other severities, I want to send the logs to y.y.y.y server.
    Thanks.

  • How to configure IPS 4240 - K9 to send log file to syslog server

    I am looking for the commands in how to configure IPS 4240-k9 to send log file to SYSLOG server. If anybody has or came across similer issue please advice.
    Thanks in advanced.

    Ali -
    I am sorry to tell you, but the Cisco IPS Sensors do not send Syslog messages. Your only options for sending signature event information are:
    SDEE (an TLS Encrypted XML formatted message) the sensor is the SDEE Host and your event receiver (MARS, IME, Intelitactics, etc) is the client.
    SNMP Traps - You need to set the "Action" on each signature you want the sensor to send a trap.
    - Bob

  • Enable syslog debug level 7 and send logs to syslog

    Hi,
    on cisco ASA, I've to enable syslog debug level 7 and send logs to syslog. how to do that?

    Unless you have been fiddling with logging levels previously, most ACE's will be using the cisco default logging, and at debug/7 level most of those will generate syslog entries.  Don't forget that "show access-list" will show hits counts for the individual entries as well, independently of any syslog output.
    Lastly, if a reload is an option, in your situation what I would do if modifying 3k lines was needed is:
      1) copy startup-config a.txt
      2) export a.txt by TFTP or SSH or USB or whatever
      3) edit the configuration using offline tools with regular-expression capabilities such as textpad (windows) or vi or emacs or perl or ...
      4) import the revised b.txt config
      5) copy b.txt startup-config and reload
    -- Jim Leinweber, WI State Lab of Hygiene

  • Configuring syslog and generating logs for a particular period.

    Hi...
    I have configured syslog server and the loggin enabled on ASA device... I want to generate the complete logs for a particular period of time. How can I generate this report.. Please help me

    Hello,
    I have an idea how it might work, but it is not certainly the best solution so if you will not find any other, this might work for you.
    Enable sending logs to syslog server:
    logging source-interface loopback    
    logging
    configure EEM script to run "show log" periodicaly:
    event manager applet test
    event timer watchdog name test_name time 60 ! in seconds -> every minute
    action 1.0 cli command "show log"
    Best Regards
    Please rate all helpful posts and close solved questions

  • Send logs from c370 to m160

    Hello
    I would like to pass the logs and the quarantine from the c370 to the m160
    I read the manual and the logs I think I know how to do it but I want to be sure.
    in the "system administration" on the "log subscription" i have to select the log and syslog push or scp push. not quite sure.....
    and for the quarantine I log on the M160 and then go to "managemente appliance" then "centralized services" and I select " Spam Quarantine".
    but as above I am not sure.
    to resume
    i want to send logs and the quaratine from the c370 to the m160.
    Regards.

    Hi,
    for pushing the logs from the C370 you will need to configure the SCP host in the log subscriptions and specify a directory on the M-Series.
    For enabling the centralized ISQ, yes you need to add the C370 in the M-Series configuration. Go to "Cenetralized Services - Security Appliances" and click on "Add Email Security Appliance". On the C370 configure the external quarantine under "Security Services - External Spam Quarantine" and disable the local Spam quarantine under "Monitor - Quarantines".
    Best regards,
    Enrico

  • Linksys "Send log to:" support in Leopard?

    Is there any way to get a Linksys router log capured by OS X? I can "Send log to:" my IP address, but how can I get it captured? Kiwi Syslog Daemon is a Windows only application; if there were a Mac equivalent I could use KiwiLogViewer-OSX to see the Linksys data. Thanks for any ideas.

    Yes, that is exactly the purpose of syslogd.conf.
    The syslog protocol has what is called 'log levels' and then severity levels. You can use these values to filter off things to different files.
    So for instance, if you configured your router to send syslog data as local7.crit, you can either filter that off to a critical file or just do local7.* to send all traffic on that level to another file.
    The configuration of syslog hasn't changed in AGES. Starting it by default, I agree, is going to be different in Leopard. However, manually getting it to function is the first step before automating its startup.
    Since it's already running, you'll want to kill syslogd (sudo killall syslogd) and then restart it with the necessary parameters to start listening on the network.
    netstat -anp udp | grep 514
    ... will tell you if it's listening on the network or not. When that command returns data (probably say udp4 0 0 *.514) you then then try hitting it from your remote device.

  • Your session is no longer valid. Log on again - no long time

    Hi guys, I´m working with a CRM upgrade, and working with the e-commerce solution, when I transfer an item to the cart  2 or 3 seconds later the app gives me an error message like this "Your session is no longer valid. Log on again." I do not have access to NWA because administrative issues and already ask for logs but it will take long time. Were I can search the possible reasons for a close session if I do not have access to logs ? It seems to me, to be a configuration problem with the server, maybe the url .

    0306E4C3EEE002900000021000051DB0004976177A782F9#1292344781734#System.err#sap.com/home~inventarios#System.err#J2EE_GUEST#0##n/a##bfd86e3907a011e096ae00001009c8aa#SAPEngine_Application_Thread[impl:3]_22##0#0#Error##Plain###com.sap.engine.services.servlets_jsp.server.exceptions.WebServletException: Error in JSP.
         at com.sap.engine.services.servlets_jsp.server.jsp.PageContextImpl.handleErrorPage(PageContextImpl.java:744)
         at com.sap.engine.services.servlets_jsp.server.jsp.PageContextImpl.handlePageException(PageContextImpl.java:702)
         at jsp_CategoriesISA1291912921888._jspService(jsp_CategoriesISA1291912921888.java:65535)
         at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
         at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
         at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1069)
         at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:455)
         at com.sap.isa.core.RequestProcessor.processForwardConfig(RequestProcessor.java:267)
         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:279)
         at com.sap.isa.core.RequestProcessor.process(RequestProcessor.java:391)
         at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
         at com.sap.isa.core.ActionServlet.process(ActionServlet.java:243)
         at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
         at com.tealeaf.capture.LiteFilter.doFilter(Unknown Source)
         at com.sap.isa.isacore.TealeafFilter.doFilter(TealeafFilter.java:61)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Caused by: java.lang.NullPointerException
         at com.sap.isa.catalog.uiclass.CategoriesUI.getCurrentArea(CategoriesUI.java:128)
         at jsp_CategoriesISA1291912921888._jspService(jsp_CategoriesISA1291912921888.java:102)
         ... 35 more
    #1.5 #00306E4C3EEE003100000002000051DB0004976199A75D2D#1292345352138#System.err#sap.com/home~inventarios#System.err#J2EE_GUEST#0##n/a##13eb28a707a211e09bb100001009c8aa#SAPEngine_Application_Thread[impl:3]_23##0#0#Error##Plain###com.sap.engine.services.servlets_jsp.server.exceptions.WebServletException: Error in JSP.
         at com.sap.engine.services.servlets_jsp.server.jsp.PageContextImpl.handleErrorPage(PageContextImpl.java:744)
         at com.sap.engine.services.servlets_jsp.server.jsp.PageContextImpl.handlePageException(PageContextImpl.java:702)
         at jsp_organizer_2d_nav_2d_doc_2d_search1291912871451._jspService(jsp_organizer_2d_nav_2d_doc_2d_search1291912871451.java:65535)
         at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
         at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
         at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1069)
         at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:455)
         at com.sap.isa.core.RequestProcessor.processForwardConfig(RequestProcessor.java:267)
         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:279)
         at com.sap.isa.core.RequestProcessor.process(RequestProcessor.java:391)
         at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
         at com.sap.isa.core.ActionServlet.process(ActionServlet.java:243)
         at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
         at com.tealeaf.capture.LiteFilter.doFilter(Unknown Source)
         at com.sap.isa.isacore.TealeafFilter.doFilter(TealeafFilter.java:61)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Caused by: com.sap.engine.services.servlets_jsp.server.exceptions.InvalidSessionException: Method [getAttribute()] is called in an invalid session.
         at com.sap.engine.services.servlets_jsp.server.runtime.client.ApplicationSession.getAttribute(ApplicationSession.java:684)
         at com.sap.isa.core.util.WebUtil.translate(WebUtil.java:624)
         at com.sap.isa.core.util.WebUtil.translate(WebUtil.java:689)
         at com.sap.isa.core.util.WebUtil.translate(WebUtil.java:672)
         at jsp_organizer_2d_nav_2d_doc_2d_search1291912871451._jspService(jsp_organizer_2d_nav_2d_doc_2d_search1291912871451.java:75)
    Edited by: Isaac Mena on Dec 18, 2010 12:37 AM

  • Sending log data to two different files using log4j

    Hi,
    Can some one please help me with my problem I have here?
    I want to send log data to two diffrent files depending on the logging level such as DEBUG and WARN.
    How can you configure this in log4j.properties.
    Please post sample code for log4j.properties to achieve this.
    Thanks in advance.
    rsreddych

    Hi,
    Finally, I found the solution to this problem my self.
    What you need to do is define two loggers in the application, and set two priority levels to these loggers and define two out put files to these loggers. Deploy the war file, restart application server and you are good to go.
    This seems to be working for me. Only glitch I found is, the out put in
    the second file is displaying one space character at the start of line starting from second line (First line don't have this problem). This is odd. It may be because of my faulty code. Any how thanks for you all.
    rsreddych

  • Windows Event forwarding - What is a "Valid destination log"

    Hi all,
    I'm currently setting up a centralization infrastructure for Windows events using the built-in event forwarding capabilities available in Windows Server 2008 R2.
    One of my requirements is to be able to create several subscriptions on the collector machine and to store forwarded events in different log files. For that, I tested creating a custom log (called CustomLog). This log appears in the Event Viewer, under the
    "Applications and Services Logs".
    However, I am not able to redirect forwarded events to this CustomLog. CustomLog does not appear in the list of possible destination in the Event Viewer GUI to create a subscription.
    To try what could be wrong, I left it with the default ForwardedEvents as destination and I tried to change it via Powershell. I ran the following command supposed to set the destination log as CustomLog:
    wecutil ss "Collect from both sources" /lf:CustomLog
    It ran without error. Though, no events were logged into CustomLog, and when I go back to the GUI to create/modify subscriptions and I try to open the subscription I set, I get a pop-up stating the following:
    "The destination log defined in this subscription cannot be found in the list of valid destination logs on this computer. verify that this log exists on the computer and is valid as a destination for forwarded events. Note that classic logs, analytic
    and debug logs and the Security log cannot be used as destination."
    Does anybody know what a "valid destination log" is and how I could turn my CustomLog into such a valid destination?
    Kind regards,
    Mike
    P.S. How can I verify my account in order to be able to post screenshots?

    MikeSec, did you ever get an answer to this? I'm facing the same and wondered how to setup a custom log location for event forwarding also. Getting the same error as you "The destination log defined in this subscription cannot be found in the list of
    valid destination logs on this computer. Verify that this log exists on the computer and is valid as a destination for forwarded events. Note that classic logs, analytic and debug logs and the Security log cannot be used as destinations."
    Seems that there isn't a way to register new event-logs as valid destinations or channels for event-forwarding.

  • Sending log files for scheduled jobs as attachment through mail

    Hi All,
    Can any one please help me out to write a pl/sql program to send log files for scheduled jobs as attachment through mail.
    Thanks.

    Why would anyone do that as this code has already been posted here a thousand times, it is all over the Internet, and the only thing you need to do is to search for it?
    I agree it would cost you some effort, but you are getting paid for it, and we are not getting paid for delivering it on a golden plate on your doorstep, as you can not be bothered to use online resources.
    Sybrand Bakker
    Senior Oracle DBA

  • Having trouble scanning pictures and sending to computer

    Having trouble scaning photos and sending them to my computer. I have HP Envy 700-300z DT.  Printer is a officejet all in one. Printer does everything it should do except scanning to send to computer.

    Hi,
    You may have to start from your computer first:
        Double click printer icon on desktop,
        Select Manage Scan to Computer
        Click Enable -
    You can start this automatically with Windows BUT you will get an arror message if you  turn on the computer BEFORE the printer.
    Regards.
    BH
    **Click the KUDOS thumb up on the left to say 'Thanks'**
    Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem.

  • FFLOGCRT Send Log Report with Critical Transactions Only

    Hi ,
    I have configured FF (SPM) where in Controllers are getting FF ID login notifications through Emails. Now I have a requirement to stop these notifications and send them only for critical transactions.I have configured critical transactions in table /VIRSA/ZVIRTCODE.
    In order to get notifications only for critical transactions I have updated the configuration as below.
    CHGLOG Retrieve Change Log     YES
    FFAUTH Firefighter Owner Additional Authorization     YES
    FFCNTL Firefighter Controller Additional Authorization     YES
    FFLOGCRT Send Log Report with Critical Transactions Only     YES
    FFLOGIM Send Log Report Execution Notification Immediately     NO
    FFLOGNOTI Send Log Report Execution Notification     NO
    FFNOTIM Send Firefighter Login Notification Immediately     NO
    MAIL Send FirefightId Login Notification     NO
    RFC Remote Function Call     LOCAL
    My controllers are not getting notified for critical transactions with above config. Please can you suggest where am I going wrong.
    SOST/SCOT working fine.
    ps: I have gone through the note Note 1065048 - Firefighter Log Not sent in Email to Controller.pdf
    Thanks!!
    ARD
    Edited by: Abhijeet Deshmukh on Sep 17, 2010 5:20 PM

    Hi Simon,
    I am not using risk analysis and remediation's critical transactions table. My FF (SPM) specific crtitcal transactions are in table
    /VIRSA/ZVIRTCODE.
    CTRAN Critical Transaction Table from Compliance Calibrator(VRAT)     NO.
    I am under impression that table /VIRSA/ZVIRTCODE is used by FF for critical transactions.
    Thanks!!
    ARD

  • Sa520 not sending logs through email . unable to send log

    runSmtpClient failed
    Component: PLATFORM
    Could not execute the smtpClient. adpCmdExec failed. Exiting.
    Component: LOGGING
    waht shoud be the resolution

    Hi Subir,
    We are able to send logs successfully through email (see attachment). Could you please provide more details on the issue reported. Can you also let me know which firmware version are you using on  SA500? The latest firmware is 2.1.51 and can be downloaded from  www.cisco.com
    Also please provide us dbglogs when the issue occurs. Please  change / remove all passwords before providing the dbglogs. To get  dbglogs, log into SA500 web UI and in the URL type the following:
    https://IP_address_of_SA500/scgi-bin/dbglog.cgi
    Thanks,
    Nitin

  • Can I configure the MSE to send logs to a logging server

    Does anyone know if that is possible?
    I've looked through the manuals to see if the MSE can send logs to a logging server and cannot find it anywhere.  I am being asked to send login attempts to a logging server.  Can't find it anywhere.
    Has anyone else tried and figured it out?           

    Downloading Mobility Services Engine Log Files
    If you need to analyze mobility services engine log files, you can use WCS to download them to your system. WCS downloads a zip file containing the log files.
    To download a zip file containing the log files, follow these steps:
    Step 1 Choose Services > Mobility Services.
    Step 2 Click the name of the mobility services engine to view its status.
    Step 3 From the left sidebar menu, click Logs.
    Step 4 Click Download Logs.
    Step 5 Follow the instructions in the File Download dialog box to open the file or save the zip file to your system.
    Please check the below link for configuration,
    http://www.cisco.com/en/US/docs/wireless/wcs/7.0MR1/configuration/guide/mse.html#wp1074202

Maybe you are looking for