Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
0
Helpful
2
Replies

Cisco LMS 4.2: Custom syslog Message descriptions

lenwood.spotts
Level 1
Level 1

‎08-04-2014 12:01 PM

Please see attached image.

 

I would like to know where in LMS 4.2 you can edit/configure the syslog analyzer to display a different description/explanation and recommended action for various syslog messages.

 

We're starting to roll out 802.1x on our network and we would like to get something documented so our engineers can identify the problem and know what to do to fix the issue without having to parse through several tried and failed processes.

There's a way to do it. I can't remember where I saw it in the menus.

Labels:
Preview file
44 KB
0 Helpful
2 Replies 2

Vinod Arya
Cisco Employee
Cisco Employee

‎08-04-2014 09:21 PM

Unfortunately, there no such way by which you could do this on LMS as it not an available feature.

Syslog is amongst one of the basic feature in LMS and doesn't have a lot of custom attributes for Syslog Management.

Only option you have when a syslog arrives is :

> Send an email about that particular syslog.

> Execute a script.

> Go and run a URL.

The above options are known as Automated Actions (AA). Apart from AA, you can't define anything for a syslog.

-Thanks

Vinod

**Encourage Contributors. RATE Them.**

-Thanks Vinod **Rating Encourages contributors, and its really free. **
0 Helpful

mikaelbje
Level 1
Level 1

‎09-24-2014 11:57 PM

Hi,

 

have a look at this thread: https://supportforums.cisco.com/discussion/12070801/cisco-ios-log-message-overview

 

You cannot do it in CPI or LMS 4.2, but if you have Splunk I've developed an app that does this for you: https://apps.splunk.com/app/1352/ Every facility, severity and mnemonic combination looks up recommended actions and explanations.

 

IMHO neither LMS nor Cisco Prime Infrastructure are very good tools for handling syslog. They have their uses and work great for management as well as handling SNMP, but using LMS or CPI for syslog is a bit of a hassle, especially if you want to have a historical perspective of your data.

 

I do consulting both on CPI and Splunk and always advice my clients to use Splunk for log handling as you use it to analyze logs from other devices in your network as well.

0 Helpful
Customers Also Viewed These Support Documents