CiscoWorks LMS & Remote Syslog Collector.

andrea.meconi · ‎11-12-2012

Hello at all.

I'm using CiscoWorks LMS 4.0.1 and I need to activate a remote syslog collector.

Installation occur without errors and the test subscription is fine but syslog reports are always empty!

These two servers need to communicate through a firewall.

I'm not able to define a correct rule, a "permit ip any any" does not work also!

Any ideas?

Thanks.

Regards.

Andrea

ngoldwat · ‎11-16-2012

Hi,

Is the remote machine another LMS Server?

Condition: Syslog Analyzer cannot connect to Remote Syslog Collector

The connection issue might be seen if TCP ports 3333 and 4444, used by the syslog collector, are blocked.

In order to resolve the issue, you can release TCP ports 3333 and 4444 and restart the syslog service.

Condition: Syslog report shows as empty.

If you see an empty report, try to configure the log rotation with the logrot tool provided by CiscoWorks.

Issues with Database

Are you able to generate reports locally?

Syslog Filter Settings

Here is the information on the results for the various combinations of filter settings:

Scenario 1:

All filters are disabled.Mode:Keep

All messages will be forwarded.

Scenario 2:

All filters are disabled.Mode:Drop

All messages will be filtered.

Scenario 3:

At least one filter is enabled.Mode:Keep

Only those syslog messages that satisfy the enabled filters will be

forwarded and all others will be filtered.

Scenario 4:

At least one filter is enabled.Mode:Drop

Only those syslog messages that satisfy the enabled filters will be

filtered and all others will be forwarded

Lastly if you are trying to allow syslogs through a firewall you need to allow udp/514

Hope this gets you pointed in the right direction.