cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5384
Views
5
Helpful
11
Replies

Ciscoworks syslog configuration

wilson_1234_2
Level 3
Level 3

How do I verify the Ciscoworks syslog configuration?

I can run and see the results of inventory reports and config archives, but I see nothing when running a report on syslog.

I see in the router and switches that syslog is pointing to the ciscoworks server, but when I run a report I get nothing.

How can I verify that Ciscoworks is configured to collect and hold these events properly?

11 Replies 11

yjdabear
VIP Alumni
VIP Alumni

RME -> Tools -> Syslog -> syslog collector status

Thanks!

Rattlesnake_bac
Level 1
Level 1

Do i need to enter logging host command on devices and what IP address and port should i use to access syslog from CiscoWorks?

To help answer your first question, can you post:

"show version"

"show running | include logging"

for each type of device you want CiscoWorks to do syslog analysis for?

I don't quite understand the second part of the question: "what IP address and port should i use to access syslog from CiscoWorks". Can you elaborate?

Rattlesnake_bac
Level 1
Level 1
2821#sh ver
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 19-Oct-09 17:38 by prod_rel_team
System restarted at 18:26:10 GMT Sat Dec 19 2009
System image file is "flash:c2800nm-advipservicesk9-mz.124-24.T2.bin"
Cisco 2821 (revision 53.51) with 249856K/12288K bytes of memory.
Processor board ID FHK1344F1X4
2 Gigabit Ethernet interfaces
2 Virtual Private Network (VPN) Modules
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
2821#sh run | i logging
logging message-counter syslog
no logging buffered
logging host 192.168.100.32 transport tcp port 1468
i am currently using Kiwi syslog daemon installed on the same server ( .100.32 ) which listens at port 1468 but i want to integrate with CiscoWorks syslog analyzer. so my question is, how to make the transmission between the router and CiscoWorks, do i have to specify different port number.

Great, since you have Kiwi syslog server listening on a non-standard port and through tcp no less, all you need is to configure "logging host 192.168.100.32" on the 2800. It's implicitly equivalent to "logging host 192.168.100.32 transport udp port 514", I think, but you don't need to configure the extra parts. Then check NMSROOT\log\syslog.log to make sure you're seeing the 2800's logs making into that file. If not, one thing to check is whether Windows' built-in software firewall is blocking incoming traffic on UDP port 514.

Thanks very much, i got it working, next thing is to figure out why it reports syslogs as " invalid" ...

Do you actually see the syslogs from the 2800 in NMSROOT\log\syslog.log? Because the Windows OS also logs to syslog.log as "Invalids", so I'm not necessarily convinced the 2800 is logging to LMS yet. To verify, can you post a few lines from NMSROOT\log\syslog.log that indicate they're from the 2800?

I finally found what the problem was. Yes, it logged into syslog.log , and showed them as invalid. The problem was that i couldnt generate reports, because there were no data. Well, the problem was the source interface's IP address. I didn't configure which interface should the device use, so Ciscoworks put all the logs into " Unexpected devices" and marked them "invalid" . Anyway, now everithyng's just fine. Thanks again for the efforts!

Hi,

I'm having the same issue, somewhat.  All syslog messages are getting getting received and forwared except level 7, debugging.  It seems like level 7 messages are getting invalidated by ciscoworks.  Can you go into more detail about the part "I didn't configure which interface should the device use"?  Thank you.

try "logging source ?" on your device

the interface with the IP you use to mangen the device with should send the syslog

Cheers,

Michel