Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2786
Views
0
Helpful
5
Replies

How reliable is RME Syslog Analyzer ???

georg.tresselt
Level 1
Level 1

‎01-11-2005 07:45 AM

Hi,

I'm just back from a customer who angrily scrapped CW LMS 2.2 as it turned out that not all syslog messages sent show up in syslog.log (on Win2k).

First sniffed the traffic and saw all messages passing, then we replaced the CW2k server with a Linux box as syslog host (same IP address). The UNIX syslogd received each and every syslog message while obviously Ciscoworks crmlog services missed a good deal. Even messages from CatOS and IOS devices were lost !!!

Actually, it is the first time I saw someone double-check syslog message reception that thoroughly. Most costumers I know just rely on it.

So, is there someone else how has put the reliability of RME syslog analyzer to the test ?

Cheers

Georg

Labels:
0 Helpful
5 Replies 5

maretha
Level 1
Level 1

‎01-12-2005 11:52 PM

Were there not perhaps any filters in place? Filters (on the OS or application) will cause messages to be discarded if they reach the server and do not match the criteria. (I have seen this before on a Solaris CW2K server)

On Solaris with CW2K you can however do a lot more in terms of filters as the operating system provides for this kind of manipulation, but Windows does seem to lag behind in this department.

M

0 Helpful

pvanvuuren
Level 3
Level 3
In response to maretha

‎01-13-2005 01:06 AM

Agreed, Filters play a big role - if any is configured. (RME>Administration>Syslog Analysis>Define Message Filter)

The Unexpected Decvice Report in RME>Syslog Analysis provides some indication of devices sending messages sent to the syslog deamon that are not managed.

Also have a look at the Syslog Collector Status. Create a blank syslog.log file and validate the amount of messages.

0 Helpful

georg.tresselt
Level 1
Level 1
In response to pvanvuuren

‎01-14-2005 12:02 AM

What I talk about is that messages don't even show up in syslog.log !!! We replaced the CW2k server with a Linux box (same IP address, same switch port) and everything was received perfectly.

0 Helpful

georg.tresselt
Level 1
Level 1
In response to maretha

‎01-13-2005 01:08 AM

Hi Maretha,

There were only the default filters in place which come with the product (e.g. severity 7 filter). But syslog messages are missing randomly from all kinds of devices and all levels of severities. This is not only disappointing, when you're at a client's site it's acutally humiliating.

Cheers

Georg

0 Helpful

Martin Ermel
VIP Alumni
VIP Alumni
In response to georg.tresselt

‎01-14-2005 12:49 AM

There are issues with the amount of incoming messages that can be handeld, perhaps this may be and issue. I do not know the number, but at a certain amount CW may drop some messages.

Try to enable debugging for syslog:

http://www.cisco.com/en/US/partner/products/sw/cscowork/ps2073/products_tech_note09186a00800a7275.shtml#topic4

HTH

Martin

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card