01-11-2005 07:45 AM
Hi,
I'm just back from a customer who angrily scrapped CW LMS 2.2 as it turned out that not all syslog messages sent show up in syslog.log (on Win2k).
First sniffed the traffic and saw all messages passing, then we replaced the CW2k server with a Linux box as syslog host (same IP address). The UNIX syslogd received each and every syslog message while obviously Ciscoworks crmlog services missed a good deal. Even messages from CatOS and IOS devices were lost !!!
Actually, it is the first time I saw someone double-check syslog message reception that thoroughly. Most costumers I know just rely on it.
So, is there someone else how has put the reliability of RME syslog analyzer to the test ?
Cheers
Georg
01-12-2005 11:52 PM
Were there not perhaps any filters in place? Filters (on the OS or application) will cause messages to be discarded if they reach the server and do not match the criteria. (I have seen this before on a Solaris CW2K server)
On Solaris with CW2K you can however do a lot more in terms of filters as the operating system provides for this kind of manipulation, but Windows does seem to lag behind in this department.
M
01-13-2005 01:06 AM
Agreed, Filters play a big role - if any is configured. (RME>Administration>Syslog Analysis>Define Message Filter)
The Unexpected Decvice Report in RME>Syslog Analysis provides some indication of devices sending messages sent to the syslog deamon that are not managed.
Also have a look at the Syslog Collector Status. Create a blank syslog.log file and validate the amount of messages.
01-14-2005 12:02 AM
What I talk about is that messages don't even show up in syslog.log !!! We replaced the CW2k server with a Linux box (same IP address, same switch port) and everything was received perfectly.
01-13-2005 01:08 AM
Hi Maretha,
There were only the default filters in place which come with the product (e.g. severity 7 filter). But syslog messages are missing randomly from all kinds of devices and all levels of severities. This is not only disappointing, when you're at a client's site it's acutally humiliating.
Cheers
Georg
01-14-2005 12:49 AM
There are issues with the amount of incoming messages that can be handeld, perhaps this may be and issue. I do not know the number, but at a certain amount CW may drop some messages.
Try to enable debugging for syslog:
HTH
Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide