Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2815
Views
1
Helpful
6
Replies

How reliable is RME Syslog Analyzer ???

georg.tresselt
Level 1
Level 1

‎01-11-2005 08:03 AM

Hi,

I'm just back from a customer who angrily scrapped CW LMS 2.2 as it turned out that not all syslog messages sent show up in syslog.log (on Win2k).

First sniffed the traffic and saw all messages passing, then we replaced the CW2k server with a Linux box as syslog host (same IP address). The UNIX syslogd received each and every syslog message while obviously Ciscoworks crmlog services missed a good deal. Even messages from CatOS and IOS devices were lost !!!

Actually, it is the first time I saw someone double-check syslog message reception that thoroughly. Most costumers I know just rely on it.

So, is there someone else how has put the reliability of RME syslog analyzer to the test ?

Cheers

Georg

Labels:
0 Helpful
6 Replies 6

jason.aarons
Level 1
Level 1

‎01-11-2005 11:19 AM

I thought I read somewhere the default CW2K behavior is to filter other then Level 7 informational, check you syslogd.conf file for what is filtered.

http://www.cisco.com/en/US/partner/products/sw/cscowork/ps2073/products_tech_note09186a00800a7275.shtml#changedefault

I also use the Kiwi CatTools syslog server, it has a great GUI for actions, logging, etc. More features then the CW2K.

georg.tresselt
Level 1
Level 1
In response to jason.aarons

‎01-11-2005 11:49 PM

I'm well aware of the default filters of syslog analyzer. But, the missing messages don't match them.

0 Helpful

robertsd4006
Level 1
Level 1

‎01-11-2005 12:54 PM

Another thing to check is - was any part of VMS installed on the same box as Ciscoworks? I had a similar situation where only about 1/4 of the messages sent were being received. I removed all components of VMS (Management center for routers, MC for VPN, MC for IDS, etc.) and it now works properly. According to Cisco, there is another syslog process present in the VMS suite that does not co-exist peacefully with CW, thus causing problems. Hope this helps.

0 Helpful

georg.tresselt
Level 1
Level 1
In response to robertsd4006

‎01-14-2005 05:02 AM

Interesting news as VMS includes RME afaik

0 Helpful

robertsd4006
Level 1
Level 1

‎01-11-2005 12:55 PM

Sorry for the double post. Network was a little skippy.

Another thing to check is - was any part of VMS installed on the same box as Ciscoworks? I had a similar situation where only about 1/4 of the messages sent were being received. I removed all components of VMS (Management center for routers, MC for VPN, MC for IDS, etc.) and it now works properly. According to Cisco, there is another syslog process present in the VMS suite that does not co-exist peacefully with CW, thus causing problems. Hope this helps.

0 Helpful

georg.tresselt
Level 1
Level 1
In response to robertsd4006

‎01-11-2005 11:51 PM

There is no VMS installed. The only thing on the box apart from LMS 2.2 is nGenius RTM which comes with CW2k.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents