cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1014
Views
5
Helpful
1
Replies
Highlighted
Enthusiast

LMS 3.2 - Invalid Syslog Messages

Hello,

I have a small problem with a lot of invalid syslog messages in LMS 3.2.

Something about 30% of all messages are invalid.

Is there any posibility to get out from which devices those messages are?

Is it a big problem for the application if there are such a lot of invalid messages? I have a lot of devices in my LMS and don't want to get high load because of such unneeded messages.

Thanks a lot!

Sven

Everyone's tags (4)
1 REPLY 1
Collaborator

LMS 3.2 - Invalid Syslog Messages

invalid syslog messages are messages in non-EMBLEM format, usually from non-cisco devices or cisco security devices were this format for syslog messages  must explicitly be configured.

Having LMS on windows, dmgtd also writes his messages to the syslog.log which are not in EMBLEM format and are counted as invalid (in fact these are more log messages than syslog messages..). These are usually a lot of messages and that's why LMS on windows generally has a higher number of invalid messages as on solaris

EMBLEM format defines a specific header for the syslog messages.

Some people says, that syslog messages from a device not supported or a device not managed in LMS is also counted as invalid but I am not quite sure and I don'think so..

Syslog Performance:

Syslog

- Can validate and filter 200 syslogs per second

- Can forward and store 50 syslogs per second

- Can take one action per second

- Can validate and filter 1000 syslogs per second burst for an hour

from:

http://www.cisco.com/en/US/partner/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/white_paper_c07-533663.html

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards