Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1452
Views
5
Helpful
1
Replies

LMS 3.2 - Invalid Syslog Messages

Sven Hruza
Level 4
Level 4

‎08-23-2011 01:45 AM

Hello,

I have a small problem with a lot of invalid syslog messages in LMS 3.2.

Something about 30% of all messages are invalid.

Is there any posibility to get out from which devices those messages are?

Is it a big problem for the application if there are such a lot of invalid messages? I have a lot of devices in my LMS and don't want to get high load because of such unneeded messages.

Thanks a lot!

Sven

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Martin Ermel
VIP Alumni
VIP Alumni

‎08-23-2011 11:49 PM

invalid syslog messages are messages in non-EMBLEM format, usually from non-cisco devices or cisco security devices were this format for syslog messages  must explicitly be configured.

Having LMS on windows, dmgtd also writes his messages to the syslog.log which are not in EMBLEM format and are counted as invalid (in fact these are more log messages than syslog messages..). These are usually a lot of messages and that's why LMS on windows generally has a higher number of invalid messages as on solaris

EMBLEM format defines a specific header for the syslog messages.

Some people says, that syslog messages from a device not supported or a device not managed in LMS is also counted as invalid but I am not quite sure and I don'think so..

Syslog Performance:

Syslog

- Can validate and filter 200 syslogs per second

- Can forward and store 50 syslogs per second

- Can take one action per second

- Can validate and filter 1000 syslogs per second burst for an hour

from:

http://www.cisco.com/en/US/partner/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/white_paper_c07-533663.html

Customers Also Viewed These Support Documents