cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1261
Views
35
Helpful
18
Replies
Highlighted
Beginner

LMS 4.1 shows "No records" for all devices

Hello everyone,

One of our end clients noticed that there is a "No records" message when choosing to show syslog messages for all devices that are configured on his LMS.

Under "LMS - Admin > System > Server Monitoring > Processes" I can see that the "SyslogAnalyzer" and "SyslogCollector" are showing as "Running normally"

Also see attached screenshot:

norecords.jpg

I would really appreciate your advise on this issue.

3 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

hello Daniel,

you are getting syslogs but they are getting filtered .

go to >>

Admin > Network > Notification and Action Settings > Syslog Message Filters

and change the filter settings . Try >> KEEP and Enabled combination. after changing settings check the syslogs collector status , Keep an Eye on the Forwarded column, you should see counts in it instead of  zero .

you might need to play with filter settings   to get this worked. 

This is how Filters works:

Scenario 1:
All filters are disabled. Mode:Keep             (Like in Our case with
Disabled the LINKUPDOWN and  Mode is Keep  .so all the messages for that
LINKUP DOWN will be only Forward)
All messages will be forwarded.


Scenario 2:
All filters are disabled. Mode:Drop
All messages will be filtered.


Scenario 3:
Atleast one filter is enabled. Mode:Keep
Only those syslog messages that satisfy the enabled filters will be
forwarded and all others will be filtered.


Scenario 4:
Atleast one filter is enabled. Mode:Drop
Only those syslog messages that satisfy the enabled filters will be filtered
and all others will be forwarded

Thanks-

Afroz

[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

Highlighted

Yes Daniel  I am sure it is the filter setting issue , however I can suggest one more thing.

Admin > Network > Notification and Action Settings > Syslog Message Filters

Click Create >> select all the devices \ all managed devices >> and  in the next window

(Define New Message Type) >> let all the fields as *  >> click SAVE and ADD

now you should be able to see a new Entry in the Filter settings.

SET  KEEP and ENABLED 

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

Highlighted

That's Great

Kindly Mark it resolved ..

Thanks-

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

18 REPLIES 18
Highlighted
Cisco Employee

Hi Daniel,

share the screen shot of :

Admin > Collection Settings > Syslog > Syslog Collector Status

output of pdshow command

If you have not tried to restart the service  the try to restart the service or if possible reboot the server.

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Highlighted

Hello Afroz,

Here is the screenshot you requested:

collector.png

       Also see attached file for output of pdshow command.

Thanks for your help

Highlighted

hello Daniel,

you are getting syslogs but they are getting filtered .

go to >>

Admin > Network > Notification and Action Settings > Syslog Message Filters

and change the filter settings . Try >> KEEP and Enabled combination. after changing settings check the syslogs collector status , Keep an Eye on the Forwarded column, you should see counts in it instead of  zero .

you might need to play with filter settings   to get this worked. 

This is how Filters works:

Scenario 1:
All filters are disabled. Mode:Keep             (Like in Our case with
Disabled the LINKUPDOWN and  Mode is Keep  .so all the messages for that
LINKUP DOWN will be only Forward)
All messages will be forwarded.


Scenario 2:
All filters are disabled. Mode:Drop
All messages will be filtered.


Scenario 3:
Atleast one filter is enabled. Mode:Keep
Only those syslog messages that satisfy the enabled filters will be
forwarded and all others will be filtered.


Scenario 4:
Atleast one filter is enabled. Mode:Drop
Only those syslog messages that satisfy the enabled filters will be filtered
and all others will be forwarded

Thanks-

Afroz

[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

Highlighted

Thank you for your usefull reply, but we had no luck so far getting this to work.

Im attaching a screenshot of the Syslog Message Filters (after we configured everything to KEEP and ENABLED) and Syslog Collector Status:

MF.jpg

CS.png

I have been wondering about the filters that are displayed, they look like some kind of predifined filters.

Is it possible to delete them all to rule them out?.

Highlighted

Hi,

Can you subscribe the Syslog collector with the Actual  IP address of the server instead of 127.0.0.1

also change one of the messages like link up/down to disable and check it again.

if that did not help then change the mode to DROP..

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Highlighted

Hello,

Can you please describe the process of subscribing to the actual IP of the server (navigation wise)?

Highlighted

you can do this from the same windows (syslog collector status)

look at the screen shot you have shared  > click on the Radio button and click Unsubscribe....and then subscribe

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Highlighted
Beginner

It gives us the following message when we try to subscribe the actual ip address:

Subscribe Confirmation

SLCA0152: Check if - 1. Self-signed Certificates from this server is copied to Syslog Collector server and vice versa.You can perform this operation from Admin > Trust Management > Multi Server > Peer Server Certificate Setup. 2. Syslog Collector process on SyslogCollector server and SyslogAnalyzer process on this server is restarted after step 1. 3. Both hosts are reachable by host name. 4.Certificates are valid.

We click OK and nothing happens.

Suggestions?

Highlighted

try with the hostname of the server.

Thanks-

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Highlighted

Worked:

We configured all filters as DISABLED and mode to KEEP. Still nothing.

Highlighted

Keep 2 filter like Linkup down and one more on disbaled and  rest 2 on Enabled

and check the issue.....

-------------------

If above setting does not work ...DOn't change the filters  JUST change the Mode to KEEP

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Highlighted

after changing the settings ...wait for 20 -30 sec.. and then check the syslog collector status

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Highlighted

Sorry, but still nothing.

Highlighted

Daniel,

I don't know , how can I help you more

But I would suggest you  to try change filter settings ...it is the ONLY issue

Thanks-

Afroz

[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Content for Community-Ad