cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2402
Views
35
Helpful
18
Replies

LMS 4.1 shows "No records" for all devices

DanielKerman
Level 1
Level 1

Hello everyone,

One of our end clients noticed that there is a "No records" message when choosing to show syslog messages for all devices that are configured on his LMS.

Under "LMS - Admin > System > Server Monitoring > Processes" I can see that the "SyslogAnalyzer" and "SyslogCollector" are showing as "Running normally"

Also see attached screenshot:

norecords.jpg

I would really appreciate your advise on this issue.

3 Accepted Solutions

Accepted Solutions

hello Daniel,

you are getting syslogs but they are getting filtered .

go to >>

Admin > Network > Notification and Action Settings > Syslog Message Filters

and change the filter settings . Try >> KEEP and Enabled combination. after changing settings check the syslogs collector status , Keep an Eye on the Forwarded column, you should see counts in it instead of  zero .

you might need to play with filter settings   to get this worked. 

This is how Filters works:

Scenario 1:
All filters are disabled. Mode:Keep             (Like in Our case with
Disabled the LINKUPDOWN and  Mode is Keep  .so all the messages for that
LINKUP DOWN will be only Forward)
All messages will be forwarded.


Scenario 2:
All filters are disabled. Mode:Drop
All messages will be filtered.


Scenario 3:
Atleast one filter is enabled. Mode:Keep
Only those syslog messages that satisfy the enabled filters will be
forwarded and all others will be filtered.


Scenario 4:
Atleast one filter is enabled. Mode:Drop
Only those syslog messages that satisfy the enabled filters will be filtered
and all others will be forwarded

Thanks-

Afroz

[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

Yes Daniel  I am sure it is the filter setting issue , however I can suggest one more thing.

Admin > Network > Notification and Action Settings > Syslog Message Filters

Click Create >> select all the devices \ all managed devices >> and  in the next window

(Define New Message Type) >> let all the fields as *  >> click SAVE and ADD

now you should be able to see a new Entry in the Filter settings.

SET  KEEP and ENABLED 

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

That's Great

Kindly Mark it resolved ..

Thanks-

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

18 Replies 18

AFROJ AHMAD
Cisco Employee
Cisco Employee

Hi Daniel,

share the screen shot of :

Admin > Collection Settings > Syslog > Syslog Collector Status

output of pdshow command

If you have not tried to restart the service  the try to restart the service or if possible reboot the server.

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Hello Afroz,

Here is the screenshot you requested:

collector.png

       Also see attached file for output of pdshow command.

Thanks for your help

hello Daniel,

you are getting syslogs but they are getting filtered .

go to >>

Admin > Network > Notification and Action Settings > Syslog Message Filters

and change the filter settings . Try >> KEEP and Enabled combination. after changing settings check the syslogs collector status , Keep an Eye on the Forwarded column, you should see counts in it instead of  zero .

you might need to play with filter settings   to get this worked. 

This is how Filters works:

Scenario 1:
All filters are disabled. Mode:Keep             (Like in Our case with
Disabled the LINKUPDOWN and  Mode is Keep  .so all the messages for that
LINKUP DOWN will be only Forward)
All messages will be forwarded.


Scenario 2:
All filters are disabled. Mode:Drop
All messages will be filtered.


Scenario 3:
Atleast one filter is enabled. Mode:Keep
Only those syslog messages that satisfy the enabled filters will be
forwarded and all others will be filtered.


Scenario 4:
Atleast one filter is enabled. Mode:Drop
Only those syslog messages that satisfy the enabled filters will be filtered
and all others will be forwarded

Thanks-

Afroz

[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Thank you for your usefull reply, but we had no luck so far getting this to work.

Im attaching a screenshot of the Syslog Message Filters (after we configured everything to KEEP and ENABLED) and Syslog Collector Status:

MF.jpg

CS.png

I have been wondering about the filters that are displayed, they look like some kind of predifined filters.

Is it possible to delete them all to rule them out?.

Hi,

Can you subscribe the Syslog collector with the Actual  IP address of the server instead of 127.0.0.1

also change one of the messages like link up/down to disable and check it again.

if that did not help then change the mode to DROP..

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Hello,

Can you please describe the process of subscribing to the actual IP of the server (navigation wise)?

you can do this from the same windows (syslog collector status)

look at the screen shot you have shared  > click on the Radio button and click Unsubscribe....and then subscribe

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

DanielKerman
Level 1
Level 1

It gives us the following message when we try to subscribe the actual ip address:

Subscribe Confirmation

SLCA0152: Check if - 1. Self-signed Certificates from this server is copied to Syslog Collector server and vice versa.You can perform this operation from Admin > Trust Management > Multi Server > Peer Server Certificate Setup. 2. Syslog Collector process on SyslogCollector server and SyslogAnalyzer process on this server is restarted after step 1. 3. Both hosts are reachable by host name. 4.Certificates are valid.

We click OK and nothing happens.

Suggestions?

try with the hostname of the server.

Thanks-

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Worked:

We configured all filters as DISABLED and mode to KEEP. Still nothing.

Keep 2 filter like Linkup down and one more on disbaled and  rest 2 on Enabled

and check the issue.....

-------------------

If above setting does not work ...DOn't change the filters  JUST change the Mode to KEEP

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

after changing the settings ...wait for 20 -30 sec.. and then check the syslog collector status

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Sorry, but still nothing.

Daniel,

I don't know , how can I help you more

But I would suggest you  to try change filter settings ...it is the ONLY issue

Thanks-

Afroz

[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco