Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3028
Views
35
Helpful
18
Replies

LMS 4.1 shows "No records" for all devices

Go to solution
DanielKerman
Level 1
Level 1

‎10-10-2013 04:42 AM

Hello everyone,

One of our end clients noticed that there is a "No records" message when choosing to show syslog messages for all devices that are configured on his LMS.

Under "LMS - Admin > System > Server Monitoring > Processes" I can see that the "SyslogAnalyzer" and "SyslogCollector" are showing as "Running normally"

Also see attached screenshot:

norecords.jpg

I would really appreciate your advise on this issue.

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to DanielKerman

‎10-14-2013 07:01 AM

hello Daniel,

you are getting syslogs but they are getting filtered .

go to >>

Admin > Network > Notification and Action Settings > Syslog Message Filters

and change the filter settings . Try >> KEEP and Enabled combination. after changing settings check the syslogs collector status , Keep an Eye on the Forwarded column, you should see counts in it instead of  zero .

you might need to play with filter settings   to get this worked. 

This is how Filters works:

Scenario 1:
All filters are disabled. Mode:Keep             (Like in Our case with
Disabled the LINKUPDOWN and  Mode is Keep  .so all the messages for that
LINKUP DOWN will be only Forward)
All messages will be forwarded.


Scenario 2:
All filters are disabled. Mode:Drop
All messages will be filtered.


Scenario 3:
Atleast one filter is enabled. Mode:Keep
Only those syslog messages that satisfy the enabled filters will be
forwarded and all others will be filtered.


Scenario 4:
Atleast one filter is enabled. Mode:Drop
Only those syslog messages that satisfy the enabled filters will be filtered
and all others will be forwarded

Thanks-

Afroz

[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

0 Helpful

Go to solution
AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to DanielKerman

‎10-20-2013 10:08 AM

Yes Daniel  I am sure it is the filter setting issue , however I can suggest one more thing.

Admin > Network > Notification and Action Settings > Syslog Message Filters

Click Create >> select all the devices \ all managed devices >> and  in the next window

(Define New Message Type) >> let all the fields as *  >> click SAVE and ADD

now you should be able to see a new Entry in the Filter settings.

SET  KEEP and ENABLED 

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

0 Helpful

Go to solution
AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to DanielKerman

‎10-21-2013 07:21 AM

That's Great

Kindly Mark it resolved ..

Thanks-

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

0 Helpful
18 Replies 18

Go to solution
AFROJ AHMAD
Cisco Employee
Cisco Employee

‎10-10-2013 05:40 AM

Hi Daniel,

share the screen shot of :

Admin > Collection Settings > Syslog > Syslog Collector Status

output of pdshow command

If you have not tried to restart the service  the try to restart the service or if possible reboot the server.

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Go to solution
DanielKerman
Level 1
Level 1
In response to AFROJ AHMAD

‎10-14-2013 05:35 AM

Hello Afroz,

Here is the screenshot you requested:

collector.png

       Also see attached file for output of pdshow command.

Thanks for your help

15369073-pd.txt.zip
0 Helpful

Go to solution
AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to DanielKerman

‎10-14-2013 07:01 AM

hello Daniel,

you are getting syslogs but they are getting filtered .

go to >>

Admin > Network > Notification and Action Settings > Syslog Message Filters

and change the filter settings . Try >> KEEP and Enabled combination. after changing settings check the syslogs collector status , Keep an Eye on the Forwarded column, you should see counts in it instead of  zero .

you might need to play with filter settings   to get this worked. 

This is how Filters works:

Scenario 1:
All filters are disabled. Mode:Keep             (Like in Our case with
Disabled the LINKUPDOWN and  Mode is Keep  .so all the messages for that
LINKUP DOWN will be only Forward)
All messages will be forwarded.


Scenario 2:
All filters are disabled. Mode:Drop
All messages will be filtered.


Scenario 3:
Atleast one filter is enabled. Mode:Keep
Only those syslog messages that satisfy the enabled filters will be
forwarded and all others will be filtered.


Scenario 4:
Atleast one filter is enabled. Mode:Drop
Only those syslog messages that satisfy the enabled filters will be filtered
and all others will be forwarded

Thanks-

Afroz

[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
0 Helpful

Go to solution
DanielKerman
Level 1
Level 1
In response to AFROJ AHMAD

‎10-17-2013 12:35 AM

Thank you for your usefull reply, but we had no luck so far getting this to work.

Im attaching a screenshot of the Syslog Message Filters (after we configured everything to KEEP and ENABLED) and Syslog Collector Status:

MF.jpg

CS.png

I have been wondering about the filters that are displayed, they look like some kind of predifined filters.

Is it possible to delete them all to rule them out?.

0 Helpful

Go to solution
AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to DanielKerman

‎10-17-2013 12:41 AM

Hi,

Can you subscribe the Syslog collector with the Actual  IP address of the server instead of 127.0.0.1

also change one of the messages like link up/down to disable and check it again.

if that did not help then change the mode to DROP..

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Go to solution
DanielKerman
Level 1
Level 1
In response to AFROJ AHMAD

‎10-17-2013 12:48 AM

Hello,

Can you please describe the process of subscribing to the actual IP of the server (navigation wise)?

0 Helpful

Go to solution
AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to DanielKerman

‎10-17-2013 12:50 AM

you can do this from the same windows (syslog collector status)

look at the screen shot you have shared  > click on the Radio button and click Unsubscribe....and then subscribe

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Go to solution
DanielKerman
Level 1
Level 1

‎10-17-2013 01:17 AM

It gives us the following message when we try to subscribe the actual ip address:

Subscribe Confirmation

SLCA0152: Check if - 1. Self-signed Certificates from this server is copied to Syslog Collector server and vice versa.You can perform this operation from Admin > Trust Management > Multi Server > Peer Server Certificate Setup. 2. Syslog Collector process on SyslogCollector server and SyslogAnalyzer process on this server is restarted after step 1. 3. Both hosts are reachable by host name. 4.Certificates are valid.

We click OK and nothing happens.

Suggestions?

0 Helpful

Go to solution
AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to DanielKerman

‎10-17-2013 01:19 AM

try with the hostname of the server.

Thanks-

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Go to solution
DanielKerman
Level 1
Level 1
In response to AFROJ AHMAD

‎10-17-2013 01:28 AM

Worked:

We configured all filters as DISABLED and mode to KEEP. Still nothing.

0 Helpful

Go to solution
AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to DanielKerman

‎10-17-2013 01:31 AM

Keep 2 filter like Linkup down and one more on disbaled and  rest 2 on Enabled

and check the issue.....

-------------------

If above setting does not work ...DOn't change the filters  JUST change the Mode to KEEP

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Go to solution
AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to AFROJ AHMAD

‎10-17-2013 01:32 AM

after changing the settings ...wait for 20 -30 sec.. and then check the syslog collector status

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Go to solution
DanielKerman
Level 1
Level 1
In response to AFROJ AHMAD

‎10-17-2013 02:16 AM

Sorry, but still nothing.

0 Helpful

Go to solution
AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to DanielKerman

‎10-17-2013 02:37 AM

Daniel,

I don't know , how can I help you more

But I would suggest you  to try change filter settings ...it is the ONLY issue

Thanks-

Afroz

[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card