Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2609
Views
0
Helpful
3
Replies

LMS 4.2 not processing syslog messages

MARK GRABER
Level 1
Level 1

‎03-13-2012 11:45 AM

I have a new install of LMS 4.2 on a virtual appliance.  No syslog messages are getting into LMS.  They are being received by the server, but are showing up in /var/adm/CSCOpx/log/dmgtd.log, and aren't getting processed by SyslogAnalyser.

Here's the syslog.conf file:

     local6.info                                                                     /var/log/ade/ADE.log

     *.info;mail.none;news.none;authpriv.none;cron.none;local0.none;local1.none      /var/log/messages

     authpriv.*                                                                      /var/log/secure

     mail.*                                                                          -/var/log/maillog

     cron.*                                                                          /var/log/cron

     *.emerg                                                                         *

     uucp,news.crit                                                                  /var/log/spooler

     local7.*                                                                        /var/log/boot.log

     #Application LMS Generated config

     #BEGIN CSCOmd - DO NOT EDIT THESE COMMENTS OR CONTENTS CONTAINED WITHIN - local0 1

     #

     local0.emerg;local0.alert;local0.crit;local0.err;local0.warning;local0.notice;local0.info;local0.debug  /var/adm/CSCOpx/log/dmgtd.log

     #

     #END CSCOmd DO NOT EDIT BEFORE THIS LINE  1

     local7.info  /var/log/syslog_info

My guess is that the incoming messages are getting written to the wrong file.  What do I need to change to correct this?

Labels:
0 Helpful
3 Replies 3

Emperor2000
Level 1
Level 1

‎03-19-2012 11:08 AM

Hello there Mark.  

I have the same problem also running a virtual appliance but cant get the sysloganalyser to process it.

Since we are vealuating this software its kind of hard to get a TAC case going also.

0 Helpful

Michel Hegeraat
Level 7
Level 7
In response to Emperor2000

‎03-19-2012 12:40 PM

Try to configure the devices to send the syslog on the 'default' local7

Use the Netconfig template for syslog

Cheers,

Michel

0 Helpful

r-tyrell
Level 1
Level 1
In response to Emperor2000

‎06-05-2012 03:58 PM

I found that all of my syslog messages were being captured under /var/log/messages.  This was due to my Cisco devices being configured with "logging facility local5".  Instead of reconfiguring all of my devices to log to facility local7, I just changed the following line in syslog.conf and restarted (/etc/init.d/syslog restart)

Before:

local7.info  /var/log/syslog_info

After:

local5.*  /var/log/syslog_info

Probably not the best way to do it, but it worked for me.

-Rick

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card