Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4027
Views
0
Helpful
24
Replies

Prime LMS: Syslog filter issue

Go to solution
alex.dersch
Level 4
Level 4

‎09-25-2011 07:33 AM

Hello,

for a subset of my devices i do not receive syslog messages. I believe they get filtered out. I deleted all syslog filters and set the Message Filter Type to Keep and the Include interface of selected devices to Yes. Then I restared the system.

But I still see under Admin > Collection Settings > Syslog that there a messeages are filtered.

Any ideas?

regards

alex

Labels:
0 Helpful
24 Replies 24

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to alex.dersch

‎09-27-2011 01:22 AM

Do:

no service sequence-numbers

Then see if the messages show up in the reports.

0 Helpful

Go to solution
alex.dersch
Level 4
Level 4
In response to Joe Clarke

‎09-27-2011 02:18 AM

I did remove the service sequence-numbers but still the same. Counter of filtered messages rises but they don't show up in the report. I also figured out, my firewall syslog also don't appear. It's very odd, they even don't show up in the syslog_info.

0 Helpful

Go to solution
alex.dersch
Level 4
Level 4
In response to alex.dersch

‎09-27-2011 02:31 AM

Also my Wireless LAN Controller messages don't shop up. That really confusing, all the messages were available at my old LMS 4.0

0 Helpful

Go to solution
alex.dersch
Level 4
Level 4
In response to alex.dersch

‎09-27-2011 02:49 AM

I compared to syslog messages in SyslogCollector.log and it seems there is a problem. First is one which is processed correctly.

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssEmblemProcessor - About to process the syslog string  : Sep 27 08:49:09 nos-ch-wbn-sw01.nosergroup.lan 613189: NOS-CH-WBN-SW01: Sep 27 2011 10:49:09: %AUTHMGR-5-START: St

arting 'mab' for client (000c.2995.d268) on Interface Gi0/8 AuditSessionID 0A0080FD0000007E6917871E

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Parser :

com.cisco.nm.rmeng.fcss.common.FcssEmblemAFormatParser@7109c4

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Parser :

com.cisco.nm.rmeng.fcss.common.FcssEmblemBFormatParser@1385660

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Parser :

com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@1aed5f9

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Parser :

com.cisco.nm.rmeng.fcss.common.CSSSyslogFormatParser@161dfb5

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, EmblemA not valid.

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, EmblemB not valid.

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, EmblemA valid.

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Setting daemon date

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, After adjusting the offset Tue Sep 27 08:49:09 GMT 2011 GMT 27 Sep 2011 08:49:09 GMT

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Parsed using the parser :

com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@1aed5f9

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssEmblemProcessor - Valid EMBLEM format. Passing on...

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, deviceList set from hostname

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Converted syslog to filter string. Filter string is 10.0.128.253;;;AUTHMGR-5-START: Starting 'mab' for client (000c.2995.d268) on Interface Gi0/8 AuditSessionID 0A0080FD0000007E

6917871E

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, ^((\S+);;;(\S+)(-(\S+))?-(.*)(-(.*\s*))?\s*:\s*.*)$

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Inside Pattern evaluation trueping this syslog

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, getInterestedSubscribers() - List of interested subscribers -

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder queue size is 15

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder batch size is 50

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssFilterProcessor - Handed off syslog to forwarder. Destined to subscriber nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Entered zero size

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, got the command

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, FcssSubscriber - Posting new syslogs

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,641, FcssSubscriber - After write

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Posted syslogs, waiting for ack

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Response is true

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSyslogObjectsForwarder - incremented stats.

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, Entered zero size

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, FcssEmblemProcessor - About to process the syslog string  : Sep 27 09:37:22 fx-ch-hom-sw13.frox.com 149770: FX-CH-HOM-SW13: Sep 27 11:37:21: %CDP-4-DUPLEX_MISMATCH: duplex mi

smatch discovered on GigabitEthernet0/23 (not half duplex), with NOS-CH-HOM-AP01 FastEthernet0 (half duplex).

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parser :

com.cisco.nm.rmeng.fcss.common.FcssEmblemAFormatParser@7109c4

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parser :

com.cisco.nm.rmeng.fcss.common.FcssEmblemBFormatParser@1385660

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parser :

com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@1aed5f9

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parser :

com.cisco.nm.rmeng.fcss.common.CSSSyslogFormatParser@161dfb5

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, EmblemA not valid.

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, EmblemB not valid.

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, EmblemA valid.

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Setting daemon date

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, After adjusting the offset Tue Sep 27 09:37:22 GMT 2011 GMT 27 Sep 2011 09:37:22 GMT

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parsed using the parser :

com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@1aed5f9

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, FcssEmblemProcessor - Valid EMBLEM format. Passing on...

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,501, getInterestedSubscribers() - Incrementing filtered count for nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, getInterestedSubscribers() - No interested subscribers. Returning null.

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, Entered zero size

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,501, getInterestedSubscribers() - Incrementing filtered count for nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, getInterestedSubscribers() - No interested subscribers. Returning null.

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, Entered zero size

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssEmblemProcessor - About to process the syslog string  : Sep 27 08:49:09 nos-ch-wbn-sw01.nosergroup.lan 613189: NOS-CH-WBN-SW01: Sep 27 2011 10:49:09: %AUTHMGR-5-START: St

arting 'mab' for client (000c.2995.d268) on Interface Gi0/8 AuditSessionID 0A0080FD0000007E6917871E

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Parser : com.cisco.nm.rmeng.fcss.common.FcssEmblemAFormatParser@7109c4

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Parser :

com.cisco.nm.rmeng.fcss.common.FcssEmblemBFormatParser@1385660

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Parser : com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@1aed5f9

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Parser :

com.cisco.nm.rmeng.fcss.common.CSSSyslogFormatParser@161dfb5

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, EmblemA not valid.

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, EmblemB not valid.

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, EmblemA valid.

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Setting daemon date

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, After adjusting the offset Tue Sep 27 08:49:09 GMT 2011 GMT 27 Sep 2011 08:49:09 GMT

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Parsed using the parser : com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@1aed5f9

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssEmblemProcessor - Valid EMBLEM format. Passing on...

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, deviceList set from hostname

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Converted syslog to filter string. Filter string is 10.0.128.253;;;AUTHMGR-5-START: Starting 'mab' for client (000c.2995.d268) on Interface Gi0/8 AuditSessionID 0A0080FD0000007E

6917871E

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, ^((\S+);;;(\S+)(-(\S+))?-(.*)(-(.*\s*))?\s*:\s*.*)$

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Inside Pattern evaluation trueping this syslog

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, getInterestedSubscribers() - List of interested subscribers -

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder queue size is 15

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder batch size is 50

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssFilterProcessor - Handed off syslog to forwarder. Destined to subscriber nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Entered zero size

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, got the command

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, FcssSubscriber - Posting new syslogs

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,641, FcssSubscriber - After write

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Posted syslogs, waiting for ack

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Response is true

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSyslogObjectsForwarder - incremented stats.

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, Entered zero size

This is the one which doesn't shop up:

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, FcssEmblemProcessor - About to process the syslog string  : Sep 27 09:37:22 fx-ch-hom-sw13.frox.com 149770: FX-CH-HOM-SW13: Sep 27 11:37:21: %CDP-4-DUPLEX_MISMATCH: duplex mi
smatch discovered on GigabitEthernet0/23 (not half duplex), with NOS-CH-HOM-AP01 FastEthernet0 (half duplex).
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parser : com.cisco.nm.rmeng.fcss.common.FcssEmblemAFormatParser@7109c4
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parser : com.cisco.nm.rmeng.fcss.common.FcssEmblemBFormatParser@1385660
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parser : com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@1aed5f9
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parser : com.cisco.nm.rmeng.fcss.common.CSSSyslogFormatParser@161dfb5
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, EmblemA not valid.
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, EmblemB not valid.
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, EmblemA valid.
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Setting daemon date
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, After adjusting the offset Tue Sep 27 09:37:22 GMT 2011 GMT 27 Sep 2011 09:37:22 GMT
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parsed using the parser : com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@1aed5f9
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, FcssEmblemProcessor - Valid EMBLEM format. Passing on...
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,501, getInterestedSubscribers() - Incrementing filtered count for nos-ch-wbn-lms1
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, getInterestedSubscribers() - No interested subscribers. Returning null.
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, Entered zero size

it seems somehow it doens't apply the filter so it does not know which subscriber it should use.

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,501, getInterestedSubscribers() - Incrementing filtered count for nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, getInterestedSubscribers() - No interested subscribers. Returning null.

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, Entered zero size

whereas on the good message

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, deviceList set from hostname

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Converted syslog to filter string. Filter string is 10.0.128.253;;;AUTHMGR-5-START: Starting 'mab' for client (000c.2995.d268) on Interface Gi0/8 AuditSessionID 0A0080FD0000007E

6917871E

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, ^((\S+);;;(\S+)(-(\S+))?-(.*)(-(.*\s*))?\s*:\s*.*)$

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Inside Pattern evaluation trueping this syslog

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, getInterestedSubscribers() - List of interested subscribers -

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder queue size is 15

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder batch size is 50

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssFilterProcessor - Handed off syslog to forwarder. Destined to subscriber nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Entered zero size

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, got the command

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, FcssSubscriber - Posting new syslogs

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,641, FcssSubscriber - After write

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Posted syslogs, waiting for ack

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Response is true

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSyslogObjectsForwarder - incremented stats.

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, Entered zero size SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, deviceList set from hostname
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Converted syslog to filter string. Filter string is 10.0.128.253;;;AUTHMGR-5-START: Starting 'mab' for client (000c.2995.d268) on Interface Gi0/8 AuditSessionID 0A0080FD0000007E
6917871E
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, ^((\S+);;;(\S+)(-(\S+))?-(.*)(-(.*\s*))?\s*:\s*.*)$
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Inside Pattern evaluation trueping this syslog
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, getInterestedSubscribers() - List of interested subscribers -
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, nos-ch-wbn-lms1
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder queue size is 15
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder batch size is 50
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssFilterProcessor - Handed off syslog to forwarder. Destined to subscriber nos-ch-wbn-lms1
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Entered zero size
SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, got the command
SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, FcssSubscriber - Posting new syslogs
SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,641, FcssSubscriber - After write
SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Posted syslogs, waiting for ack
SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Response is true
SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSyslogObjectsForwarder - incremented stats.
SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, Entered zero size

0 Helpful

Go to solution
alex.dersch
Level 4
Level 4
In response to alex.dersch

‎09-27-2011 02:52 AM

oops, that was to much.

it seems the message can not be processed at a good one. the good one.

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, deviceList set from hostname

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Converted syslog to filter string. Filter string is 10.0.128.253;;;AUTHMGR-5-START: Starting 'mab' for client (000c.2995.d268) on Interface Gi0/8 AuditSessionID 0A0080FD0000007E

6917871E

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, ^((\S+);;;(\S+)(-(\S+))?-(.*)(-(.*\s*))?\s*:\s*.*)$

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Inside Pattern evaluation trueping this syslog

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, getInterestedSubscribers() - List of interested subscribers -

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder queue size is 15

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder batch size is 50

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssFilterProcessor - Handed off syslog to forwarder. Destined to subscriber nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Entered zero size

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, got the command

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, FcssSubscriber - Posting new syslogs

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,641, FcssSubscriber - After write

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Posted syslogs, waiting for ack

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Response is true

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSyslogObjectsForwarder - incremented stats.

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, Entered zero size

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, FcssEmblemProcessor - Valid EMBLEM format. Passing on...

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,501, getInterestedSubscribers() - Incrementing filtered count for nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, getInterestedSubscribers() - No interested subscribers. Returning null.

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, Entered zero size

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, deviceList set from hostname

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Converted syslog to filter string. Filter string is 10.0.128.253;;;AUTHMGR-5-START: Starting 'mab' for client (000c.2995.d268) on Interface Gi0/8 AuditSessionID 0A0080FD0000007E

6917871E

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, ^((\S+);;;(\S+)(-(\S+))?-(.*)(-(.*\s*))?\s*:\s*.*)$

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Inside Pattern evaluation trueping this syslog

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, getInterestedSubscribers() - List of interested subscribers -

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder queue size is 15

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssAbstractObjectForwarder - Forwarder batch size is 50

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, FcssFilterProcessor - Handed off syslog to forwarder. Destined to subscriber nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 08:49:09,804, Entered zero size

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, got the command

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,639, FcssSubscriber - Posting new syslogs

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,641, FcssSubscriber - After write

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Posted syslogs, waiting for ack

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSubscriber - Response is true

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, FcssSyslogObjectsForwarder - incremented stats.

SyslogCollector - [Thread: SyslogObjectForwarder] DEBUG, 27 Sep 2011 08:49:14,685, Entered zero size

the one cannot be processed:

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parsed using the parser :

com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@1aed5f9

SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, FcssEmblemProcessor - Valid EMBLEM format. Passing on...

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,501, getInterestedSubscribers() - Incrementing filtered count for nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, getInterestedSubscribers() - No interested subscribers. Returning null.

SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, Entered zero size SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, Parsed using the parser : com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@1aed5f9
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 27 Sep 2011 09:37:23,499, FcssEmblemProcessor - Valid EMBLEM format. Passing on...
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,501, getInterestedSubscribers() - Incrementing filtered count for nos-ch-wbn-lms1
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, getInterestedSubscribers() - No interested subscribers. Returning null.
SyslogCollector - [Thread: FilterThread-0] DEBUG, 27 Sep 2011 09:37:23,502, Entered zero size

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to alex.dersch

‎09-27-2011 11:49 PM

You did not post enough of the log file to see why this message is not working.  Can you post the new SyslogCollector.log now that you have removed the sequence numbers?  Also, post the output of the command "env" while logged in as root on the Solaris box.

0 Helpful

Go to solution
alex.dersch
Level 4
Level 4
In response to Joe Clarke

‎09-28-2011 12:36 AM

Hello Joseph, i can't send you the log at the moment. Somehow i screwed my LMS. See threat

LMS Prime: After adding a new Certificate LMS Services not starting

As soon i solve this i will send you a fresh set of log files.

Alex

0 Helpful

Go to solution
alex.dersch
Level 4
Level 4
In response to alex.dersch

‎10-10-2011 02:06 PM

Hello Joe,

i set up a new LMS Server and i still have the same problem.

I attached the SyslogCollector.log all devices where the Hostname start with FX-CH-HOM-SW are not processed as they supposed to. And each time i get the to log entries.

SyslogCollector - [Thread: FilterThread-0] DEBUG, 10 Oct 2011 22:24:53,487, getInterestedSubscribers() - Incrementing filtered count for nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 10 Oct 2011 22:24:53,487, getInterestedSubscribers() - No interested subscribers. Returning null.

a well processed devices return this log entries:

SyslogCollector - [Thread: FilterThread-0] DEBUG, 10 Oct 2011 22:24:39,445, getInterestedSubscribers() - List of interested subscribers -

SyslogCollector - [Thread: FilterThread-0] DEBUG, 10 Oct 2011 22:24:39,445, nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 10 Oct 2011 22:24:39,445, FcssAbstractObjectForwarder - Forwarder queue size is 1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 10 Oct 2011 22:24:39,445, FcssAbstractObjectForwarder - Forwarder batch size is 50

SyslogCollector - [Thread: FilterThread-0] DEBUG, 10 Oct 2011 22:24:39,445, FcssFilterProcessor - Handed off syslog to forwarder. Destined to subscriber nos-ch-wbn-lms1

SyslogCollector - [Thread: FilterThread-0] DEBUG, 10 Oct 2011 22:24:39,445, Entered zero size

here is the output of env

env

TERM=linux

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/opt/system/scripts:/opt/system/bin:/usr/local/sbin:/usr/local/bin:/root/bin:/opt/CSCOpx/bin

PWD=/var/adm/CSCOpx/log

PS1=[\h/\u-ade \W]\$

SHLVL=1

HOME=/root

_=/bin/env

OLDPWD=/var/log

i attached the SyslogCollector.log

regards

alex

115131-SyslogCollector.log.zip
0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to alex.dersch

‎10-11-2011 01:12 AM

Okay, it looks like the problem is hostname resolution.  Check the hostname fx-ch-hom-sw13.frox.com and make sure it resolves to an IP.  If not, either fix DNS or add an entry to the server's hosts file so that the hostname resolves.

0 Helpful

Go to solution
alex.dersch
Level 4
Level 4
In response to Joe Clarke

‎10-11-2011 02:14 AM

Hi Joe,

cool, its working now! Long threat for smal issue.

thanks a lot

alex

0 Helpful
Customers Also Viewed These Support Documents