Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
843
Views
0
Helpful
5
Replies

syslog alerts and syslog message windows showing "NO DATA IS AVAILABLE"

baotran09
Level 1
Level 1

‎02-01-2010 03:26 AM

Hi folks,

I have a kiwi syslog server and it is working. I want to fordward the logs to Ciscoworks. On kiwi syslog, I entered the IP of CW server, but Im not seeing anything on syslog alerts and syslog message windows, both windows showing "NO DATA IS AVAILABLE". I've tested syslog polling on a test switch and I can get alerts etc, but not when fordward from kiwi syslog server?

What have I done wrong and what else can I try?

Thank you for your input...

Labels:
0 Helpful
5 Replies 5

Joe Clarke
Cisco Employee
Cisco Employee

‎02-01-2010 07:23 AM

How does Kiwi forward the messages?  That is, does it spoof the soure device IP, or does it use its own IP address for the source address?  If the latter, then what you are seeing is expected.  RME will have no way of tying the messages to the device that actually sent them.  If the former, then make sure the messages are first showing up in the LMS syslog log file (i.e. NMSROOT/log/syslog.log on Windows and /var/log/syslog_info on Solaris).

0 Helpful

baotran09
Level 1
Level 1
In response to Joe Clarke

‎02-01-2010 07:54 AM

Hi Joe,

Ive looked at NMSROOT/log/syslog.log and I can see kiwi logs is in syslog.log.

What do I need to configure in oder to view it in SYSLOGS ALERTS AND SYSLOG message porlet?

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to baotran09

‎02-01-2010 11:46 AM

Are the messages appearing in the log with the address of the device, or with that of the Kiwi server?

0 Helpful

baotran09
Level 1
Level 1
In response to Joe Clarke

‎02-01-2010 07:16 PM

The messages appearing in the log with the address of the devic. Below is the log in syslog.log:

Jan 28 17:26:12 Original Address= %ISDN-6-CONNECT: Interface Serial0/0/0:8 is now connected to xxxxxxxx N/A

Jan 28 17:26:35   Original Address= %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0/4, changed state to down

Jan 28 17:26:35   Original Address= %LINK-3-UPDOWN: Interface FastEthernet2/0/4, changed state to up

Jan 28 17:26:35   Original Address= %LINK-3-UPDOWN: Interface FastEthernet2/0/4, changed state to down

How come its not showing in the porlet? Did i miss something?

Thanks for your help Clarke

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to baotran09

‎02-01-2010 08:16 PM

The syslog message is not properly formatted.  The "Original Address" field is not part of a standard Cisco syslog message.  If Kiwi cannot transparently spoof the sender's IP, then you will not be able to forward syslogs from Kiwi to RME.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card