Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1409
Views
0
Helpful
7
Replies

Syslog issue

ddalessa
Level 1
Level 1

‎03-24-2006 12:26 PM

For some reason, I am unable to view syslog messages on any routers thru CiscoWorks. It has been a while since I had (and it worked then) but when I try now, select 1 or 20 routers, select an available date range, I receive the following: No records found. Please check whether logging has been enabled on selected device(s). Well they all have logging enabled. We have this hosted on Solaris box, so I telnet'd to the server and stopped & started the processes. Then I logged back into C'Works, and made sure all processes are started - yet, nothing changes. Any idea why??

Labels:
0 Helpful
7 Replies 7

nickmaiolo
Level 1
Level 1

‎03-24-2006 03:40 PM

Check /var/log/syslog_info and see if they are being stored here. This is where solaris stores the syslogs before ciscoworks picks them up.

Itll give you a good indication of whether its a solaris or ciscoworks problem.

0 Helpful

Martin Ermel
VIP Alumni
VIP Alumni
In response to nickmaiolo

‎03-27-2006 05:06 AM

Thats correct what nickmaiolo wrote and I guess Solaris has the last messages in this file...

I assume the problem relates to the size of the file /var/log/syslog_info.

If the last syslog messages are in there, just copy the file as a backup if you still need the infos and then kick the content.

Wait some time for new messages an test SyslogAnalyzer again. If it is still not working restart the SyslogAnalyzer.

HTH

MArtin

0 Helpful

ddalessa
Level 1
Level 1
In response to Martin Ermel

‎03-29-2006 02:42 PM

thanks for taking the time to respond. First of all, I can more or less start over really. Is it safe for me to simply delete the syslog_info file, and if I do, will it simply create a new one, or would I need to create a BLANK syslog_info file?

Thanks again,

Dan

0 Helpful

nhabib
Level 9
Level 9
In response to ddalessa

‎03-29-2006 07:00 PM

Simplest and most proper way to clear the syslog_info file is to use the following command:

cp /dev/null /var/log/syslog_info

0 Helpful

ddalessa
Level 1
Level 1
In response to nhabib

‎03-30-2006 07:00 AM

ok, I backed up the original syslog_info file & performd the cp command. I stopped & started ciscoworks processes, yet I do not see the new file receiving any logs. SO, I stopped & started the SysLogAnalyzer process. Nothing. Question: Do I need to change the attributes of the new syslog_info file??

0 Helpful

nickmaiolo
Level 1
Level 1
In response to ddalessa

‎03-30-2006 08:35 AM

The attributes shouldnt change as you havent actually touched them. Youve simply blanked the file out. If solaris is receiving syslog messages at all, CiscoWorks points them to /var/log/syslog_info. If you type:

tail /var/log/syslog_info

you will see a timestamp when the last syslog was received. If this file is 0 byte in size, you may need to restart the syslog process or reboot.

0 Helpful

Martin Ermel
VIP Alumni
VIP Alumni
In response to nickmaiolo

‎04-03-2006 05:47 AM

check if the messages arrive in syslog_info; telnet to a router, login to it, go into config mode an leave it. This causes a syslog message to be generated. With the tail command you must be able to see this message in /var/log/syslog_info. If it is not there your problem could be one of the following:

a) router is sending to the wrong syslog server (or even not sending syslog messages)

b) the message is blocked on the way to your server

c) your solaris box is configured not to queue this message to the file /var/log/syslog_info(so it could be send to another file or it is dropped);

check /etc/syslog.conf for the configuration of your syslog daemon

MArtin

0 Helpful
Customers Also Viewed These Support Documents