08-06-2009 11:30 AM
I have configured our switches with syslog traps and syslog server as LMS server, but I don't see any messages under "syslog Alerts" in RME module. The messages are collected fine on another linux box. I don't see much configuration of syslog server on LMS.
In RME, Syslog collector Status under Tools, shows 1855, 12, 1867 under Invalid,Filtered and Received respectively, but when I tried to run syslog report it doesn't show anything. I would like to collect all switches syslog messages on LMS box. Any help will be appreciated.
Thanks,
08-06-2009 11:37 AM
The Syslog Alerts module only shows sev 0, 1, and 2 messages. You may not have received any of these. Go to RME > Reports > Report Generator, and run a Syslog Standard Report for all your devices. Do you see anything?
08-06-2009 12:43 PM
I don't see any records. I did disconnect and reconnect one of the switch port to generate a message, but still didn't get anything. I did get that on another linux box.
Thanks,
08-06-2009 01:00 PM
Post a screenshot of RME > Tools > Syslog > Message Filters. Verify that the messages being sent by your devices are appearing in NMSROOT/log/syslog.log.
08-06-2009 01:31 PM
We are running LMS 3.1 on windows. What do you mean by verifing the messages being sent by your devices are appearing in NMSROOT/logs/syslog.log? I couldn't attach the screen shot file. Cut and paste of screen text is given below.
Message Filters Type: Drop Keep
Include interfaces of selected devices: Yes No
Showing 5 records
Name Status
1. Link Up/Down Message Filter Enabled
2. IOS Firewall Audit Trail Messages Enabled
3. PIX Firewall Audit Messages Disabled
4. Severity 7 Message Filter Enabled
5. Otsa switches message filter Enabled
08-06-2009 01:37 PM
Screen shot is attached with following thread message.
08-06-2009 01:35 PM
08-06-2009 01:41 PM
What is the configuration for your Otsa switches filter? I know you're on Windows. The NMSROOT directory is the path into which you installed LMS. Within that directory there will be a log subdirectory. And in that subdirectory will be a file called syslog.log. Make sure your device messages are showing up in that file.
08-07-2009 10:14 AM
08-07-2009 10:17 AM
What are some of the messages appearing in syslog.log?
08-07-2009 11:02 AM
11:05:17 10.10.10.218 294: Aug 7 11:05:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/16, changed state to down
Aug 07 11:05:17 10.10.10.218 295: Aug 7 11:05:13: %LINK-3-UPDOWN: Interface GigabitEthernet0/16, changed state to down
Aug 07 11:05:21 10.10.10.218 296: Aug 7 11:05:17: %LINK-3-UPDOWN: Interface GigabitEthernet0/16, changed state to up
Aug 07 11:05:21 10.10.10.218 297: Aug 7 11:05:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/16, changed state to up
08-07-2009 11:07 AM
You have enabled the linkup/down filter which means those messages will be dropped. Disable this filter, generate some new messages, then run your syslog report. They should show up.
08-11-2009 10:19 AM
I have disabled all filters. Messages do show when I run report, but they still don't show on RME main screen under Syslog Alerts. It still shows "No Records Found".
08-11-2009 10:21 AM
As I said, the Syslog Alerts portlet only shows the most severe alerts (Severity 0, 1, and 2). If you are not receiving any of these, then nothing will show up in the portlet. This is actually a good thing as it means your network isn't experiencing any high-severity issues.
08-11-2009 10:26 AM
Is it possible to change severity level?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide