Solved: Syslog reports are always empty

cmartinvalle · ‎05-07-2007

Hi,

when I try to generate any syslog report from RME/Reports/Report generator/ always the message is the same: "no records".

But when I see the file C:/Program Files/CSCOpx/log/syslog.log, I can see new lines corresponding to the new syslog messages produced in the devices.

I have reseted the RME database but the behaviour continues being the same.

Can anyone please help me?

Regards.

Joe Clarke · ‎05-07-2007

The syslog system actually has a lot of moving parts. The syslog.log is just the first piece. Since messages are getting there, the next place to look is the SyslogCollector. Make sure it is running (use pdshow to verify that), and check your syslog messages filters under RME > Tools > Syslog > Syslog Message Filters to make sure you're not filtering out your messages. NB: if you have disabled or deleted all of your filters, but the mode is set to DROP, SyslogCollector will drop all syslog messages. Set your mode to KEEP in that case. Next, go to RME > Tools > Syslog > Syslog Collector Status, and make sure your local Collector shows up there. If not try registering it.

If the SyslogCollector checks out, move on to the SyslogAnalyzer. Again, use pdshow to verify the Analyzer is running. If it is, you need to enable debug. To enable SyslogCollector debug, edit C:\progra~1\CSCOpx\MDC\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties, and change DEBUG_LEVEL to DEBUG. then restart SyslogCollector (pdterm SyslogCollector / pdexec SyslogCollector).

To enable SyslogAnalyzer debugging, go to RME > Admin > System Preferences > Loglevel Settings. You do not need to restart anything for SyslogAnalyzer.

Then, generate some more messages, and check the SyslogCollector.log and AnalyzerDebug.log for any errors around the time those messages appear in syslog.log.

The most common problems with the syslog system on Windows are port conflicts (TCP ports 3333 and 4444 must be available for syslog, or you must choose other ports), or name resolution problems. If the problem turns out to be name resolution related (the AnalyzerDebug.log will show this) a patch is available from the TAC that will correct the problem.

View solution in original post

Joe Clarke · ‎05-07-2007

The syslog system actually has a lot of moving parts. The syslog.log is just the first piece. Since messages are getting there, the next place to look is the SyslogCollector. Make sure it is running (use pdshow to verify that), and check your syslog messages filters under RME > Tools > Syslog > Syslog Message Filters to make sure you're not filtering out your messages. NB: if you have disabled or deleted all of your filters, but the mode is set to DROP, SyslogCollector will drop all syslog messages. Set your mode to KEEP in that case. Next, go to RME > Tools > Syslog > Syslog Collector Status, and make sure your local Collector shows up there. If not try registering it.

If the SyslogCollector checks out, move on to the SyslogAnalyzer. Again, use pdshow to verify the Analyzer is running. If it is, you need to enable debug. To enable SyslogCollector debug, edit C:\progra~1\CSCOpx\MDC\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties, and change DEBUG_LEVEL to DEBUG. then restart SyslogCollector (pdterm SyslogCollector / pdexec SyslogCollector).

To enable SyslogAnalyzer debugging, go to RME > Admin > System Preferences > Loglevel Settings. You do not need to restart anything for SyslogAnalyzer.

Then, generate some more messages, and check the SyslogCollector.log and AnalyzerDebug.log for any errors around the time those messages appear in syslog.log.

The most common problems with the syslog system on Windows are port conflicts (TCP ports 3333 and 4444 must be available for syslog, or you must choose other ports), or name resolution problems. If the problem turns out to be name resolution related (the AnalyzerDebug.log will show this) a patch is available from the TAC that will correct the problem.