Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2732
Views
0
Helpful
7
Replies

Syslog Time Problem

xshant
Level 1
Level 1

‎10-27-2010 11:59 PM

Dear *,

I have a weird problem about syslog time. I get correct syslog timestamp on the router and syslog_info but when i go on RME to see report i get incorrect time. Infact time is future, plz check time stamp on below of the same message in syslog_info, router and RME report?

Output from syslog_info
----------------------

Oct 28 09:04:02 08C0-PE012-001.mpls.ae 45: 000081: *Oct 28 09:04:01.220 AST: %SONET-4-ALARM:  POS8/1/0: SLOS cleared
Oct 28 09:04:02 08C0-PE012-001.mpls.ae 46: 000082: *Oct 28 09:04:01.316 AST: %SONET-4-ALARM:  POS8/1/0: B1 cleared
Oct 28 09:04:02 08C0-PE012-001.mpls.ae 47: 000083: *Oct 28 09:04:01.316 AST: %SONET-4-ALARM:  POS8/1/0: B2 cleared
Oct 28 09:04:02 08C0-PE012-001.mpls.ae 48: 000084: *Oct 28 09:04:01.316 AST: %SONET-4-ALARM:  POS8/1/0: B3 cleared
Oct 28 09:04:02 08C0-PE012-001.mpls.ae 49: 000085: *Oct 28 09:04:01.720 AST: %LINK-3-UPDOWN: Interface POS8/1/0, changed state to up
Oct 28 09:04:03 08C0-PE012-001.mpls.ae 50: 000086: *Oct 28 09:04:01.720 AST: %IFDAMP-5-UPDOWN: interface POS8/1/0 update IP Routing state to UP, interface is not suppressed


#######################################################

Output from Router
------------------


000081: *Oct 28 09:04:01.220 AST: %SONET-4-ALARM:  POS8/1/0: SLOS cleared
000082: *Oct 28 09:04:01.316 AST: %SONET-4-ALARM:  POS8/1/0: B1 cleared
000083: *Oct 28 09:04:01.316 AST: %SONET-4-ALARM:  POS8/1/0: B2 cleared
000084: *Oct 28 09:04:01.316 AST: %SONET-4-ALARM:  POS8/1/0: B3 cleared
000085: *Oct 28 09:04:01.720 AST: %LINK-3-UPDOWN: Interface POS8/1/0, changed state to up
000086: *Oct 28 09:04:01.720 AST: %IFDAMP-5-UPDOWN: interface POS8/1/0 update IP Routing state to UP, interface is not suppressed


#######################################################

Report from RME
----------------

5. xxxxx xxxxxx Oct 28 2010 22:04:01 SONET 4 ALARM POS8/1/0: SLOS cleared *
6. xxxxx xxxxxx Oct 28 2010 22:04:01 SONET 4 ALARM POS8/1/0: B1 cleared *
7. xxxxx xxxxxx Oct 28 2010 22:04:01 SONET 4 ALARM POS8/1/0: B2 cleared *
8. xxxxx xxxxxx Oct 28 2010 22:04:01 SONET 4 ALARM POS8/1/0: B3 cleared *
9. xxxxx xxxxxx Oct 28 2010 22:04:01 LINK 3 UPDOWN Interface POS8/1/0, changed state to up *
10. xxxxx xxxxxx Oct 28 2010 22:04:01 IFDAMP 5 UPDOWN interface POS8/1/0 update IP Routing state to UP, interface is not suppressed *

any ideas people?

Thx,

Aamir

Labels:
0 Helpful
7 Replies 7

Gaganjeet Chug
Level 4
Level 4

‎10-28-2010 03:58 AM 

Hi Amir,

Please go through this link and adjust the timezone of the devices if the syslog reports are showing different time zone of the syslog messages in the
syslog reports.

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00807ca437.shtml#ios
 

It all need to be done
 
clock timezone CST -6
clock summer-time CDT recurring 2 Sun Mar 1:00 1 Sun Nov 1:00
ntp server 10.100.1.9
 
and the output should be 
 
ENET-4507R-CORE#show clock
 
14:37:46.525 CDT Tue May 12 2009

Thanks,
Gaganjeet

0 Helpful

xshant
Level 1
Level 1
In response to Gaganjeet Chug

‎10-28-2010 04:39 AM

But i am getting the right timestamp on the router and on the syslog_info file on the solaris server? just in the RME reports its showing weird time?

Thanks

Aamir

0 Helpful

Gaganjeet Chug
Level 4
Level 4
In response to xshant

‎10-28-2010 09:36 AM

HI Aamir,

Kindly enable the debugging for Syslog from RME > Admin > System Preferences > Application Log level setings > Syslog Analyzer > DEBUG > APPLY.

Generate few syslog and show the following output.

1> Logs generated by device

2> Same syslog in syslog_info

3> AnalyzerDebug.log

Note :- Kindly delete any sensitive information from the debug logs.

Thanks,

Gaganjeet

0 Helpful

xshant
Level 1
Level 1
In response to Gaganjeet Chug

‎10-30-2010 05:43 AM

Dear,

I was able to solve the problem. My routers had "service tmestamps log datetime msec localtime show-timezone" so when i removed the "show-timezone" it solved the problem and RME shows the correct time now. Although i dont understand why "show-timezone" was creating problem.

However i just noticed something, when i did clear ip bgp * i get tthe syslogs in syslog_info and in RME report no problem but when i do clear ip ospf process, no syslogs in the syslog_info and RME report?? Looks like the router is not sending OSPF syslogs? how is that happening?

Thanks,

Aamir

0 Helpful

Gaganjeet Chug
Level 4
Level 4
In response to xshant

‎10-30-2010 06:41 AM

Hi Aamir,

If you are not able to see the log into syslog_info then I think its device side issue. Kindly try to reproduce the issue with packet capture and check if device is actually sending syslog to device or not. If not, then need to diagnose it from device side troubleshooting.

Thanks

Gaganjeet

0 Helpful

xshant
Level 1
Level 1
In response to xshant

‎10-30-2010 06:54 AM

Ok this is what i found, Lets say we have two routers A & B. when i do clear ip ospf process on router A

, no syslog report for router A however when i check syslog report for router B i get adj loading fulll syslog, and vice versa. Meaning I only get loading full message but not from the router where i executed the command but on the adj router??  Is this normal?

Thanks,

Aamir

0 Helpful

Gaganjeet Chug
Level 4
Level 4
In response to xshant

‎10-30-2010 07:02 AM

Hi Aamir,

Kindly open new thread for Router side issue. The point is we must have syslog into syslog_info file so that CiscoWorks process it according to Syslog filter setings.

Thanks

Gaganjeet

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card