10-17-2002 05:56 PM - edited 02-20-2020 10:18 PM
Dear all,
In RME3.4, the storage option stated the default max. messages kept is 1000000 and days for message to keep is 7 days. Does any one know how can I associate these two values. Does it mean syslog messages older thatn 7 days will be deleted? But when I try to take a look of the syslog.log file, I still can see the messages older thatn 7 days. What does this imply? Thanks
Gary
10-17-2002 08:18 PM
This option lets you determine how long to store data and the message source.
For managed devices, the Syslog Analyzer retains a maximum of 1 million messages for 7 days. If the maximum number of days for storage is changed to a value other than 7, the Syslog Analyzer retains the messages (maximum of 1 million) for the number of days specified.
For unmanaged devices, the Syslog Analyzer retains the number of messages configured, regardless of the number of days specified.
Procedure:
- Select Resource Manager Essentials > Administration > Syslog Analysis > Change Storage Options. The Change Storage Options dialog box appears.
Caution: You might delete data by changing these values. If you change the number of days to values lower than the current values, messages over the new limits will be deleted.
- Enter the maximum number of days for storage. The default is 7.
Note: Database trimming for Syslog tables is scheduled at different times:
Sac status Table(SLG_SAC_STATUS) gets reset everyday at 12 midnight. The counters in Syslog Collector Status under Administration->Syslog Analysis is trimmed every midnight. All counters including Messages Processed, Messages Collected, Invalid messages and Total will be set to zero .
Managed Messages table (SLG_MSG) gets trimmed everyday at 1:00 AM. The maximum messages to keep and maximum days are configured in Storage Options
Unmanaged messages table (SLG_MSG_UMGD) gets trimmed everyday at 2:00 AM. The maximum messages to keep is configured in Storage Options.
- Enter the message source (where the Syslog Analyzer gets the messages). This must be a valid location for the Syslog Analyzer to work correctly. Valid entries for the message source are found in the following locations:
Windows NT Registry - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Crmlog\Parameters
UNIX - /etc/syslog.conf
- Click Finish. A confirmation message appears.
Stop the Syslog Analyzer by selecting CiscoWorks2000 Server > Administration > Process Manager > Stop Process > SyslogAnalyzer.
- Stop the CMF Syslog Service, and then restart it from the Control Panel.
- Start the Syslog Analyzer by selecting CiscoWorks2000 Server > Administration > Process Manager > Start Process > SyslogAnalyzer.
10-21-2002 12:52 AM
What does the message "Syslog Analyzer retains the messages (maximum of 1 million) for the number of days specified" mean? How about the syslog.log file? Any relationship between the number of messages to be kept by syslog analyzer and syslog.log file?
10-21-2002 07:42 AM
1 million messages in the limit of the RME syslog db and not that of thee syslog.log file.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide