Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1741
Views
0
Helpful
3
Replies

Storage option for Syslog in RME3.4

gchui
Level 1
Level 1

‎10-17-2002 05:56 PM - edited ‎02-20-2020 10:18 PM

Dear all,

In RME3.4, the storage option stated the default max. messages kept is 1000000 and days for message to keep is 7 days. Does any one know how can I associate these two values. Does it mean syslog messages older thatn 7 days will be deleted? But when I try to take a look of the syslog.log file, I still can see the messages older thatn 7 days. What does this imply? Thanks

Gary

0 Helpful
3 Replies 3

rmushtaq
Level 8
Level 8

‎10-17-2002 08:18 PM

This option lets you determine how long to store data and the message source.

For managed devices, the Syslog Analyzer retains a maximum of 1 million messages for 7 days. If the maximum number of days for storage is changed to a value other than 7, the Syslog Analyzer retains the messages (maximum of 1 million) for the number of days specified.

For unmanaged devices, the Syslog Analyzer retains the number of messages configured, regardless of the number of days specified.

Procedure:

- Select Resource Manager Essentials > Administration > Syslog Analysis > Change Storage Options. The Change Storage Options dialog box appears.

Caution: You might delete data by changing these values. If you change the number of days to values lower than the current values, messages over the new limits will be deleted.

- Enter the maximum number of days for storage. The default is 7.

Note: Database trimming for Syslog tables is scheduled at different times:

Sac status Table(SLG_SAC_STATUS) gets reset everyday at 12 midnight. The counters in Syslog Collector Status under Administration->Syslog Analysis is trimmed every midnight. All counters including Messages Processed, Messages Collected, Invalid messages and Total will be set to zero .

Managed Messages table (SLG_MSG) gets trimmed everyday at 1:00 AM. The maximum messages to keep and maximum days are configured in Storage Options

Unmanaged messages table (SLG_MSG_UMGD) gets trimmed everyday at 2:00 AM. The maximum messages to keep is configured in Storage Options.

- Enter the message source (where the Syslog Analyzer gets the messages). This must be a valid location for the Syslog Analyzer to work correctly. Valid entries for the message source are found in the following locations:

Windows NT Registry - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Crmlog\Parameters

UNIX - /etc/syslog.conf

- Click Finish. A confirmation message appears.

Stop the Syslog Analyzer by selecting CiscoWorks2000 Server > Administration > Process Manager > Stop Process > SyslogAnalyzer.

- Stop the CMF Syslog Service, and then restart it from the Control Panel.

- Start the Syslog Analyzer by selecting CiscoWorks2000 Server > Administration > Process Manager > Start Process > SyslogAnalyzer.

0 Helpful

gchui
Level 1
Level 1
In response to rmushtaq

‎10-21-2002 12:52 AM

What does the message "Syslog Analyzer retains the messages (maximum of 1 million) for the number of days specified" mean? How about the syslog.log file? Any relationship between the number of messages to be kept by syslog analyzer and syslog.log file?

0 Helpful

rmushtaq
Level 8
Level 8
In response to gchui

‎10-21-2002 07:42 AM

1 million messages in the limit of the RME syslog db and not that of thee syslog.log file.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card