09-04-2003 06:06 AM - edited 03-02-2019 10:06 AM
I have set up all my switches and routers to log to the CW2K syslog, but I am only getting firewall messages and the occasional message from a switch. Each device that gets a syslog message into CW2K is shown as the CW2K server originating the message - it does not show the IP address or DNS name of the switch.
I have set up an alternative syslog server in the place of the CW2K one and it gets all the messages with IP addresses as I would expect.
Does anybody have any ideas of what is going wrong?
Thanks
09-04-2003 12:17 PM
Hi simonthompson,
Please verify that syslogs are being sent out to the specified ip address of the CiscoWorks Server.
Best test is have term mon configured on your router
and type,
config t
end
this should generate a SYS-5-CONFIG-I message for
configuration attempt
once you see the outgoing packet, then log on to
the server itself.
If CiscoWorks is installed on
Windows platform, check:
the syslog.log file, default location would be,
C:\Program Files\CSCOpx\log
Unix platform, check:
the syslog_info file, default location would be,
var/log
Now we can compare the message as CiscoWorks receives
it. CiscoWorks receives the syslog into a flat file before storing them into the syslog database.
If the syslog message matches, now we know it's not getting altered at this point.
Verify if all the Cisco devices are managed in RME inventory, RME treats syslogs for unknown devices differently.
09-04-2003 08:36 PM
Hi even i am facing the same problem of syslog messages not appearing in the syslog reports.
I have configured the routers and switches normally:
1.logging on
2.logging 192.168.10.1(ciscoworks server)
3.logging trap informational.
On the RME ,i jave configured the syslog analyzer normallly.
When i check the syslog reports it says meeages with invalid format.
I even tried having the service timestamp debug msec localtime show timezone
service timestamp log msec localtime show timezone
but still no luck.routers are looging the messages to RME , ic an confirm that.
Anybody has any other ideas????
Regards,
AMit.
09-17-2003 06:35 PM
Make sure the management name you use in ciscoworks matches DNS. When the syslog message arives as a ip address ciscoworks does a reverse lookup and tries to match the dns name to the management name. If no match is found it lists it in the unexpected device report. Also on a router with more than one interface you can use the command logging source-interface . The interface should be the ip address of the management name
10-08-2003 05:51 AM
Make sure you use NTP on your network as well. If the timestamp in the Syslog message is after the current time on the CW2K server, CW2K will put the message in the unexpected device report.
10-10-2003 12:56 PM
make sure cw2k can hit your routers and switches with dns reverse lookup. if you already have "logging
for example cw2k installed on c:\
c:\cscopx\log\syslog.log
this is a text file which will give you an idea whether syslog messages are being log. if you see ip addresses rather than hostnames, good indication dns reverse lookup isn't working.
Or
open ciscoworks, goto RME, Syslog Analysis, Unexpected Device Report. if you see syslogs here but Device Names are IPs, then you definately have a dns reverse lookup problem.
also it would be good to have correct timestamp.
service timestamps log datetime localtime
good luck
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide