cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
283
Views
0
Helpful
1
Replies

Syslog problem in CiscoWorks 2000

zgombos
Level 1
Level 1

Unfortunately the CiscoWorks 2000 doesn’t handle properly the syslog message that contains the “\n\t” formatting characters.

Here is an example.

This message is an SNMP trap and I found the \n\t characters in it:

1057041230 7 Tue Jul 01 08:30:30 2003 <router name> - Log message generated : decaps: rec'd IPSEC packet has invalid spi for \n\t destaddr=<X.X.X.X>, prot=50, spi=0x388C93EE(948737006), srcaddr=<Y.Y.Y.Y>;3 .1.3.6.1.4.1.9.9.41.2.0.1 0

When the Solaris logs it, due to the “\n\t” the message is separated into two rows in the syslog:

Jul 1 08:30:30 <router name> 3397: Jul 1 08:34:58: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

Jul 1 08:30:30 <router name> 3398: destaddr=<X.X.X.X>, prot=50, spi=0x388C93EE(948737006), srcaddr=<Y.Y.Y.Y>

Thus CiscoWorks see only the first part of this message and when you create a syslog report or an automated action you lost the second part that is contains the source and destination addresses:

Jul 1 08:34:58: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

Does anybody have any idea how can I resolve this and get the entire message?

1 Reply 1

rmushtaq
Level 8
Level 8

If even with applying the latest IDU for RME from CCO, shows the same problem, then this could be a new issue for which TAC should help further.

Review Cisco Networking for a $25 gift card