10-27-2021 08:43 AM - edited 10-27-2021 08:44 AM
Hi fellas,
I'm facing an issue with our CUCM regarding the triggered alerts. Within RTMT I see three alerts on a regular basis
1. LogPartitionHighWatermarkExeeded
2. LogPartitionLowWatermarkExeeded
3. SyslogSeverityMatchFound
I can live with the first two as I have learned they "work as designed", though I find it highly irregular setting a "critical" alarm for this built-in purging mechanism. But it's quite annoying that these two alerts trigger the third one. So I reconfigured the severity of the first and second alert to "warning" and "notice" respectively.
But though SeverityMatchFound is set to "critical" (and above) the alert is still triggered!? Do I have to restart any services? If so, which one?
Thx for your help
02-03-2022 11:43 AM
Hello @drehstrom
It is recommended that you open a case with the TAC, they will advise you about a tool that frees disk space since those files are from previous installations and updates, the tool will free space. While they advise you, you can precisely increase the thresholds so that the alarms are not activated.
Regards.
05-10-2022 12:29 PM
The Low WaterMark is a Warning While the High WaterMark Purges Logs
Below is an article showing how you can adjust the Low and High WaterMarks in RTMT
Procedure to Adjust WaterMark in RTMT of Cisco Call Manager - Cisco
Lowering the High WaterMark mean you can purge more logs. Then re-adjust the value so you won’t get alerts.
Tip: Adjust LowWaterMark first. The Low WaterMark cannot be higher in value than the High WaterMark.
A Restart of Log Partition Monitoring Tool is needed.
The below thread talks about this solution:
You can find the service in CUCM as seen below or restart via the CLI by issuing the command :
utils service restart <name of service>
Method 2)
You can delete logs from RTMT via the Trace and Log Central > Collect Files.
Choose the Servers and Services. Then you will be prompted as seen below to choose logs from a specific time frame you would like to remove.
Check the box ‘Delete Collected Log Files from Server’ before collecting.
Note: This process is longer than the others.
Method 3)
Using the Remote Browse Option see the below article which shows how to navigate the remote browse.
How to collect logs from RTMT with Remote Browse - Cisco Community
05-11-2022 02:43 AM
Thanks Christian,
I restarted the LogPartitionMonitoringTool and cleared all alerts. Now I will wait till the HighWatermarkExeeded-alert raises again and see if SeverityMatchFound is triggered.
I'll keep you posted...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide