Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
10
Helpful
3
Replies

SyslogSeverityMatchFound triggered by LogPartitionWaterMark

drehstrom
Level 1
Level 1

‎10-27-2021 08:43 AM - edited ‎10-27-2021 08:44 AM

Hi fellas,

I'm facing an issue with our CUCM regarding the triggered alerts. Within RTMT I see three alerts on a regular basis
1. LogPartitionHighWatermarkExeeded
2. LogPartitionLowWatermarkExeeded
3. SyslogSeverityMatchFound

I can live with the first two as I have learned they "work as designed", though I find it highly irregular setting a "critical" alarm for this built-in purging mechanism. But it's quite annoying that these two alerts trigger the third one. So I reconfigured the severity of the first and second alert to "warning" and "notice" respectively.

But though SeverityMatchFound is set to "critical" (and above) the alert is still triggered!? Do I have to restart any services? If so, which one?

Thx for your help

Labels:
0 Helpful
3 Replies 3

alejandro1987
Level 1
Level 1

‎02-03-2022 11:43 AM

Hello @drehstrom 

 

It is recommended that you open a case with the TAC, they will advise you about a tool that frees disk space since those files are from previous installations and updates, the tool will free space. While they advise you, you can precisely increase the thresholds so that the alarms are not activated.

 

Regards.

 

0 Helpful

Christian Balcharan
Level 1
Level 1

‎05-10-2022 12:29 PM

The Low WaterMark is a Warning While the High WaterMark Purges Logs

 

Below is an article showing how you can adjust the Low and High WaterMarks in RTMT

Procedure to Adjust WaterMark in RTMT of Cisco Call Manager - Cisco

 

Lowering the High WaterMark mean you can purge more logs. Then re-adjust the value so you won’t get alerts.

Tip: Adjust LowWaterMark first. The Low WaterMark cannot be higher in value than the High WaterMark.

 

A Restart of Log Partition Monitoring Tool is needed.

The below thread talks about this solution:

Solved: LogPartitionLowWaterMarkExceeded UsedDiskSpace : 90 MessageString : Common Disk utilization hits - Cisco Community

 

You can find the service in CUCM as seen below or restart via the CLI by issuing  the command :

utils service restart <name of service>

ChristianBalcharan_0-1652210862419.png

 

 

 

Method 2)

You can delete logs from RTMT via the Trace and Log Central > Collect Files.

 Choose the Servers and Services. Then you will be prompted as seen below to choose logs from a specific time frame you would like to remove.

Check the box  ‘Delete Collected Log Files from Server’ before collecting.

Note: This process is longer than the others.

 

ChristianBalcharan_1-1652210862425.png

 

 

Method 3)

Using the Remote Browse Option see the below article which shows how to navigate the remote browse.

How to collect logs from RTMT with Remote Browse - Cisco Community

drehstrom
Level 1
Level 1
In response to Christian Balcharan

‎05-11-2022 02:43 AM

Thanks Christian,

I restarted the LogPartitionMonitoringTool and cleared all alerts. Now I will wait till the HighWatermarkExeeded-alert raises again and see if SeverityMatchFound is triggered.

I'll keep you posted...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents