INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS
Come Join Us!
- Talk With Other Members
- Be Notified Of Responses
To Your Posts
- Keyword Search
- One-Click Access To Your
Favorite Forums
- Automated Signatures
On Your Posts
- Best Of All, It's Free!
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.
Partner With Us!
"Best Of Breed" Forums Add Stickiness To Your Site
(Download This Button Today!)
Member Feedback
"...I wish I knew about this site years ago. It would have saved me a lot of heartaches..."
Geography
Where in the world do Tek-Tips members come from?
|
 Cisco Works not e-mailing alerts
|
|
|
Kainfs (TechnicalUser) |
13 Jul 06 6:00 |
Hi,
I'm running CiscoWorks LMS 2.5 which sends e-mail alerts from some devices but not others.
Typical e-mail alerts include Config changes and port security violations.
On checking the syslog messages reports in 'Device Centre>Device selector' it seems as if the devices are not sending the syslog messages to the the syslog server (i.e. Cisco Works) even though they appear when directly consoled into the switch.
I've made sure that the switches are in the correct 'Notification Groups' and selected in the Automated Action in 'RME > Tools > Syslog > Automated Actions'.
I've directly copied the config from the switches which are sending the e-mail alerts to the swithces which are'nt so, i doubt whether the config is causing the problem.
Any help/ideas will be gratefully received.
Many thanks
|
|
|
nbowden (TechnicalUser) |
13 Jul 06 11:25 |
Hi, If you are seeing the Syslog messages in the reports for the device, the it sounds like the syslog messages probably aren't getting to the LMS server. To check, open the syslog.log file in the logs directory and see if you can see the messages in there. If they're not in there, then they aren't getting to LMS. You might like to check that your IOS devices have the config line : logging <ip_address_lms> Also, are there any firewalls in the way that would cause the syslog messages to be blocked from reaching the LMS server ? HTH Nigel Bowden
http://www.bowden-software.com |
|
|
Kainfs (TechnicalUser) |
18 Jul 06 4:47 |
Hi, I've checked the config for the working switch and the non-working switch and they are virtually identical. They both have the line: logging trap debugging logging <ip-address of LMS> In answer to your question: there are no firewalls between the switches and LMS server. I've been pulling my hair out for two weeks now trying to solve this one.  Regards |
|
|
nbowden (TechnicalUser) |
18 Jul 06 15:39 |
Did you check the syslog.log file to see if the messages are actually arriving at the LMS server ? You should be able to open it with a text editor and search for the IP address of the switch. Nigel Bowden
http://www.bowden-software.com |
|
|
Kainfs (TechnicalUser) |
19 Jul 06 7:25 |
Hi Nigel,
I've checked the syslog.log and can confirm that it is receiving the sys log messages e.g.
Apr 10 11:39:28 10.0.200.1 53: 2d21h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address ****.****.**** on port FastEthernet2/0/1.
Apr 10 11:39:28 10.0.200.1 54: 2d21h: |
|
|
nbowden (TechnicalUser) |
19 Jul 06 11:57 |
That's good, at least we know that the syslog messages are getting to the server then. Next, if you run a syslog report from RME, do you see the messages in the report ? This will confirm that the syslog messages are getting from the syslog server process in to the RME DB. Nigel Bowden
http://www.bowden-software.com |
|
|
Kainfs (TechnicalUser) |
20 Jul 06 4:30 |
Hi Nigel,
I've ran a syslog report through RME and it says there are no records!
Not quite sure what i'm doing wrong. I've delted and added the switches back in Campus Manager, added the entries into the local host file.
Regards |
|
|
mbilgrav (IS/IT--Management) |
20 Jul 06 6:30 |
1. Are your sysloganalyzer process running ?
2. Are your device credentials ok ?
HTH
Martin
|
|
|
Kainfs (TechnicalUser) |
20 Jul 06 8:42 |
Hi Martin
I've checked the device credentials and they all look fine.
However, i'm not quite sure how i go about checking to see whether the sysloganalyser process is running? Where would i find this information?
Regards |
|
|
dacl (TechnicalUser) |
20 Jul 06 16:28 |
Hi,
You can check if your SyslogAnalyzer process is running by executing CSCOpx\bin\pdshow in the CLI.
pdshow SyslogAnalyzer
would be better.
If at least 1 device is showing Syslogs in the GUI then thats enough to know that SyslogAnalyzer is doing its job.
The syslog message you are using as a reference in this thread is from Apr 10th. RME will, by default, purge those syslog messages older than 9 days. You need to find a newer syslog message. Telnet to the device, do a couple of "config term" and "exit". That will generate new syslog messages. Wait 5 minutes and look into the syslog.log again. Is the new syslog message in there?
What size does your syslog.log file has by the way? 500 MB or more will give you trouble.
The device must be SNMP reachable and Inventory Collected by RME. If this isnt so, then the device is not managed by RME, and SyslogAnalyzer will skip those syslogs when analyzing the syslog.log file. |
|
|
Kainfs (TechnicalUser) |
26 Jul 06 4:28 |
Hi,
I've managed to get the e-mail alerts working now.
It turned out that the devices had not been selected in the appropriate message filter in RME>Tools>Syslog>Message Filters.
Thanks guys for your ideas and help
Kind Regards |
|
|
 |
|
