• State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 21 subscribers
  • Views 485 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Syslog server crashed - now logging not functioning as we need it to.

mgosden

Good morning


The server that our Syslog application (V8.3.15) runs on crashed a few days ago and once we got it back up and running it (the Syslog application) stopped sending us email notifications of notices and anything other than “info” level messages from our Cisco routers. The application was installed and configured by a colleague who is no longer with us and after having spent some time trying to get our logging back to how it was I have been unsuccessful. What we used to receive were message such as this:


2013-06-27 15:42:17 Local7.Notice ROUTER_NAM_8.3 734945: 15961040: *Jun 27 14:20:07.054 GMT: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP . Peer x.x.x.x.dsl.zen.co.uk:500 Id: x.x.x.x.dsl.zen.co.uk

Try as I might I cannot get this type of logging switched back on. In the “priority” filtering I have all but “info” ticked – if I tick “info” then we get hundreds of messages logged (and emailed to us) – but it is only those ones we don’t need.


Any help you could offer would be very gratefully received.


Many thanks.

  • 0

    I take it you had to resinstall Kiwi from the sounds of it. Was it a hard drive failure? on the drive Kiwi was on? Can you get to any backups if there were any?

    The problem here is that kiwi is very versatile, and if you were using it for alerts then it probably had a decent number of rules setup, possibly some scripting and without backups it may be extremely difficult to get it back to where it was.

    If you can't get a backup, I'll see if I can offer some more assistance when I can get to my server tomorrow.

  • 0 in reply to Aforsythe

    Hi Acy

    I didn't have to reinstall - what happened was we had an unsafe shutdown of the server and that, on reboot, caused us several issues of which this is one. Unfortunately (for me) it would seem backups of this server are non-existent, so I will need to try and recreate what we had.

    What I am unclear about is that, with all message filtering ticked (so allowed) we are getting hundreds of messages from our routers, but not a single one is in the format we had before. If I just needed to unfilter the info messages I'd be OK!

    Any more help you could offer would be gratefully received.

  • 0 in reply to mgosden

    OK - problem sorted. Rather than trying to fix what was already there I uninstalled and reinstalled, all good now.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.