This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Log Manager 1.1 - Syslog parsing error for ADVA FSP 3000 devices

Hi everyone,

i am currently evaluating the Log Manager with a customer. We ran into an issue with ADVA FSP 3000 devices and the syslog receiver of the Log Manager.

With the "old" NPM Syslog service the syslogs could be received and parsed without any issues. But with the Log Manager we receive the syslogs, but the Log Manager can not parse it.

If i set the log level to "ALL" via the log adjuster we can see the following:

2018-08-23 17:30:00,413 [36] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.SyslogService - Syslog message received from IP 0.0.0.0, EngineID: 1

2018-08-23 17:30:00,413 [36] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Syslog message:1 2018-08-23T17:30:00.45 0.0.0.0 WDM 2873 - - CH-2-3-C1 LOS CR SA Set

2018-08-23 17:30:00,413 [36] WARN SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Unable to parse the Syslog message with the raw data representation: 1 2018-08-23T17:30:00.45 172.24.111.17 WDM 2873 - - CH-2-3-C1 LOS CR SA Set

2018-08-23 17:30:00,413 [80] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.SyslogService - Syslog message received from IP 0.0.0.0, EngineID: 1

2018-08-23 17:30:00,413 [80] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Syslog message:1 2018-08-23T17:30:00.46 0.0.0.0 WDM 2873 - - CH-2-3-C1 OOSAINS NA NSA Clear

2018-08-23 17:30:00,413 [80] WARN SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Unable to parse the Syslog message with the raw data representation: 1 2018-08-23T17:30:00.46 0.0.0.0 WDM 2873 - - CH-2-3-C1 OOSAINS NA NSA Clear

(Customer IPs replaced with 0.0.0.0)

As a workaround we setup a kiwi syslog server, which forwards the syslog messages to the orion server/log manager. At first that did not work either. Only if we activate the "Use RFC 3164 header information"-Optioin in kiwi, the Log manager can parse the logs successfully.

Does anyone ran into issues like that? All the other syslogs from other devices are processed fine and the kiwi syslog server should only be a temporary solution and is not the way to go.

Thanks in advance!

Regards

Rene