cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 11

Log Manager 1.1 - Syslog parsing error for ADVA FSP 3000 devices

Jump to solution

Hi everyone,

i am currently evaluating the Log Manager with a customer. We ran into an issue with ADVA FSP 3000 devices and the syslog receiver of the Log Manager.

With the "old" NPM Syslog service the syslogs could be received and parsed without any issues. But with the Log Manager we receive the syslogs, but the Log Manager can not parse it.

If i set the log level to "ALL" via the log adjuster we can see the following:

2018-08-23 17:30:00,413 [36] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.SyslogService - Syslog message received from IP 0.0.0.0, EngineID: 1

2018-08-23 17:30:00,413 [36] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Syslog message:1 2018-08-23T17:30:00.45 0.0.0.0 WDM 2873 - - CH-2-3-C1 LOS CR SA Set

2018-08-23 17:30:00,413 [36] WARN SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Unable to parse the Syslog message with the raw data representation: 1 2018-08-23T17:30:00.45 172.24.111.17 WDM 2873 - - CH-2-3-C1 LOS CR SA Set

2018-08-23 17:30:00,413 [80] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.SyslogService - Syslog message received from IP 0.0.0.0, EngineID: 1

2018-08-23 17:30:00,413 [80] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Syslog message:1 2018-08-23T17:30:00.46 0.0.0.0 WDM 2873 - - CH-2-3-C1 OOSAINS NA NSA Clear

2018-08-23 17:30:00,413 [80] WARN SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Unable to parse the Syslog message with the raw data representation: 1 2018-08-23T17:30:00.46 0.0.0.0 WDM 2873 - - CH-2-3-C1 OOSAINS NA NSA Clear

(Customer IPs replaced with 0.0.0.0)

As a workaround we setup a kiwi syslog server, which forwards the syslog messages to the orion server/log manager. At first that did not work either. Only if we activate the "Use RFC 3164 header information"-Optioin in kiwi, the Log manager can parse the logs successfully.

Does anyone ran into issues like that? All the other syslogs from other devices are processed fine and the kiwi syslog server should only be a temporary solution and is not the way to go.

Thanks in advance!

Regards

Rene

0 Kudos
1 Solution
Product Manager
Product Manager

Hi Rene,

I'll reach out to you offline. I'd like to get a set Orion diagnostics so we can investigate and determine the root cause. Based on the above, it seems like it could be a problem with the date/time format, but we can confirm via Orion diags.

Thanks,

Jamie

View solution in original post

0 Kudos
2 Replies
Product Manager
Product Manager

Hi Rene,

I'll reach out to you offline. I'd like to get a set Orion diagnostics so we can investigate and determine the root cause. Based on the above, it seems like it could be a problem with the date/time format, but we can confirm via Orion diags.

Thanks,

Jamie

View solution in original post

0 Kudos

Hi Jamie,

thanks for your reply. I wrote you a PM with some more details.

Regards

Rene

0 Kudos