cancel
Showing results for 
Search instead for 
Did you mean: 

Troubleshot NCM RealTime Change Notification RTN logs / email issues

Troubleshot NCM RealTime Change Notification RTN logs / email issues

In this post we will see live activity and try to troubleshot NCM RealTime change Notification and most common issues related to this NCM area .

Not able to receive an RTN emails from a poller

Not able able to receive emails from RTN

Check list

Make sure you are working on the Same poller where you have the Node assigned in case you have Additional pollers

Syslog must be sent to the same poller in case you have Additional pollers

Poller have access to the SMTP Server in case you have Additional pollers

Verify poller have access to the SMTP Server on the configured port

From the affected poller please check if you are able to access your SMTP server.

Please Navigate following path

C:\Program Files (x86)\SolarWinds\Common\SWEmailNotify.exe

Run

SWEmailNotify.exe

Enter SMTP / IP Or Hostname

Click "Test Gateway"

Example:

You will receive following message for  Successful connection

"Successfully connected to 192.168.1.50 220 mysmtpserver ESMTP

For Unsuccessful

Error Connecting to 192.168.1.13 the attempt to connect timed out

pastedImage_14.png

pastedImage_15.png

Please Note: All the Pollers including APE  must have access the SMTP Configured in RTCN Settings.

How do i verify i am receiving Syslogs from the devices to the Orion Server

How to verify port traffic received @ (NetFlow port 2055) / (Traps port 162 ) / ( Syslog port 514 ...

Verify Syslog and Syslog RTN Rules are configured and enabled

Open Syslog Viewer and check the Configured Rule is connect and enabled

Solarwinds provide 2 pre configured rules for Cisco devices (including ASA )

Creating real time notifications for non cisco devices. Vendors like riverbed, aruba, f5 and infoblox

If your device is different from the Cisco please check with your Vendor and make sure the rule is correctly configured for the devices.

Creating real time notifications for non Cisco devices Vendors

           How Cisco device worked in this case . anyone will enter in Config mode and exit from the Config mode device will generate a Syslog message

           which will contain "Configured from console" this will then captured by the rule and NCM will start downloading the configuration from the device if there will be any change noticed

           NCM will save the configuration and send an email with changes are marked compared with the last downloaded configuration .

IF

There is no change in device configuration NCM will discard the configuration and will not save / will not send any notification.

pastedImage_0.png

pastedImage_1.png

pastedImage_5.png

pastedImage_2.png

Open Syslog live viewer and make sure you are able to see the the Syslog is been sent from the device (Use the filter Tags option )

pastedImage_1.png

Make sure you are able to see the Transfer Status and complete download configuration of the node

pastedImage_16.png

Now install the Kiwi Log Viewer as below and map the following logs

View live Orion log activity Kiwi Log Viewer

Make Changes to the Device and check following log files

NcmBusinessLayerPlugin.log (This log will show you the live activity sending emails and RTN Report / Action activity )

C:\ProgramData\SolarWinds\Logs\Orion\NCM\NcmBusinessLayerPlugin.log

Its started from the session here

pastedImage_10.png

Show you the email is been sent to which addresses

pastedImage_11.png

RTN.log (This log file will show you the live activity which contained Syslog message and device configuration change )

C:\ProgramData\SolarWinds\Logs\Orion\NCM\RTN.log

pastedImage_7.png

Common Error:

Failure Sending Email through SMTP Configured . 25 .

2019-09-16 11:57:42,358 [109] ERROR SolarWinds.Cirrus.BusinessLayer.RTNHelper - ExecuteRtn errorSystem.Net.Mail.SmtpException: Failure sending mail. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 10.10.119.87:25

   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)

   --- End of inner exception stack trace ---

   at System.Net.ServicePoint.GetConnection(PooledStream PooledStream, Object owner, Boolean async, IPAddress& address, Socket& abortSocket, Socket& abortSocket6)

   at System.Net.PooledStream.Activate(Object owningObject, Boolean async, GeneralAsyncDelegate asyncCallback)

   at System.Net.PooledStream.Activate(Object owningObject, GeneralAsyncDelegate asyncCallback)

   at System.Net.ConnectionPool.GetConnection(Object owningObject, GeneralAsyncDelegate asyncCallback, Int32 creationTimeout)

   at System.Net.Mail.SmtpConnection.GetConnection(ServicePoint servicePoint)

   at System.Net.Mail.SmtpTransport.GetConnection(ServicePoint servicePoint)

   at System.Net.Mail.SmtpClient.GetConnection()

   at System.Net.Mail.SmtpClient.Send(MailMessage message)

   --- End of inner exception stack trace ---

   at System.Net.Mail.SmtpClient.Send(MailMessage message)

   at SolarWinds.Cirrus.BusinessLayer.EmailSender.<>c__DisplayClass7_0.<Send>b__0()

Cause:

The poller have no access to the SMTP Server on the configured port 25.

Please make sure you follow the above troubleshooting steps and confirmed the port is accessible

Please Note: You cannot configure multiple SMTP for each poller there is only one SMTP Server

Related Links.

NCM troubleshooting landing page

Comments

Great guide for troubleshooting.. Nice One as helped me find out where our issues were in the logs.

Thanks for the feedback glad this helped you

Version history
Revision #:
1 of 1
Last update:
‎09-20-2019 04:32 AM
Updated by:
 
Contributors