This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

LEM does not capture logs from RHEL agents

marcus38 over 5 years ago

I have look through the troubleshoot guide and gathered information based on it

Our RHEL servers are currently connected to the LEM as shown in the LEM console,

have verified that no firewall is between these devices as all the ports are opened,

Started the connector for Linux such as PAM and OpenSHH.

In the LEM Internal Events, the InternalToolOnline shown Started FAST reader for the connectors I have configured and started.

But there are still no logs coming in from the RHEL agents

Client Details

LEM Version: 6.3.1hotfix7

Agent Version: 6.3.1hotfix5
Linux OS: Linux 2.6.32-279.37.2.el6.x86_64

Web Console: SolarWinds-LEM-v6.3.1

Installer Files

LEM Installer: SolarWinds-LEM-v6.3.1-Evaluation-HyperV

Agent Installer: SolarWinds-LEM-v6.3.1-HF5-Linux64AgentInstaller

Console Installer: SolarWinds-LEM-v6.3.0-Console & SolarWinds-LEM-v6.3.0-AdobeAIR

Base on this article: https://support.solarwinds.com/Success_Center/Log_Event_Manager_(LEM)/LEM_with_Linux_x64_Agents_show_no_logs

We have verified that our RHEL servers syslog has a non-standard date header format.

We also verified changing the syslog to a non-standard date header format from a standard one will cause the LEM to stop capturing log from the RHEL agents.

However, We are not comfortable in changing the non-standard to a standard one for LEM to take in the logs.

Therefore,

is there any alternatives for this issue?

Is it possible to configure the LEM Agents to take into account of our current Syslog format?

If yes, configuration will only take place in /usr/local/contego/ContegoSPOP?

--------------------------------------------------------------------------------------------------------------------------------------------------------

Okay things have changed.

We have managed to get one of our client devices to change to a standard/default date header for the syslog.

And the logs are sent to LEM and displayed on the Console

May I confirm if the SolarWinds Agent require Default Date Header for Syslog?

As for the Linux Connector, I am using OpenSSH and PAM for /var/log/secure

May I know which connector can I use for /var/log/messages and /faillog

Would appreciate any help provided.

Top Replies

marcus38 over 5 years ago in reply to jgrobinette050 +1

Yes mine was resolved Our RHEL using logs with a non-standard header time stamp We changed the header time stamp to the what SolarWinds LEM recognize and the logs are coming in.

0 jgrobinette050 over 5 years ago

Marcus I think I'm having the same issue. Did you get any resolve?
I saw where rsyslog was not supported and RHEL seems to be running rsyslog per my daemon search but this could be SYSLOG.
My agent does install and shows up in the install, but I get a message in the last logged column of >7 days since last log.
Cancel
Vote Up 0 Vote Down

Cancel
0 marcus38 over 5 years ago in reply to jgrobinette050

Yes mine was resolved
Our RHEL using logs with a non-standard header time stamp
We changed the header time stamp to the what SolarWinds LEM recognize and the logs are coming in.
Cancel
Vote Up +1 Vote Down

Cancel