cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

Log Event Manager issue

Jump to solution

Please help me that how could i add the node in LEM even i configured the cisco swtich with following parameters

logging on

logging host 192.168.2.1

But i am unable to add the node in LEM.

What other configuration required for LEM on cisco switch.

I appreciate your help.

Thanks

1 Solution

At this point, it doesn't appear to be a LEM issue.  Can your Cisco device ping the LEM's hostname or IP?  Is traffic on port 514 allowed in your network?  You're going to have to do some basic network troubleshooting to make sure that the devices can communicate.  The LEM does not appear to be getting any traffic from the Cisco device, and we can't log what we don't see.

View solution in original post

18 Replies
Level 15

Have you seen this article?

SolarWinds Knowledge Base :: Configuring Cisco IOS Routers and Switches to Syslog to Your LEM Applia...

It looks like your logging configuration is missing some lines and details.  Then you'll need to add a connector as evanr describes in the Manage --> Appliance screen of the GUI.

As a note, Cisco is probably one of the most revised and updated connectors, so you'll also want to make sure that your connectors are all up to date.

SolarWinds Knowledge Base :: How to apply a LEM connector update package

0 Kudos

Dear Curtisi,

Thanks for your help.

lem1.jpglem2.jpg

I have seen this and i did lot of efforts but can't do this.

Sir i dont want to add any cisco firwall device just want to add cisco switch using add node from LEM but unable to add this.

I have done following step on cisco switch and also see on above mentioned snap shots please have a look.

  1. Connect to your Cisco IOS device using an SSH or Telnet client.
  2. Login using administrative credentials for the device.
  3. Enter enable.
  4. Reenter the administrative password for the device.
  5. Enter configure and press Enter after the "How would you like to configure?" prompt.
  6. Enter logging LEM_IP_address.
    Note: LEM_IP_address is the IP address of your LEM Manager.
  7. Enter logging facility local2. This defines where the LEM Manager will look for the IOS logs.
  8. Enter logging trap debug.
  9. Enter exit to return to the previous prompt.
  10. Enter copy run start to ensure the device reboots with the new configuration.
  11. When asked about the destination, press Enter.
0 Kudos

Connect to the LEM CMC shell:

http://knowledgebase.solarwinds.com/kb/questions/3303/Use+an+SSH+client+to+connect+to+your+LEM+appli...

Go to the APPLIANCE menu and enter CHECKLOGS.  If you view Local2, do you see information from the switch's IP?

0 Kudos

Dear Curtisi,

i successfully connected with LEM in cms shell.

What my next step ?

0 Kudos

Sir, how do i view local2?

Please guide me regarding this process and i don't know any commands.

0 Kudos

cmc> appliance

cmc::acm# checklogs

Available log files:

        [1]: Syslog Log (83M)

        [2]: SNMP Trap Log (2.9M)

        [3]: Snort Alert Log (Empty)

        [4]: Auth Log (12K)

        [5]: Daemon Log (3.5M)

        [6]: User Log (4.0K)

        [7]: Solr Log (Empty)

        [8]: Database Log (4.0K)

        [9]: Manager Configuration Log (12K)

        [10]: Kernel Log (Empty)

        [11]: Migration log (Empty)

        [12]: Syslog local0 Log (2.0M)

        [13]: Syslog local1 Log (76M)

        [14]: Syslog local2 Log (448K)

        [15]: Syslog local3 Log (Empty)

        [16]: Syslog local4 Log (432K)

        [17]: Syslog local5 Log (4.0K)

        [18]: Syslog local6 Log (4.0K)

        [19]: Syslog local7 Log (2.4M)

Choose a log to view and press enter (1-19, q to quit): 14

View from the beginning or end of the log file? (b/E)

Please enter the number of lines to display (default: 500)

Displaying logfile: Syslog local2 Log (/var/log/local2.log)

In the viewer, press q to quit and the spacebar to view more of the log file.

Press <enter> to continue

just like VI a 'SHIFT+G' will take you to the end.  And 'gg' will take you to the top. 

0 Kudos

lemssh.jpg

[14]: syslog local2 log [Empty] its showing empty.

Dear Evanr and Curtisi,

I did it this process successfully and even i enter to continue and went into vi enviroment but i didn't understand this.

Can you explain whats the result of this? And i am still unable to add the cisco node in LEM.

Please sir help me to add this node in LEM in GUI and i am waiting for your response Sir.

Even i able to add the windows in LEM using LEM agent successfully but unable to cisco node.

0 Kudos

Please sir help me to resolve this issue.

14]: syslog local2 log [Empty] its showing empty.

Dear Evanr and Curtisi,

I did it this process successfully and even i enter to continue and went into vi enviroment but i didn't understand this.

Can you explain whats the result of this? And i am still unable to add the cisco node in LEM.

Please sir help me to add this node in LEM in GUI and i am waiting for your response Sir.

Even i able to add the windows in LEM using LEM agent successfully but unable to cisco node.lemssh.jpg

0 Kudos

At this point, it doesn't appear to be a LEM issue.  Can your Cisco device ping the LEM's hostname or IP?  Is traffic on port 514 allowed in your network?  You're going to have to do some basic network troubleshooting to make sure that the devices can communicate.  The LEM does not appear to be getting any traffic from the Cisco device, and we can't log what we don't see.

View solution in original post

Dear ,

My cisco devices are pinging to LEM properly and communication also fine from each and every devices.

Could you let me know i allow traffic from port 514.

And also let me know how i add cisco node in LEM ? Actually i am getting error on initial stage and i am able to add the windows node in LEM by LEM agent.

Please help me Sir

0 Kudos
0 Kudos

Adaoudi,

Could you let me know how i allow traffic from port 514 in LEM ?

0 Kudos

What kind of cisco device are you trying to add ?
I'am an newbie at using LEM but I can try to help you.

0 Kudos

Adaoudi,

Actually i am trying to add Cisco 6509 switch in LEM

And i did following configuration in my Cisco switch

no logging console

logging on

logging monitor notifications
logging trap debugging

logging host 10.144.1.1                // My LEM IP address

logging facility local2

Please help Sir if you can.

I am waiting for your response.

0 Kudos

Believe it or not I'm having the same problem in our network with Cisco devices.

Check port 514  

To do this (from another computer on the network) -> telnet  192.168.2.1 514

If you get through -> port 514 is allowed.

Next if you can physically get in reach of the server LEM is on or a device LEM is on send the logs directly from that device. Let me know your results.

Only use port 514 since LEM wont work on any other port number. I know your Cisco device will but LEM will not.

I work on a huge network where port 514 may be blocked at some locations. You may want to look at SNMP as an alternative.

*user curtisi statement is probably correct but doing what I wrote will help you troubleshoot why.

0 Kudos
Level 12

Did you add this through the appliance?  Manage appliances then add your connector from there.

0 Kudos

Sir,

I didn't add this through appliance.

could you sir clear to me this and how do i this process.

Now i did following configuration on my cisco switch.

logging on

logging host 10.144.1.1

logging facility local2


Then i went through LEM and just used the option for add the node through syslog but i am unable to the add this.

Please sir let me know how do i do add connector in appliance.

0 Kudos

saroop I created this document to help with agentless nodes, since there seems to be some struggle with it:

SNMP and Syslog Connector Creation

In this case, you'd want to create a Cisco IOS/PIX connector and set it to read Local2.

2014-03-25 06_17_09-SolarWinds Log and Event Manager Console.png

0 Kudos