Integrating Cisco Nexus switch with LEM

Hi Mike,

There should be a connector on your appliance that supports NX-OS logs:

If you follow the steps in the guide you attached, but simply apply the above connector, rather than the Cisco PIX & IOS connector mentioned in the guide, LEM should then pickup the Nexus logs.

Any problems/questions let me know

I did as you suggested. The syntax is a little different for NX-OS, so maybe you can double check me. I SSH into my switch and added the following commands:

logging server x.x.x.x (my LEM IP) 7 use-vrf management facility local2

logging level local2 7

In LEM, I added a new connector called Nexus5K (real original) and edited the Log File to be:

/var/log/local2.log

I then started this connector and it turned green and I did not create a filter.

I then scanned for new nodes and I get "No Connectors Found"

Am I missing something?

Thanks for the help!

Mike

Hi Mike,

I'm not overly familiar with the NX-OS, but the 'logging level local2' looks incorrect. It should be set to a level as outlined here.

Can you also use the checklogs tool within LEM to confirm that the NX-OS logs are actually hitting local2. If the connector is not detecting NX-OS logs in local2, it sounds like the logs aren't actually getting to local2.

If you SSH into LEM (or you can go via the VM console), then follow these steps:

1. At the cmc> prompt, enter appliance.
2. At the cmc::acm# prompt, enter checklogs.
3. Enter an item number to select and view a local facility.

According to the Cisco Nexus 5000 NX-OS Software Configuration Guide, Chapter: Configuring System Message Logging, the default outgoing facility is local7.

I have changed all references from local2 to local7. I also edited the LEM Log File to /var/log/local7.log.

Still getting "No Connectors Found" when I scan for new nodes.

SSH into switch and do command "show logging info", I see the logging server is enabled and IP address of my LEM server, server severity is debugging, server facility local7, but it also says "this server is temporarily unreachable." However, I can ping from switch to LEM server and vice versa no problem. Checked logs on LEM (cmc::acm# checklogs) and they are empty, so logs are in fact not getting there. The LEM server is a VM, but the VM Host is directly connected to the switch I'm trying to send syslog from. Do I need to edit IP Tables in LEM or something else?

Hi Mike,

If the logs aren't reaching the LEM appliance, it is generally down to an issue with the source device or something blocking the connection between the Nexus & LEM. The connectors won't pick up any new log sources if the facility is empty.

Could you try running a Wireshark between the Nexus & LEM server on port 514 - can you see the syslogs being sent to the appliance?