2 Replies Latest reply on Sep 5, 2018 10:43 AM by rfroembgen

    Log Manager 1.1 - Syslog parsing error for ADVA FSP 3000 devices

    rfroembgen

      Hi everyone,

       

      i am currently evaluating the Log Manager with a customer. We ran into an issue with ADVA FSP 3000 devices and the syslog receiver of the Log Manager.

       

      With the "old" NPM Syslog service the syslogs could be received and parsed without any issues. But with the Log Manager we receive the syslogs, but the Log Manager can not parse it.

       

      If i set the log level to "ALL" via the log adjuster we can see the following:

       

      2018-08-23 17:30:00,413 [36] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.SyslogService - Syslog message received from IP 0.0.0.0, EngineID: 1

      2018-08-23 17:30:00,413 [36] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Syslog message:1 2018-08-23T17:30:00.45 0.0.0.0 WDM 2873 - - CH-2-3-C1 LOS CR SA Set

      2018-08-23 17:30:00,413 [36] WARN SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Unable to parse the Syslog message with the raw data representation: 1 2018-08-23T17:30:00.45 172.24.111.17 WDM 2873 - - CH-2-3-C1 LOS CR SA Set

      2018-08-23 17:30:00,413 [80] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.SyslogService - Syslog message received from IP 0.0.0.0, EngineID: 1

      2018-08-23 17:30:00,413 [80] INFO SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Syslog message:1 2018-08-23T17:30:00.46 0.0.0.0 WDM 2873 - - CH-2-3-C1 OOSAINS NA NSA Clear

      2018-08-23 17:30:00,413 [80] WARN SolarWinds.Orion.LogMgmt.SyslogServiceImplementation.Parser.SyslogParser - Unable to parse the Syslog message with the raw data representation: 1 2018-08-23T17:30:00.46 0.0.0.0 WDM 2873 - - CH-2-3-C1 OOSAINS NA NSA Clear

      (Customer IPs replaced with 0.0.0.0)

       

       

      As a workaround we setup a kiwi syslog server, which forwards the syslog messages to the orion server/log manager. At first that did not work either. Only if we activate the "Use RFC 3164 header information"-Optioin in kiwi, the Log manager can parse the logs successfully.

       

      Does anyone ran into issues like that? All the other syslogs from other devices are processed fine and the kiwi syslog server should only be a temporary solution and is not the way to go.

       

      Thanks in advance!

       

      Regards

      Rene