I recently configured a set of HP Procurves to log to our LEM using Syslog. It actually went quite well. Once I redirected them to the LEM it noticed them in the node management and I was able to get them to log and setup rules etc. They were sending to Syslog with the default facility of user. When I looked in the User facility on the LEM via SSH, I could see a pretty constant 5MB of data in that log.
Today I came in and the LEM hasn't received data since 6 AM. The user log on the lem now shows as empty. I didn't change anything on the LEM or the procurves but nothing is coming through.
What would cause this to truncate and why wouldn't it keep on going?
Looking through solarwinds at the last logs it did receive there was a parsing error.. not on all but just from one. Would that impact the whole thing?
The parsing error looks like two log lines got joined together somehow, you have the start of the next log line in the middle of the first log line and that caused the field mixups.
The syslogs rotate on LEM at 6:25 am also, but a new log is created and things should continue uninterrupted.
Are you receiving other syslog data on LEM without problems? Have you tried restarting either LEM or the syslog transmission on the Procurve side to see if the logging resumes?