Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > How to Troubleshoot Syslog Nodes in SolarWinds Log & Event Manager - Video

How to Troubleshoot Syslog Nodes in SolarWinds Log & Event Manager - Video

Updated 8-18-2016

Overview

During this session we are going to work through some troubleshooting steps when your network devices don't appear to be sending logs to the LEM virtual appliance.

 

 

 

Environment

  • Log & Event Manager

 

Related Resources

Video Transcription

Before we get started make sure you have access to the LEM command line. You can use an SSH client like putty or you can use your Virtualization console to access LEM CLI directly. Finally, make sure and check you devices and verify that they are configured to forward syslog data to the LEM Virtual Appliance IP Address. The SolarWinds knowledge base does contain instructions for several supported devices and can be accessed directly from the web console in the add nodes section or by clicking on the KB link here.

The first step in troubleshooting syslog devices is verifying that LEM is actually receiving the raw data.

  1. Access the LEM command line via the virtualisation console (Vsphere or Hyper-V Manager) by selecting the Advanced Configuration option. You can also fire up an ssh tool and use the ip address of your LEM and port number 32022. If you login via an ssh client the username will always be CMC and the password is "password" unless you have changed the password previously.
  2. Once you are in the command line type in "appliance" to enter the appliance menu. At any point you can see a list of available commands by typing "help".
  3. In the appliance menu type in "checklogs" and hit enter. As you can see on my screen there are several options all numbered on the left side. Each option represents a potential location for log data.
  4. Syslog based logging is usually represented by Facilities numbered 0-7 which are basically just log files. Some devices give you the ability to select a facility while others will automatically assign one. Either way those facilities are represented in LEM using numbers 12 through 19 in brackets on the left.
  5. To verify which facility may be receiving logs from your devices look to the right of the facility and you will see a number that represents the amount of data currently in that facility. If all of your facilities are empty you will need to check your device and ensure it is properly configured and forwarding logs to the right ip address.
  6. If you do see a facility that has data you can open that file by typing in the corresponding number in brackets to the left then hit enter.
  7. Next you will be asked whether you want to see the beginning of the file or the end. Hitting enter will default to the END of the file.
  8. Hit enter again and you will be asked how many lines you want visible. No entry will default to 500 lines.
  9. Now you will hit enter one more time and the raw log data will appear. Use this data to verify that it is the right devices and repeat these steps check other facilities.
  10. Make a special note of the local facility number i.e. local3 as you will need it in the following steps.

Now that we have verified there is data coming in from your device we can manually enable the log connector that supports the device.

  1. Click on the MANAGE button in the navigation bare and select APPLIANCES.
  2. Click the gear icon next to the appliance name and select CONNECTORS.
  3. A dialog box will appear listing the available device connectors. In the search bar at the top type in the brand name of your devices. For example, if I type in Cisco it will display all of the the supported Cisco products. NOTE: If you do not see your device listed please contact your Sales Rep if you are evaluating or Technical Support if you are a customer and they will have additional information on our process for unsupported devices.
  4. Once you have located your device click the gear icon and select NEW to create a new connector and open the configuration options. These options may vary however for most syslog based devices it will look like what you see on the screen now.
  5. The most important field in the the configuration options is the LOG FILE field. Make sure the localX portion of this path represents the facility you configured directly on your device or the facility you noted by completing the previous steps. In this case I found my Cisco device data in facility local3 so all I have to do is change this number from 2 to 3.
  6. The rest of the field can be left as default. 
  7. Now we will need to save the connector configuration on the right by clicking this save button. 
  8. Once saved you see a new connector with a gray globe. Click the gear icon next to the gray globe and click START then wait until you see the globe turn green.
  9. At this point you have completed manual configuration of a lem connector.

Now that we have verified data is being received and completed a manual connector configuration we will use the web console to make sure we see live data from that device. Keep in mind that some devices just don't generate a continuous stream of logs so you may have to force the issue by making a simple change or authenticating to that device.

  1. To view logs from your device login to the LEM Web console and click on MONITOR within the navigation bar. The monitor section will display logs from your devices in real-time through the use of filters.
  2. On the left expand the Overview section and click on the ALL EVENTS filter to see all data received by LEM. Pay special attention to the DETECTION IP column as it will contain the ip address or host name of the devices sending log data. As you can see here My Cisco ASA device logs appear here. 

Visit the Success Center for more information on using Log & Event Manager. https://support.solarwinds.com/Succe..._Manager_(LEM)

 

 

Last modified
15:25, 18 Aug 2016

Tags

Classifications

Public