Submit a ticketCall us

WebinarUpcoming Webinar: Easily Automate Backups and Simplify Log Message Management

Backing up your network configuration and logging data are a few steps to helping keep your network safe. In this in-depth webinar, we’ll show you how these tasks can be automated to save your IT team time while maintaining accurate archives of your data.

Register now.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Syslog events are not appearing in the LEM Console

Syslog events are not appearing in the LEM Console

Created by Jason Dee, last modified by Kevin.Kessler-ret on Mar 24, 2017

Views: 3,796 Votes: 4 Revisions: 6

Overview

This article describes what to do if events sent by a syslog device do not appear in the LEM Console.

 

Environment

  • All LEM versions
  • Syslog devices logging to LEM

 

Cause 

This can occur by using an improperly configured or outdated connector, which may be monitoring the wrong log file.

 

Resolution

  1. Perform an nDepth search for all events coming from that connector.
    1. Go to Explore > nDepth.
    2. Expand Event Groups and drag the Any Alert.ToolAlias field to the search bar.
    3. Type the name of your connector after the equal sign. You can also use a partial name and surround it with asterisks (*) as wildcards.
    4. Specify a search time frame from the dropdown and click the Search button. If you get no results or only InternalToolOnline/InternalToolOffline events, there might be a configuration issue.
  2. Verify that the connector you have configured for your syslog device is looking in the log file that your device is sending its events to:
    1. Go to Manage > Appliances > left gear icon > Connectors and double-click the connector you've configured. The log being monitored will be shown in the Log File field.
    2. Verify that the syslog events are being received in that same log file by searching the raw log file for the IP address of your device. To check the raw log files on your LEM, see Use the CMC checklogs Command to Display Log Files.
  3. Verify that the connector you've configured is enabled and showing a green status icon.
  4. If everything is configured and you still see no events, your connector may be out of date and unable to parse those particular events. See Updating LEM Connectors.

 

 

Last modified

Tags

Classifications

Public