Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > LEM Reports Troubleshooting Guide > Troubleshooting strategies

Troubleshooting strategies

Log files list actions that have occurred in your system or almost any IT asset. One of the most effective strategies for troubleshooting LEM Reports is analyzing log files. This technique allows you to review all logged details about the system and its processes. If a process is running improperly or not running at all, analyzing system logs can help you identify where and how the process stopped.

Analyzing log files

Each log file contains many pieces of valuable information. With proper analysis of this data, you can identify what happened in your system that caused a LEM Reports issue.

Log files that may be especially helpful for troubleshooting LEM Reports issues are:

  • /usr/local/contego/manager.log: Located on the manager or database server. This log can be viewed by opening PuTTY session to the LEM appliance, entering your CMC credentials, and entering manager to access the Manager Configuration menu. From this menu:
    1. Enter the watchlog command to view real time entries being written and press <Ctrl+C> to return back to the CMC, or
    2. Enter the showlog command to view what has been written to this log up to this time. To navigate this log:
      1. Press <Enter> to navigate down one line at a time,
      2. Press <Page Up> or <Page Down> to go up/down one page at a time.
      3. Press <Shift+G> to go to the end of the log.
      4. Press <q> to close this log.
  • SWLEMReports.log: Located at C:\Program Files (x86)\SolarWinds Log and Event Manager Reports\SWLEMReports.log.
  • crystaljrc.log: Located on C:\Program Files (x86)\SolarWinds Log and Event Manager Reports\crystaljrc.log (available from 6.0.1 onwards).

With Linux tools like VIM and LESS, use a </> (slash mark) and a text string to search the log for that text string. 9001 and the IP address/hostname of the host from which you are running reports make good search strings. In Windows, search logs in Notepad by pressing <Ctrl+F>, entering the text string to search, and pressing <Enter>.

If an issue is specific to a particular report template, you can also check the report template .rpt file.

Log analysis activities include:

 

Identifying an unreachable manager or firewall-blocked port: crystaljrc.log

07 Jan 2015 15:40:51 [ORBacus:ThreadPerRequest:Dispatcher] FATAL com.crystaldecisions.data.jdbc - SQL Exception: [SQL State:] 08001 [Error Message:] java.net.ConnectException: Connection refused: connect

Distinguishing incorrect logon credentials: crystaljrc.log

Incorrect logon credentials create a crystaljrc.log message like the following:

07 Jan 2015 15:47:49 [ORBacus:ThreadPerRequest:Dispatcher] FATAL com.crystaldecisions.data.jdbc - SQL Exception: [SQL State:] 28501 [Error Message:] invalid authorization specification - not found: Java execution: AUTHENTICATION

Determining an invalid password error: manager.log

An invalid password looks like the following in the manager log:

(Sun Mar 22 16:24:31 CDT 2015) EE:ERR [NewUserLibrary] {HSQLDB Connection @7d2d3420:3284} Exception during authentication: report[Subject: , 10.220.6.18] - com.trigeo.core.users.TriGeoLoginException: Invalid username/password.

Checking network connectivity with ZenMap

Use analysis tools like ZenMap to examine port status on LEM appliances. ZenMap is the Graphical User Interface (GUI) to the NMAP network discovery utility.

To learn more about NMAP and ZenMap, and to download the application and its interface, see http://nmap.org/.

 

Last modified
20:14, 22 Jun 2016

Tags

Classifications

Public