Submit a ticketCall us

Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at customersuccess@solarwinds.com

 

 

 

 

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM 6.3 User Guide > Troubleshooting Agents and Network Devices

Troubleshooting Agents and Network Devices

Created by Caroline Juszczak, last modified by MindTouch on Jun 23, 2016

Views: 737 Votes: 2 Revisions: 5

 

If you do not see the events you expected to see in the LEM Console, use the following procedures to troubleshoot your LEM Agents and network devices.

Troubleshooting the LEM Agent

Start by determining whether the LEM Agent is connected to the LEM appliance:

  1. Open the LEM Console and log in to your LEM appliance.
  2. Click the Manage tab, and then select Nodes.
  3. To filter this list to show just LEM Agents, select Agent from the Nodes menu on the Refine Results pane.

Note: Refer to the icon in the Status column to determine which procedures to use.

Troubleshooting Disconnected or Missing LEM Agents

Complete these procedures for LEM Agents that show in the LEM Console as "Disconnected," or do not show in the LEM Console at all.

To troubleshoot LEM Agents that you cannot see in the LEM Console:

  1. Verify you have installed the LEM Agent on the host computer.
  2. If you have installed the LEM Agent, complete the procedure for how to troubleshoot LEM Agents that show as "Disconnected" in the LEM Console.

To troubleshoot LEM Agents that show as "Disconnected" in the LEM Console:

  1. Verify the LEM Agent service is running on the host computer.
  2. Verify you can ping the LEM appliance by hostname from the LEM Agent computer.
  3. If you can ping the appliance by hostname, clear the LEM Agent certificate.
  4. If you cannot ping the appliance by hostname, try pinging the appliance by IP address.
  5. If you can ping the appliance by IP address, do one of the following:
  • Edit spop.conf so the LEM Agent calls the LEM appliance by its IP address instead of its hostname. For instructions, see the spop.conf procedure later in this section.
  • Change your DNS settings so the LEM Agent computer can resolve the LEM appliance's hostname (recommended).
  1. If you cannot ping the appliance by IP address, resolve any network or firewall issues between the LEM Agent and appliance.

To edit spop.conf so the LEM Agent calls the LEM appliance by its IP address (Windows):

  1. Stop the SolarWinds Log and Event Manager Agent service.
  2. Delete the spop folder (do not delete the ContegoSPOP folder):
  • 32-bit computers:C:\Windows\System32\ContegoSPOP\spop
  • 64-bit computers:C:\Windows\SysWOW64\ContegoSPOP\spop
  1. In the  ContegoSPOP folder, open and modify the spop.conf file by replacing the ManagerAddress value with the LEM appliance's IP address.
  2. Save and close the file.
  3. Start the >SolarWinds Log and Event Manager Agent service.

Troubleshooting Connected LEM Agents

Complete the following procedures for LEM Agents that show in the LEM Console as Connected.

To troubleshoot LEM Agents that show as "Connected" in the LEM Console:

  1. Verify you have configured the appropriate connectors on the LEM Agent. For example, the LEM Agent for Windows runs the connectors for the Windows Application and Security Logs by default, but you must configure the connector for the DNS server role.
  2. Verify the connectors you have configured are running.
  3. If the necessary connectors are configured and running, delete and recreate the connectors that are not working.

Contacting Support

If you still do not see events from your LEM Agents after completing these procedures, send the following files to SolarWinds Support (default paths):

32-bit Windows OS:

  • C:\Windows\System32\ContegoSPOP\spoplog.txt (the most recent version)
  • C:\Windows\ System32\ContegoSPOP\tools\readerState.xml

64-bit Windows OS:

  • C:\Windows\SysWOW64\ContegoSPOP\spoplog.txt (the most recent version)
  • C:\Windows\SysWOW64\ContegoSPOP\tools\readerState.xml

Troubleshooting Network Devices

Start by determining whether the device is sending data to the LEM appliance:

  1. Connect to your LEM appliance using the VMware "console" view, or an SSH client such as PuTTY.
  2. If you're connecting to your appliance through SSH, log in as the CMC user, and provide the appropriate password.
  3. If you're connecting to your appliance using VMware, select Advanced Configuration  on the main console screen, and then press <Enter> to get to the command prompt.
  4. At the cmc> prompt, enter appliance.
  5. At the cmc::acm# prompt, enter checklogs.
  6. Enter an item number to select a log file to view.
  7. Check each log file that is not empty for evidence that the device is logging to the appliance, such as the device's product name, device name, or IP address.

Troubleshooting Network Devices Logging to LEM

To monitor a network device with LEM, you must first configure the device to send its log messages to the LEM appliance. Determine whether or not the device you are troubleshooting is logging to LEM prior to completing the following troubleshooting procedures.

To determine whether the LEM appliance is receiving data from the device:

  1. Connect to your LEM appliance using a virtual console or SSH client.
  2. Access the CMC prompt:
  • Virtual Console: Arrow down to Advanced Configuration, and then press Enter.
  • SSH Client: Log in using your CMC credentials.
  1. At the cmc> prompt, enter appliance.
  2. At the cmc::acm# prompt, enter checklogs.
  3. Enter an item number to select a log file to view.
  4. Check each log file that is not empty for evidence that the device is logging to the appliance, such as the device's product name, device name, or IP address.

Devices Not Logging to a Log File on the Appliance

Complete the following procedures for network devices that do not show data on the LEM appliance.

  1. Verify you have configured the device to log to the LEM appliance.
  2. Verify the device is logging to the correct IP address for the LEM appliance.
  3. If the device is sending SNMP traps to the LEM appliance, verify you have configured the LEM appliance to accept SNMP traps.
  4. Verify a firewall is not blocking communication between the device and the LEM appliance.

To configure your LEM Manager to accept SNMP traps:

  1. Connect to your LEM appliance using a virtual console or SSH client.
  2. Access the CMC prompt:
    • Virtual Console: Arrow down to Advanced Configuration, and then press Enter.
    • SSH Client: Log in using your CMC credentials.
  3. At the cmc> prompt, enter service.
  4. At the cmc::scm# prompt, enter enablesnmp.
  5. Press Enter to confirm your entry.
  6. After you see the message, Done starting the SNMP service, enter exit to return to the cmc> prompt.

Troubleshooting Devices Logging to a Log File on the Appliance

Complete the following procedure for network devices that show data on the LEM appliance.

To troubleshoot network devices that have sent logs to the LEM appliance:

  1. Verify you have configured the appropriate connector on the LEM appliance. For information about how to troubleshoot connectors that are out of date, see Troubleshooting "Unmatched Data" or "Internal New Tool Data" events in your LEM Console.
  2. Verify the connector you have configured is running.
  3. If the necessary connector is configured and running, delete and recreate the connector instance.

Contacting Support

If you still do not see events from your network device after completing these procedures, send a screenshot of your device's logging configuration screens to SolarWinds Support.

Last modified
20:09, 22 Jun 2016

Tags

Classifications

Public