Submit a ticketCall us

Training Class Getting Started with SolarWinds Backup - February 28

This course offers customers an introduction to SolarWinds Backup, focusing on configuring the backup technology, taking backups, data restoration and data security. It is a great primer and will get you up to speed quickly on SolarWinds Backup.
Register for class.

Home > Success Center > Log & Event Manager (LEM) > LEM with Linux x64 Agents show no logs

LEM with Linux x64 Agents show no logs

Updated November 2, 2017


The Linux 64 agent is installed but no logs are being returned to LEM. Across several servers ( CentOS 8 x64 /  Ubuntu 15 x64 /  Debian x64 ) only Apache logs are being seen in LEM.

For example, PAM connector configured for /var/log/auth.log. Valid information in auth.log is being written to it but not showing in the LEM Web console. Connectors were part of profile, removed and tried individually with the same result. Connection is being established between the Manager and Agent. You can see stop/start in agent logs as well as in Management but no further logging information.

The agent is communicating and the agent is parsing some logs and sending some data to LEM. The remaining data isn't parsing locally. Perhaps the log format is the issue, however you have no unmatched data warnings.



  • Any Linux Disto with x64 bit kernel
  • LEM 6.3.1


It is likely you have logging settings with a nonstandard header format.


For example (line from auth.log.2):
Jun 5 06:25:04 cas2 CRON[5898]: pam_unix(cron:session): session closed for user root
-> The log line is ignored (blackhole), but when the header timestamp is changed to a random Syslog time:
1234567890123 cas2 CRON[5898]: pam_unix(cron:session): session closed for user root
-> Logline is correctly recognized as UserLogOff event


1. Change logging to use syslog format? (There are logs with a non-standard header time stamp in access.log and error.log too) Once timestamp will be correctly set, logs should be parsed to alerts correctly or at least there should be some "New Tool Data"

This article explains little bit about syslogging:
but if you do a search for distribution specifics in Google you will find the information/documentation.
In general, syslog should automatically use the standard logging format.



Last modified