Submit a ticketCall us
Home > Success Center > Log & Event Manager (LEM) > Random node displays in LEM

Random node displays in LEM

Updated February 13th, 2017


This article provides brief information and a resolution to the issue when a random node displays in the list of nodes in LEM. It displays as an IP address that does not belong to the nodes to be added or a set of disordered characters that displays as log files instead of as names. 


LEM version 6.2 and later


The following can cause the issue:

  • Random node displays on the list of nodes - A device is incorrectly sending syslogs to LEM. Syslog must be disabled on that device.
  • Change in the log format - An existing node had a change in the log format which caused LEM to "think" there was a new node sending information. 
  • Check for agent connectivity issues and duplicate discovery(Under appliance) connectors.


  1. Delete these types of nodes. They may have been generated during some testing phases or configuration actions and may not need further action beyond removing them.
  2. If the node re-appears, perform an nDepth search to locate a sample of the events logged by the random node.
  3. Using the results, particularly the ToolAlias field, determine which connector is generating the entry for these nodes. 
  4. Knowing which connect is creating the node entry, review the connector to determine the events it is reading which are responsible for the invalid node entry.
  5. Verify the correct connector is applied to the events.
  6. If it is correct the connector may need to be updated to account for these events. If this is the case collect a screenshot of the nDepth search for the node, the connector configuration and send on sample of the events in a Support case. 



Searching in nDepth can give out further details of which will either indicate, that a device is sending logs to LEM with this IP, or an existing node had a change in its logging format.




Last modified