If a No Device Found error message displays in the widget, make sure you configured the device to send logs to the correct IP address. See Troubleshooting Unmatched Data or Internal New Tool Data events in your LEM console for troubleshooting steps.
Verify that your devices are configured to forward syslog data to the LEM virtual appliance IP address. If your appliance cannot receive logs, your device may not be supported.
If your devices are configured correctly and your LEM appliance is still not receiving syslog data, identify the facilities that are collecting log data. When you complete this process, configure the appropriate connector from the facility to the log device so Log & Event Manager can normalize and monitor this information in the LEM manager.
Verify that Log & Event Manager is receiving the raw data from your syslog devices.
See your hypervisor documentation for information about using the virtual console.
Open a command line.
In VMware, select SolarWinds Log & Event Manager and then click the Console tab.
In HyperVisor, click Action > Connect to display the Console view.
login as: prompt, enter
cmc, and then press Enter.
password prompt, enter your password, and then press Enter.
The default password is
cmc> prompt, enter
See "CMC Commands" in the LEM User Guide for a list of all supported commands.
cmc::acm# prompt, enter
checklogs and press Enter.
The appliance displays all facilities receiving logs from syslog devices, such as firewalls, routers, and switches.
In this example, 1, 12, and 18 are active syslog facilities because they contain stored log data. Facilities 13, 15, 16, and 17 are inactive because their syslog log files are empty.
local2) for a future step.
local2) and press Enter.
Eto view the beginning or end of the log file, respectively, and press Enter.
Pressing Enter defaults the output to 500 lines.
The raw data displays on your screen.
The following table maps each syslog facility to the file name in the LEM manager. The connectors defined in LEM manager read these logs to normalize the Log & Event Monitor events.
The hardened operating system will prevent you to access the file system.
|Syslog Facility||Log File Path|
After you verify that data is received from a device, manually enable the log connector that supports the device. The connector maps events from the monitored Windows system event log to a LEM normalized event.
If your device does not display in the list, contact Customer Sales (for an evaluation license) or Technical Support (for a production license) for assistance with unsupported devices.
In the Log File field, make sure the
localx portion of the path matches the facility number you configured on your device or the facility you recorded in the previous procedure.
For example, if your recorded facility is
/var/log/local2.log in the field.
The connector displays in the Connectors grid with a gray status icon.
When the status icon turns green, the LEM connector is configured correctly.
After you configure a connector to the facility, verify that the LEM appliance is receiving log data from the device.
You may need to authenticate to the device to generate data, as some devices do not generate a continuous stream of data.
When new events display with your device IP address, the device is sending log data to the LEM appliance.