Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Log & Event Manager (LEM) > Syslog events are not appearing in the LEM Console

Syslog events are not appearing in the LEM Console

Created by Jason Dee, last modified by Kevin.Kessler on Mar 24, 2017

Views: 143 Votes: 5 Revisions: 6

Overview

This article describes what to do if events sent by a syslog device do not appear in the LEM Console.

 

Environment

  • All LEM versions
  • Syslog devices logging to LEM

 

Cause 

This can occur by using an improperly configured or outdated connector, which may be monitoring the wrong log file.

 

Resolution

  1. Perform an nDepth search for all events coming from that connector.
    1. Go to Explore > nDepth.
    2. Expand Event Groups and drag the Any Alert.ToolAlias field to the search bar.
    3. Type the name of your connector after the equal sign. You can also use a partial name and surround it with asterisks (*) as wildcards.
    4. Specify a search time frame from the dropdown and click the Search button. If you get no results or only InternalToolOnline/InternalToolOffline events, there might be a configuration issue.
  2. Verify that the connector you have configured for your syslog device is looking in the log file that your device is sending its events to:
    1. Go to Manage > Appliances > left gear icon > Connectors and double-click the connector you've configured. The log being monitored will be shown in the Log File field.
    2. Verify that the syslog events are being received in that same log file by searching the raw log file for the IP address of your device. To check the raw log files on your LEM, see Use the CMC checklogs Command to Display Log Files.
  3. Verify that the connector you've configured is enabled and showing a green status icon.
  4. If everything is configured and you still see no events, your connector may be out of date and unable to parse those particular events. See Updating LEM Connectors.

 

 

Last modified
11:35, 24 Mar 2017

Tags

Classifications

Public