Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > Syslog events are not appearing in the LEM Console

Syslog events are not appearing in the LEM Console

Created by Jason Dee, last modified by Kevin.Kessler-ret on Mar 24, 2017

Views: 3,075 Votes: 4 Revisions: 6

Overview

This article describes what to do if events sent by a syslog device do not appear in the LEM Console.

 

Environment

  • All LEM versions
  • Syslog devices logging to LEM

 

Cause 

This can occur by using an improperly configured or outdated connector, which may be monitoring the wrong log file.

 

Resolution

  1. Perform an nDepth search for all events coming from that connector.
    1. Go to Explore > nDepth.
    2. Expand Event Groups and drag the Any Alert.ToolAlias field to the search bar.
    3. Type the name of your connector after the equal sign. You can also use a partial name and surround it with asterisks (*) as wildcards.
    4. Specify a search time frame from the dropdown and click the Search button. If you get no results or only InternalToolOnline/InternalToolOffline events, there might be a configuration issue.
  2. Verify that the connector you have configured for your syslog device is looking in the log file that your device is sending its events to:
    1. Go to Manage > Appliances > left gear icon > Connectors and double-click the connector you've configured. The log being monitored will be shown in the Log File field.
    2. Verify that the syslog events are being received in that same log file by searching the raw log file for the IP address of your device. To check the raw log files on your LEM, see Use the CMC checklogs Command to Display Log Files.
  3. Verify that the connector you've configured is enabled and showing a green status icon.
  4. If everything is configured and you still see no events, your connector may be out of date and unable to parse those particular events. See Updating LEM Connectors.

 

 

Last modified

Tags

Classifications

Public