Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Network Performance Monitor (NPM) > NPM - Knowledgebase Articles > NPM Syslog not receiving Syslog messages from specific Cisco device

NPM Syslog not receiving Syslog messages from specific Cisco device

Created by Roengen Mendoza, last modified by Karen Valdellon_ret on Jun 27, 2017

Views: 790 Votes: 0 Revisions: 7

Overview

The NPM Syslog service is not receiving messages from a specific Cisco device.

Environment

NPM 11.0 and later

Resolution

  1. Verify that the SolarWinds Syslog service is the only service on port 514:

    1. Click Start > Run, and then enter cmd.
    2. Enter netstat -aob.
  2. Log in to the Cisco device. (Steps 2 to 6 should be done by the device administrator.)

  3. Make a backup of the configuration by copying the "show run" result from the router.

  4. Log in to privilege mode and check how logging is configured on the router. The following are command options on how to configure the router syslog:

    • Router(config)#logging host <ip address>

    • Router(config)#logging <server ipaddress>

  5. Deactivate the logging first from the Cisco device using the following command:

    Router(config)#no logging <server ipaddress> 
    or
    Router(config)#no logging host <ip address>

  6. Reactive the logging using the following command:
    Router(config)#logging <server ipaddress> 
    or
    Router(config)#logging host <ip address>

  7.  Restart the syslog service on the Orion Service Manager.

  8. Wait for 5 to 10 minutes and verify that the Orion NPM server starts receiving syslog messages from the device.

 

Note: If the issue persists, run a Wireshark analysis to trace the packets or messages from the device going to the NPM server or syslog collector.  

  • "udp.port==514" 
  • "syslog"

This can also be an environmental issue where the NPM server cannot communicate with the device on the required network ports, which is generally caused by blocked communication in the network. 

 

Last modified

Tags

Classifications

Public