Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Network Performance Monitor (NPM) > NPM Syslog not receiving Syslog messages from specific Cisco device

NPM Syslog not receiving Syslog messages from specific Cisco device

Created by Roengen Mendoza, last modified by Karen Valdellon on Jun 27, 2017

Views: 36 Votes: 0 Revisions: 7

Overview

The NPM Syslog service is not receiving messages from a specific Cisco device.

Environment

NPM 11.0 and later

Resolution

  1. Verify that the SolarWinds Syslog service is the only service on port 514:

    1. Click Start > Run, and then enter cmd.
    2. Enter netstat -aob.
  2. Log in to the Cisco device. (Steps 2 to 6 should be done by the device administrator.)

  3. Make a backup of the configuration by copying the "show run" result from the router.

  4. Log in to privilege mode and check how logging is configured on the router. The following are command options on how to configure the router syslog:

    • Router(config)#logging host <ip address>

    • Router(config)#logging <server ipaddress>

  5. Deactivate the logging first from the Cisco device using the following command:

    Router(config)#no logging <server ipaddress> 
    or
    Router(config)#no logging host <ip address>

  6. Reactive the logging using the following command:
    Router(config)#logging <server ipaddress> 
    or
    Router(config)#logging host <ip address>

  7.  Restart the syslog service on the Orion Service Manager.

  8. Wait for 5 to 10 minutes and verify that the Orion NPM server starts receiving syslog messages from the device.

 

Note: If the issue persists, run a Wireshark analysis to trace the packets or messages from the device going to the NPM server or syslog collector.  

  • "udp.port==514" 
  • "syslog"

This can also be an environmental issue where the NPM server cannot communicate with the device on the required network ports, which is generally caused by blocked communication in the network. 

 

Last modified
00:20, 27 Jun 2017

Tags

Classifications

Public