Header Only - DO NOT REMOVE - Extreme Networks

Syslog display wrong information


Userlevel 4
I have configured my switch to send messages to the syslog server (XMC).

configure syslog add [i]:514 vr VR-Default local0
configure log target syslog [i]:514 vr VR-Default local0 from [i]
enable log target syslog [i]:514 vr VR-Default local0
configure log target syslog [i]:514 vr VR-Default local0 filter DefaultFilter severity Info
configure log target syslog [i]:514 vr VR-Default local0 match Any
configure log target syslog [i]:514 vr VR-Default local0 format timestamp seconds date dd-mm-yyyy event-name none tag-id tag-name

The information I see in syslog is see screencopy



I see the wrong info at source , client an the information isn't right (starts with minutes and seconds).

10 replies

Userlevel 6
Hi. I guess you migrated from windows to linux or Virtual machine or opposite or simillar. The log file where the text syslog is present is parsed based on configured setting = xmc does expect some format. You can change the parsing . If you go to OneView -> Alarms & Events ~> the last tab (if I remember well Log Manager) -> then you need to find syslog and edit the format. Regards Z.
Userlevel 4
Pala, Zdenek wrote:

Hi. I guess you migrated from windows to linux or Virtual machine or opposite or simillar. The log file where the text syslog is present is parsed based on configured setting = xmc does expect some format. You can change the parsing . If you go to OneView -> Alarms & Events ~> the last tab (if I remember well Log Manager) -> then you need to find syslog and edit the format. Regards Z.

Pala,

I did a migration from windows to Linux.

I cann;t change the format of the evnet patterns.

Do I can change the logmangers. I noticed that the output is linked to the Red Hat Linux syslog pattern.

When I choice Netsigth syslog pattern, there is no change.
Userlevel 6
Pala, Zdenek wrote:

Hi. I guess you migrated from windows to linux or Virtual machine or opposite or simillar. The log file where the text syslog is present is parsed based on configured setting = xmc does expect some format. You can change the parsing . If you go to OneView -> Alarms & Events ~> the last tab (if I remember well Log Manager) -> then you need to find syslog and edit the format. Regards Z.

Not sure if NetSight is the right setting for your deployment. It may be Ubuntu. I am not sure if restart is required.
Userlevel 4
Pala, Zdenek wrote:

Hi. I guess you migrated from windows to linux or Virtual machine or opposite or simillar. The log file where the text syslog is present is parsed based on configured setting = xmc does expect some format. You can change the parsing . If you go to OneView -> Alarms & Events ~> the last tab (if I remember well Log Manager) -> then you need to find syslog and edit the format. Regards Z.

Pala,

Thanks, It is Ubuntu syslog pattern and a restart helps a lot
Userlevel 4
Pala, Zdenek wrote:

Hi. I guess you migrated from windows to linux or Virtual machine or opposite or simillar. The log file where the text syslog is present is parsed based on configured setting = xmc does expect some format. You can change the parsing . If you go to OneView -> Alarms & Events ~> the last tab (if I remember well Log Manager) -> then you need to find syslog and edit the format. Regards Z.

nop. did not help for the syslog messages that XMC receive from switches.
Userlevel 6
Pala, Zdenek wrote:

Hi. I guess you migrated from windows to linux or Virtual machine or opposite or simillar. The log file where the text syslog is present is parsed based on configured setting = xmc does expect some format. You can change the parsing . If you go to OneView -> Alarms & Events ~> the last tab (if I remember well Log Manager) -> then you need to find syslog and edit the format. Regards Z.

Is the issue present also for new messages comming? Do you have kind of syslog proxy/forward between your switch and XMC?
Userlevel 4
Pala, Zdenek wrote:

Hi. I guess you migrated from windows to linux or Virtual machine or opposite or simillar. The log file where the text syslog is present is parsed based on configured setting = xmc does expect some format. You can change the parsing . If you go to OneView -> Alarms & Events ~> the last tab (if I remember well Log Manager) -> then you need to find syslog and edit the format. Regards Z.

We just finished changing hardware to G2 switches and I ve migrate XMC from windows to an apliance.

Firmware is 22.4.1.4
.
I don't use a syslog proxy

Messages from EWC looks oke

Userlevel 4
Pala, Zdenek wrote:

Hi. I guess you migrated from windows to linux or Virtual machine or opposite or simillar. The log file where the text syslog is present is parsed based on configured setting = xmc does expect some format. You can change the parsing . If you go to OneView -> Alarms & Events ~> the last tab (if I remember well Log Manager) -> then you need to find syslog and edit the format. Regards Z.


Logging from syslog:

How come ther is a difference in format ??

EWC:

<6>Jul 27 15:25:19 10.2.112.3(10.2.112.3) events: Radius Client Radius Response: Accepted: UserID:48:43:7C:2A:DB:3C, Client MAC:[48:43:7C:2A:DB:3C] 3
<6>Jul 27 15:25:19 10.2.112.3(10.2.112.3) events: Radius Client RADIUS server authenticated login (Access Accepted). 3
<6>Jul 27 15:25:19 10.2.112.3(10.2.112.3) dhcpd: DHCPREQUEST for 10.254.16.11 from 48:43:7c:2a:db:3c via csi6

Switch: (firm. 16.1.2.14)

<5>Jul 27 15:25:55 27-07-2018(10.2.112.209) 15:21:31 vlan.ms[1476]: Port 5 link down
<5>Jul 27 15:26:24 27-07-2018(10.2.112.209) 15:22:01 vlan.ms[1476]: Port 5 link down
<5>Jul 27 15:26:36 27-07-2018(10.2.112.209) 15:22:12 vlan.ms[1476]: Port 5 link down
Userlevel 4
Pala, Zdenek wrote:

Hi. I guess you migrated from windows to linux or Virtual machine or opposite or simillar. The log file where the text syslog is present is parsed based on configured setting = xmc does expect some format. You can change the parsing . If you go to OneView -> Alarms & Events ~> the last tab (if I remember well Log Manager) -> then you need to find syslog and edit the format. Regards Z.


I noticed that when you change the syntax the output is different.

configure log target syslog 10.2.112.1:514 vr VR-Default local0 format timestamp seconds date none event-name none tag-id tag-name.

<5>Jul 30 08:22:56 10.2.128.250(10.2.128.250) 08:18:30 vlan.ms[1933]: Port 3 link down

What is the right syntax
Userlevel 4

Userlevel 4
Johan Hendrikx wrote:


The syslog information is still not correct. I've change the syslogmanager in XMC to Red HAT Linux syslog pattern with no luck.

Who has the answer?

Reply