×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Important

   

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.
TrueSight Network Automation 8.9 Troubleshooting

Troubleshooting syslog event communication failures

This topic provides procedures that you can use if it appears that the TrueSight Network Automation application server is not receiving syslog messages.

Turn on syslog debugging for the agent that should be receiving the syslog messages from the device or relay of interest Admin > Device Agents > Edit. This causes trace events to be logged to the event log under Home > Events when new syslog messages are received by that device agent. If you have more than one device agent and you are unsure of which might be receiving the message, enable debugging on all agents.

Typical reasons syslog messages are dropped include:

  • Device is not sending its messages to the right syslog server: Be sure that the device is sending to the device agent associated with the device or to a relay that forwards to the TrueSight Network Automation server. When the device agent receives a syslog message while debugging is turned on, a set of tracking events is logged with the received message.
  • Syslog message is being relayed through another syslog server: Be sure to set up the right IP address for the relay in the device agent settings.
  • Device name from the syslog message does not exactly match the device name or address in the TrueSight Network Automation server database: TrueSight Network Automation server gets the name of the device sending the syslog message either from the UDP packet header (for messages not from a relay) or by parsing the text (for messages sent through a relay). The TrueSight Network Automation application server resolves the name into its short host name, its fully qualified host name, and its IP address; one of these three must match a device name or primary interface address before the syslog message can be processed.
  • Syslog message from a relay is malformed: The TrueSight Network Automation application server expects the device name to appear first or after an optional severity or facility code, or a date. Not all devices format their syslog messages this way. You might need to configure the relaying syslog server to generate the correct format, and to include the source device information.
  • No external event filter matches the syslog message text: Be sure that the text is entered correctly into the external event filter.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Sulekha Gulati on May 23, 2018
syslog communication troubleshooting event errors contributor-updated

Comments

Log in or register to comment.

Troubleshooting runtime parameter issues
Troubleshooting web services issue
© Copyright 2013 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.