Zensyslog is dropping syslog messages in Zenoss Core v4.2

Discussion:

nilie

2012-08-17 15:53:45 UTC

nilie [http://community.zenoss.org/people/nilie] created the discussion

"Zensyslog is dropping syslog messages in Zenoss Core v4.2"

To view the discussion, visit: http://community.zenoss.org/message/67950#67950

--------------------------------------------------------------
Hello everyone,

I've just setup Zenoss Core v4.2 for testing and evaluation purpose and I discovered that Zensyslog is consistently dropping/ignoring syslog messages from some Cisco switches. The very same syslog message from the same device is accepted by the production Zenoss v3.1 production server. Processing syslog messages is a critical feature for our networking environment so without this the new version will never be accepted in production.
Server setup is fine since some of the syslog messages are making it in Zenoss and more than that, tcpdump reveals the rejected messages are reaching the server interface too. Also Zensyslog logging shows no error.

Any idea would be appreciated.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/67950#67950]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]

Shane Scott

2012-08-18 03:37:38 UTC

Permalink

Shane Scott [http://community.zenoss.org/people/hackman238] created the discussion

"Re: Zensyslog is dropping syslog messages in Zenoss Core v4.2"

To view the discussion, visit: http://community.zenoss.org/message/67954#67954

--------------------------------------------------------------
nilie:

I'd add stats True to the zensyslog.conf and give it a restart. This will cause zensyslog to print very verbose statistics about what it's doing every few seconds. Can you post a sample of these statistics?

Best,
--Shane Scott (Hackman238)
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/67954#67954]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]

nilie

2012-08-20 16:12:20 UTC

Permalink

nilie [http://community.zenoss.org/people/nilie] created the discussion

"Re: Zensyslog is dropping syslog messages in Zenoss Core v4.2"

To view the discussion, visit: http://community.zenoss.org/message/68016#68016

--------------------------------------------------------------
Thank you very much, Shane, you put me on the right track.

First of all, the problem was a difference in default configuration between Zenoss Core v3.x and v4.2. Increasing the level of zensyslog logging to debug, I could see the syslog message being parsed and processed correctly so if it wasn't displayed in the event console then it must have been sent to... event history, of course! In order to test zensyslog, I used to connect to a switch in enable mode and just do a conf term followed by Ctrl/Z. The Cisco switch will always send a syslog message like *Aug 20 15:48:19: %SYS-5-CONFIG_I: Configured from console by*...but in version 4 with the default configuration this event class is sent to history unlike previous versions of Zenoss. In conclusion, zensyslog is working just fine.

During this troubleshooting process I noticed a little bit of weirdness in zensyslog GUI. When I first activated debugging, zensyslog did not show any debug info. That's why I said in my original message that Zensyslog shows no error, in fact it was showing nothing from what it was supposed to do (like parsing for instance). Then when you suggested to turn on stats, again, zensyslog was showing none of them but when I did both (stats + debugging) I got all the info I needed. No need to tell I was very careful each time to restart the zensyslog daemon. Also during the first few days, the event history was empty even though I used to select all event in the console and send them to history in order to help with troubleshooting my problem. Now event history is fine so maybe it was something I
wasn't doing right.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/68016#68016]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]

Shane Scott

2012-08-20 16:15:00 UTC

Permalink

Shane Scott [http://community.zenoss.org/people/hackman238] created the discussion

"Re: Zensyslog is dropping syslog messages in Zenoss Core v4.2"

To view the discussion, visit: http://community.zenoss.org/message/68017#68017

--------------------------------------------------------------
nilie:

Anytime! :)

Best,
--Shane Scott (Hackman238)
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/68017#68017]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]