[cisco-voip] Viewing CallManger Sylog mesaages on desktop using wireshark

Tim Reimers treimers at ashevillenc.gov
Tue Dec 15 11:13:14 EST 2009 

 
I know one thing I'm always interested in with Syslog is doing constant
background realtime analysis.
 
Using regular rsyslog, I'm working alerts configured for key ports going
up and down on key switches, disk errors from servers, and the like.
 
It'd be nice to get that sort of ongoing alerts from the Callmanagers.
 
If RTMT was good at telling us ==what== had happened when an event
triggered an email, that would be nice.
 
Unfortunately, RTMT sends out useful <sarcasm> things like "Number of
RouteListExhausted events exceed 20 within 60 minutes. The alert is
generated on Tue Dec 15 10:27:48 EST 2009 on cluster CM1-Cluster. "
 
I'm glad to know that a call didn't match any route lists--- but it'd be
nice to be told +which phone+ made that call, so I could go help the
user.
I'm betting that whatever object RTMT is looking at in UCM does in fact
contain that level of detail, because RTMT clearly did some sort of
analysis to determine that the event occured. 
 
The data is there, but San Jose has yet to see the wisdom in passing
that data to RTMT so that it can be forwarded to the alert contacts. The
user has to go do all the harder work, Cisco hasn't done that part to an
enterprise application level.
 
In many ways, the alerting in RTMT is no more than a switch logging  "A
port went down. Now it's back up. I don't know which port, but it might
be on this switch."
 
Syslog tells you which port, which switch, what time, and often if
you're syslogging the connected server, you see some sort of correlating
"user initiated reboot" coming from there, and you know all is well,
that it's a planned event.
 
 
Tim Reimers
Systems Analyst II
Information Technology Services
City of Asheville
70 Court Plaza
Asheville, NC 28801
phone - 828-259-5512
treimers at ashevillenc.gov <mailto:timreimers at ashevillenc.gov> 
 

________________________________

From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Wes Sisk
Sent: Monday, December 14, 2009 2:47 PM
To: Ed Leatherman
Cc: cisco-voip at puck.nether.net; anand
Subject: Re: [cisco-voip] Viewing CallManger Sylog mesaages on desktop
using wireshark


question is why do you want/need to sniff syslog?  You can get the
syslogs from the server by:
1. remote syslog - configurable on platform web pages
2. 'file get ...' CLI command to get syslog files from the server
3. use RTMT to retrieve syslog files from the server

/Wes

On Monday, December 14, 2009 2:25:44 PM, Ed Leatherman
<ealeatherman at gmail.com> <mailto:ealeatherman at gmail.com>  wrote:


	There is a halfway decent syslog daemon for windows from
solarwinds
	(used to be Kiwi):
	
	http://www.kiwisyslog.com/kiwi-syslog-server-compare-versions/
	
	If you are looking for something quick and easy for
troubleshooting.
	
	On Mon, Dec 14, 2009 at 12:43 PM, anand <anand.eee at gmail.com>
<mailto:anand.eee at gmail.com>  wrote:
	  

		Hi
		Is there any way we can send the syslog messages of
callmanager to the
		desktop pc.I am using Call Manager 6.1.Can we see syslog
messages in
		 wireshark trace .
		thanks,
		andy
		_______________________________________________
		cisco-voip mailing list
		cisco-voip at puck.nether.net
		https://puck.nether.net/mailman/listinfo/cisco-voip
		
		
		    

	
	
	
	  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20091215/c368b461/attachment.html>

More information about the cisco-voip mailing list