<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16915" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff
size=2></FONT> </DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2>I know one thing I'm always interested in with Syslog is
doing constant background realtime analysis.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2>Using regular rsyslog, I'm working alerts configured
for key ports going up and down on key switches, disk errors from servers, and
the like.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2>It'd be nice to get that sort of ongoing alerts from the
Callmanagers.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2>If RTMT was good at telling us ==what== had happened when
an event triggered an email, that would be nice.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2>Unfortunately, RTMT sends out useful <sarcasm> things
like "<FONT face="Times New Roman" color=#000000 size=3>Number of
RouteListExhausted events exceed 20 within 60 minutes. The alert is generated on
Tue Dec 15 10:27:48 EST 2009 on cluster CM1-Cluster.
"</FONT></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2>I'm glad to know that a call didn't match any route
lists--- but it'd be nice to be told +which phone+ made that call, so I could go
help the user.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2>I'm betting that whatever object RTMT is looking at in
UCM does in fact contain that level of detail, because RTMT clearly did some
sort of analysis to determine that the event occured. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2>The data is there, </FONT></SPAN><SPAN
class=501140316-15122009><FONT face=Arial color=#0000ff size=2>but San Jose has
yet to see the wisdom in passing that data to RTMT so that it can be forwarded
to the alert contacts. The user has to go do all the harder work, Cisco hasn't
done that part to an enterprise application level.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2>In many ways, the alerting in RTMT is no more than
a switch logging "A port went down. Now it's back up. I don't know
which port, but it might be on this switch."</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2>Syslog tells you which port, which switch, what time, and
often if you're syslogging the connected server, you see some sort of
correlating "user initiated reboot" coming from there, and you know all is well,
that it's a planned event.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=501140316-15122009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV align=left><FONT face=Arial size=2>Tim Reimers</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Systems Analyst II</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Information Technology
Services</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>City of Asheville</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>70 Court Plaza</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Asheville, NC 28801</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>phone - 828-259-5512</FONT></DIV>
<DIV align=left><FONT face=Arial size=2><A
href="mailto:timreimers@ashevillenc.gov">treimers@ashevillenc.gov</A></FONT></DIV>
<DIV> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] <B>On Behalf Of </B>Wes
Sisk<BR><B>Sent:</B> Monday, December 14, 2009 2:47 PM<BR><B>To:</B> Ed
Leatherman<BR><B>Cc:</B> cisco-voip@puck.nether.net; anand<BR><B>Subject:</B>
Re: [cisco-voip] Viewing CallManger Sylog mesaages on desktop using
wireshark<BR></FONT><BR></DIV>
<DIV></DIV>question is why do you want/need to sniff syslog? You can get
the syslogs from the server by:<BR>1. remote syslog - configurable on platform
web pages<BR>2. 'file get ...' CLI command to get syslog files from the
server<BR>3. use RTMT to retrieve syslog files from the
server<BR><BR>/Wes<BR><BR>On Monday, December 14, 2009 2:25:44 PM, Ed Leatherman
<A class=moz-txt-link-rfc2396E
href="mailto:ealeatherman@gmail.com"><ealeatherman@gmail.com></A>
wrote:<BR>
<BLOCKQUOTE cite=mid:94a1afde0912141125m2d3a92d6p825219ad6959b47@mail.gmail.com
type="cite"><PRE wrap="">There is a halfway decent syslog daemon for windows from solarwinds
(used to be Kiwi):
<A class=moz-txt-link-freetext href="http://www.kiwisyslog.com/kiwi-syslog-server-compare-versions/">http://www.kiwisyslog.com/kiwi-syslog-server-compare-versions/</A>
If you are looking for something quick and easy for troubleshooting.
On Mon, Dec 14, 2009 at 12:43 PM, anand <A class=moz-txt-link-rfc2396E href="mailto:anand.eee@gmail.com"><anand.eee@gmail.com></A> wrote:
</PRE>
<BLOCKQUOTE type="cite"><PRE wrap="">Hi
Is there any way we can send the syslog messages of callmanager to the
desktop pc.I am using Call Manager 6.1.Can we see syslog messages in
wireshark trace .
thanks,
andy
_______________________________________________
cisco-voip mailing list
<A class=moz-txt-link-abbreviated href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A>
<A class=moz-txt-link-freetext href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</A>
</PRE></BLOCKQUOTE><PRE wrap=""><!---->
</PRE></BLOCKQUOTE><BR></BODY></HTML>