Syslog Processing Rules Stop Functioning
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Syslog Processing Rules Stop Functioning - 4.Mar.2007 5:04:59 PM
|
|
|
Zergster
Posts: 27
Score: 0
Joined: 4.Mar.2007
Status: offline
|
Over the weekend I noticed our syslog processing rules stopped being applied. No changes were made to ESM. I restarted the SQL and ESM services and the processing rules are still not being applied. It seems to be limited to Syslog and not Windows events.
The LogicProcessor.csv file is filling up with the following error:
2007-03-04,16:58:09,675,1,"#000014f4","#00001584","error ","LogicProcessor","(null)","Unexpected exception processing events"
Please advise. Running build 021607
|
|
|
|
|
RE: Syslog Processing Rules Stop Functioning - 5.Mar.2007 6:01:47 AM
|
|
|
Arielle
Posts: 294
Score: 0
Joined: 15.Sep.2006
Status: offline
|
Hi,
We would need some debug logs in order to troubleshoot this issue. Please enable debug logging as per http://kbase.gfi.com/showarticle.asp?id=KBID002896, reproduce this issue and then run the troubleshooter (Start > All Programs > GFI EventsManager 7 > Troubleshooter). If its possible please also send us some .evt files that EventsManager is collecting as well as more info about the devices sending the Syslog messages. Send the files to forums@gfi.com and reference this thread in the email.
Thanks.
_____________________________
Arielle Bonnici - Quality Metrics Analyst
GFI Software - www.gfi.com
|
|
|
|
|
RE: Syslog Processing Rules Stop Functioning - 5.Mar.2007 8:39:43 AM
|
|
|
Zergster
Posts: 27
Score: 0
Joined: 4.Mar.2007
Status: offline
|
When I restarted the ESM service to enable debugging, the problem went away.
The only change I can think of that may have caused this was I renamed the computer group for the affected devices last week.
In troubleshooting, I deleted the computer group and the affected devices and re-added them (but I had not restarted ESM service prior to today.)
Maybe that fixed it.
|
|
|
|
|
RE: Syslog Processing Rules Stop Functioning - 5.Mar.2007 8:45:58 AM
|
|
|
Arielle
Posts: 294
Score: 0
Joined: 15.Sep.2006
Status: offline
|
Hi Zergster,
Thanks for the update.
_____________________________
Arielle Bonnici - Quality Metrics Analyst
GFI Software - www.gfi.com
|
|
|
|
|
RE: Syslog Processing Rules Stop Functioning - 11.Mar.2007 7:35:39 PM
|
|
|
Zergster
Posts: 27
Score: 0
Joined: 4.Mar.2007
Status: offline
|
The problem occurred again. This is only happening on Syslog so I cannot submit .evt files. It appears to be only happening on Sunday.
I enabled debugging and noticed something odd in LogicProcessor.csv. How can day of week be 8 when there are only 7 days in a week??
I can submit whatever you'd like but I imagine when I restart the service tomorrow it will work just fine.
...
2007-03-11,20:14:50,010,3,"#000011bc","#0000139c","info ","LogicProcessor","(null)","Getting day of week."
2007-03-11,20:14:50,010,3,"#000011bc","#0000139c","info ","LogicProcessor","(null)","Day of week is: 8"
2007-03-11,20:14:50,010,3,"#000011bc","#0000139c","info ","LogicProcessor","(null)","Check NOT match"
2007-03-11,20:14:50,010,1,"#000011bc","#0000139c","error ","LogicProcessor","(null)","Unexpected exception processing events"
2007-03-11,20:14:50,010,3,"#000011bc","#0000139c","info ","LogicProcessor","(null)","Finished processing syslog events"
...
|
|
|
|
|
RE: Syslog Processing Rules Stop Functioning - 12.Mar.2007 10:12:45 AM
|
|
|
Arielle
Posts: 294
Score: 0
Joined: 15.Sep.2006
Status: offline
|
Hi Zergster,
We have identified this issue and it will be fixed in the next build. If you can't wait for the next build to be available we can provide you with the fix. Please contact forums@gfi.com and reference this thread in the email if you would like us to send you the fix.
Thanks.
_____________________________
Arielle Bonnici - Quality Metrics Analyst
GFI Software - www.gfi.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
