Hi
I am trying to generate event using logwatch.nsm subagent
I have parser as below
<parser>
<file>/apps/uspsqa1/switch/site/log/sys/SunOSsyslg.log</file>
<rules>
<rule>
<match>F-(.*)</match>
<event params="1">IST_SYSLG1_RECORD</event>
</rule>
</rules>
</parser>
and I can see following lines in nxagentd.log when match take place
nxagentd.log:[29-Jul-2015 06:57:24.022] [DEBUG] SendTrap(): event_code=0, event_name=IST_SYSLG1_RECORD, num_args=1, arg[0]="RTTSRF-0017: read equ record failed" arg[1]="(null)" arg[2]="(null)"
However, I could not see event being logged into event_log table, as a result I could not see it event log monitor and I could not use it to generate alarts
In event IST_SYSLG1_RECORD configuration, I have also enabled the option to Write to even log
But still I could not see event being logged in event_log table
Please help me
Regards
Naga
Hi,
configuration on agent side seems to be ok, and SendTrap record in log confirms that event is being generated. Check that you run agent with debug level 6 or higher and try to find record similar to "sending message CMD_TRAP" after SendTrap() record. If you'll find it, it mean that message was actually sent to server and problem is on server side. If not, problem is on agent side.
Best regards,
Victor
Hi Victor
I have made debug level of agent to 9 and restated the agent.
But I could not see message ""sending message CMD_TRAP" after SendTrap() record" in agent log file
In agent log I could see only following two line
[05-Aug-2015 03:16:15.483] [DEBUG] LogParser: new data avialable in file "/apps/uspsqa1/switch/site/log/sys/SunOSsyslg.log"
[05-Aug-2015 03:16:15.484] [DEBUG] SendTrap(): event_code=0, event_name=IST_SYSLG1_RECORD, num_args=1, arg[0]="Fatal error " arg[1]="(null)" arg[2]="(null)"
Should I do any change to get "sending message CMD_TRAP" after SendTrap() record
Please help
Regards
Naga
Hi,
most likely it indicated that there are no server connection accepting traps. Can you share agent configuration file (nxagentd.conf)? Also, how this node is configured in NetXMS server and what is configuration poll output for it?
Best regards,
Victor
Hi Victor
Attached nxagentd.conf file and word doc that has screenshot of node property and node configuration poll details
Regards
Naga
Hi,
your agent version (2.0-M2) has a bug that can cause incorrect server access if server address listed in multiple categories (Servers, ControlServers, MasterServers). Try to comment out Servers and ControlServers options in nxagentd.conf leaving only MasterServers.
Best regards,
Victor
Hi Victor
Tried your suggestion, still I could see only two line in agent log file
[06-Aug-2015 05:00:21.367] [DEBUG] LogParser: new data avialable in file "/apps/uspsqa1/switch/site/log/sys/SunOSsyslg.log"
[06-Aug-2015 05:00:21.367] [DEBUG] SendTrap(): event_code=0, event_name=IST_SYSLG1_RECORD, num_args=1, arg[0]="fatal error" arg[1]="(null)" arg[2]="(null)"
Regards
Naga
Can you post agent config for verification please?
Best regards,
Victor
Hi
Attached updated agent configuration
Thanks
Naga
Hi
Just now I noticed that
if I comment out server name in server and control list
I see following logs in agent and DCI's did not collect data
[06-Aug-2015 05:20:36.789] [DEBUG] Connection from 127.0.0.1 rejected
[06-Aug-2015 05:20:36.789] [DEBUG] Incoming connection from 127.0.0.1
[06-Aug-2015 05:20:36.789] [DEBUG] Connection from 127.0.0.1 rejected
[06-Aug-2015 05:20:36.789] [DEBUG] Incoming connection from 127.0.0.1
[06-Aug-2015 05:20:36.789] [DEBUG] Connection from 127.0.0.1 rejected
[06-Aug-2015 05:20:36.790] [DEBUG] Incoming connection from 127.0.0.1
[06-Aug-2015 05:20:36.790] [DEBUG] Connection from 127.0.0.1 rejected
[06-Aug-2015 05:20:36.790] [DEBUG] Incoming connection from 127.0.0.1
[06-Aug-2015 05:20:36.790] [DEBUG] Connection from 127.0.0.1 rejected
[06-Aug-2015 05:20:36.791] [DEBUG] Incoming connection from 127.0.0.1
[06-Aug-2015 05:20:36.791] [DEBUG] Connection from 127.0.0.1 rejected
[06-Aug-2015 05:20:36.791] [DEBUG] Incoming connection from 127.0.0.1
[06-Aug-2015 05:20:36.791] [DEBUG] Connection from 127.0.0.1 rejected
[06-Aug-2015 05:20:36.792] [DEBUG] Incoming connection from 127.0.0.1
[06-Aug-2015 05:20:36.792] [DEBUG] Connection from 127.0.0.1 rejected
[06-Aug-2015 05:20:36.792] [DEBUG] Incoming connection from 127.0.0.1
[06-Aug-2015 05:20:36.792] [DEBUG] Connection from 127.0.0.1 rejected
Thanks
Naga
So, there are two problems. First, you should add 127.0.0.1 to list of MasterServers for agent running on NetXMS server. Second, you should check that primary host name for node is not set to 127.0.0.1, but to real IP address.
Best regards,
Victor
Excellent Victor, thanks for your support
After making the changes suggested by you, I could see approriate log messages in both agent log and server log
Agent log:
[06-Aug-2015 23:59:32.636] [DEBUG] [session:0] GetTableValue(): result is 0 (SUCCESS)
[06-Aug-2015 23:59:32.637] [DEBUG] [session:0] Sending message CMD_REQUEST_COMPLETED (size 2880)
[06-Aug-2015 23:59:33.055] [DEBUG] LogParser: new data avialable in file "/apps/uspsqa1/switch/site/log/sys/SunOSsyslg.log"
[06-Aug-2015 23:59:33.055] [DEBUG] SendTrap(): event_code=0, event_name=IST_SYSLG1_RECORD, num_args=1, arg[0]="fatal error" arg[1]="(null)" arg[2]="(null)"
[06-Aug-2015 23:59:33.055] [DEBUG] [session:0] Sending message CMD_TRAP (size 144)
Server log:
g-2015 23:59:06.692] [DEBUG] StatusPoll(s1): bAllDown=false, dynFlags=0x00000001
[06-Aug-2015 23:59:06.694] [DEBUG] StatusPoll(s1 [112]): boot time set to 1438269511 from agent
[06-Aug-2015 23:59:06.695] [DEBUG] Finished status poll for node s1 (ID: 112)
[06-Aug-2015 23:59:33.056] [DEBUG] AgentConnectionEx::onTrap(): Received trap message from agent at 10.80.226.33, node ID 112
[06-Aug-2015 23:59:33.056] [DEBUG] AgentConnectionEx::onTrap(): trapID is valid
[06-Aug-2015 23:59:33.056] [DEBUG] Event from trap: 100066
[06-Aug-2015 23:59:33.056] [DEBUG] CorrelateEvent: event IST_SYSLG1_RECORD id 44 source s1 [112]
[06-Aug-2015 23:59:33.056] [DEBUG] CorrelateEvent: finished, rootId=0
[06-Aug-2015 23:59:33.056] [DEBUG] EVENT 100066 (ID:44 F:0x0001 S:0 TAG:"") FROM s1: fatal error
[06-Aug-2015 23:59:33.057] [DEBUG] Event 44 match EPP rule 27
[06-Aug-2015 23:59:46.486] [DEBUG] Updating maps...
Also could see event being logged in event_log table
Regards
Naga