Highlighted
Absent Member.
Absent Member.
5094 views

How to verify the logs is receive in smart connector?

Jump to solution

Hi all,

Currently i have few devices send logs to smart connector then to ESM.

The smart connector configure listen(receive) logs via UDP port 519.using syslog deamon.

It is redhat base smart connector



The devices send directly to smart connector via UDP port 519. The devices owners claims that they have configure send logs to my smart connector and in between there is no firewall.

  

Device like below

Cisco router7600
Juniper router                              MX960
Linux Server                              Fedora

Question:


1)How can i verified the logs is actually receive @ smart connector?

2)any command to check the logs arrive in smart connector?

3)Any troubleshooting step /advise?


Many Thanks


Regards,

Dickson

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Highlighted
New Member.

Ways to check:

1. Look at the final destination, i.e. Logger / Express / ESM.

2. View connector logs at <installation path>/current/logs/agent.wrapper.out.log*

For (2), watch out for lines like: "First event from [deviceVendor|deviceProduct|deviceHostName|deviceAddress] received". This should help.

If you do not see these, check the following:

1. Device can ping connector.

2. The local firewall on the connector server has the port open.

3. Firewall in between devices has port open.

4. Also watch out for "First event" messages identifying devices that are not familiar to you. Occasionally the events may not get parsed correctly.

View solution in original post

8 Replies
Highlighted
Absent Member.
Absent Member.

Hi Dickson,

As far as I know, there's no definitive way of checking logs from specific devices locally on the SmartConnector server. However, you can check if a particular device is reporting or not from the console.

Simply run the Get status command (i.e. Right click on the connector --> Send Command --> Get Status). The output file would contain the hostname/IPs of devices that have reported to the Connector since last restart.

Hope this helps!

0 Likes
Highlighted
New Member.

Ways to check:

1. Look at the final destination, i.e. Logger / Express / ESM.

2. View connector logs at <installation path>/current/logs/agent.wrapper.out.log*

For (2), watch out for lines like: "First event from [deviceVendor|deviceProduct|deviceHostName|deviceAddress] received". This should help.

If you do not see these, check the following:

1. Device can ping connector.

2. The local firewall on the connector server has the port open.

3. Firewall in between devices has port open.

4. Also watch out for "First event" messages identifying devices that are not familiar to you. Occasionally the events may not get parsed correctly.

View solution in original post

Highlighted
Respected Contributor.
Respected Contributor.

Hi @vluiz1 ,

I have some routers sending configuration change logs integrated to a smart connector. The EPS is very low for these devices (3-4 logs in 10-15 days). It is very difficult to check for log stoppage from these devices since we cannot call them in log stoppage rule.

Please suggest some way to find out whether we can configure some test events sent from routers to connector to check the connectivity between the device and smart connector.

 

Regards,

Mitesh Agrawal

0 Likes
Highlighted
Absent Member.
Absent Member.

Hi Arita,

For the get status command

The output file would contain the hostname / IPs of devices that have reported to the Connector since last restart.

"since last restart " is referring the device since last restart or the connector since last restart?

0 Likes
Highlighted
Absent Member.
Absent Member.

Hi Vijay,

Thanks for advise.

I will try on that



Highlighted
Absent Member.
Absent Member.

It refers to connector's last restart.

0 Likes
Highlighted
Super Contributor.
Super Contributor.

Would suggest you create a cef log file or csv log file destination on the smartconnector itself via runagentsetup.


Let it run for a while and check the logs in the user/cef or user/csv directory. This would be the logs received by the smartconnector. 

Once done,  remove the local file destinations as there is ***No*** log rotation settings available.

 

0 Likes
Highlighted
Valued Contributor.
Valued Contributor.
1 ) You can enable deviceStatus monitoring and set a value in miliseconds like 300000 / 1000 => 5 min.
2) reboot connector(s)
3) Create an A.Channel and filter for deviceEvenClassId = agent:043. That event is produced by connector to keep track of your devices. Look for the field deviceCustomNumber2. If the device is noisy the value will be set to a number since last count (SLC)

Also, you can use pre-built ESM content to track your devices in a Dashboard or built a custom rule to tigger an alert based on agent:043
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.