syslogdm random crashing

Wondered if anyone is successfully using IMC as a syslog server.

We are a small network of around 40 windows servers and trying to use IMC to store the windows event logs and other syslog info.

We have Snare agent installed on the windows boxes to output windows events to a syslog server.

IMC seems to received data fine, but after anywhere between 10 minutes and 10 hours the syslog browser shows no new data, and a check of the imcsyslogdm log file shos an error (-1) at the same time of the last successful record...

2009-09-14 10:01:25 Connection closed.

I can find no other error messages and nothing in the windows event log of the IMC server. The IMC Deployment Monitoring Agent still shows imcsyslogdm.exe as "started", and if I stop/start the process then IMC continues to received syslog data for a period of time..until it crashes again in a few minutes or hours.

Anyone else experienced similar issues or are using syslog with no problems?


Re: syslogdm random crashing

I am experiencing the same issues...

HPE support made me undeploy the syslog module and deploy it gain but it has no effect...


Re: syslogdm random crashing

You can look at the log on the IMC server <IMC install dir>/server/conf/log/imcsyslogdm.<date>.txt

The only thing beyond that I could think to check is that no other syslog daemons are trying to run on the server - binding to the syslog port.  Granted if this were the case I would expect syslogdm would fail to start entirely.


Re: syslogdm random crashing

My guess is that there's some event coming through with a format that it doesn't like.

If you're keen, you could run Wireshark/tcpdump to capture the incoming syslogs, and watch for when syslogdm crashes. Then look back through the packet captures to see what was received at that time.