14-11
User Guide for Resource Manager Essentials 4.1
OL-11714-01
Chapter 14 Enabling and Tracking Syslogs Using Syslog Analyzer and Collector
Using Syslog Service on Windows
See:
Setting the Backup Policy
Setting the Purge Policy
Performing a Forced Purge
Defining Custom Report Templates
Defining Custom Report Templates
Defining Automated Actions
Defining Message Filters
Step 4 Generate various reports such as Custom Summary report, Severity Level Summary report, Standard
Report, Unexpected Device report and Workflow report. See:
Overview: Syslog Analyzer Reports
Generating a Syslog Custom Summary Report
Generating a Severity Level Summary Report
Generating a Standard Report
Generating an Unexpected Device Report

Using Syslog Service on Windows

System message logging is not part of the Windows operating system. Therefore, the CiscoWorks Server
provides logging service to Windows users.
The logging service saves each system message to NMSROOT\log\syslog.log (where NMSROOT is the
RME installation directory).
Syslog Analyzer reads and processes the messages in this file, and writes them to the RME database.
The Syslog processes use the database information to generate Syslog reports.
When the syslog.log file gets too big, you can stop the Syslog Analyzer (Start > Settings > Control
Panel > Services) and delete the log file.
Note View the Permission Report (Common Services > Server > Reports) to check if you have the required
privileges to perform this task.
Step 1 Select Common Services > Server > Admin > Processes.
The Process Management dialog box appears.
Step 2 Select SyslogCollector and click Stop.
Step 3 Open the Windows Control Panel and select Administrative tools > Services.
Step 4 Select CWCS syslog service, and click Stop.
Step 5 Delete the NMSROOT\log\syslog.log file.
To restart the syslog service in the Control Panel, click Start next to the CWCS syslog service.