Hi auy!
Usually I would do a search on the raw events, but since you do not have a device name or IP address available to match on it is a bit trickier.
Identifying unknown messages or events - How to find or export unknown event ID''s into a file.
From a command prompt in the %_ENVISION%\bin folder, run either
- For undefined messages in a device that is properly discovered…
Lsdata –events syslog –time <start time> <end time> -devices <device ip/type>(undefined) > filename
- For a device that discovers as unknown…
Lsdata –events syslog –time <start time> <end time> -devices <device ip> > filename
For the <start time> <end time> parameters, you can use just the words “start” and “end”, which covers the entire range of data, or you can specify a time in yyyymmddhhmmss format…. 20040423120000
Examples:
For a single device…
Lsdata –events syslog –time start end -devices 10.10.20.1(undefined) > c:\temp\10_10_20_1.txt
Lsdata –events syslog –time 20040423120000 20040423130000 end -devices 10.10.20.1(undefined) > c:\temp\10_10_20_1.txt
For all devices of a specific type…
Lsdata –events syslog –time start end -devices ciscopix(undefined) > c:\temp\ciscopix.txt
Lsdata –events syslog –time 20040423120000 20040423130000 end -devices ciscopix(undefined) > c:\temp\ciscopix.txt
For an “unknown” device…
Lsdata –events syslog –time start end -devices 10.10.20.5 > c:\temp\unknown.txt
To get a listing of message ID’s in the indexes and see if there are any undefined messages, you can use this command…
Lsdata –i –time start end -devices 10.10.20.1 > c:\temp\index.txt
Lsdata –i –time start end -devices ciscopix > c:\temp\index.txt
To dump to csv file use this…
Lsdata –d 2 -time start end –devices ciscopix > output.cs
Kind Regards,
dm
[Please remember Kudos are a great way to say "Thanks" if it helps!]
