Description - this page explains why the syslog messages are not shown in UCCX Syslog drilldown and the the solution to fixing it.

After setting up UCCX syslogs to be sent to Prognosis monitoring server, the syslog messages however are not displayed in the UCCX  - Syslog drilldown page, it just shows blank page.

To troubleshoot this issue, first we will need to make sure the UCCX is sending syslog packets to Prognosis monitoring server. This can be verified by running a Wireshark capture from the monitoring server and check the syslog protocol. This is performed and validated.

Next, tested the Syslog displays from Knowledge > Collaborate > Syslog > Displays > Syslog Messages - All, this page actually does shows the syslog messages, this further confirms that Prognosis can actually parse the syslog packets properly and show them in Syslog related displays.

The reason that the syslog messages are not shown in UCCX syslog drilldown page is that the SYSLOG static configuration needs to map the syslog packets to the monitored UCCX device name, eg, in the line below:

MAP DEVICE(<incomingIP>[:<syslogPort>], device=<DeviceName>, customer=<Customer>, site=<Site>, [cluster=<ClusterName>,] vendor=<Vendor>, type=<Type>)

Out of box, [cluster=<ClusterName>] is optional, and by default, it is empty, therefore the Syslog collector cannot map the received packets to the actual UCCX name, so the drilldown page shows blank.

For UCCX syslog monitoring, this cluster needs to be configured. 

A working example as below:

MAP DEVICE(192.168.19.26, device=TESTUCCX, cluster=TESTUCCX, "customer=IR", "site=DENVER", vendor=Ci, type=Cx)