Meraki

Community

Delay in event log messages

rhbirkelund
Kind of a big deal
Kind of a big deal
‎Mar 20 2019 5:56 AM
‎Mar 20 2019 5:56 AM

Delay in event log messages

Is there a 20 minute delay in event logs?

At 13:54, the log entry at 13:30 appeared. Even after refresh, as well as clicking Network Wide -> Event log, several times in between.

mfc-log-delay.PNG

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
8 Replies 8
natuan
Here to help
‎Mar 20 2019 6:07 AM
‎Mar 20 2019 6:07 AM

maybe there are no event logs on the MX during that time.
e.g: at 12:50 you only see the log at 12:30
0 Kudos
In response to natuan
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Mar 20 2019 6:14 AM
‎Mar 20 2019 6:14 AM

I checked in on the Event log at 14:06 and nothing. Shortly thereafter;

mfc-log-delay2.PNG

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
In response to rhbirkelund
natuan
Here to help
‎Mar 20 2019 6:22 AM
‎Mar 20 2019 6:22 AM

I'm not good at math but

- at 13:54 you cannot see the log of 14:00

- at 14:06 you can see the log of 14:00

 

it's natural.

 

If you have another network, you can check the delay

0 Kudos
In response to natuan
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Mar 20 2019 6:41 AM
‎Mar 20 2019 6:41 AM

@natuan wrote:

I'm not good at math but

- at 13:54 you cannot see the log of 14:00

- at 14:06 you can see the log of 14:00

 

it's natural.

 

If you have another network, you can check the delay

No. I could not see the log entry at 13:30, untill 13:54. 

The entry at 14:00, did not appear until at 14:07.

 

Another thing I'm curioust about is that I have difficulty in believing that I'm getting the same two "Source IP and/or VLAN mismatch" events every 30 minutes, precisely on the second, for the last month. 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
In response to rhbirkelund
Ockmeyer
New here
‎Jul 23 2019 2:04 PM
‎Jul 23 2019 2:04 PM

Has anyone gotten an answer to this?  My meraki logs show about a 10 minute delay.

0 Kudos
In response to Ockmeyer
WillN
Getting noticed
‎Jan 24 2020 10:32 AM
‎Jan 24 2020 10:32 AM

There seems to be a fair amount of alarm suppression happening (event log presentation)

Noticed that something like blocked malware is about an hour lead time until it shows in logs and sends alerts.
15 minutes (approx) for cellular up/down
Down is 5-10 minutes
Failover approx 5mins


It could mean that these alerts have different values, or that the boxes when getting lots of event log hits, place notification on a lower priority and that accounts for the delays in alerts being sent and logs being populated

0 Kudos
In response to WillN
Justin1234
Here to help
‎Oct 21 2020 3:03 PM
‎Oct 21 2020 3:03 PM

Same issue here. Got on at 17:50. Kept refreshing constantly, no log messages after 17:44. Finally at 18:01 2 1/2 pages of new entries showed up. Do they only update every 15 minutes? Makes troubleshooting VPNs and such quite difficult.

0 Kudos
JuhaPalomaki
New here
‎Jan 17 2020 2:59 AM
‎Jan 17 2020 2:59 AM

I noticed the same issue. It took at least 20 minutes before the logs where showing in the "Event log" search.  I don't think it has been this slow in the past. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.