Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1308
Views
22
Helpful
7
Replies

[RTMT-ALERT-StandAloneCluster] SyslogSeverityMatchFound

Eng Yeong Ng
Level 1
Level 1

‎12-14-2014 07:19 PM - edited ‎03-17-2019 01:19 AM

Hi Sir / Mdm. 

 

Good Day, i received the alert message.  i had checked the CAPF cert still valid till 2017.

 

<WARNING> This message is sent automatically and the identity of the sender can not be technically verified </WARNING> 

At Mon Dec 08 08:00:36 SGT 2014 on node 17x.1x.7x.2x, the following SyslogSeverityMatchFound events generated:  
SeverityMatch : Critical 
MatchedEvent : Dec  8 08:00:06 XXXXX local7 2 : 34: XXXXX: Dec 08 2014 00:00:06.412 UTC :  %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification. Certificate name:CAPF-9c7ac210.der Unit:CallManager-trust Type:own-cert Expiration:Mon Dec 1][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=XXXXX]: Alarm to indicate that Certificate has Expired or Expires in less than seven days 
AppID : Cisco Syslog Agent 
ClusterID :  
NodeID : XXXXX 
TimeStamp : Mon Dec 08 08:00:06 SGT 2014

Thanks for help.

 

Labels:
0 Helpful
7 Replies 7

kelvinffhan
Level 1
Level 1

‎12-14-2014 10:08 PM

Anyone can helping on this issue? I also facing the same issue. Appreciate that.

In fact I found something related but unfortunately the link seems no longer available in Cisco.com.

https://supportforums.cisco.com/discussion/11715056/rtmt-alert-syslogseveritymatchfound

George Thomas
Level 10
Level 10
In response to kelvinffhan

‎12-15-2014 10:37 AM

CAPF is the component that is used to put your cluster in mixed mode. Mixed mode is when calls between endpoints uses SRTP and the signaling is encrypted using TLS. Do you know if your cluster is in mixed mode? This can be found from the Enterprise parameters. 

Please rate useful posts.

kelvinffhan
Level 1
Level 1
In response to George Thomas

‎12-15-2014 04:37 PM

Thanks George for your expertise advice.

I do not think my client running any SRTP in the environment. By the way, for my learning purpose, to check whether I am in the mixed mode we just go to the Enterprise Parameter > LBM Security Mode ?

 

 

George Thomas
Level 10
Level 10
In response to kelvinffhan

‎12-15-2014 04:40 PM

Thats not the parameter, its 'Cluster Security Mode ' and if the value is 0, then the cluster is not mixed mode but if its 1, then the cluster is in mixed mode.

Please rate useful posts.

Eng Yeong Ng
Level 1
Level 1
In response to George Thomas

‎12-15-2014 08:01 PM

Hi George , 

Good Day, Thanks for the advice.  

 

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎12-15-2014 04:48 PM

when you look at the crt's PEM through OS administration>security>certificate management, does it actually say that the cert is valid until 2017?

 

If it is, remove it, upload it again and restart CAPF and CTL service.

 

If it isn't, well, then replace the cert and restart CAPF and CTL services

Please remember to rate useful posts, by clicking on the stars below.

Eng Yeong Ng
Level 1
Level 1
In response to Dennis Mink

‎12-15-2014 08:02 PM

Hi Dennis. 

Good Day, Thanks for your advise.

0 Helpful
Customers Also Viewed These Support Documents