ACE and ANM, Syslog and SNMP Traps
Hi guys.. another ACE/ANM question.
I configured the ACE devices to send Syslog and SNMP messages to the ANM server. But i got a couple of questions:
Whats the difference between using the:
logging history 4 (this would send logging messages as SNMP traps according to doc)
And:
snmp-server host x.x.x.x traps version 2c public
snmp-server trap-source vlan 1000
This of course I think should do the same..
The funny and weird thing, in the ANM Event viewer, I can only see syslog messages, not one snmp event.
Thanks!
Omar
PS: ACE ver A2.4
ANM Ver 4.2
Hi Omar,
Let's see if I can clarify your questions.
As you mentioned, the "logging history 4" command specifies that, syslog messages of severity 4 and higher will be sent as SNMP traps. After you configure it, you need the "snmp-server host x.x.x.x traps version 2c public" command to specify what will be the destination IP and SNMP community for these traps.
It would only make sense to use the "logging history 4" command if your monitoring application doesn't support receiving syslog messages. However, since ANM is able to get syslog messages from the ACE without issues, I would just configure a destination for syslog message instead (with "logging host x.x.x.x")
I hope this makes this point more clear.
Now, moving on to why you are not seeing any SNMP traps in your ANM, the first things you would need to check are:
-- Did you enable traps? You would use the "ACE(config)# snmp-server enable traps" command for this
-- Are traps being sent? You can use the "show snmp" command and check if the "Trap PDUs" counter increases
-- Is ANM getting these traps? This is the most complicated step. For this, I would recommend getting a traffic capture on the ANM server (if it's installed on linux) or as close as possible to it if it's a ANM appliance
I hope this helps
Daniel
Similar Messages
-
Hi experts,
I'm searching some information about the possebilities with SolMan and SNMP traps.
I know that it is possible to send SNMP traps from SolMan to e.g. an external monitoring tool, to send alert information (CCMS/RZ20) to this monitoring tool.
But is it possibel to recieve SNMP traps in SolMan and e.g. create Service Desk tickets out of them?
Thanks
ThomasThomas,
Can you please share your experience about sending SNMP traps to solution manager? I am trying to find information on how to configure Solution Manager for receiving the SNMP traps. Please guide me on this.
Thanks
DG -
I have a 3750 cluster and I want to know what are the recommended snmp traps to be sent. We definitely want to know when one of the switches in the cluster fails.
I've read about snmp-server enable traps stackwise and snmp-server enable traps cluster. What do these traps actually do?stackwise would be useful, here's a description:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=ciscoStackWiseMIB&translate=Translate&submitValue=SUBMIT
also have a look at:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/13ew/command/reference/S1.html#wp1126420 -
SF300/SG300 and SNMP Traps
Hello,
as mentioned in the documentation, the SF300/SG300 series switches are capable of sending SNMP-Traps.
What kind of SNMP traps are they sending? I need "Link Up / Link Down" Traps. Do the switches send such traps or is it possible to configure these switches to send them?
Thanks a lot,
MarcoHi,
Here is a link to the Data Sheet on the 300's:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps10898/data_sheet_c78-610061.html
It states that SNMP versions 1, 2c, and 3 with support for traps, and SNMP version 3 user-based security model (USM)
So you should be able to configure "Link Up / Link Down" Traps. See chapter 19 Configuring SNMP:
http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
Thanks,
Nick -
Hello!
We have some troube with forklifter terminals that often lose connection to SAP. In SM21 I see the entry "lost connection to user xy". Is there a way to send out an SNMP trap when this error occurs? I could then use a tool like PRTG to create statistics over a longer timeframe.
kind regards, PeterThomas,
Can you please share your experience about sending SNMP traps to solution manager? I am trying to find information on how to configure Solution Manager for receiving the SNMP traps. Please guide me on this.
Thanks
DG -
IPM 4.2 and SNMP trap.
Hello at all.
We are using IPM 4.2 to configure SLA operations on 7201 with software 12.4(24)T4, downgraded from 15.0 because IPM cannot configure collectors.
When we receive a trap the tag is empty for all collectors.
Performing a SNMP Walk on rttMonCtrlAdminTag we can see the tag.
When we manually define a collector the originated trap has tag populated correctly.
In this last case we can use tag with more than 15 chars also.
Regards.
AndreaAs stated in the other IP SLA thread, you are seeing CSCte85239. The bug was filed against 12.4(15)T, and wasn't fixed until 15.1(3)T. However, as you found, the 15.0(1)M4 image was not affected by the bug as it must have been branched before the bug was introduced.
As a workaround, given that you have EEM 3.0 support in 12.4(24)T, you could create an applet that sends a customized trap with all of the necessary data. See https://supportforums.cisco.com/docs/DOC-11745 for details on how to create customized traps using EEM. Essentially, you will create an EEM applet (or Tcl) policy that intercepts the required IP SLA reaction condition, then runs the necessary show commands to extract the parameters you need to generate the trap you want. This one policy could be defined outside of IPM, but it could be used for all collectors on the device. -
Grid Control Scripts and SNMP Traps
Hi guys,
Does anyone knows here where i could find some good Grid Control Scripts for monitoring purposes?
Thanks!The database monitoring is done by GC (thats a reason why GC is used) and you can create a SMS if something is wrong with the DB.
If you create backups using RMAN a lot of backup info can be found in the repository. So you can create a User Defined Metric checking for instance if the last backup date is before sysdate -1. If yes you will see a warning/alert.
Eric -
Snmp trap versus syslog message
Hi,
Most network devices will send snmp traps and syslog messages to a central server.
For analyzing purpose this server runs software to display the messages or traps.
My question is, what is the difference between syslog messages and snmp traps?
What is best practise?
Thank you very much.
HansruediFrom the very basic level, traps and syslog differ in the encoding. Syslog messages are typically text messages sent within a UDP packet. There is a bit of binary encoding to indicate the syslog facility and severity. SNMP traps have encoded ASN.1 fields (called variable bindings). These varbinds are not ASCII text like syslog messages. Instead they are encoded object identifiers that can be translated into object names using MIB definitions.
More syslog messages exist than SNMP traps because syslog messages do not have as much governance associated with them. However, we typically recommend that customers enable both as there are some details available in traps that you may not get in syslog messages. Traps can also be processed in a more programmatic fashion because of the documentation that goes into the MIBs that define them. -
Concerning the Syslog logging and SNMP traps, what is the difference.
I have seen that syslog is more for troubleshooting, but does syslog, when set to log "debugging", offer the same level of information that SNMP traps do?
For example, can you get real time config changes via syslog as you can with SNMP?
If so, why use both?syslog will send whatever you can see on the CLI of the device at a maximum of a debug level as you say.
for SNMP traps related to configuration changes, you can use the mibs depending on the events you want to know about.
If we take for example the config traps, they are part of
CISCO-CONFIG-MAN-MIB. That mib can send traps with the following OIDs:
ftp://ftp.cisco.com/pub/mibs/oid/CISCO-CONFIG-MAN-MIB.oid
When you will go through that you will realize that the CONFIG mib and the syslog provide you with the same information: the CONFIG mib will not have more information than the syslog message.
If you use the snmp object navigator, you will find for every OID what the function is:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en
A good paper about what traps are part of which mib:
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a05.shtml
SNMP traps are a good way to gather information from the router without spiking the cpu with turning on CLI debug level. The CLI debug level is usually the most complete information you can get from a router anyways. -
Syslog & SNMP Traps:- Does LMS 3.1 need to receive both?
Do my switches need to send both syslog and SNMP traps to LMS 3.1 or should I configure for either syslog or SNMP Traps, but not both?
Thanks
JamesWell "needs to", no
Syslog
RME configuration management works better if it can detect config changes via syslog.
The syslog reports depend on it, so do the "automated actions" since they are based on syslog messages
Traps
Fault management can interpret a few traps but does most of its detecting via snmp get.
LMS will work without it but I think it is worthwhile to configure the devices to send traps and syslog.
Cheers,
Michel -
Remove any logging, or snmp trap hosts for the IP addresses in ASA 5550
I want to remove any syslog or snmp trap host related to an ip address for example 10.32.1.10. how can i get that specific line in running configuration related to specific ip address so that i can remove those lines?
Hi,
You can remove the logging host using this command:-
no logging host inside 10.32.1.10
You can check in "show run logging"
For SNMP host ,
no snmp-server host inside 192.0.2.5
Check using show run snmp-server
Thanks and Regards,
Vibhor Amrodia -
LMS 3.2.1 integration with Clarity NMS for snmp trap forwarding
Our client have integrated Clarity NMS to Ciscoworks LMS 3.2.1. So far they are receiving raw alarms/snmp traps but it lacks information/inventory of the originating device. Kindly see sample raw alarms below:
2420: 2011-11-25 12:10:46 Received trap ==> Received SNMPv1 Trap
Community=ciscoworks
Enterprise=1.3.6.1.6.3.1.1.5
Generip trap type=2
Specific Trap Type=0
Trap From=10.220.10.1
Trap ID=1.3.6.1.6.3.1.1.5.2
Trap Time=-1436283373
1.3.6.1.2.1.2.2.1.1.83=83
1.3.6.1.2.1.2.2.1.2.83=GigabitEthernet1/40
1.3.6.1.2.1.2.2.1.3.83=6
1.3.6.1.4.1.9.2.2.1.1.20.83=Lost Carrier
EndTrap
10933: 2011-11-24 11:57:53 Received trap ==> Received SNMPv1 Trap
Community=ciscoworks
Enterprise=1.3.6.1.4.1.9.1.291
Generip trap type=2
Specific Trap Type=0
Trap From=10.220.10.1
Trap ID=1.3.6.1.4.1.9.1.291.2
Trap Time=1628056965
1.3.6.1.2.1.2.2.1.1.8=8
1.3.6.1.2.1.2.2.1.2.8=E1 0/0/0
1.3.6.1.2.1.2.2.1.3.8=18
EndTrap
As you can see, those raw alarms doesn’t contain any information about the originating equipment or the physical card, port related information where those alarms were generated. Instead those alarms received are just NMS level alarms.
How do we resolve this so that the inventory of the equipment would be part of the trap to be received by Clarity from Ciscoworks.Hi,
Is the issue you have the source IP address of the forwarded trap? Per RFC it is the IP of the actual device sending the trap. The originating IP should be contained within the packet. I have included some additional information you may find helpful.
Q. What is the difference between SNMP Raw Trap Forwarding and SNMP Trap alert/event Trap Forwarding? Does DFM support both?
A. You can configure raw trap forwarding at DFM > Other configuration > SNMP Trap forwarding, and processed event/alert trap forwarding at DFM > Notification Services > SNMP Trap Forwarding. Processed trap is "when DFM receives certain SNMP traps, it analyzes the data found in fields (Enterprise/Generic trap identifier/Specific Trap identifier/variable−bindings) of each SNMP trap message, and changes the property value of the object property (if required)". Raw trap is the trap that the device forwards to DFM and DFM has yet to process it. For more information, refer to the DFM User Guide. Yes, DFM supports both ways of trap forwarding.
http://www.cisco.com/en/US/products/sw/cscowork/ps2421/products_qanda_item09186a0080a9b35b.shtml
DFM will only forward SNMP traps from devices in the DFM inventory. It will not change the trap format—it will forward the raw trap in the format in which the trap was received from the device. However, you must enable SNMP on your devices and you must do one of the following:
Configure SNMP to send traps directly to DFM
Integrate SNMP trap receiving with an NMS or a trap daemon
The versions of SNMP traps supported by DFM are described in SNMP and ICMP Polling. For information on forwarding processed and pass-through traps, see Processed and Pass-Through Traps, and Unidentified Traps and Events.
Pass-through traps are traps that DFM receives from devices that are not in the DFM inventory, and DFM has not processed. Forwarding these traps is controlled using Configuration > Other Configurations > SNMP Trap Forwarding. These traps are shown in the Alerts and Activities display because of their relevance to fault monitoring. Pass-through traps are displayed as follows:
As one of the following events:
> InformAlarm
> MinorAlarm
> MajorAlarm
With the device type and the device name from which it was generated.
If DFM does not know which device generated the trap, it ignores the trap. Pass-through traps will be cleared after a default interval of 10 minutes to one hour
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_device_fault_manager/3.2/user/guide/dfm32ug_Book.html -
Hello expert,
Currently my SolMan system serve as central ccms monitoring, some of the alerts are sending email alert as auto reaction method.
But recently there is request to send the alert to 3rd party non SAP monitoring tool. I am thinking of SNMP traps. but question is each MTE can only have 1 auto reaction method, if i change it to use SNMP traps, so my exisitng email alert is not able to working parallel?
please advise.
thank you
kellyDear Kelly,
You may find the following document useful when using CCMS and SNMP Traps.
> https://websmp109.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700001606922004E
Regards,
Paul -
Hello,
I have TT over Windows 32 bit (stand alone).
I'm trying to configure SNMP traps in order to maintain Alerts for the TimesTen database.
I've followed the doc *"Oracle Times Ten In-Memory Database Error Messages and SNMP Traps"*,
and comfigured the snmp.ini file.
However, when I'm trying to use the utility snmptrapd.exe in order to start listening to the snmp traps and doing my tests, I'm getting an error: snmptrapd.exe is not a valid Win32 application, and in the CMD window I also see *"Access is denied"* error.
My user in the Administrators group.
Why do I receive the error and how can I overcome it ?
Thanks in advance,
Roni.Hi Roni,
Getting this executable working independently of TimesTen is the first thing to look at.
- Where did you get the snmptrapd.exe executable from?
- Make sure that you get this executable from a known reputable source.
There are viruses out there that use this name.
- The MKS version of this utility is supported on Windows 2000, Windows XP, Windows Server 2003 and Vista.
- Make sure that you have the correct version of the executable for your Windows platform.
Doug -
Anm 4.1 support for receiving snmp traps from CSS / ACE
Hi
Does anyone have an ANM 4.1 installation that is accepting snmp traps from their CSSes / ACEs?
If I configure CSSes / ACEs to send snmp v1 traps to anm, they never appear in the Monitor -> Events view.
I've tried both the ANM 4.1 Virtual Appliance and ANM 4.1 running on RHEL and it seems that there's nothing listening on udp port 162 to receive the snmp traps.
From the virtual appliance:
admin# show ports
Process : java (5999)
tcp: 0.0.0.0:40000, 0.0.0.0:40001, 127.0.0.1:10023, 0.0.0.0:10443, 0.0.0.0:
10003, 0.0.0.0:10004, 0.0.0.0:8443
udp: 0.0.0.0:39182, 0.0.0.0:10003, 0.0.0.0:6120
Process : rpc.statd (2348)
tcp: 0.0.0.0:834
udp: 0.0.0.0:828, 0.0.0.0:831
Process : mysqld (3125)
tcp: 0.0.0.0:3306
Process : java (5992)
tcp: 0.0.0.0:10444, 0.0.0.0:10445
Process : portmap (2312)
tcp: 0.0.0.0:111
udp: 0.0.0.0:111
Process : monit (2779)
tcp: 0.0.0.0:2812
Process : java (2952)
tcp: :::40002
Process : java (2966)
tcp: :::40003
Process : sshd (2625)
tcp: :::22
Process : ntpd (2606)
udp: 127.0.0.1:123, 0.0.0.0:123, ::1:123, :::123
I notice that port 443 isn't in here and I'm accessing the web interface using this port so perhaps there's something else going on behind the scenes.
Can anyone point me in the right direction to get snmp traps shown as events in ANM 4.1?
Thanks very muchhi.
as per documentation:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/application_networking_manager/4.1/user/guide/UG_monitor.html#wp1176870
you need to send snmpv2 to anm. can you try v2 traps and see if it works?
Regards,
Fadi.
Maybe you are looking for
-
RG1 Register Opening and Closing balance
Dear Expert, As per Snote 951955 for Initial RG1 register update whether we have to give the opening Quantity in the table J_2IRG1BAL along with material form. Can we re extract after updating this values in table J_2IRG1BAL will the value come . Als
-
I have many old CDs with files. In order to organize and search them, I would like to make a searchable file listing all the documents on the CDs. I once did this in DOS (it was a "list files" command). Is there anyway to do it in OS X-- Maverick?
-
How do i increase the font size on the desk top
i am new to the mac and would like some help using it
-
Hot to get group name in obiee 11g
Hi All, We have a requirement that whenever user login in answers, based on his group he should be able to see only his department data.If some how captures the group name we can filter the data by assisgning the group name to the variable but we stu
-
Placing a semi-transparent area on top of a picture
CS3 I need to place some text on a photo, and to make it possible to read the text clearly, I want to place an area with a single colour on top of the picture - and the text on top of the are. But how can I make this area semi transparent? Thanks