ACE and ANM, Syslog and SNMP Traps

Similar Messages

• SolMan and SNMP traps?

  Hi experts,
  I'm searching some information about the possebilities with SolMan and SNMP traps.
  I know that it is possible to send SNMP traps from SolMan to e.g. an external monitoring tool, to send alert information (CCMS/RZ20) to this monitoring tool.
  But is it possibel to recieve SNMP traps in SolMan and e.g. create Service Desk tickets out of them?
  Thanks
  Thomas

  Thomas,
               Can you please share your experience about sending SNMP traps to solution manager? I am trying to find information on how to configure Solution Manager for receiving the SNMP traps. Please guide me on this.
  Thanks
  DG

• 3750 Cluster and SNMP traps

  I have a 3750 cluster and I want to know what are the recommended snmp traps to be sent.  We definitely want to know when one of the switches in the cluster fails.
  I've read about snmp-server enable traps stackwise and snmp-server enable traps cluster.    What do these traps actually do?

  stackwise would be useful, here's a description:
  http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=ciscoStackWiseMIB&translate=Translate&submitValue=SUBMIT
  also have a look at:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/13ew/command/reference/S1.html#wp1126420

• SF300/SG300 and SNMP Traps

  Hello,
  as mentioned in the documentation, the SF300/SG300 series switches are capable of sending SNMP-Traps.
  What kind of SNMP traps are they sending? I need "Link Up / Link Down" Traps. Do the switches send such traps or is it possible to configure these switches to send them?
  Thanks a lot,
  Marco

  Hi,
  Here is a link to the Data Sheet on the 300's:
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps10898/data_sheet_c78-610061.html
  It states that SNMP versions 1, 2c, and 3 with support for traps, and SNMP version 3 user-based security model (USM)
  So you should be able to configure "Link Up / Link Down" Traps. See chapter 19 Configuring SNMP:
  http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
  Thanks,
  Nick

• SM21 and SNMP-traps?

  Hello!
  We have some troube with forklifter terminals that often lose connection to SAP. In SM21 I see the entry "lost connection to user xy". Is there a way to send out an SNMP trap when this error occurs? I could then use a tool like PRTG to create statistics over a longer timeframe.
  kind regards, Peter

  Thomas,
               Can you please share your experience about sending SNMP traps to solution manager? I am trying to find information on how to configure Solution Manager for receiving the SNMP traps. Please guide me on this.
  Thanks
  DG

• IPM 4.2 and SNMP trap.

  Hello at all.
  We are using IPM 4.2 to configure SLA operations on 7201 with software 12.4(24)T4, downgraded from 15.0 because IPM cannot configure collectors.
  When we receive a trap the tag is empty for all collectors.
  Performing a SNMP Walk on rttMonCtrlAdminTag we can see the tag.
  When we manually define a collector the originated trap has tag populated correctly.
  In this last case we can use tag with more than 15 chars also.
  Regards.
  Andrea

  As stated in the other IP SLA thread, you are seeing CSCte85239.  The bug was filed against 12.4(15)T, and wasn't fixed until 15.1(3)T.  However, as you found, the 15.0(1)M4 image was not affected by the bug as it must have been branched before the bug was introduced.
  As a workaround, given that you have EEM 3.0 support in 12.4(24)T, you could create an applet that sends a customized trap with all of the necessary data.  See https://supportforums.cisco.com/docs/DOC-11745 for details on how to create customized traps using EEM.  Essentially, you will create an EEM applet (or Tcl) policy that intercepts the required IP SLA reaction condition, then runs the necessary show commands to extract the parameters you need to generate the trap you want.  This one policy could be defined outside of IPM, but it could be used for all collectors on the device.

• Grid Control Scripts and SNMP Traps

  Hi guys,
  Does anyone knows here where i could find some good Grid Control Scripts for monitoring purposes?
  Thanks!

  The database monitoring is done by GC (thats a reason why GC is used) and you can create a SMS if something is wrong with the DB.
  If you create backups using RMAN a lot of backup info can be found in the repository. So you can create a User Defined Metric checking for instance if the last backup date is before sysdate -1. If yes you will see a warning/alert.
  Eric

• Snmp trap versus syslog message

  Hi,
  Most network devices will send snmp traps and syslog messages to a central server.
  For analyzing purpose this server runs software to display the messages or traps.
  My question is, what is the difference between syslog messages and snmp traps?
  What is best practise?
  Thank you very much.
  Hansruedi

  From the very basic level, traps and syslog differ in the encoding.  Syslog messages are typically text messages sent within a UDP packet.  There is a bit of binary encoding to indicate the syslog facility and severity.  SNMP traps have encoded ASN.1 fields (called variable bindings).  These varbinds are not ASCII text like syslog messages.  Instead they are encoded object identifiers that can be translated into object names using MIB definitions.
  More syslog messages exist than SNMP traps because syslog messages do not have as much governance associated with them.  However, we typically recommend that customers enable both as there are some details available in traps that you may not get in syslog messages.  Traps can also be processed in a more programmatic fashion because of the documentation that goes into the MIBs that define them.

• Syslog traps vs SNMP traps

  Concerning the Syslog logging and SNMP traps, what is the difference.
  I have seen that syslog is more for troubleshooting, but does syslog, when set to log "debugging", offer the same level of information that SNMP traps do?
  For example, can you get real time config changes via syslog as you can with SNMP?
  If so, why use both?

  syslog will send whatever you can see on the CLI of the device at a maximum of a debug level as you say.
  for SNMP traps related to configuration changes, you can use the mibs depending on the events you want to know about.
  If we take for example the config traps, they are part of
  CISCO-CONFIG-MAN-MIB. That mib can send traps with the following OIDs:
  ftp://ftp.cisco.com/pub/mibs/oid/CISCO-CONFIG-MAN-MIB.oid
  When you will go through that you will realize that the CONFIG mib and the syslog provide you with the same information: the CONFIG mib will not have more information than the syslog message.
  If you use the snmp object navigator, you will find for every OID what the function is:
  http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en
  A good paper about what traps are part of which mib:
  http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a05.shtml
  SNMP traps are a good way to gather information from the router without spiking the cpu with turning on CLI debug level. The CLI debug level is usually the most complete information you can get from a router anyways.

• Syslog & SNMP Traps:- Does LMS 3.1 need to receive both?

  Do my switches need to send both syslog and SNMP traps to LMS 3.1 or should I configure for either syslog or SNMP Traps, but not both?
  Thanks
  James

  Well "needs to", no
  Syslog
  RME configuration management works better if it can detect config changes via syslog.
  The syslog reports depend on it, so do the "automated actions" since they are based on syslog messages
  Traps
  Fault management can interpret a few traps but does most of its detecting via snmp get.
  LMS will work without it but I think it is worthwhile to configure the devices to send traps and syslog.
  Cheers,
  Michel

• Remove any logging, or snmp trap hosts for the IP addresses in ASA 5550

  I want to remove any syslog or snmp trap host related to an ip address for example 10.32.1.10. how can i get that specific line in running configuration related to specific ip address so that i can remove those lines?

  Hi,
  You can remove the logging host using this command:-
  no logging host inside 10.32.1.10
  You can check in "show run logging"
  For SNMP host  ,
  no snmp-server host inside 192.0.2.5
  Check using show run snmp-server
  Thanks and Regards,
  Vibhor Amrodia

• LMS 3.2.1 integration with Clarity NMS for snmp trap forwarding

  Our client have integrated Clarity NMS to Ciscoworks LMS 3.2.1. So far they are receiving raw alarms/snmp traps but it lacks information/inventory of the originating device. Kindly see sample raw alarms below:
  2420: 2011-11-25 12:10:46 Received trap ==> Received SNMPv1 Trap
  Community=ciscoworks
  Enterprise=1.3.6.1.6.3.1.1.5
  Generip trap type=2
  Specific Trap Type=0
  Trap From=10.220.10.1
  Trap ID=1.3.6.1.6.3.1.1.5.2
  Trap Time=-1436283373
  1.3.6.1.2.1.2.2.1.1.83=83
  1.3.6.1.2.1.2.2.1.2.83=GigabitEthernet1/40
  1.3.6.1.2.1.2.2.1.3.83=6
  1.3.6.1.4.1.9.2.2.1.1.20.83=Lost Carrier
  EndTrap
  10933: 2011-11-24 11:57:53 Received trap ==> Received SNMPv1 Trap
  Community=ciscoworks
  Enterprise=1.3.6.1.4.1.9.1.291
  Generip trap type=2
  Specific Trap Type=0
  Trap From=10.220.10.1
  Trap ID=1.3.6.1.4.1.9.1.291.2
  Trap Time=1628056965
  1.3.6.1.2.1.2.2.1.1.8=8
  1.3.6.1.2.1.2.2.1.2.8=E1 0/0/0
  1.3.6.1.2.1.2.2.1.3.8=18
  EndTrap
  As you can see, those raw alarms doesn’t contain any information about the originating equipment or the physical card, port related information where those alarms were generated. Instead those alarms received are just NMS level alarms.
  How do we resolve this so that the inventory of the equipment would be part of the trap to be received by Clarity from Ciscoworks.

  Hi,
  Is the issue you have the source IP address of the forwarded trap?  Per RFC it is the IP of the actual device sending the trap.  The originating IP should be contained within the packet. I have included some additional information you may find helpful.
  Q. What is the difference between SNMP Raw Trap Forwarding and SNMP Trap alert/event Trap Forwarding? Does DFM support both?
  A. You can configure raw trap forwarding at DFM > Other configuration > SNMP Trap forwarding, and processed event/alert trap forwarding at DFM > Notification Services > SNMP Trap Forwarding. Processed trap is "when DFM receives certain SNMP traps, it analyzes the data found in fields (Enterprise/Generic trap identifier/Specific Trap identifier/variable−bindings) of each SNMP trap message, and changes the property value of the object property (if required)". Raw trap is the trap that the device forwards to DFM and DFM has yet to process it. For more information, refer to the DFM User Guide. Yes, DFM supports both ways of trap forwarding.
  http://www.cisco.com/en/US/products/sw/cscowork/ps2421/products_qanda_item09186a0080a9b35b.shtml
  DFM will only forward SNMP traps from devices in the DFM inventory. It will not change the trap format—it will forward the raw trap in the format in which the trap was received from the device. However, you must enable SNMP on your devices and you must do one of the following:
  Configure SNMP to send traps directly to DFM
  Integrate SNMP trap receiving with an NMS or a trap daemon
  The versions of SNMP traps supported by DFM are described in SNMP and ICMP Polling. For information on forwarding processed and pass-through traps, see Processed and Pass-Through Traps, and Unidentified Traps and Events.
  Pass-through traps are traps that DFM receives from devices that are not in the DFM inventory, and DFM has not processed. Forwarding these traps is controlled using Configuration > Other Configurations > SNMP Trap Forwarding. These traps are shown in the Alerts and Activities display because of their relevance to fault monitoring. Pass-through traps are displayed as follows:
  As one of the following events:
  > InformAlarm
  > MinorAlarm
  > MajorAlarm
  With the device type and the device name from which it was generated.
  If DFM does not know which device generated the trap, it ignores the trap. Pass-through traps will be cleared after a default interval of 10 minutes to one hour
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_device_fault_manager/3.2/user/guide/dfm32ug_Book.html

• Sending as SNMP trap

  Hello expert,
  Currently my SolMan system serve as central ccms monitoring, some of the alerts are sending email alert as auto reaction method.
  But recently there is request to send the alert to 3rd party non SAP monitoring tool. I am thinking of SNMP traps. but question is each MTE can only have 1 auto reaction method, if i change it to use SNMP traps, so my exisitng email alert is not able to working parallel?
  please advise.
  thank you
  kelly

  Dear Kelly,
  You may find the following document useful when using CCMS and SNMP Traps.
  > https://websmp109.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700001606922004E
  Regards,
  Paul

• TimesTen SNMP traps

  Hello,
  I have TT over Windows 32 bit (stand alone).
  I'm trying to configure SNMP traps in order to maintain Alerts for the TimesTen database.
  I've followed the doc *"Oracle Times Ten In-Memory Database Error Messages and SNMP Traps"*,
  and comfigured the snmp.ini file.
  However, when I'm trying to use the utility snmptrapd.exe in order to start listening to the snmp traps and doing my tests, I'm getting an error: snmptrapd.exe is not a valid Win32 application, and in the CMD window I also see *"Access is denied"* error.
  My user in the Administrators group.
  Why do I receive the error and how can I overcome it ?
  Thanks in advance,
  Roni.

  Hi Roni,
  Getting this executable working independently of TimesTen is the first thing to look at.
  - Where did you get the snmptrapd.exe executable from?
  - Make sure that you get this executable from a known reputable source.
  There are viruses out there that use this name.
  - The MKS version of this utility is supported on Windows 2000, Windows XP, Windows Server 2003 and Vista.
  - Make sure that you have the correct version of the executable for your Windows platform.
  Doug

• Anm 4.1 support for receiving snmp traps from CSS / ACE

  Hi
  Does anyone have an ANM 4.1 installation that is accepting snmp traps from their CSSes / ACEs?
  If I configure CSSes / ACEs to send snmp v1 traps to anm, they never appear in the Monitor -> Events view.
  I've tried both the ANM 4.1 Virtual Appliance and ANM 4.1 running on RHEL and it seems that there's nothing listening on udp port 162 to receive the snmp traps.
  From the virtual appliance:
  admin# show ports
  Process : java (5999)
       tcp: 0.0.0.0:40000, 0.0.0.0:40001, 127.0.0.1:10023, 0.0.0.0:10443, 0.0.0.0:
  10003, 0.0.0.0:10004, 0.0.0.0:8443
       udp: 0.0.0.0:39182, 0.0.0.0:10003, 0.0.0.0:6120
  Process : rpc.statd (2348)
       tcp: 0.0.0.0:834
       udp: 0.0.0.0:828, 0.0.0.0:831
  Process : mysqld (3125)
       tcp: 0.0.0.0:3306
  Process : java (5992)
       tcp: 0.0.0.0:10444, 0.0.0.0:10445
  Process : portmap (2312)
       tcp: 0.0.0.0:111
       udp: 0.0.0.0:111
  Process : monit (2779)
       tcp: 0.0.0.0:2812
  Process : java (2952)
       tcp: :::40002
  Process : java (2966)
       tcp: :::40003
  Process : sshd (2625)
       tcp: :::22
  Process : ntpd (2606)
       udp: 127.0.0.1:123, 0.0.0.0:123, ::1:123, :::123
  I notice that port 443 isn't in here and I'm accessing the web interface using this port so perhaps there's something else going on behind the scenes.
  Can anyone point me in the right direction to get snmp traps shown as events  in ANM 4.1?
  Thanks very much

  hi.
  as per documentation:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/application_networking_manager/4.1/user/guide/UG_monitor.html#wp1176870
  you need to send snmpv2 to anm. can you try v2 traps and see if it works?
  Regards,
  Fadi.