EEM and sending syslog trap

Similar Messages

• EEM and syslog ext

  I'm trying to get EEM to send an email using syslog extensions. The script works when run manually, but it never triggers from syslog.
  Here is my syslog extension-
  ::cisco::eem::event_register_syslog occurs 1 pattern .*%SYS-5-CONFIG.* maxrun 90 queue_priority low nice 1
  I have configured following this video-
  http://www.cisco.com/cdc_content_elements/flash/ios/ios_commercial/send_email/Send_Email.html
  I am running IOS 12.4(15)T7, but have tried others with the same results.
  Any ideas? Thanks

  I've tried to implement this script on my router but came across the following error when the router tried sending the email:
  021948: Dec 13 20:45:16.898: %HA_EM-6-LOG: sendmail.tcl: smtp_send_email: error connecting to mail server:
  can't read "reply_code_str(220-gateway.firewall.cx)": no such element in array
  Obviously  the code in the parenthesis (220-gateway.firewall.cx) is what my email  server is returning to the router when it tries to connect. 
  Can  someone advise on how I can overcome this issue or declare the system  message the email server will send to the router when it tries to  connect.  Here is an example of what the router gets when trying to connect:
  220-gateway.firewall.cx ESMTP Exim 4.69 #1 Tue, 13 Dec 2011 20:44:49 +0200
  220-We do not authorize the use of this system to transport unsolicited,
  220 and/or bulk e-mail.
  Many thanks in advanced.
  Chris.

• ACE and ANM, Syslog and SNMP Traps

  Hi guys.. another ACE/ANM question.
  I configured the ACE devices to send Syslog and SNMP messages to the ANM server. But i got a couple of questions:
  Whats the difference between using the:
  logging history 4 (this would send logging messages as SNMP traps according to doc)
  And:
  snmp-server host x.x.x.x traps version 2c public
  snmp-server trap-source vlan 1000
  This of course I think should do the same..
  The funny and weird thing, in the ANM Event viewer, I can only see syslog messages, not one snmp event.
  Thanks!
  Omar
  PS: ACE ver A2.4
        ANM Ver 4.2

  Hi Omar,
  Let's see if I can clarify your questions.
  As you mentioned, the "logging history 4" command specifies that, syslog messages of severity 4 and higher will be sent as SNMP traps. After you configure it, you need the "snmp-server host x.x.x.x traps version 2c public" command to specify what will be the destination IP and SNMP community for these traps.
  It would only make sense to use the "logging history 4" command if your monitoring application doesn't support receiving syslog messages. However, since ANM is able to get syslog messages from the ACE without issues, I would just configure a destination for syslog message instead (with "logging host x.x.x.x")
  I hope this makes this point more clear.
  Now, moving on to why you are not seeing any SNMP traps in your ANM, the first things you would need to check are:
  -- Did you enable traps? You would use the "ACE(config)# snmp-server enable traps" command for this
  -- Are traps being sent? You can use the "show snmp" command and check if the "Trap PDUs" counter increases
  -- Is ANM getting these traps? This is the most complicated step. For this, I would recommend getting a traffic capture on the ANM server (if it's installed on linux) or as close as possible to it if it's a ANM appliance
  I hope this helps
  Daniel

• N5k and FI sending syslog

  Hi, I would like to know the behaviuor of N5ks and FIs when they are sending syslog messages to multiple remote syslog servers. Do they send it only to the 1st in the list OR to all of them at the same time.
  If I do "show logging server" on the n5k, it shows me 3 BUT as i do not have access o those servers, I cannot verify this.

  Hello,
  If you have configured three syslog servers, FI would send logs to all of them.
  If you want to verify it and do not have access to syslog servers, then one way to verify whether we send the messages or not is to turn on the debugs.
  connect nxos
  debug logging
  show debug logfile syslogd_debugs  <<<<---- view the debugs
  un all <<<---- turn off the debug
  You can do the same on N5K and verify it's functionality.
  Padma

• Enable syslog debug level 7 and send logs to syslog

  Hi,
  on cisco ASA, I've to enable syslog debug level 7 and send logs to syslog. how to do that?

  Unless you have been fiddling with logging levels previously, most ACE's will be using the cisco default logging, and at debug/7 level most of those will generate syslog entries.  Don't forget that "show access-list" will show hits counts for the individual entries as well, independently of any syslog output.
  Lastly, if a reload is an option, in your situation what I would do if modifying 3k lines was needed is:
    1) copy startup-config a.txt
    2) export a.txt by TFTP or SSH or USB or whatever
    3) edit the configuration using offline tools with regular-expression capabilities such as textpad (windows) or vi or emacs or perl or ...
    4) import the revised b.txt config
    5) copy b.txt startup-config and reload
  -- Jim Leinweber, WI State Lab of Hygiene

• Cisco WLC 5508 not sending SNMP Traps

  Hello Everyone.
  I'm having a weird error on our WLC environment. We have an HA with two cisco WLC 5508 and i cannot get SNMP Traps working on a Windows PC running Kiwi Syslog server (free ed.).
  I can receive correctly Syslog messages, but not traps.
  I Tried also to send SNMP Traps from WLC to a different PC using Linux with snmptrapd and it works fine.
  I tried then to send from my Linux box a snmp trap to my Windows PC, and it works fine, but i still cannot receive anything from WLC.
  Using Wireshark to detect traffic, i cannot see any packet on udp port 162.
  I cannot figure out any problem with my scenario, but i can see the following errors on syslog:
  *rmgrTrasport: Mar 30 16:08:22.602: #RMGR-3-INVALID_PING_RESPONSE: rmgr_utils.c:270 Ping response from <my_windows_PC> is invalid. Ip address do not match.
  My WLC Version is 7.6.130.0
  Thank you for your support.

  I have gone through your query and found the following fruitful links ,please let me know if it helps and mark it correct answer if it is.
  https://www.manageengine.com/network-monitoring/help/userguide/processing_traps.html
  https://rscciew.wordpress.com/2014/10/12/snmp-configuration-on-wlc/
  Thanks :)

• Sending snmp traps for SVM

  i've got my box sending general traps, but i've noticed Sun Volume Manager requires separate configuration for this using /etc/snmp/conf/mdlogd.acl. How can i now verify that i will get traps if my internal drives (mirrored using meta commands) have issues or fail? is there a meta or md command i can issue as a check?
  thanks

  Hi Rolf,
  Thanks for the information. It helped me.
  I have configured the trigger event to use the track instead insted of the syslog. And it send the traps to the server.
  sysUpTime.0 = 1805405563
  snmpTrapOID.0 = cEventMgrMIB.0.2
  ceemHistoryEventEntry.2.3 = 211
  ceemHistoryEventEntry.3.3 = 0
  ceemHistoryEventEntry.4.3 = 0
  ceemHistoryEventEntry.5.3 = 0
  ceemHistoryEventEntry.6.3 =
  ceemHistoryEventEntry.7.3 = applet: TRACK_SNMP_TRAP
  ceemHistoryEventEntry.9.3 = 0
  ceemHistoryEventEntry.10.3 = 0
  ceemHistoryEventEntry.11.3 = DOWN
  Cheers!
  Win

• Syslog traps vs SNMP traps

  Concerning the Syslog logging and SNMP traps, what is the difference.
  I have seen that syslog is more for troubleshooting, but does syslog, when set to log "debugging", offer the same level of information that SNMP traps do?
  For example, can you get real time config changes via syslog as you can with SNMP?
  If so, why use both?

  syslog will send whatever you can see on the CLI of the device at a maximum of a debug level as you say.
  for SNMP traps related to configuration changes, you can use the mibs depending on the events you want to know about.
  If we take for example the config traps, they are part of
  CISCO-CONFIG-MAN-MIB. That mib can send traps with the following OIDs:
  ftp://ftp.cisco.com/pub/mibs/oid/CISCO-CONFIG-MAN-MIB.oid
  When you will go through that you will realize that the CONFIG mib and the syslog provide you with the same information: the CONFIG mib will not have more information than the syslog message.
  If you use the snmp object navigator, you will find for every OID what the function is:
  http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en
  A good paper about what traps are part of which mib:
  http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a05.shtml
  SNMP traps are a good way to gather information from the router without spiking the cpu with turning on CLI debug level. The CLI debug level is usually the most complete information you can get from a router anyways.

• Cisco ASA won't send Syslog out management interface

  I have been trying to get my ASA to send syslog out of the management interface without any luck. When I do a packet tracer it says that the global implicit deny rule is blocking it, but I tried to add a permit all in front of it and it still blocks it. Everything is configured correctly from what I can tell and the static routes and routing are correct. This has me baffled. Does anyone know what might be causing this or what I should look at in the config to get this working?

  Hi Mark,
        Talking of packet tracer, it would give you correct output for a through the box traffic, not for to the box or from the box traffic.
  So firstly we have two questions:
  1) Is this a through the box traffic, then you need to permit the traffic through ACL(if from lower sec level to higher) and add a NAT statement(depending on the ASA IOS Version you are using anything above 8.2.5 wont require a NAT).
  2) If this is a syslog from the firewall scenario, then you need to make sure to get the following logging configuration on ASA
  -enable logging
  -logging host management X.X.X.X --------(X.X.X.X is the ip of the syslog server)
  -logging trap debugging ----------(debugging is the level, you could use any other too, but to check would sugest this one)
  -Further if you have already sorted out till here, get us the following outputs:
  -show run
  -show logging
  -show logging queue
  Hope it helps
  Cheers,
  Naveen
  Please Rate Helpful posts.

• Sending SNMP traps using JDMK from a SunOS 5.8 workstation

  Hi,
  We are using JDMK 5.1 for sending traps. This works when I run my java application (sending the traps) on my Windows desktop, where I have installed the JDMK.
  I want to run my application on a Sun workstation . For this I copied the JDMK libraries and traps are not received by the SNMP Manager. I would like to know the procedure for using JDMK from Sun OS. Do I have to install the Agent on Sun workstation rather than just copying the libraries?
  Thank you for the help.
  -Rejani

  There is a big difference between an app that isn't sending traps and one that isn't receiving them.
  You aren't eating exceptions in your code are you? If not then that means the traps are being sent. And if so then it means it has nothing to do with your application and probably nothing to do with the box and probably does have something to do with the network.

• Enterprise Manager Grid Control can send SNMP Traps to third-party?

  GC 11.1
  It looks like a simple config, but I've got into a confusion about it.
  I'm trying to figure out the configuration to send SNMP traps to a third party server.
  My scenario is:
  Node A (managed, monitored) ---- GC box------ SNMP box (final destination).
  My understanding is that the traps (notification methods) configured on GC box are generated by the Agent on Node A, then received by the GC and distributed as e-mails.
  What is the config to set the traps from A to reach SNMP box?
  There is the help page from the GC page (confused about interpretation):
  "Add SNMP Trap pageThe Add SNMP Trap page enables you to provide the name of the host (machine) on which the SNMP Master Agent is running and other details so that SNMP traps can be sent through Notification Rules.
  An example is shown below.
  Name HP OpenView Console
  Description Notification method to send trap to HP openview console
  SNMP Trap Host Name litleguy.us.oracle.com
  SNMP Host Port 162
  SNMP Community public
  This SNMP host will receive your SNMP traps.
  Note: A Test Trap button exists for you to test your setup."
  Any suggestions are highly appreciated.
  Thx,

  Please reply with the specific questions around this.
  11.1
  EM can send SNMP traps to specific designated receivers. You create an advanced notification method (of type SNMP Trap) with the appropriate details about the receiver.
  (See Setup->Notification Methods)
  In the notification rules UI, you specify the alerts you are interested in forwarding and select the SNMP trap advanced notification method you created earlier.
  The SNMP receiver should be provided the correct MIB that defines the SNMP trap. There were some bugs with the MIB definition in one of the releases (don't recall which one off hand), so if the traps you are receiving don't match what the receiver expects - please let us know and we can point to the right one.
  regards

• Send Syslog messages to multiple SYSLOG servers

  Hi,
  We are have two syslog servers defined, however we notice that the ACS only sends the syslogs to one server and will only send to the other in a failure scenario, which is a standard operation across all platforms. However we have a requirement for the ACS to send syslogs to both servers simultaneously, is there a configuration option for this?
  Many Thanks
  Leon Noble

  You can do the following:
  1) Create a remote log target for your syslog server at
  System Administration >
  Configuration >
  Log Configuration >
  Remote Log Targets
  2) Configure the log categories that should be enabled to eb sent to this log target.
  Go to
  System Administration >
  Configuration >
  Log Configuration >
  Logging Categories >
  GlobalSelect a specifc category and then look at "Remote Syslog Target" tab.
  For each category that you want sent to your syslog server select the remote log target in the "
  Selected Targets" transfer box
  Note that this configuration is hierarchical. So if make configuration for one log category it applies to all subtemding categories. For example if configure
  "AAA Audit" then the configuration will apply to the pass and failed attempts categories

• Can SOA suite send SNMP traps?

  Hi!
  I've looked in a lot documentation to find whether the SOA suite supports sending SNMP traps or not.
  It can be done in Oracle Enterprise Manager 10.2.0.3 10g Release 3, but can it be done in EM 10.1.3.1.0 10g Application Manager Control?
  (I can't find it there anyway)
  /Per

  IMHO the SOA Suite itseld is not able to send SNMP traps. You could implement it in for example in BPEL, with sensors. You call a java class that performs the SNMP trap. Or you make a generic BPEL process that sends SNMP traps based on the incoming payload via embedded java, and call this process from ESB or BPEL whenever you want to send a SNMP trap.

• Experiences with sending SNMP-Traps to 3rd party (Nagios)

  Hello Colleagues,
  i'm working on a project where we would like to monitor our databases additionally sending SNMP-Traps to Nagios.
  At the moment i'm using net-snmp-utils and snmptt. The snmptt-traphandler is running in daemon-mode and passes incoming SNMP-Traps to Nagtrap.
  Now i want to create passive service checks. For example a passive service check for TBS_Usage for database 'exdb' which returns the values from the incoming SNMP-Trap.
  Has anyone experiences by implementing the SNMP Notifications (to Nagios)? Is there an easier way to implement this than using snmptt?
  Does anyone know, how the MIB (snmptt.conf) must be configured for the passive service check?
  I'm looking forward hearing from you soon!
  Best regards,
  Sönke

  Hi Nikhil!
  Basically I am trying to set trap forwarding to a
  a NNM on the network from sunMC 3.5 Update 1.
  I have followed all the directions in sunMC snmp FAQ
  and other threads on this forum but I am not able to
  set the trap destinations.<snip>
  Other thread having same question is
  http://forum.sun.com/thread.jspa?threadID=15625&tstart
  =0Have you reviewed the options in the other thread? (i.e. Halcyon SNMP integration or HP integration packages). Both are off-the-shelf and if you can understand SunMC SNMP infrastructure you certainly wouldn't have trouble configuring either. If you've looked at both packages, what parts made you decide not to use them? Note: I work for Halcyon.
  Building your own custom integration with direct traps may be difficult: the generic snmp faq doens't have all the info you need to do so (i.e. how to get NNM to go backwards to an Agent to request the details of an event like "Warning /op is 95% full" or "Critical: Power Supply 2 is Offline"). I'm not even sure how I'd go about it, and I've been using SunMC for years :)
  Regards,
  Mike
  ([email protected])

• Recivining and analyzing syslog messages from facility local3 on LMS4.2 soft appliance.

                     HI,
  all of our enterprise switches are sert to send syslog messages from facility local3. this is partly because our linux syslog server loggs its boot syslog  messages from  facility local7 an we could't use the default  facility of local7 on our cisco switches. LMS4.2s syslog daemon is set to recieve syslog messages from facility local7. how can i change it so that it can listen for facility local3 and also make sure the syloganalyzer and automated action  work fine.
  thanks,
  Kerim

  Hi All,
  I thought it is a good idea to share the workaround my colleague came up with for this prolem. there is a file called syslog-entries.txt under /opt/CSCOpx/conf. he added all the entries we needed like :
  local3.*     /var/log/syslog_info
  local5.*   /var/log/syslog_info
  the change was automatically reflected on syslog.conf
  now we receve alerts from facilities 3 and 5 besides 7.  hope this helps anyone who run into the same issue.