When to use snmp trap - when to use syslog

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
David Stanford Tue, 07/17/2007 - 05:42
User Badges:
  • Cisco Employee,

I think they covered most points in the thread, the only things I would add are:

1) syslog and snmp don't always cover the same content -- there are some syslogs that aren't available as traps. However, if you enable snmp syslog traps you should get everything

2) snmp is more of a real time tool than syslog

GERARD PUOPLO Wed, 07/18/2007 - 14:18
User Badges:

First the info from traps and syslog don't fully overlap. Traps for example are easier to parse for events like link down because you get the iftype and ifname in the trap to filter on. Where as syslog is useful for events where there is no corresponding trap.

There is no equivalent syslog msg that I know of for SNMP traps but there are in the cases of routers and switches syslog traps. With EEM you could set up whatever you want but probably for only a limited subset of devices.

In my many years of doing this I say you should use both otherwise you will miss some notifications. Many event managers like Netcool will allow you to setup deduplication too if you don't want the same incident annunciated more than once.



This Discussion