How do I send syslog or trap messages from a 6500?

Peter.D.Brown · ‎07-02-2008

Hi there,

I'm trying to set up some SNMP monitoring with very basic security. I've got a Cisco 6500 switch (IOS 12.2) which is currenly set up with a community string which allows any management station to access it to retreive information as long as they input the required community string.

I've just found out how to tie it down to selected management stations by specifying an access list number after the community. That's ok for devices wanting to retreive SNMP informaiton from the switch.

I also need to be able to send SNMP notifications (traps) to selected devices (management stations) from the 6500 switch. I've tried this with a Pix 6.3 firewall which we have and it sends notifications to a syslog server which I have. When I try a similar command with the 6500 switch the messages don't appear in my syslog server as the Pix's do. Also with the switch it requires a community string to be specified in the config. As far as I'm aware my syslog server has no place to enter a community string, this makes me think that the 6500 won't send syslog messages as the Pix does but perhaps it will send SNMP traps (are these different to syslog messages?) to a different type of server which I don't currently posess.

Will the 6500 send syslog messages? If not, what do I need in order to be able to receive the traps from it? Is there any free Cisco software that allows me to do this?

Thanks

Pete.

zztopping · ‎07-02-2008

6500 supports sending syslogs and traps.

To configure traps, do the following(the community string is just included with the trap message):

snmp-server host X.X.X.X comm-string

To configure syslog, thats a little trickier.

Google syslog and read up on it, there are different "facilities." Make sure your syslog server is configured to collect and log facility "local7" (the default for Cisco IOS, pix default is local4).

Secondly, you need to setup the logging level. For the sake of simplicity, do this command(will send all logging to syslog server). Do not confuse this "logging trap" command with snmp traps. logging trap means syslog.

logging trap debugging

Now finally, setup the syslog host(your syslog server)

logging X.X.X.X

That should do it. Gimme points if I am helpful.

yjdabear · ‎07-02-2008

SNMP and syslog are different beasts. It surely doesn't help when Cisco has confusing IOS syntax like "logging trap [logging-level]" that in fact configures syslogging rather than SNMP traps.

You can enter anything you want on the switch as the SNMP trap/inform's community string (e.g. "snmp-server host 172.22.66.18 maddog") It makes no difference to most (if not all widely used) management software; they just accept the trap regardless.

This URL explains configuring both syslog and SNMP

http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/as5xipmo/sysmgt.htm

If you didn't set up the syslog server yourself, it's possible the syslog server is configured to log PIX syslogs to one location/file, and other syslogs (those from the IOS switch) to another or more, based on the different syslog facilities and levels (http://www.ciscopress.com/articles/article.asp?p=426638). In fact, this is often desirable behavior so the routing/switching people don't get an eyeful of PIX syslogs they don't care about most of the time. This is also assuming the IOS and PIX devices are configured to send out the same severity of syslogs, which they likely aren't.