SNMP Traps

Answered Question
Dec 31st, 2008
User Badges:

On PIX 7.2(4), I configured SNMP and Syslog on separate server.


snmp-server host inside 10.1.1.1

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog


logging enable

logging timestamp

logging standby

logging asdm-buffer-size 512

logging console alerts

logging monitor notifications

logging buffered debugging

logging trap notifications

logging history informational

logging asdm debugging

logging facility 16

logging host inside 10.1.1.2


However 10.1.1.1 also picking up syslog traps (e.g., TCP tear-down, ..., etc).


http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logconf.html#wp1104110


indicate I need to change logging history <level>, but that would also impact syslog. What's best way to go about this?

Correct Answer by Richard Burts about 8 years 6 months ago

Norman


Actually changing the logging history does not impact syslog logging. It is not intiutivly obvious but the logging history command does not change the syslog logging levels but does control the level of syslog message sent as an SNMP trap.


Your post seems to indicate that you were not expecting 10.1.1.1 to pick up syslog messages. But the command snmp-server enable traps syslog instructs the PIX to send syslog messages formatted as snmp traps. You use the logging history to control the level of syslog messages to send - which allows you to control the minimum syslog message level to the snmp server separate from what you send to the syslog server.


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
Richard Burts Thu, 01/01/2009 - 19:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Norman


Actually changing the logging history does not impact syslog logging. It is not intiutivly obvious but the logging history command does not change the syslog logging levels but does control the level of syslog message sent as an SNMP trap.


Your post seems to indicate that you were not expecting 10.1.1.1 to pick up syslog messages. But the command snmp-server enable traps syslog instructs the PIX to send syslog messages formatted as snmp traps. You use the logging history to control the level of syslog messages to send - which allows you to control the minimum syslog message level to the snmp server separate from what you send to the syslog server.


HTH


Rick

normanzhang Fri, 01/02/2009 - 11:31
User Badges:

i will do


no snmp-server enable traps syslog


to stop syslog being sent as snmp traps.

Richard Burts Fri, 01/02/2009 - 11:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Norman


Yes that should stop sending syslog messages as SNMP traps.


I am glad that my response was helpful. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that there were responses that led to a solution.


The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.


HTH


Rick

Actions

This Discussion