SNMP Traps

Answered Question
Dec 31st, 2008

On PIX 7.2(4), I configured SNMP and Syslog on separate server.

snmp-server host inside 10.1.1.1

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

logging enable

logging timestamp

logging standby

logging asdm-buffer-size 512

logging console alerts

logging monitor notifications

logging buffered debugging

logging trap notifications

logging history informational

logging asdm debugging

logging facility 16

logging host inside 10.1.1.2

However 10.1.1.1 also picking up syslog traps (e.g., TCP tear-down, ..., etc).

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logconf.html#wp1104110

indicate I need to change logging history <level>, but that would also impact syslog. What's best way to go about this?

I have this problem too.
0 votes
Correct Answer by Richard Burts about 7 years 11 months ago

Norman

Actually changing the logging history does not impact syslog logging. It is not intiutivly obvious but the logging history command does not change the syslog logging levels but does control the level of syslog message sent as an SNMP trap.

Your post seems to indicate that you were not expecting 10.1.1.1 to pick up syslog messages. But the command snmp-server enable traps syslog instructs the PIX to send syslog messages formatted as snmp traps. You use the logging history to control the level of syslog messages to send - which allows you to control the minimum syslog message level to the snmp server separate from what you send to the syslog server.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
Richard Burts Thu, 01/01/2009 - 19:45

Norman

Actually changing the logging history does not impact syslog logging. It is not intiutivly obvious but the logging history command does not change the syslog logging levels but does control the level of syslog message sent as an SNMP trap.

Your post seems to indicate that you were not expecting 10.1.1.1 to pick up syslog messages. But the command snmp-server enable traps syslog instructs the PIX to send syslog messages formatted as snmp traps. You use the logging history to control the level of syslog messages to send - which allows you to control the minimum syslog message level to the snmp server separate from what you send to the syslog server.

HTH

Rick

normanzhang Fri, 01/02/2009 - 11:31

i will do

no snmp-server enable traps syslog

to stop syslog being sent as snmp traps.

Richard Burts Fri, 01/02/2009 - 11:58

Norman

Yes that should stop sending syslog messages as SNMP traps.

I am glad that my response was helpful. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that there were responses that led to a solution.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

Actions

This Discussion