IP SLA Reporting to HPOV

jkl1972 · ‎05-28-2009

I need to use IP SLA on my ASA to monitor the availability of a particular host. If the host goes unreachable the IP SLA will remove the route and a secondary route on my network will be used. I'm trying to find out if it's possible to have the IP SLA config report back to hpov when this happens.

Thank you for your replies.

Collin Clark · ‎05-28-2009

AFAIK IPSLA monitors only. If your secondary route goes to a router, you might be to use EEM to send a syslog to OpenView.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6815/datasheet_c78-492444.html

jkl1972 · ‎05-28-2009

Thank you for the reply but unfortunately I don't think this will work..sounds really cool but I don't think it's a fit for my topology. My IP SLA pings would be going out a particular interface on my ASA targeting a client network that has equipment colocated in my data center. In the event that this path fails a secondary route would be used which would be through a different firewall and would take a VPN over the Internet back to the client as a secondary path.

Collin Clark · ‎05-28-2009

Hmmm, do you know when the links fails, does it create a syslog? I think that's about the only way to get it to HPOV.

jkl1972 · ‎05-28-2009

I'm not sure...I will have to check into that and post back.

Farrukh Haroon · ‎06-01-2009

The %PIX-6-622001 syslog message is generated when the tracked route is removed, so you can either make a specific 'logging list' to send to HPOV or send all syslogs. Here is the link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml#debug

Regards

Farrukh

jkl1972 · ‎06-01-2009

Hello Farrukh,

Thank you very much for the information.

Jason

Farrukh Haroon · ‎06-01-2009

No probs at all, my pleasure :)

Regards

Farrukh

jkl1972 · ‎06-01-2009

One more question for you if you don't mind...If I'm currently logging on this ASA to a particular local IDS can I send %PIX-6-622001 syslog messages to a different server altogether? The reason being..I need to get these specific messages down to our hpov server to generate the email to our helpdesk for notification.

Farrukh Haroon · ‎06-01-2009

Please clarify your requirements, what I understand is:

i) You want to send all syslogs to a syslog server (IDS), btw which IDS is this? (The Cisco IDS does not support syslogs)

ii) You want to send ONLY specific messages to the HPOV?

If this is correct, then I don't think this would be possible on the ASA, as you would associate a SINGLE logging list for the 'trap' method. You could perhaps using email notification for HPOV? Or use another syslog forwarded like KIWI to achieve this (But this would cause a lot of resource waste).

This is a configuration link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml#use

Regards

Farrukh

jkl1972 · ‎06-02-2009

We currently log all activity on the ASA to a non Cisco IDS that sits local to the ASA. Any type of event trap goes to our HPOV server that is at another data center. What I'm trying to do is get this one type of syslog message for the lost tracked route to go to our hpov server.

Farrukh Haroon · ‎06-02-2009

As I said earlier, you can't make two filter lists for the syslog (trap) destination. You have to use email, snmp traps or something for one and syslog for the other. Or use an external syslog replay server to send events to both the IPS and HPOV.

Regards

Farrukh