I was thinking along the lines of logging in general.

For example, we have MARS, Cisco Works.

Both are configured to have network gear send syslog messages and SNMP traps.

The person managing MARS says he is able to see real time config changes by just using syslog.

I was thinking there could be much more detail by using SNMP.

Is that correct?

What is the difference between syslog traps and SNMP traps?

syslog will send whatever you can see on the CLI of the device at a maximum of a debug level as you say.

for SNMP traps related to configuration changes, you can use the mibs depending on the events you want to know about.

If we take for example the config traps, they are part of

CISCO-CONFIG-MAN-MIB. That mib can send traps with the following OIDs:

ftp://ftp.cisco.com/pub/mibs/oid/CISCO-CONFIG-MAN-MIB.oid

When you will go through that you will realize that the CONFIG mib and the syslog provide you with the same information: the CONFIG mib will not have more information than the syslog message.

If you use the snmp object navigator, you will find for every OID what the function is:

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en

A good paper about what traps are part of which mib:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a05.shtml

SNMP traps are a good way to gather information from the router without spiking the cpu with turning on CLI debug level. The CLI debug level is usually the most complete information you can get from a router anyways.

Hello, I have a few questions about this. We are using HP-Openview and NNM to receive the traps of the Cisco switches, but we can't receive the trap corresponding to the syslog event "Nov 11 09:39:56: %IP-4-DUPADDR: Duplicate address 10.229.13.253 on Vlan15, sourced by 001b.388e.01de". Maybe this trap doesn't exist?

Is there a way to know to a particular syslog event which trap is sent? Exists a complete relationship between syslog messages and traps?

Thank you very much!

As far as I can tell, syslogs and SNMP traps don't get implemented to necessarily correspond to each other. Without access to IOS source code, it's hard to say whether IP-4-DUPADDR has a trap equivalent. However, it's possible to resend every syslog event as an SNMP trap, by configuring "snmp-server enable traps syslog" globally. However, I personally think it's a sound practice, as it basically bombards the SNMP management stations(s) with duplicate info already received by the syslog servers, and all such traps have the same OID which deprives one of the major advantage of SNMP traps.

I meant to say "I personally think it's not a sound practice" :D

Thank you very very much!

Does a Cisco ASA log (as in syslog) sending traps ?

A guy who manages a management device is saying My ASA is sending a certain trap to him and I cant see anything in logs. What do I do so I can see every trap I see in logs? What syslog code would it be ?

Does a Cisco ASA log (as in syslog) sending traps ?

A guy who manages a management device is saying My ASA is sending a certain trap to him and I cant see anything in logs. What do I do so I can see every trap I see in logs? What syslog code would it be ?