lists of syslog messages and MIBs- and no indices

Unanswered Question
Sep 25th, 2009

It would be wonderful if there were one place to download lists of syslog messages by device and detailed indices of SNMP MIBS. It would also be nice if the lists were indexed and cross-referenced. Without those lists troubleshooting is much more difficult and the available logging tools rendered near useless. We're always told to "look at your logs" but if there's no way to know what to log or what to look for, what's the point of logging?


A couple of instances: to get the 6509 switch syslog message list I had to create a TAC case because after an hour of searching I couldn't on the web site find the document. (And I'm a good researcher). The initial TAC engineer couldn't find it either and only by escalating to a higher level was I able to find an engineer who could locate the document. I mean literally find a published document available to an ordinary TAC user.


Another situation is also illustratative. I had an issue with a difficult to troubleshoot intermittent problem with IDS on the ASA 5520. The highly competent 2nd or 3rd level level engineer told me to look for a syslog message which would indicate what the the problem was - but he had no idea of what messages would happen with a reboot or freeze-up; he couldn't tell me what the message for diffferent types of restarts might be. I'm not critizing him- he really was exceptionally talented- but the information doesn't seem to be available even to sharp engineers. Am I supposed to turn on DEBUG level messages for every Cisco device?


Not only should the syslog lists be readily available, they should be indexed so that you can find the message corresponding to a type of event. The existing docs are little more lists in numeric and/or severity level sequence and no indexing.


SNMP is very difficult to use even with a good SNMP tool like Network Observer because there's no way to know what event or table your looking for. What kind of info is available via SNMP? Who knows?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Janel Kratky Fri, 10/16/2009 - 18:51

In some cases, depending on the device, syslog and similar information is available only for testing and not for general use. We appreciate your suggestion, and where possible we strive to include and organize such information in our documentation.


Below are some links that we hope you find useful.

• Configuring SNMP: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_snmp.html#wp1042019

• List of MIBs: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

• ASA syslogs: http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html

• Table of syslogs grouped by type: http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp5722749

• IPS (IDS) documentation: http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/tsd_products_support_series_home.html

• IPS release doc roadmap: http://www.cisco.com/en/US/docs/security/ips/7.0/roadmap/18487_01.html

• Catalyst 6500 System Message Guides: http://www.cisco.com/en/US/products/hw/switches/ps708/products_system_message_guides_list.html

• Error Message Decoder tool which provides a look-up capability for the SEMs for Catalyst 6500 and the other IOS-based products: http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi


TAC is also available to answer additional specific questions.


Thanks,

Janel


Actions

This Discussion