Sending syslog event ids as snmp-trap?

Unanswered Question
Oct 25th, 2009

Hi All,

I am wondering is there a way of converting or sending syslog messages as an snmp-trap?

As an example - could the following be sent to an snmp-trap receiver to be displayed in our monitoring tool:

%ASA-1-104001: (Primary) Switching to ACTIVE (cause: string).

The reason I am wanting to try and acomplish this is to have much more control over what is sent to the monitoring system and this appears to be best done by specific message ids.

If there are differences between platforms - I am looking to do this for routers, switches, and ASA firewalls.

Lastly - is there a way of doing this so that only certain messages are sent to one host, and all syslog messages are sent to another for tracking purposes?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Sun, 10/25/2009 - 11:41

A direct mapping between syslog and traps is not possible. That is, you cannot create a trap that has varbinds specific to the ASA-1-104001 syslog message. However, the ASA does support the CISCO-SYSLOG-MIB which allows syslog messages to be encapsulated in SNMP traps. The traps will essentially contain varbinds for the facility, severy, mnemonic, description text, and timestamp.

The good news is that these syslog traps are available on most switches and routers in addition to the ASA. To enable these traps on the ASA, configure:

snmp-server enable traps syslog

The same command holds true for IOS.


This Discussion