snmp trap versus syslog message

Answered Question

Hi,

Most network devices will send snmp traps and syslog messages to a central server.

For analyzing purpose this server runs software to display the messages or traps.

My question is, what is the difference between syslog messages and snmp traps?

What is best practise?

Thank you very much.

Hansruedi

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 6 years 4 months ago

From the very basic level, traps and syslog differ in the encoding.  Syslog messages are typically text messages sent within a UDP packet.  There is a bit of binary encoding to indicate the syslog facility and severity.  SNMP traps have encoded ASN.1 fields (called variable bindings).  These varbinds are not ASCII text like syslog messages.  Instead they are encoded object identifiers that can be translated into object names using MIB definitions.

More syslog messages exist than SNMP traps because syslog messages do not have as much governance associated with them.  However, we typically recommend that customers enable both as there are some details available in traps that you may not get in syslog messages.  Traps can also be processed in a more programmatic fashion because of the documentation that goes into the MIBs that define them.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Joe Clarke Tue, 09/21/2010 - 22:53

From the very basic level, traps and syslog differ in the encoding.  Syslog messages are typically text messages sent within a UDP packet.  There is a bit of binary encoding to indicate the syslog facility and severity.  SNMP traps have encoded ASN.1 fields (called variable bindings).  These varbinds are not ASCII text like syslog messages.  Instead they are encoded object identifiers that can be translated into object names using MIB definitions.

More syslog messages exist than SNMP traps because syslog messages do not have as much governance associated with them.  However, we typically recommend that customers enable both as there are some details available in traps that you may not get in syslog messages.  Traps can also be processed in a more programmatic fashion because of the documentation that goes into the MIBs that define them.

Actions

This Discussion