SNMP alerts from individual contexts does not pass to mgt station

sidcracker · ‎11-29-2010

Hi,

I have a multicontext Firewall with around 5 contexts. This is still not in production. We can get the alerts from the admin context to the SNMP management station but not from the individual contexts. Is there anything additional we have to add to get this working?

We have tested it by shutting off an interface to get alerts.

Thanks

Jennifer Halim · ‎11-29-2010

For interfaces related SNMP trap, you would only get the SNMP alert from the Admin context, because Admin context is the context that manages all the physical of the ASA.

Typically SNMP is to measure the physical feature of the device, ie: CPU, interfaces, memory which is why you would only see those from Admin context, not individual user context.

sidcracker · ‎11-29-2010

So does this mean that there is no way to get snmp traps from individual contexts? Could you provide a link for this. I am tying to get enough material to show that this cannot be done. Thanks for understanding

Thanks

Jennifer Halim · ‎11-29-2010

Typically, as mentioned earlier SNMP alerts are for alerting the physical of the ASA. Any specific trap you would like trigger from user context that is user context specific?

Normally, for user context logging, you would be using syslog instead of snmp as syslog is more for system/software logs.

Here is more information on SNMP and syslog, and it also tells you what SNMP is typically logged for (not too much information on the software side of things):

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html

sidcracker · ‎11-29-2010

Hello Jennifer,

Thanks for the information.

I have just seen that if we have to check for interface status, we can use MIBS like shown below. Can this be another alternative to getting interface information

Multi-Context and SNMP?

SNMP can't be configured in the system context.

To get information about interfaces in either the admin or user context, you can use the IF-MIB's:

snmpwalk -v 2c -c public  ifDescr

IF-MIB::ifDescr.1 = STRING: Adaptive Security Appliance 'inside' interface
IF-MIB::ifDescr.2 = STRING: Adaptive Security Appliance 'outside' interface
IF-MIB::ifDescr.3 = STRING: Adaptive Security Appliance 'mgmt' interface

IP-MIBs will give you the IP address of all the interfaces when you query context.

snmpwalk -v 2c -c public  ipAddr

IP-MIB::ipAdEntAddr.10.7.14.32 = IpAddress: 10.7.14.32
IP-MIB::ipAdEntAddr.10.8.1.92 = IpAddress: 10.8.1.92
IP-MIB::ipAdEntAddr.10.7.1.92 = IpAddress: 10.7.1.92
IP-MIB::ipAdEntIfIndex.10.7.14.32 = INTEGER: 3
IP-MIB::ipAdEntIfIndex.46.7.1.92 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.47.7.1.92 = INTEGER: 1
IP-MIB::ipAdEntNetMask.10.7.14.32 = IpAddress: 255.255.255.0
IP-MIB::ipAdEntNetMask.10.8.1.92 = IpAddress: 255.255.255.0
IP-MIB::ipAdEntNetMask.10.7.1.92 = IpAddress: 255.255.255.0
IP-MIB::ipAdEntBcastAddr.10.7.14.32 = INTEGER: 0
IP-MIB::ipAdEntBcastAddr.10.8.1.92 = INTEGER: 0
IP-MIB::ipAdEntBcastAddr.10.7.1.92 = INTEGER: 0
IP-MIB::ipAdEntReasmMaxSize.10.7.14.32 = INTEGER: 65535
IP-MIB::ipAdEntReasmMaxSize.10.8.1.92 = INTEGER: 65535
IP-MIB::ipAdEntReasmMaxSize.10.7.1.92 = INTEGER: 65535

System name or Hostname of any context corresponds to the context name in multiple mode. System names can be retrived using Snmpv2 System MIB "sysName".

"snmpwalk -v 2c -c public  sysName"

SNMPv2-MIB::sysName.0 = STRING: c1 <------ "c1" is the context name

Jennifer Halim · ‎11-29-2010

Yes, you are absolutely right for interface information on specific context.