11-29-2010 05:15 PM - edited 03-11-2019 12:16 PM
Hi,
I have a multicontext Firewall with around 5 contexts. This is still not in production. We can get the alerts from the admin context to the SNMP management station but not from the individual contexts. Is there anything additional we have to add to get this working?
We have tested it by shutting off an interface to get alerts.
Thanks
11-29-2010 05:22 PM
For interfaces related SNMP trap, you would only get the SNMP alert from the Admin context, because Admin context is the context that manages all the physical of the ASA.
Typically SNMP is to measure the physical feature of the device, ie: CPU, interfaces, memory which is why you would only see those from Admin context, not individual user context.
11-29-2010 05:24 PM
So does this mean that there is no way to get snmp traps from individual contexts? Could you provide a link for this. I am tying to get enough material to show that this cannot be done. Thanks for understanding
Thanks
11-29-2010 05:35 PM
Typically, as mentioned earlier SNMP alerts are for alerting the physical of the ASA. Any specific trap you would like trigger from user context that is user context specific?
Normally, for user context logging, you would be using syslog instead of snmp as syslog is more for system/software logs.
Here is more information on SNMP and syslog, and it also tells you what SNMP is typically logged for (not too much information on the software side of things):
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html
11-29-2010 05:39 PM
Hello Jennifer,
Thanks for the information.
I have just seen that if we have to check for interface status, we can use MIBS like shown below. Can this be another alternative to getting interface information
SNMP can't be configured in the system context.
To get information about interfaces in either the admin or user context, you can use the IF-MIB's:
snmpwalk -v 2c -c publicifDescr
IF-MIB::ifDescr.1 = STRING: Adaptive Security Appliance 'inside' interface
IF-MIB::ifDescr.2 = STRING: Adaptive Security Appliance 'outside' interface
IF-MIB::ifDescr.3 = STRING: Adaptive Security Appliance 'mgmt' interface
IP-MIBs will give you the IP address of all the interfaces when you query context.
snmpwalk -v 2c -c publicipAddr
IP-MIB::ipAdEntAddr.10.7.14.32 = IpAddress: 10.7.14.32
IP-MIB::ipAdEntAddr.10.8.1.92 = IpAddress: 10.8.1.92
IP-MIB::ipAdEntAddr.10.7.1.92 = IpAddress: 10.7.1.92
IP-MIB::ipAdEntIfIndex.10.7.14.32 = INTEGER: 3
IP-MIB::ipAdEntIfIndex.46.7.1.92 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.47.7.1.92 = INTEGER: 1
IP-MIB::ipAdEntNetMask.10.7.14.32 = IpAddress: 255.255.255.0
IP-MIB::ipAdEntNetMask.10.8.1.92 = IpAddress: 255.255.255.0
IP-MIB::ipAdEntNetMask.10.7.1.92 = IpAddress: 255.255.255.0
IP-MIB::ipAdEntBcastAddr.10.7.14.32 = INTEGER: 0
IP-MIB::ipAdEntBcastAddr.10.8.1.92 = INTEGER: 0
IP-MIB::ipAdEntBcastAddr.10.7.1.92 = INTEGER: 0
IP-MIB::ipAdEntReasmMaxSize.10.7.14.32 = INTEGER: 65535
IP-MIB::ipAdEntReasmMaxSize.10.8.1.92 = INTEGER: 65535
IP-MIB::ipAdEntReasmMaxSize.10.7.1.92 = INTEGER: 65535
System name or Hostname of any context corresponds to the context name in multiple mode. System names can be retrived using Snmpv2 System MIB "sysName".
"snmpwalk -v 2c -c publicsysName"
SNMPv2-MIB::sysName.0 = STRING: c1 <------ "c1" is the context name
11-29-2010 05:44 PM
Yes, you are absolutely right for interface information on specific context.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: