Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

When to use snmp traps - when to use syslog

Hi,

I would be very pleased if somebody could explain me what are the differences/similarities/advantages/disadvantages between snmp traps and syslog messages.

Is there an equivalent syslog message for any snmp trap and vice versa?

I am creating standard configuration templates for cisco ios and catos devices and at the moment we are discussing if both snmp traps and syslog messages are necessary or if snmp traps are sufficient.

Best regards,

Thorsten Steffen

9 REPLIES

Re: When to use snmp traps - when to use syslog

HI Throsten, [Pls rate if HELPS]

Please see below for difference:

SNMP stands for Simple Network Management Protocol and allows for remote monitoring and configuration of SNMP-capable devices on a network, while Syslog is a different protocol that can be used for exchanging log messages of varying degrees of severity to network devices capable of receiving Syslog messages, and does not define a standard for remotely configuring these devices. SNMP also defines SNMP traps, which like Syslog, can be sent by devices when they need to report the occurence of a specific event.

Pls Rate if HELPS

Best Regards,

Guru Prasad R

New Member

Re: When to use snmp traps - when to use syslog

Hi Guru,

thanks for your quick answer.

What I am looking for are in detail the differences/similarities/advantages/disadvantages between

snmp traps

and

syslog messages

In other words, is it necessary to use both mechanisms to get all information to manage the devices or does snmp trapping and syslog messaging tell me exactly the same content?

Finally I want to know if I still need to use syslog or if it's fully enough to use snmp traps (because snmp gives me any information I would get via syslog?).

Best regards,

Thorsten

Re: When to use snmp traps - when to use syslog

HI Throsten, [Pls Rate if Helps]

SNMP Traps is highly enough to Manage the Devices. Whereas SNMP traps can be collected as per your requirement.

Normally, Major Networks will use SNMP Trap Collections for management of Devices on Daily Basis.

But, depends upon the Requirement / Critical of the Network, sometimes you may require Syslog also to investigate the Problems.

So, there is no harm in Collecting the SNMP Traps as well as Syslog Messages. You need to have a Trap Collection PC & Syslog Daemon to Collect the Syslog Messages.

PLS Rate if HELPS

Best Regards,

Guru Prasad R

Hall of Fame Super Bronze

Re: When to use snmp traps - when to use syslog

Thorsten,

They both serve different purposes, though the end-result may be similar.

Logging is useful for debugging purposes and quick information while you are in the console while SNMP trap is useful when you have a decent SNMP application that collects,monitors and produce nice reports about your devices.

Having both configured and enabled in your environment would be my choice.

New Member

Re: When to use snmp traps - when to use syslog

Hello Edison,

thanks for your answer.

I also think that local logging is important for troubleshooting and debugging purposes. But do I need to send the logging messages additionally to a syslog server if I already use a snmp network management system?

In a special case I am looking for a possibility to prevent linkup/linkdown messages of access ports (= severity 3) to be sent to the syslog server while they should still be sent to the local log of the devices.

What I read in the documentation is that you can use the interface configuration command "no logging event link-status" to completely disable these messages but I did not find out how to differentiate between local log and syslog server other then use the "logging trap " command. If you have any idea please let me know.

Hall of Fame Super Bronze

Re: When to use snmp traps - when to use syslog

Thorsten,

You can change the severity for local logging vs syslog logging.

Logging trap represents the Syslog server and you can change the level to 3, for instance, without affecting the Logging buffered which is the one that sends to the local log.

Logging trap

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hnm_r/nmg_02h.htm#wp1054301

Logging buffered

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hnm_r/nmg_02h.htm#wp1051338

New Member

Re: When to use snmp traps - when to use syslog

Hi,

Generally, I think both serve different purpose.

In a best situation, u can run both.

for syslog, it is more used for troubleshooting.

for snmp, it is used for monitoring and management.

-use mrtg to monitor device status, link status, bandwidth utilization

-use snmp management software for management

regards

cash

Re: When to use snmp traps - when to use syslog

Also bear in mind snmp traps are pretty much real-time. As soon as an event is triggered the trap is sent.

Syslog messages can be queued and therefore will not neccessarily be delivered as they occur.

If you are not using off-the-shelf software, then SNMP traps are easiest to work with as you can simply call different scripts based on which traps are received.

As has been said before - syslog events are useful for troubleshooting.

I use both in my environment - but only use traps for realtime location of mac addresses.

New Member

Re: When to use snmp traps - when to use syslog

One more important thing to keep in mind is that since the system messages will get logged and stored, in going back to diagnose a failure you will have relevant data in the syslog. As mentioned above, in a catastrophic failure, traps may not get sent and therefore that event data would be lost. We use both methods for the same reasons mentioned previously.

1185
Views
14
Helpful
9
Replies