Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1408
Views
13
Helpful
10
Replies

LMS4.0 with syslog

Ibrahim Jamil
Level 6
Level 6

‎06-22-2012 02:43 AM

Hi Experts

how can in configure the cisco works 4.0 to acts as syslog servers so all devices in my network sends traps to this lms that we have instead of using kiwi syslog

thanks

jamil

Labels:
0 Helpful
10 Replies 10

Nael Mohammad
Level 5
Level 5

‎06-22-2012 01:04 PM

By default LMS has a built in Syslog function, all you need to do is update the devices to send their syslogs messages to the LMS ip address. Use the deployment guide to update your syslogs to point to LMS.

http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps11200/deployment_guide_c07-618226.html#wp9000635

logging host x.x.x.x

Also ensure that KIWI syslog is not installed on the same server that LMS is running.

Ibrahim Jamil
Level 6
Level 6
In response to Nael Mohammad

‎06-23-2012 06:03 AM

Hi Nael

thanks nael

couple of questions

1)after u configured ur devices to send trap to syslog LMS  4.0 how to find this trap on lms

2)my LMS 4.0 sits at the HQ, i have 5 big campuses

Campus A in area 1 has 100 cisco devices

Campus B in area 2 has 100 cisco devices

Campus C in area 3 has 100 cisco devices

Campus D in area 4 has 100 cisco devices

Campus E in area 5 has 100 cisco devices

how can i configure the LMS to categorize these area with each devices and perform devices discovery according each area not devices discovery for the whole Company?

3)can the LMS 4.0 sees the asa 5520?or this FW needs special config on the lms

4)how to config LMS 4.0 to acts as SNMP server , and after how to see the traps sent by cisco devices?

thanks

jamil

0 Helpful

Nael Mohammad
Level 5
Level 5
In response to Ibrahim Jamil

‎06-25-2012 06:05 PM

1. Use the Reporting features in LMS 4.0 to generate a 24 hour syslog report to view all the syslog info from the devices.

http://www.cisco.com/en/US/partner/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/user/guide/Reports/fault_even_reports.html#wp1265904

2. First create user defined groups and five different discovery jobs based on the user defined group categories.

Step 1: Creating "User Defined Groups":

http://www.cisco.com/en/US/partner/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/user/guide/admin/groups.html#wp1185351

I would name each UDG based on their regions or you can do it like stated above "CampusA", "CampusB", "CampusC", "CampusD", and "CampusE". The idea to is come up with a consistent naming convention that applies to your environment and create a rule based on the subnet or device type.

Step 2: Create multiple discovery jobs for different Campuses with different settings based on subnet range:

http://www.cisco.com/en/US/partner/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/user/guide/admin/dcr_adm.html#wp1103132

3.  5520 is supported with 7.2(1) or higher. See device matrix:

http://www.cisco.com/en/US/partner/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/device_support/table/lms40sdt.html

4. LMS is your NMS server and will handle the SNMP traps through its Fault Management feature in the application.

http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps11200/deployment_guide_c07-618226.html#wp9001130

Ibrahim Jamil
Level 6
Level 6
In response to Nael Mohammad

‎06-26-2012 10:30 AM

Hi Nael

thanks for ur reply and i realy appreciate ur reply

1)i don't have cisco account to read these link,could you please provide the equivalent!

2)how can i delete a device from the DCR?

3)my LMS ping the ASA  and Correctly i have entered the SNMP community exist the asa but it gives me errors so please help me to the asa to my cisco works ,

thanks

jamil

0 Helpful

Ibrahim Jamil
Level 6
Level 6
In response to Ibrahim Jamil

‎06-28-2012 11:47 PM

any reply ps

0 Helpful

Ibrahim Jamil
Level 6
Level 6
In response to Martin Ermel

‎07-06-2012 04:47 AM

Ermel thanks and Appreciate , i m in stuch with asa , from lms 4.0 i can ping the inside interface of the asa 5520 , i have entered correct the snmp , but the lms didnt recognised it.any help

thanks

jamil

0 Helpful

Vinod Arya
Cisco Employee
Cisco Employee
In response to Ibrahim Jamil

‎07-08-2012 05:09 AM

Are you able to do snmpwalk from LMS to ASA? Try to open the device in Device Centre and try to do a snmpwalk, if unsuccessful, pleases share the ASA snmp configuration details.

The configration should be :

hostname(config)# snmp-server host interface_name ip_address [trap | poll] [community text] [version 1 | 2c] [udp-port port]

Where interface_name is the name of the NMS and ip_address is the IP address of the NMS.

Please see the document for more details :

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html#wp1042030

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **
0 Helpful

Ibrahim Jamil
Level 6
Level 6
In response to Vinod Arya

‎07-08-2012 08:13 AM

Hi Vinod

i have straight forward snmp config pls see the below

snmp-server host inside 10.100.100.101 community $cisco$

10.100.100.101 my LMS

thanks

0 Helpful

Vinod Arya
Cisco Employee
Cisco Employee
In response to Ibrahim Jamil

‎07-08-2012 11:20 AM

Do you see any packets incrementing when you try snmpwalk on ASA device with show snmp-server statistics?

I assume the port 161 is not blocked on ASA. You can also try to install Net-Snmp on your PC and try to do a snmpwalk from there configuring your ASA to accept snmp-request from your device.

That should help in pointing out if the issue is from LMS or ASA.

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **
0 Helpful
Customers Also Viewed These Support Documents