Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Syslog traps vs SNMP traps

Concerning the Syslog logging and SNMP traps, what is the difference.

I have seen that syslog is more for troubleshooting, but does syslog, when set to log "debugging", offer the same level of information that SNMP traps do?

For example, can you get real time config changes via syslog as you can with SNMP?

If so, why use both?

9 REPLIES

Re: Syslog traps vs SNMP traps

You don't have to use both, you can use either ones.

What are you trying to achieve?

What specific config changes do you want to monitor?

The syslog messages can be send also over SNMP traps, thats another option you can have.

syslog is on port 514 UDP, snmp traps on port 162 UDP.

SNMP traps can relate events that are happening on the device without you having to turn debug on for everything on the device, which is CPU consuming and can quickly crash and hang your router.

Depending on the need you have, we can talk about more detailed difference between syslog and snmp traps.

New Member

Re: Syslog traps vs SNMP traps

I was thinking along the lines of logging in general.

For example, we have MARS, Cisco Works.

Both are configured to have network gear send syslog messages and SNMP traps.

The person managing MARS says he is able to see real time config changes by just using syslog.

I was thinking there could be much more detail by using SNMP.

Is that correct?

What is the difference between syslog traps and SNMP traps?

Re: Syslog traps vs SNMP traps

syslog will send whatever you can see on the CLI of the device at a maximum of a debug level as you say.

for SNMP traps related to configuration changes, you can use the mibs depending on the events you want to know about.

If we take for example the config traps, they are part of

CISCO-CONFIG-MAN-MIB. That mib can send traps with the following OIDs:

ftp://ftp.cisco.com/pub/mibs/oid/CISCO-CONFIG-MAN-MIB.oid

When you will go through that you will realize that the CONFIG mib and the syslog provide you with the same information: the CONFIG mib will not have more information than the syslog message.

If you use the snmp object navigator, you will find for every OID what the function is:

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en

A good paper about what traps are part of which mib:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a05.shtml

SNMP traps are a good way to gather information from the router without spiking the cpu with turning on CLI debug level. The CLI debug level is usually the most complete information you can get from a router anyways.

New Member

Re: Syslog traps vs SNMP traps

Hello, I have a few questions about this. We are using HP-Openview and NNM to receive the traps of the Cisco switches, but we can't receive the trap corresponding to the syslog event "Nov 11 09:39:56: %IP-4-DUPADDR: Duplicate address 10.229.13.253 on Vlan15, sourced by 001b.388e.01de". Maybe this trap doesn't exist?

Is there a way to know to a particular syslog event which trap is sent? Exists a complete relationship between syslog messages and traps?

Thank you very much!

Blue

Re: Syslog traps vs SNMP traps

As far as I can tell, syslogs and SNMP traps don't get implemented to necessarily correspond to each other. Without access to IOS source code, it's hard to say whether IP-4-DUPADDR has a trap equivalent. However, it's possible to resend every syslog event as an SNMP trap, by configuring "snmp-server enable traps syslog" globally. However, I personally think it's a sound practice, as it basically bombards the SNMP management stations(s) with duplicate info already received by the syslog servers, and all such traps have the same OID which deprives one of the major advantage of SNMP traps.

Blue

Re: Syslog traps vs SNMP traps

I meant to say "I personally think it's not a sound practice" :D

New Member

Re: Syslog traps vs SNMP traps

Thank you very very much!

New Member

Does a Cisco ASA log (as in

Does a Cisco ASA log (as in syslog) sending traps ?

A guy who manages a management device is saying My ASA is sending a certain trap to him and I cant see anything in logs. What do I do so I can see every trap I see in logs? What syslog code would it be ?

New Member

Does a Cisco ASA log (as in

Does a Cisco ASA log (as in syslog) sending traps ?

A guy who manages a management device is saying My ASA is sending a certain trap to him and I cant see anything in logs. What do I do so I can see every trap I see in logs? What syslog code would it be ?
 

23675
Views
5
Helpful
9
Replies
CreatePlease to create content