Just wondering, I set up the the PIX to have logging trap errors. I also configured the snmp-server enable traps. I send both syslog and snmp to the same Event monitor. It appears that I am recieving the smae messsages in both syslog and snmp. If I stop the syslog and rely only on snmp will I be missing any messages that syslog would have sent or is there any difference. Does anyone have a suggestion or best practicse they follow?
There is no difference between syslog and snmp beside the way the message are sent to the logging device. The only thing that should direct your choice is the end device that is logging you message. If your logging/analysing/alerting product support syslog, you should use syslog instead of snmp since it take less ressources to operate.
I'd suggest that Syslog is what the Firewall Administrator needs to look at (regularly) and that SNMP is what the Network Administrator needs to look at (regularly). If the two people are one and the same then you can run just one.
Note that in the PIX there is a big difference between Syslog and SNMP. Syslog on the PIX can be configured to run over TCP (rather than UDP). SNMP runs over UDP. Syslog over TCP is more resource intensive on the PIX and the LAN. But the messages get to the Syslog server (where they may be otherwise discarded on a traffic heavy LAN).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...