I need to use IP SLA on my ASA to monitor the availability of a particular host. If the host goes unreachable the IP SLA will remove the route and a secondary route on my network will be used. I'm trying to find out if it's possible to have the IP SLA config report back to hpov when this happens.
Thank you for your replies.
AFAIK IPSLA monitors only. If your secondary route goes to a router, you might be to use EEM to send a syslog to OpenView.
Thank you for the reply but unfortunately I don't think this will work..sounds really cool but I don't think it's a fit for my topology. My IP SLA pings would be going out a particular interface on my ASA targeting a client network that has equipment colocated in my data center. In the event that this path fails a secondary route would be used which would be through a different firewall and would take a VPN over the Internet back to the client as a secondary path.
The %PIX-6-622001 syslog message is generated when the tracked route is removed, so you can either make a specific 'logging list' to send to HPOV or send all syslogs. Here is the link:
One more question for you if you don't mind...If I'm currently logging on this ASA to a particular local IDS can I send %PIX-6-622001 syslog messages to a different server altogether? The reason being..I need to get these specific messages down to our hpov server to generate the email to our helpdesk for notification.
Please clarify your requirements, what I understand is:
i) You want to send all syslogs to a syslog server (IDS), btw which IDS is this? (The Cisco IDS does not support syslogs)
ii) You want to send ONLY specific messages to the HPOV?
If this is correct, then I don't think this would be possible on the ASA, as you would associate a SINGLE logging list for the 'trap' method. You could perhaps using email notification for HPOV? Or use another syslog forwarded like KIWI to achieve this (But this would cause a lot of resource waste).
This is a configuration link:
We currently log all activity on the ASA to a non Cisco IDS that sits local to the ASA. Any type of event trap goes to our HPOV server that is at another data center. What I'm trying to do is get this one type of syslog message for the lost tracked route to go to our hpov server.
As I said earlier, you can't make two filter lists for the syslog (trap) destination. You have to use email, snmp traps or something for one and syslog for the other. Or use an external syslog replay server to send events to both the IPS and HPOV.