RE: [nv-l] Off Topic: Cisco and Tivoli Integration
2002-05-30 15:22:46
Its even more scary than you
think
Here is what those yokels at Cisco are doing now with firewalls and
content switches......
First of all, EVERY trap from the content switches
and the firewalls are syslog traps. Period.
Second of all, they don't
even play by the same rules. Here are a couple of examples:
Firewall
failover trap:
1019591095 3
Tue Apr 23 14:44:55
2002 ###.###.###.###
A clogMessageGenerated trap received from enterprise cisco-syslog with 5
arguments: clogHistFacility=20; clogHistSeverity=2;
clogHistMsgName=Syslog Trap; clogHistMsgText=709003: (Primary)
Beginning configuration replication: Send to mate.;
clogHistTimestamp=383794600
Notice there is a variable
clogHistMsgName and from a firewall, this message "name" is just "Syslog Trap" -
the identifying characteristic is the 709003 in the closgHistMsgText. This
number means that this syslog trap is for configuration replication. Okay, now
look at the trap from a content switch:
Router Trap:
1021970438 7 Tue May 21 03:40:38
2002 ########.csgsystems.com A clogMessageGenerated trap received from
enterprise cisco-syslog with 5 arguments: clogHistFacility=OSPF;
clogHistSeverity=5; clogHistMsgName=DUP_RTRID_AS;
clogHistMsgText=Detected router with duplicate router ID 10.255.255.4 in Type-4
LSA advertised by 10.255.255.3; clogHistTimestamp=379244423
Notice the clogHistMsgName here is
NOT "Syslog Trap" as in the first example even though they both claim to be
enterprise cisco-syslog traps. The identifying characteristic in the trap is NOT
the first part of the clogHistMsgText as in the first example, but the
clogHistMsgName. So if you are processing traps based on the presence of "Syslog
Trap" you won't find in syslog traps under certain circumstances. Maybe
the "missing" traps use this
exactly-the-same-but-different coding.
And while we are on the subject,
don't try and use SNMP to get an interface table out of a backup firewall
unless you are on PIX v6.2. Good lord.
-----Original Message----- From: Allison, Jason
(JALLISON) [mailto:JALLISON AT arinc DOT com] Sent:
Thursday, May 30, 2002 1:35 PM To: 'nv-l' Subject: RE: [nv-l] Off Topic:
Cisco and Tivoli Integration
I would also be interested in hearing
examples. It seems a bit scary that Cisco would write events to syslog
but not send traps.
Thanks,
Jason Allison Principal
Engineer ARINC Incorporated Office: (410) 266-2006 FAX:
(410) 573-3026
-----Original Message----- From: Barr, Scott
[mailto:Scott_Barr AT csgsystems DOT com] Sent:
Thursday, May 30, 2002 2:29 PM To: nv-l AT lists.tivoli DOT com Subject: RE:
[nv-l] Off Topic: Cisco and Tivoli Integration
My experience says
that I have not seen a syslog message on a router that is not sent as a trap.
Do you have an example? Does the router in question support logging of
various severity levels? What version IOS too would
be helpful.
-----Original Message----- From: Scott Bursik [mailto:tivoliesm AT hotmail DOT com] Sent:
Thursday, May 30, 2002 11:20 AM To: nv-l AT lists.tivoli DOT com Subject: [nv-l]
Off Topic: Cisco and Tivoli Integration
Group,
I have
a question that is sort of off topic, but I am sure that someone in this
forum has some experience.
We are looking for a way to monitor messages
coming from Cisco devices. We have a central sislog running on a AIX box that
all of the Cisco devices in our network write to. We also receive some traps
from the devices, but there are syslog messages that are not traps that we
are interested in. We are trying to impliment a TEC syslog adapter but the
limitations of the adapter don't allow for the granularity that we are
looking for. I was just wonderg how other companies have implimented a
Tivoli/Cisco solution.
Any information anyone could provide would be
greatly appreciated.
Thank You,
Scott Bursik Pepsico Business
Solutions Group scott.bursik AT pbsg DOT com
_____
Join
the world's largest e-mail service with MSN Hotmail. Click <http://g.msn.com/1HM305401/47>
Here ---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe AT lists.tivoli DOT com For
additional commands, e-mail: nv-l-help AT lists.tivoli DOT com *NOTE* This is not an
Offical Tivoli Support forum. If you need immediate assistance from Tivoli
please call the IBM Tivoli Software Group help line at
1-800-TIVOLI8(848-6548)
--------------------------------------------------------------------- To
unsubscribe, e-mail: nv-l-unsubscribe AT lists.tivoli DOT com For additional
commands, e-mail: nv-l-help AT lists.tivoli DOT com
*NOTE* This is not an
Offical Tivoli Support forum. If you need immediate assistance from Tivoli
please call the IBM Tivoli Software Group help line at
1-800-TIVOLI8(848-6548)
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [nv-l] Off Topic: Cisco and Tivoli Integration, Scott Bursik
- RE: [nv-l] Off Topic: Cisco and Tivoli Integration, Davis, Donald
- RE: [nv-l] Off Topic: Cisco and Tivoli Integration, Barr, Scott
- Re: [nv-l] Off Topic: Cisco and Tivoli Integration, Dermott
- RE: [nv-l] Off Topic: Cisco and Tivoli Integration, Allison, Jason (JALLISON)
- RE: [nv-l] Off Topic: Cisco and Tivoli Integration, Scott Bursik
- RE: [nv-l] Off Topic: Cisco and Tivoli Integration, Davis, Donald
- RE: [nv-l] Off Topic: Cisco and Tivoli Integration, Allison, Jason (JALLISON)
- RE: [nv-l] Off Topic: Cisco and Tivoli Integration, Allison, Jason (JALLISON)
- RE: [nv-l] Off Topic: Cisco and Tivoli Integration,
Barr, Scott <=
- RE: [nv-l] Off Topic: Cisco and Tivoli Integration, Barr, Scott
- RE: [nv-l] Off Topic: Cisco and Tivoli Integration, Allison, Jason (JALLISON)
- RE: [nv-l] Off Topic: Cisco and Tivoli Integration, Francois Le Hir/Quebec/IBM
|
|
|