nv-l

RE: [nv-l] Altiga Cisco VPN concentrator Trap defintions!

2005-07-21 16:05:42
Subject: RE: [nv-l] Altiga Cisco VPN concentrator Trap defintions!
From: "Barr, Scott" <Scott_Barr AT csgsystems DOT com>
To: <nv-l AT lists.us.ibm DOT com>
Date: Thu, 21 Jul 2005 15:05:09 -0500
We just catch everything from enterprise 3076 in trapd.conf and have a
ruleset that catches it and passes the data as an environment variable
to the perl script that does the parsing.

I don't have an enterprise number. The oid is as you would expect
1.3.6.1.4.1.3076 but we never busted it down further. They are all
generic trap 6 enterprise 0


Sorry I can't be of more obvious help. This is not what I would call a
fully integrated cisco product.

-----Original Message-----
From: owner-nv-l AT lists.us.ibm DOT com [mailto:owner-nv-l AT lists.us.ibm DOT 
com]
On Behalf Of Larry Fagan
Sent: Thursday, July 21, 2005 2:59 PM
To: nv-l AT lists.us.ibm DOT com
Subject: RE: [nv-l] Altiga Cisco VPN concentrator Trap defintions!

Thanks for the info guys.
Our VPN team is forwarding particular events like
below:
1121965582 7  Thu Jul 21 13:06:22 2005 
USKEN06DVP132.us.schp.com ?  [2] private
.enterprises.3076.2.1.4.4.37.50 (OctetString):
248355444 07/21/2005 13:08:03.480
 SEV=5 IKE/50 RPT=312369 14.207.66.106 
What the team is looking is for key word IKE/199. I
can parse that once this is forwarded to TEC but the
issue is what's the OID for this event?.
thanks,
Larry

--- "Barr, Scott" <Scott_Barr AT csgsystems DOT com> wrote:

> I don't work on them anymore but I did in the past.
> 
> Cisco is pulling your leg.
> 
> In the syslog configuration on the device you can
> set 9 levels of
> logging from like 15 different topics. Then you can
> specify what log
> messages to turn into snmp events.
> 
> And then the fun begins.
> 
> Depending on your ios version, the concentrator
> sends in all sorts of
> different formats. In our case, we wanted to know
> when tunnels came up
> and down. Well it turned out that this actually was
> in the user signon
> log event. Our concentrator code supported both
> concentrators for public
> users and also for private connections. 
> 
> But the trap that comes in varies widely in spacing,
> verbage and format.
> We upgraded IOS versions and trashed the automation.
> Worse yet, they all
> come in as the same enterprise trap so you must have
> some backend
> parsing. 
> 
> Cisco is telling you that there are few traps
> supported because I
> believe the SNMP agent itself doesn't generate much
> - all are syslog
> traps that we worked with.
> 
> I'm going to email you what work I had done already
> pending approval
> from my previous manager. 
> 
> 
> -----Original Message-----
> From: owner-nv-l AT lists.us.ibm DOT com
> [mailto:owner-nv-l AT lists.us.ibm DOT com]
> On Behalf Of Larry Fagan
> Sent: Thursday, July 21, 2005 1:51 PM
> To: nv-l AT lists.us.ibm DOT com
> Subject: [nv-l] Altiga Cisco VPN concentrator Trap
> defintions!
> 
> Hello All,
> I'm looking for the above 3000 series Trap
> defintions.
> In the MIB provided to me from Cisco Site, i did'nt
> find any traps defined in them. I also see in the
> list
> someone posted a reply from Cisco support saying
> that
> there is very limited traps defined for VPN's or
> rather no traps at all. See link below.
> 
>
http://lists.skills-1st.co.uk/mharc/html/nv-l/2003-08/msg00006.html
> 
> 
> Has anyone defined any traps for thess VPN's. I'm
> trying if someone can help me here before i get to
> deeply involved.Any hints will be greatly helpful.!
> Many Thanks,
> Larry
> 
> 
> 
>               
> ____________________________________________________
> Start your day with Yahoo! - make it your home page 
> http://www.yahoo.com/r/hs 
>  
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com