topic How do I configure ASA 5520 to send SNMP Trap when IP SLA monito in Network Security

How do I configure ASA 5520 to send SNMP Trap when IP SLA monitored port fails?

Luis Sanchez — Mon, 11 Mar 2019 22:54:49 GMT

Below is my config for IP SLA. I would like a SNMP trap to be sent when my primary fails over to my secondary and so on. Is this even possible?

sla monitor 20

type echo protocol ipIcmpEcho 100.X.X.1 interface INET-FIOS150

num-packets 2

timeout 2000

threshold 2000

frequency 5

sla monitor schedule 20 life forever start-time now

sla monitor 21

type echo protocol ipIcmpEcho 96.X.X.1 interface INET-FIOS25

num-packets 2

timeout 2000

threshold 2000

frequency 5

sla monitor schedule 21 life forever start-time now

sla monitor 22

type echo protocol ipIcmpEcho 70.X.X.33 interface INET-WIND

num-packets 2

timeout 2000

threshold 2000

frequency 5

sla monitor schedule 22 life forever start-time now

snmp-server host CORPORATE 10.X.X.203 community ***** version 2c

snmp-server location Venice

snmp-server contact IT Tech Services

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

snmp-server enable traps syslog

snmp-server enable traps ipsec start stop

snmp-server enable traps entity config-change fru-insert fru-remove

snmp-server enable traps memory-threshold

snmp-server enable traps interface-threshold

snmp-server enable traps remote-access session-threshold-exceeded

snmp-server enable traps connection-limit-reached

snmp-server enable traps cpu threshold rising

snmp-server enable traps ikev2 start stop

snmp-server enable traps nat packet-discard

How do I configure ASA 5520 to send SNMP Trap when IP SLA monito

Jouni Forss — Tue, 17 Apr 2012 14:33:17 GMT

Hi,

You can atleast use the following log message to see when these changes happen

622001

Error Message    %PIX|ASA-6-622001: string tracked route network mask address, distance number, 
table string, on interface interface-name

Explanation A tracked route has been added to or removed from a routing table, which means that the state of the tracked object has changed from up or down.

string—"Adding" or "Removing."

network—The network address.

mask—The network mask.

address—The gateway address.

number—The route administrative distance.

string—The routing table name.

interface-name—The interface name as specified by the nameif command.

Recommended Action None. This is an informational message that indicates a change in routing and a likely change in forwarding paths, as configured by the tracking and SLA commands.

You also need to make sure your configuration line "logging trap " is set to level 6 = informational. Or you have configured the log message in question to show otherwise.

- Jouni

How do I configure ASA 5520 to send SNMP Trap when IP SLA monito

Luis Sanchez — Tue, 17 Apr 2012 18:45:16 GMT

Logging Level 6 can get intense. Soon as I turned it on my syslog server was flooded with 100's of events. Any other options?

How do I configure ASA 5520 to send SNMP Trap when IP SLA monito

Jouni Forss — Tue, 17 Apr 2012 18:55:41 GMT

Hi,

I think you can modify the default logging level of some log messages

The command format is this

logging message level

So for your setup you could for example do

logging message 622001 level notifications

or in other format

logging message 622001 level 5

or even change the level some more

- Jouni

How do I configure ASA 5520 to send SNMP Trap when IP SLA monito

ccordes — Fri, 12 Oct 2012 19:28:34 GMT

You can use the logging list feature to create a group of syslog messages that can be acted upon. This group called sla-mon will only match the added|removed tracked route syslog messages.

logging list sla-mon message 622001

I usally use a group like this for email notifications as follows but you could use it to only send syslog messages that match this group. Note that even if you use the "logging message level warnings" command to move this message to the warning or another logging level, the mail program will only pick it up based on its original logging level (info for 622001). Here is the full config:

logging list sla-mon message 622001

smtp-server

! [ note that if you specify your own smtp server, no authentication is required if sending to your own domain ]

logging from-address ASA@domain.com

logging recipient-address Recepient@domain.com level informational

logging mail sla-mon

This will only send 622001 messages to you by email. If you have multiple tracked routes, however, it will send one for each route that is added/removed from the routing table each time.

If you want to just send these messages to the syslog server, you can use the logging list in that setup. For a normal syslog setup that I use, I normally do something like this:

logging enable

logging asdm warn

logging trap warn

logging host

logging message 622001 level warn

! This moves the tracked route added/removed message to the warning level and it will be sent to the syslog server.

logging message 111008 level warn

! This one is User executed the command.