Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7468
Views
12
Helpful
4
Replies

How do I configure ASA 5520 to send SNMP Trap when IP SLA monitored port fails?

Go to solution
Luis Sanchez
Level 1
Level 1

‎04-17-2012 07:11 AM - edited ‎03-11-2019 03:54 PM

Below is my config for IP SLA.  I would like a SNMP trap to be sent when my primary fails over to my secondary and so on.  Is this even possible?

sla monitor 20

type echo protocol ipIcmpEcho 100.X.X.1 interface INET-FIOS150

num-packets 2

timeout 2000

threshold 2000

frequency 5

sla monitor schedule 20 life forever start-time now

sla monitor 21

type echo protocol ipIcmpEcho 96.X.X.1 interface INET-FIOS25

num-packets 2

timeout 2000

threshold 2000

frequency 5

sla monitor schedule 21 life forever start-time now

sla monitor 22

type echo protocol ipIcmpEcho 70.X.X.33 interface INET-WIND

num-packets 2

timeout 2000

threshold 2000

frequency 5

sla monitor schedule 22 life forever start-time now

!

snmp-server host CORPORATE 10.X.X.203 community ***** version 2c

snmp-server location Venice

snmp-server contact IT Tech Services

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

snmp-server enable traps syslog

snmp-server enable traps ipsec start stop

snmp-server enable traps entity config-change fru-insert fru-remove

snmp-server enable traps memory-threshold

snmp-server enable traps interface-threshold

snmp-server enable traps remote-access session-threshold-exceeded

snmp-server enable traps connection-limit-reached

snmp-server enable traps cpu threshold rising

snmp-server enable traps ikev2 start stop

snmp-server enable traps nat packet-discard

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ccordes
Level 1
Level 1

‎10-12-2012 12:28 PM

You can use the logging list feature to create a group of syslog messages that can be acted upon.  This group called sla-mon will only match the added|removed tracked route syslog messages.

logging list sla-mon message 622001

I usally use a group like this for email notifications as follows but you could use it to only send syslog messages that match this group.  Note that even if you use the "logging message level warnings" command to move this message to the warning or another logging level, the mail program will only pick it up based on its original logging level (info for 622001).  Here is the full config:

logging list sla-mon message 622001

smtp-server    

!  [ note that if you specify your own smtp server, no authentication is required if sending to your own domain ]

logging from-address ASA@domain.com

logging recipient-address Recepient@domain.com level informational

logging mail sla-mon

This will only send 622001 messages to you by email.  If you have multiple tracked routes, however, it will send one for each route that is added/removed from the routing table each time.

If you want to just send these messages to the syslog server, you can use the logging list in that setup.   For a normal syslog setup that I use, I normally do something like this:

logging enable

logging asdm warn

logging trap warn

logging host

logging message 622001 level warn

! This moves the tracked route added/removed message to the warning level and it will be sent to the syslog server.

logging message 111008 level warn

! This one is User executed the command.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎04-17-2012 07:33 AM

Hi,

You can atleast use the following log message to see when these changes happen

 622001 
Error Message    %PIX|ASA-6-622001: string tracked route network mask address, distance number, 
table string, on interface interface-name




 


Explanation    A tracked route has been added to or removed from a routing table, which means that  the state of the tracked object has changed from up or down. 


 


 string—"Adding" or "Removing." 




 


 network—The network address. 




 


 mask—The network mask. 




 


 address—The gateway address. 




 


 number—The route administrative distance. 




 


 string—The routing table name. 




 


 interface-name—The interface name as specified by the nameif command. 




 


Recommended Action    None. This is an informational message that indicates a change in routing and  a likely change in forwarding paths, as configured by the tracking and SLA commands.

You also need to make sure your configuration line "logging trap " is set to level 6 = informational. Or you have configured the log message in question to show otherwise.

- Jouni

Go to solution
Luis Sanchez
Level 1
Level 1
In response to Jouni Forss

‎04-17-2012 11:45 AM

Logging Level 6 can get intense.  Soon as I turned it on my syslog server was flooded with 100's of events. Any other options?

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Luis Sanchez

‎04-17-2012 11:55 AM

Hi,

I think you can modify the default logging level of some log messages

The command format is this

logging message level

So for your setup you could for example do

logging message 622001 level notifications

or in other format

logging message 622001 level 5

or even change the level some more

- Jouni

Go to solution
ccordes
Level 1
Level 1

‎10-12-2012 12:28 PM

You can use the logging list feature to create a group of syslog messages that can be acted upon.  This group called sla-mon will only match the added|removed tracked route syslog messages.

logging list sla-mon message 622001

I usally use a group like this for email notifications as follows but you could use it to only send syslog messages that match this group.  Note that even if you use the "logging message level warnings" command to move this message to the warning or another logging level, the mail program will only pick it up based on its original logging level (info for 622001).  Here is the full config:

logging list sla-mon message 622001

smtp-server    

!  [ note that if you specify your own smtp server, no authentication is required if sending to your own domain ]

logging from-address ASA@domain.com

logging recipient-address Recepient@domain.com level informational

logging mail sla-mon

This will only send 622001 messages to you by email.  If you have multiple tracked routes, however, it will send one for each route that is added/removed from the routing table each time.

If you want to just send these messages to the syslog server, you can use the logging list in that setup.   For a normal syslog setup that I use, I normally do something like this:

logging enable

logging asdm warn

logging trap warn

logging host

logging message 622001 level warn

! This moves the tracked route added/removed message to the warning level and it will be sent to the syslog server.

logging message 111008 level warn

! This one is User executed the command.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card