04-17-2012 07:11 AM - edited 03-11-2019 03:54 PM
Below is my config for IP SLA. I would like a SNMP trap to be sent when my primary fails over to my secondary and so on. Is this even possible?
sla monitor 20
type echo protocol ipIcmpEcho 100.X.X.1 interface INET-FIOS150
num-packets 2
timeout 2000
threshold 2000
frequency 5
sla monitor schedule 20 life forever start-time now
sla monitor 21
type echo protocol ipIcmpEcho 96.X.X.1 interface INET-FIOS25
num-packets 2
timeout 2000
threshold 2000
frequency 5
sla monitor schedule 21 life forever start-time now
sla monitor 22
type echo protocol ipIcmpEcho 70.X.X.33 interface INET-WIND
num-packets 2
timeout 2000
threshold 2000
frequency 5
sla monitor schedule 22 life forever start-time now
!
snmp-server host CORPORATE 10.X.X.203 community ***** version 2c
snmp-server location Venice
snmp-server contact IT Tech Services
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
snmp-server enable traps ikev2 start stop
snmp-server enable traps nat packet-discard
Solved! Go to Solution.
10-12-2012 12:28 PM
You can use the logging list feature to create a group of syslog messages that can be acted upon. This group called sla-mon will only match the added|removed tracked route syslog messages.
logging list sla-mon message 622001
I usally use a group like this for email notifications as follows but you could use it to only send syslog messages that match this group. Note that even if you use the "logging message
logging list sla-mon message 622001
smtp-server
! [ note that if you specify your own smtp server, no authentication is required if sending to your own domain ]
logging from-address ASA@domain.com
logging recipient-address Recepient@domain.com level informational
logging mail sla-mon
This will only send 622001 messages to you by email. If you have multiple tracked routes, however, it will send one for each route that is added/removed from the routing table each time.
If you want to just send these messages to the syslog server, you can use the logging list in that setup. For a normal syslog setup that I use, I normally do something like this:
logging enable
logging asdm warn
logging trap warn
logging host
logging message 622001 level warn
! This moves the tracked route added/removed message to the warning level and it will be sent to the syslog server.
logging message 111008 level warn
! This one is User
04-17-2012 07:33 AM
Hi,
You can atleast use the following log message to see when these changes happen
622001
Error Message %PIX|ASA-6-622001: string tracked route network mask address, distance number,
table string, on interface interface-nameExplanation A tracked route has been added to or removed from a routing table, which means that the state of the tracked object has changed from up or down.
string—"Adding" or "Removing."
network—The network address.
mask—The network mask.
address—The gateway address.
number—The route administrative distance.
string—The routing table name.
interface-name—The interface name as specified by the nameif command.
Recommended Action None. This is an informational message that indicates a change in routing and a likely change in forwarding paths, as configured by the tracking and SLA commands.
You also need to make sure your configuration line "logging trap
- Jouni
04-17-2012 11:45 AM
Logging Level 6 can get intense. Soon as I turned it on my syslog server was flooded with 100's of events. Any other options?
04-17-2012 11:55 AM
Hi,
I think you can modify the default logging level of some log messages
The command format is this
logging message
So for your setup you could for example do
logging message 622001 level notifications
or in other format
logging message 622001 level 5
or even change the level some more
- Jouni
10-12-2012 12:28 PM
You can use the logging list feature to create a group of syslog messages that can be acted upon. This group called sla-mon will only match the added|removed tracked route syslog messages.
logging list sla-mon message 622001
I usally use a group like this for email notifications as follows but you could use it to only send syslog messages that match this group. Note that even if you use the "logging message
logging list sla-mon message 622001
smtp-server
! [ note that if you specify your own smtp server, no authentication is required if sending to your own domain ]
logging from-address ASA@domain.com
logging recipient-address Recepient@domain.com level informational
logging mail sla-mon
This will only send 622001 messages to you by email. If you have multiple tracked routes, however, it will send one for each route that is added/removed from the routing table each time.
If you want to just send these messages to the syslog server, you can use the logging list in that setup. For a normal syslog setup that I use, I normally do something like this:
logging enable
logging asdm warn
logging trap warn
logging host
logging message 622001 level warn
! This moves the tracked route added/removed message to the warning level and it will be sent to the syslog server.
logging message 111008 level warn
! This one is User
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide