Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1705
Views
7
Helpful
9
Replies

LMS 2.6 Syslog/SNMP Notification Help!

david.santel
Level 1
Level 1

‎04-04-2008 01:36 PM

I am only able to get InfoAlarm messages sent to via email notifications.

My switch is sending logs to Cisco Works.

Example:

13. 10.10.0.1 10.10.0.1 Apr 04 2008 10:34:41 EC 5 UNBUNDLE Interface GigabitEthernet1/4 left the port-channel Port-channel2 *

14. 10.10.0.1 10.10.0.1 Apr 04 2008 10:34:41 EC 5 BUNDLE Interface GigabitEthernet1/4 joined port-channel Port-channel2

But I only recieve infoalarm messages:

ALERT ID = 00000UE

TIME = Fri 04-Apr-2008 11:04:00 PST

STATUS = Active

SEVERITY = Informational

MANAGED OBJECT = 10.10.0.1

MANAGED OBJECT TYPE = Switches and Hubs

EVENT DESCRIPTION = 10.10.0.1: Cisco Configuration Management Trap:InformAlarm; 10.10.0.1: Authentication Failure:MinorAlarm;

My switch is setup as:

logging source-interface Loopback0

logging 10.10.100.111

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps syslog

I do not recieve critical or warning syslog messages.

What am I doing wrong? Help Please!

Labels:
0 Helpful
9 Replies 9

david.santel
Level 1
Level 1

‎04-04-2008 01:38 PM

Also, here are my SNMP settings:

logging source-interface Loopback0

logging 10.10.100.111

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps syslog

PTHA-MDF-4507-01#sh run | i snmp

snmp-server community PTHA!!##987 RW 25

snmp-server community PTHA!!##345 RO 25

snmp-server location MDF

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps fru-ctrl

snmp-server enable traps entity

snmp-server enable traps flash insertion removal

snmp-server enable traps cpu threshold

snmp-server enable traps vtp

snmp-server enable traps vlancreate

snmp-server enable traps vlandelete

snmp-server enable traps envmon fan shutdown supply temperature status

snmp-server enable traps port-security

snmp-server enable traps config

snmp-server enable traps mac-notification change move threshold

snmp-server enable traps msdp

snmp-server enable traps rtr

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistenc

y

snmp-server enable traps syslog

snmp-server enable traps vlan-membership

snmp-server host 10.10.100.111 version 2c PTHA!!##345

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee

‎04-04-2008 02:27 PM

DFM is not a general purpose trap receiver. Additionally, it does nothing with syslog messages, so you should never expect to see these messages in DFM.

DFM uses ICMP pinging and SNMP polling to generate the majority of its events and alerts. Some events can be generated from certain SNMP traps (documented at http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_device_fault_manager/3.0/user/guide/TrapFwd.html ).

If you want these syslog messages to be sent to you as emails, you will need to configure an appropriate RME Automated Action under RME > Tools > Syslog > Automated Actions.

david.santel
Level 1
Level 1
In response to Joe Clarke

‎04-04-2008 02:56 PM

I want to be able to view the events selected under Notification Services --> Event Sets.

I only recieve Informational. I don't recieve Critical or warnings.

This is the only info message I get--

ALERT ID = 00000UE

TIME = Fri 04-Apr-2008 10:52:17 PST

STATUS = Active

SEVERITY = Informational

MANAGED OBJECT = 10.10.0.1

MANAGED OBJECT TYPE = Switches and Hubs

EVENT DESCRIPTION = 10.10.0.1: Cisco Configuration Management Trap:InformAlarm; 10.10.0.1: Authentication Failure:MinorAlarm;

I see the info in Cisco works for:

13. 10.10.0.1 10.10.0.1 Apr 04 2008 10:34:41 EC 5 UNBUNDLE Interface GigabitEthernet1/4 left the port-channel Port-channel2

What am I missing to get critical and warnings sent to me.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to david.santel

‎04-04-2008 03:07 PM

As I said, DFM does not do anything with syslog messages. You will never see "EC 5 UNBUNDLE Interface GigabitEthernet1/4 left the port-channel Port-channel2" in DFM.

If you're not seeing Critical or Warning alerts/events in DFM, then there is probably nothing wrong with the devices, or your thresholds have not been tuned correctly.

See http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_device_fault_manager/3.0/user/guide/Events.html for a list of the events DFM can generate, and figure out if any of those events are currently relevant. If so, what events should you be receiving which you are not?

0 Helpful

david.santel
Level 1
Level 1

‎04-04-2008 03:42 PM

If I shut down a trunk link should I not get a email for Unresponsive ?

Unresponsive

Description: Device does not respond to ICMP or SNMP requests. Probable causes are:

•On a system: ICMP Ping requests and SNMP queries to the device timeout received no response.

•On an SNMP Agent: Device ICMP ping requests are successful, but SNMP requests time out with no response.

Note A system might also be reported as Unresponsive if the only link (for example, an interface) to the system goes down.

Note You can use the CiscoWorks Assistant Link Down/Device Down workflow to troubleshoot this problem, as described in User Guide for CiscoWorks Assistant 1.0.

Trigger: Polling.

Severity: Critical.

Device Type: All.

Event Code: 1022.

0 Helpful

david.santel
Level 1
Level 1
In response to david.santel

‎04-04-2008 04:12 PM

So we tested and unresponsive email does respond when the switch it shutdown.

I wish there was somthing clearer on setting up Syslog errors being sent to email.

I could use a example..... :-(

Thanks for all the help!

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to david.santel

‎04-04-2008 04:27 PM

It's very easy. Go to RME > Tools > Syslog > Automated Actions. Click Create. Select the specific devices you care about, or keep the default of "All devices". Then give your AA a name, and click the Select button to choose the syslog messages you care about. If you do not see your message in the list, cancel the select pop-up, and click the Add button.

If you have to use the Add button, fill in the various fields, using a '*' to indicate match anything. For example, for a %EC-5-UNBUNDLE message, fill in the following:

Facility : EC

Sub-facility : *

Severity : 5

Mnemonic : UNBUNDLE

Description : *

Finally, configure your AA to be an E-mail action, and specify the recipient address(es). You can use variables $D and $M in the body of the message to represent the device and the message respectively. For example, your body could be:

Syslog messages received from $D:

$M

Wassim Aouadi
Level 4
Level 4
In response to Joe Clarke

‎09-29-2011 12:45 AM

Joseph,

I tried the $D and $M variables, but I think it does not work. Please see enclosed file.

Preview file
130 KB
0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to Wassim Aouadi

‎09-29-2011 12:19 PM

The $M and $D have not worked for a long time.  Please start a new thread with your specific version of LMS.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card