cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5455
Views
0
Helpful
3
Replies

snmp trap versus syslog message

Hi,

Most network devices will send snmp traps and syslog messages to a central server.

For analyzing purpose this server runs software to display the messages or traps.

My question is, what is the difference between syslog messages and snmp traps?

What is best practise?

Thank you very much.

Hansruedi

1 Accepted Solution

Accepted Solutions

Joe Clarke
Cisco Employee
Cisco Employee

From the very basic level, traps and syslog differ in the encoding.  Syslog messages are typically text messages sent within a UDP packet.  There is a bit of binary encoding to indicate the syslog facility and severity.  SNMP traps have encoded ASN.1 fields (called variable bindings).  These varbinds are not ASCII text like syslog messages.  Instead they are encoded object identifiers that can be translated into object names using MIB definitions.

More syslog messages exist than SNMP traps because syslog messages do not have as much governance associated with them.  However, we typically recommend that customers enable both as there are some details available in traps that you may not get in syslog messages.  Traps can also be processed in a more programmatic fashion because of the documentation that goes into the MIBs that define them.

View solution in original post

3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

From the very basic level, traps and syslog differ in the encoding.  Syslog messages are typically text messages sent within a UDP packet.  There is a bit of binary encoding to indicate the syslog facility and severity.  SNMP traps have encoded ASN.1 fields (called variable bindings).  These varbinds are not ASCII text like syslog messages.  Instead they are encoded object identifiers that can be translated into object names using MIB definitions.

More syslog messages exist than SNMP traps because syslog messages do not have as much governance associated with them.  However, we typically recommend that customers enable both as there are some details available in traps that you may not get in syslog messages.  Traps can also be processed in a more programmatic fashion because of the documentation that goes into the MIBs that define them.

Hi Joe,

Great description.

Thank you very much.

Thanks, really useful!

Review Cisco Networking for a $25 gift card