05-28-2009 03:36 AM - edited 02-21-2020 03:29 AM
I need to use IP SLA on my ASA to monitor the availability of a particular host. If the host goes unreachable the IP SLA will remove the route and a secondary route on my network will be used. I'm trying to find out if it's possible to have the IP SLA config report back to hpov when this happens.
Thank you for your replies.
05-28-2009 05:27 AM
AFAIK IPSLA monitors only. If your secondary route goes to a router, you might be to use EEM to send a syslog to OpenView.
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6815/datasheet_c78-492444.html
05-28-2009 05:59 AM
Thank you for the reply but unfortunately I don't think this will work..sounds really cool but I don't think it's a fit for my topology. My IP SLA pings would be going out a particular interface on my ASA targeting a client network that has equipment colocated in my data center. In the event that this path fails a secondary route would be used which would be through a different firewall and would take a VPN over the Internet back to the client as a secondary path.
05-28-2009 06:04 AM
Hmmm, do you know when the links fails, does it create a syslog? I think that's about the only way to get it to HPOV.
05-28-2009 06:09 AM
I'm not sure...I will have to check into that and post back.
06-01-2009 06:04 AM
The %PIX-6-622001 syslog message is generated when the tracked route is removed, so you can either make a specific 'logging list' to send to HPOV or send all syslogs. Here is the link:
Regards
Farrukh
06-01-2009 06:07 AM
Hello Farrukh,
Thank you very much for the information.
Jason
06-01-2009 11:38 AM
No probs at all, my pleasure :)
Regards
Farrukh
06-01-2009 11:58 AM
One more question for you if you don't mind...If I'm currently logging on this ASA to a particular local IDS can I send %PIX-6-622001 syslog messages to a different server altogether? The reason being..I need to get these specific messages down to our hpov server to generate the email to our helpdesk for notification.
06-01-2009 09:53 PM
Please clarify your requirements, what I understand is:
i) You want to send all syslogs to a syslog server (IDS), btw which IDS is this? (The Cisco IDS does not support syslogs)
ii) You want to send ONLY specific messages to the HPOV?
If this is correct, then I don't think this would be possible on the ASA, as you would associate a SINGLE logging list for the 'trap' method. You could perhaps using email notification for HPOV? Or use another syslog forwarded like KIWI to achieve this (But this would cause a lot of resource waste).
This is a configuration link:
Regards
Farrukh
06-02-2009 03:15 AM
We currently log all activity on the ASA to a non Cisco IDS that sits local to the ASA. Any type of event trap goes to our HPOV server that is at another data center. What I'm trying to do is get this one type of syslog message for the lost tracked route to go to our hpov server.
06-02-2009 12:11 PM
As I said earlier, you can't make two filter lists for the syslog (trap) destination. You have to use email, snmp traps or something for one and syslog for the other. Or use an external syslog replay server to send events to both the IPS and HPOV.
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide