Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
0
Helpful
2
Replies

PIX and SNMP traps?

jason.aarons
Level 1
Level 1

‎01-18-2005 02:38 PM - edited ‎02-20-2020 11:52 PM

I see in the OpenView NNM Alarm Browser that PIX firewalls are hammering NNM with snmp traps about connections (show conn). This is overloading NNM. I propose the following change to stop trapping to NNM, but allow polling only;

BCBS-Pix515# show snmp

snmp-server host inside 10.10.254.233

snmp-server enable traps

BCBS-Pix515# config t

BCBS-Pix515(config)# snmp-server host inside 10.20.254.233 poll

BCBS-Pix515(config)#

!--- The host can query but is not to be sent traps.

Reference;

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a13.shtml

I'd still like to get traps, just not the connection entries, is there a better way?

0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎01-18-2005 02:49 PM

You can turn off logging for just that particular message, something like:

no logging message 302015

no logging message 302013

should get the TCP and UDP connection syslogs. If there's another particular message that you're seeing a lot of, just add the above commands, the message number is the first number in the line. For example:

%PIX-6-302015: Built outbound UDP connection number for 10.1.1.1 to 200.1.1.1

0 Helpful

jason.aarons
Level 1
Level 1
In response to gfullage

‎01-18-2005 04:41 PM

I don't want to disable syslog, but rather SNMP.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card