Hi Dinesh,

Cisco Freak · ‎03-15-2016

Hi All,

I have a IP SLA and track configured in ASA. I want to get a SNMP trap or a syslog alert when these go down.

FW# sh sla monitor operational-state
Entry number: 1
Modification time: 22:07:31.216 CEST Tue Mar 15 2016
Number of Octets Used by this Entry: 2056
Number of operations attempted: 5406
Number of operations skipped: 0
Current seconds left in Life: Forever
Operational state of entry: Active
Last time this entry was reset: Never
Connection loss occurred: FALSE
Timeout occurred: TRUE
Over thresholds occurred: FALSE
Latest RTT (milliseconds): NoConnection/Busy/Timeout
Latest operation start time: 01:07:39.217 CEST Wed Mar 16 2016
Latest operation return code: Timeout
RTT Values:
RTTAvg: 0 RTTMin: 0 RTTMax: 0
NumOfRTT: 0 RTTSum: 0 RTTSum2: 0

FW# sh track 1
Track 1
Response Time Reporter 1 reachability
Reachability is Down
1 change, last change 00:03:53
Latest operation return code: Timeout
FW#

I couldn't find any configuration to enable SNMP trap/syslog. Can you please help.

CF

Dinesh Moudgil · ‎03-15-2016

Hi Cisco Freak,

This is the Syslog that triggers when there is a change in routing as configured by the tracking and SLA:

622001

Error Message %PIX|ASA-6-622001: string tracked route network mask address, distance number, table string, on interface interface-name

e.g. Sep 05 2013 17:18:10: ASA-6-622001 Removing tracked route 1.2.3.3 255.255.255.255 72.163.4.1, distance 100, table Default-IP-Routing-Table, on interface outside

Explanation
A tracked route has been added to or removed from a routing table, which means that the state of the tracked object has changed from up or down.

string-"Adding" or "Removing."
network-The network address.
mask-The network mask.
address-The gateway address.
number-The route administrative distance.
string-The routing table name.
interface-name-The interface name as specified by the nameif command.

Recommended Action None.
This is an informational message that indicates a change in routing and a likely change in forwarding paths, as configured by the tracking and SLA commands.

Here is the configuration in order to send an alert via e-mail directly to your account:

logging list test message 622001
logging mail test
logging from-address ciscosecurityappliance@example.com
logging recipient-address admin@example.com level errors
logging message 622001 level alerts
smtp-server <ip address>

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Cisco Freak · ‎03-15-2016

Hi Dinesh,

There is no routing change happening when the track/IP SLA goes down.

CF

Dinesh Moudgil · ‎03-15-2016

Can you help me explain how are you using SLA monitor in the configuration. Is it nor associated with any tracking ? What is the purpose for this SLA ?

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Cisco Freak · ‎03-15-2016

We have an intermittent IPSEC vpn flap issue. I want to confirm if the reachability to remote site public IP is the root cause for VPN flap.

So I have configured a IP SLA to ping other end public IP every 2 seconds. Whenever there is a lose if connectivity, I want to get a syslog/SNMP trap.

CF

Cisco Freak · ‎03-16-2016

Any help would be appreciated.

Dinesh Moudgil · ‎03-16-2016

You might want to run the following debugs and check the specific ID for the logging message to be sent to the syslog server:

debug sla monitor trace
debug sla monitor error

Please check the following thread as well:-
https://supportforums.cisco.com/discussion/10905056/configure-ip-sla-generate-syslog-messages

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Syslog from IP SLA