cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4664
Views
0
Helpful
3
Replies

Smart Call Home Syslogs

chris
Level 1
Level 1

Hello,

I looked at the capabilities of SCH for ASA 5500 series and it states that syslog messages can be reported. When looking into the specifics in the '

Monitoring Details for Cisco SMARTnet Service with Smart Call Home" document (http://www.cisco.com/en/US/services/ps2827/ps2978/ps7334/SCH_Monitoring_Details.pdf) it mentions the following:

Syslogs ASA-5-711005: Traceback: This syslog message is logged on the device because of an internal software error.

I was wondering whether this is the only syslog reporting capability or whether all syslogs can be alerted on?

Regards,

Chris

3 Replies 3

Bryan Williams
Level 1
Level 1

Hello Chris,

When we say that a particular message is supported, we mean two things.  First, Smart Call Home has a rule to evaluate the message and diagnostic information sent by Call Home.   Second, Smart Call Home has analysis and recommendations to provide for that message. 

Smart Call Home will store and report any message that you configure Call Home to send.  If that message is not supported, it will lack analysis and will not generate a notification.

It is common for Diagnostic/Environmental messages and Syslog to overlap.  When that is true, Smart Call Home rules tend to support the Diagnostic/Environmental message instead of Syslog.  Diagnostic/Environmental messages tend to include more information which means more accurate rules, recommendations, and notifications.

Keep those questions coming.

Bryan

If you really want a notification for those unsupported syslogs, you can always create a second profile in Call Home to send text formatted messages directly to your email address.  That way, the syslogs will be sent to the Smart Call Home portal for reporting and to your inbox at the same time.  This will seriously increase the number of email notifications you receive but might help you catch an unknown condition.

You can find more information about custom profiles in this post and in the configuration guide for your Cisco product:

https://supportforums.cisco.com/community/netpro/solutions/smart_services/smartcallhome/blog/2012/09/14/call-home-profiles--default-and-custom

Lawrence Searcy
Cisco Employee
Cisco Employee

Let separate what the Cisco back-end can process and what the end device can do.  What your document above indicates is,  "What call home messages can the Cisco backend evaluate, and what processed call  home messages will raise a TAC case automatically?" The Call Home process on the end device sends in Call Home messages to the Cisco backend (aka Smart Call Home) from many sources or triggers. When it says "Alarm type" in the document, it means the source or trigger for the Call Home message.

But the ASA supports adding syslog matching patterns to the alert group syslog. But it still triggers the same call home message containing "show log" and "show inventory". You can also rate limit the call home messages triggered via syslog with the rate-limit command.

subscribe-to-alert-group syslog [severity  {catastrophic | disaster | fatal | critical | major  | minor | warning | notification | normal |  debugging} [pattern string]]

Remember that a profile specifies the transport method and alert group selection. And that multiple profiles can be configured on the device at the same time.

When you want human readable call home messages, you use the long text message format in the profile. On the other hand, the Cisco backend requires Call Home messages in a certain format (XML), hence the  CiscoTAC-1 restrictive profile.Typically people will copy the CiscoTAC-1 profile into a new unrestrictive profile and then add an additional email address besides callhome@cisco.com so they, too, can see the "unprocessed" call home messages.

Of course, after the Cisco backend processes one of these Call Home messages, depending on the Call Home message, it sends a notification email to the admin for the device telling them it processed a message.