10-09-2012 03:31 AM
Hello,
I looked at the capabilities of SCH for ASA 5500 series and it states that syslog messages can be reported. When looking into the specifics in the '
Monitoring Details for Cisco SMARTnet Service with Smart Call Home" document (http://www.cisco.com/en/US/services/ps2827/ps2978/ps7334/SCH_Monitoring_Details.pdf) it mentions the following:
Syslogs ASA-5-711005: Traceback: This syslog message is logged on the device because of an internal software error.
I was wondering whether this is the only syslog reporting capability or whether all syslogs can be alerted on?
Regards,
Chris
10-09-2012 12:56 PM
Hello Chris,
When we say that a particular message is supported, we mean two things. First, Smart Call Home has a rule to evaluate the message and diagnostic information sent by Call Home. Second, Smart Call Home has analysis and recommendations to provide for that message.
Smart Call Home will store and report any message that you configure Call Home to send. If that message is not supported, it will lack analysis and will not generate a notification.
It is common for Diagnostic/Environmental messages and Syslog to overlap. When that is true, Smart Call Home rules tend to support the Diagnostic/Environmental message instead of Syslog. Diagnostic/Environmental messages tend to include more information which means more accurate rules, recommendations, and notifications.
Keep those questions coming.
Bryan
10-09-2012 01:37 PM
If you really want a notification for those unsupported syslogs, you can always create a second profile in Call Home to send text formatted messages directly to your email address. That way, the syslogs will be sent to the Smart Call Home portal for reporting and to your inbox at the same time. This will seriously increase the number of email notifications you receive but might help you catch an unknown condition.
You can find more information about custom profiles in this post and in the configuration guide for your Cisco product:
10-09-2012 01:08 PM
Let separate what the Cisco back-end can process and what the end device can do. What your document above indicates is, "What call home messages can the Cisco backend evaluate, and what processed call home messages will raise a TAC case automatically?" The Call Home process on the end device sends in Call Home messages to the Cisco backend (aka Smart Call Home) from many sources or triggers. When it says "Alarm type" in the document, it means the source or trigger for the Call Home message.
But the ASA supports adding syslog matching patterns to the alert group syslog. But it still triggers the same call home message containing "show log" and "show inventory". You can also rate limit the call home messages triggered via syslog with the rate-limit command.
subscribe-to-alert-group syslog [severity {catastrophic | disaster | fatal | critical | major | minor | warning | notification | normal | debugging} [pattern string]]
Remember that a profile specifies the transport method and alert group selection. And that multiple profiles can be configured on the device at the same time.
When you want human readable call home messages, you use the long text message format in the profile. On the other hand, the Cisco backend requires Call Home messages in a certain format (XML), hence the CiscoTAC-1 restrictive profile.Typically people will copy the CiscoTAC-1 profile into a new unrestrictive profile and then add an additional email address besides callhome@cisco.com so they, too, can see the "unprocessed" call home messages.
Of course, after the Cisco backend processes one of these Call Home messages, depending on the Call Home message, it sends a notification email to the admin for the device telling them it processed a message.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide