Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
0
Helpful
2
Replies

Cisco SG log not capturing source IP of device that fails SNMP Auth

Moxnoc
Level 1
Level 1

‎06-15-2022 12:42 PM

We have several Cisco SG series switches and I was wondering if there is any way to capture the source IP of a device that fails SNMP authentication? I see log messages like what I have pasted below. I have the Originator Identifier set to IPv4 Address which I thought would probably capture the source IP for these logs, but it has not. Is there something I am missing or are the logs not capable of capturing the source IP on SNMPAUTHFAIL?

 

Warning %SNMP-W-SNMPAUTHFAIL: Access attempted by unauthorized NMS

Labels:
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎06-15-2022 01:15 PM

Hi

  If you failed to see on switch, another option I can see is send switch logs to a syslog server.  The problem is that you need a syslog server to see this log.

 

all-log.JPG

 

syslog-server.JPG

0 Helpful

Moxnoc
Level 1
Level 1
In response to Flavio Miranda

‎06-16-2022 07:47 AM

I failed to mention that I do have the remote log server setup and the logs I receive on the remote syslog server are exactly the same as what I see on the device itself. I am getting SNMPAUTHFAIL messages but no source IP address for the device that is causing these.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card