nv-l
[Top] [All Lists]

RE: [nv-l] Off Topic: Cisco and Tivoli Integration

To: "'nv-l'" <nv-l@lists.tivoli.com>
Subject: RE: [nv-l] Off Topic: Cisco and Tivoli Integration
From: "Allison, Jason (JALLISON)" <JALLISON@arinc.com>
Date: Thu, 30 May 2002 15:38:03 -0400
Funny...no...scary.
 
Dont worry, I am sure it is clearly documented in the MIB...oh wait
 

Jason Allison 
Principal Engineer 
ARINC Incorporated 
Office:  (410) 266-2006 
FAX:  (410) 573-3026 

 

-----Original Message-----
From: Barr, Scott [mailto:Scott_Barr@csgsystems.com]
Sent: Thursday, May 30, 2002 3:23 PM
To: nv-l@lists.tivoli.com
Subject: RE: [nv-l] Off Topic: Cisco and Tivoli Integration


Its even more scary than you think

Here is what those yokels at Cisco are doing now with firewalls and content
switches......

First of all, EVERY trap from the content switches and the firewalls are
syslog traps. Period.

Second of all, they don't even play by the same rules. Here are a couple of
examples:

Firewall failover trap:

1019591095 3  Tue Apr 23 14:44:55 2002 ###.###.###.###              A
clogMessageGenerated trap received from enterprise cisco-syslog with 5
arguments: clogHistFacility=20; clogHistSeverity=2; clogHistMsgName=Syslog
Trap; clogHistMsgText=709003: (Primary) Beginning configuration replication:
Send to mate.; clogHistTimestamp=383794600

Notice there is a variable clogHistMsgName and from a firewall, this message
"name" is just "Syslog Trap" - the identifying characteristic is the 709003
in the closgHistMsgText. This number means that this syslog trap is for
configuration replication. Okay, now look at the trap from a content switch:
 
Router Trap:
 

1021970438 7 Tue May 21 03:40:38 2002 ########.csgsystems.com A
clogMessageGenerated trap received from enterprise cisco-syslog with 5
arguments: clogHistFacility=OSPF; clogHistSeverity=5;
clogHistMsgName=DUP_RTRID_AS; clogHistMsgText=Detected router with duplicate
router ID 10.255.255.4 in Type-4 LSA advertised by 10.255.255.3;
clogHistTimestamp=379244423
 
Notice the clogHistMsgName here is NOT "Syslog Trap" as in the first example
even though they both claim to be enterprise cisco-syslog traps. The
identifying characteristic in the trap is NOT the first part of the
clogHistMsgText as in the first example, but the clogHistMsgName. So if you
are processing traps based on the presence of "Syslog Trap" you won't find
in syslog traps under certain circumstances. Maybe the  "missing" traps use
this exactly-the-same-but-different coding.
 
And while we are on the subject, don't try and use SNMP to get an interface
table out of a backup firewall unless you are on PIX v6.2. Good lord.


-----Original Message-----
From: Allison, Jason (JALLISON) [ mailto:JALLISON@arinc.com
<mailto:JALLISON@arinc.com> ]
Sent: Thursday, May 30, 2002 1:35 PM
To: 'nv-l'
Subject: RE: [nv-l] Off Topic: Cisco and Tivoli Integration


I would also be interested in hearing examples.  It seems a bit scary that
Cisco would write events to syslog but not send traps.

Thanks,


Jason Allison
Principal Engineer
ARINC Incorporated
Office:  (410) 266-2006
FAX:  (410) 573-3026



-----Original Message-----
From: Barr, Scott [ mailto:Scott_Barr@csgsystems.com
<mailto:Scott_Barr@csgsystems.com> ]
Sent: Thursday, May 30, 2002 2:29 PM
To: nv-l@lists.tivoli.com
Subject: RE: [nv-l] Off Topic: Cisco and Tivoli Integration


My experience says that I have not seen a syslog message on a router that is
not sent as a trap. Do you have an example? Does the router in question
support logging of various severity levels? What version IOS too would be
helpful.

-----Original Message-----
From: Scott Bursik [ mailto:tivoliesm@hotmail.com
<mailto:tivoliesm@hotmail.com> ]
Sent: Thursday, May 30, 2002 11:20 AM
To: nv-l@lists.tivoli.com
Subject: [nv-l] Off Topic: Cisco and Tivoli Integration



Group,


I have a question that is sort of off topic, but I am sure that someone in
this forum has some experience.

We are looking for a way to monitor messages coming from Cisco devices. We
have a central sislog running on a AIX box that all of the Cisco devices in
our network write to. We also receive some traps from the devices, but there
are syslog messages that are not traps that we are interested in. We are
trying to impliment a TEC syslog adapter but the limitations of the adapter
don't allow for the granularity that we are looking for. I was just wonderg
how other companies have implimented a Tivoli/Cisco solution.

Any information anyone could provide would be greatly appreciated.

Thank You,

Scott Bursik
Pepsico Business Solutions Group
scott.bursik@pbsg.com

  _____ 

Join the world's largest e-mail service with MSN Hotmail. Click
< http://g.msn.com/1HM305401/47 <http://g.msn.com/1HM305401/47> > Here
--------------------------------------------------------------------- To
unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com For additional
commands, e-mail: nv-l-help@lists.tivoli.com *NOTE* This is not an Offical
Tivoli Support forum. If you need immediate assistance from Tivoli please
call the IBM Tivoli Software Group help line at 1-800-TIVOLI8(848-6548)


---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)




<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web