Funny...no...scary.
Dont worry, I am sure it is clearly documented in the MIB...oh wait
Jason Allison
Principal Engineer
ARINC Incorporated
Office: (410) 266-2006
FAX: (410) 573-3026
-----Original Message-----
From: Barr, Scott [mailto:Scott_Barr@csgsystems.com]
Sent: Thursday, May 30, 2002 3:23 PM
To: nv-l@lists.tivoli.com
Subject: RE: [nv-l] Off Topic: Cisco and Tivoli Integration
Its even more scary than you think
Here is what those yokels at Cisco are doing now with firewalls and content
switches......
First of all, EVERY trap from the content switches and the firewalls are
syslog traps. Period.
Second of all, they don't even play by the same rules. Here are a couple of
examples:
Firewall failover trap:
1019591095 3 Tue Apr 23 14:44:55 2002 ###.###.###.### A
clogMessageGenerated trap received from enterprise cisco-syslog with 5
arguments: clogHistFacility=20; clogHistSeverity=2; clogHistMsgName=Syslog
Trap; clogHistMsgText=709003: (Primary) Beginning configuration replication:
Send to mate.; clogHistTimestamp=383794600
Notice there is a variable clogHistMsgName and from a firewall, this message
"name" is just "Syslog Trap" - the identifying characteristic is the 709003
in the closgHistMsgText. This number means that this syslog trap is for
configuration replication. Okay, now look at the trap from a content switch:
Router Trap:
1021970438 7 Tue May 21 03:40:38 2002 ########.csgsystems.com A
clogMessageGenerated trap received from enterprise cisco-syslog with 5
arguments: clogHistFacility=OSPF; clogHistSeverity=5;
clogHistMsgName=DUP_RTRID_AS; clogHistMsgText=Detected router with duplicate
router ID 10.255.255.4 in Type-4 LSA advertised by 10.255.255.3;
clogHistTimestamp=379244423
Notice the clogHistMsgName here is NOT "Syslog Trap" as in the first example
even though they both claim to be enterprise cisco-syslog traps. The
identifying characteristic in the trap is NOT the first part of the
clogHistMsgText as in the first example, but the clogHistMsgName. So if you
are processing traps based on the presence of "Syslog Trap" you won't find
in syslog traps under certain circumstances. Maybe the "missing" traps use
this exactly-the-same-but-different coding.
And while we are on the subject, don't try and use SNMP to get an interface
table out of a backup firewall unless you are on PIX v6.2. Good lord.
-----Original Message-----
From: Allison, Jason (JALLISON) [ mailto:JALLISON@arinc.com
<mailto:JALLISON@arinc.com> ]
Sent: Thursday, May 30, 2002 1:35 PM
To: 'nv-l'
Subject: RE: [nv-l] Off Topic: Cisco and Tivoli Integration
I would also be interested in hearing examples. It seems a bit scary that
Cisco would write events to syslog but not send traps.
Thanks,
Jason Allison
Principal Engineer
ARINC Incorporated
Office: (410) 266-2006
FAX: (410) 573-3026
-----Original Message-----
From: Barr, Scott [ mailto:Scott_Barr@csgsystems.com
<mailto:Scott_Barr@csgsystems.com> ]
Sent: Thursday, May 30, 2002 2:29 PM
To: nv-l@lists.tivoli.com
Subject: RE: [nv-l] Off Topic: Cisco and Tivoli Integration
My experience says that I have not seen a syslog message on a router that is
not sent as a trap. Do you have an example? Does the router in question
support logging of various severity levels? What version IOS too would be
helpful.
-----Original Message-----
From: Scott Bursik [ mailto:tivoliesm@hotmail.com
<mailto:tivoliesm@hotmail.com> ]
Sent: Thursday, May 30, 2002 11:20 AM
To: nv-l@lists.tivoli.com
Subject: [nv-l] Off Topic: Cisco and Tivoli Integration
Group,
I have a question that is sort of off topic, but I am sure that someone in
this forum has some experience.
We are looking for a way to monitor messages coming from Cisco devices. We
have a central sislog running on a AIX box that all of the Cisco devices in
our network write to. We also receive some traps from the devices, but there
are syslog messages that are not traps that we are interested in. We are
trying to impliment a TEC syslog adapter but the limitations of the adapter
don't allow for the granularity that we are looking for. I was just wonderg
how other companies have implimented a Tivoli/Cisco solution.
Any information anyone could provide would be greatly appreciated.
Thank You,
Scott Bursik
Pepsico Business Solutions Group
scott.bursik@pbsg.com
_____
Join the world's largest e-mail service with MSN Hotmail. Click
< http://g.msn.com/1HM305401/47 <http://g.msn.com/1HM305401/47> > Here
--------------------------------------------------------------------- To
unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com For additional
commands, e-mail: nv-l-help@lists.tivoli.com *NOTE* This is not an Offical
Tivoli Support forum. If you need immediate assistance from Tivoli please
call the IBM Tivoli Software Group help line at 1-800-TIVOLI8(848-6548)
---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com
*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)
|