Problem
You want to send syslog messages as SNMP traps or informs.
Solution
You can configure the router to forward syslog messages to your network management server as SNMP traps instead of syslog packets with the following configuration commands:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#logging history informational Router(config)#snmp-server enable traps syslog Router(config)#snmp-server host 172.25.1.1 ORATRAP syslog Router(config)#end Router#
To forward syslog messages as SNMP informs, use the following configuration commands:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#logging history informational Router(config)#snmp-server enable informs Router(config)#snmp-server host 172.25.1.1 informs version 2c ORATRAP syslog Router(config)#end Router#
Discussion
Cisco routers normally forward syslog messages via the syslog facility by using UDP port 514. However, in networks that support SNMP traffic only, Cisco routers can encapsulate their syslog messages into SNMP traps before sending them.
This feature is most useful if your network management software doesn't support the syslog protocol. However, since routers can produce many more syslog messages than SNMP traps, we recommend using syslog when possible. Further, the fact that all of the syslog messages sent as SNMP traps use the same OID number can make parsing for particular log messages quite difficult.
Here is an example log message as it appears in the router's log:
Router#clear counters Clear "show interface" counters on all interfaces [confirm] Router# May 28 10:07:04: %CLEAR-5-COUNTERS: Clear counter on all interfaces by ijbrown on vty0 (172.25.1.1)
The router sends this message as a trap to the network management server, which records it in its trap log:
Freebsd% tail snmptrapd.log May 28 10:07:04 freebsd snmptrapd[77759]: 172.25.25.1: Enterprise Specific Trap (1) Uptime: 18 days, 22:35:26.99, enterprises.9.9.41.1.2.3.1.2.118 = "CLEAR", enterprises.9.9.41.1.2.3.1.3.118 = 6, enterprises.9.9.41.1.2.3.1.4.118 = "COUNTERS", enterprises.9.9.41.1.2.3.1.5.118 = "Clear counter on all interfaces by ijbrown on vty0 (172.25.1.1)", enterprises.9.9.41.1.2.3.1.6.118 = Timeticks: (163652698) 18 days, 22:35:26.98 Freebsd%
In this example, we forced the router to create a log message by clearing the interface counters. The router displayed the raw syslog message to the vty session. The same information appears in the server's snmptrapd.log file. This is a flat file that contains all SNMP traps forwarded to the server. This assumes that the network management system uses the NET-SNMP package. Other network management systems store trap information in different formats and different filenames.
You can also configure the router to forward syslog messages as SNMP informs. The result is the same as for traps. For more information on syslog and logging in general, please refer to Chapter 18.
See Also
Recipe 17.14; Chapter 18
Router Configuration and File Management
Router Management
User Access and Privilege Levels
TACACS+
IP Routing
RIP
EIGRP
OSPF
BGP
Frame Relay
Handling Queuing and Congestion
Tunnels and VPNs
Dial Backup
NTP and Time
DLSw
Router Interfaces and Media
Simple Network Management Protocol
Logging
Access-Lists
DHCP
NAT
First Hop Redundancy Protocols
IP Multicast
IP Mobility
IPv6
MPLS
Security
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications
Index