Configuring Cisco IOS Devices for SNMP and Syslog

Download this manual as a PDF file

If you configure your Cisco IOS device to respond to SNMP requests from SL1, you can discover your Cisco IOS device as an SNMP device. When SL1 discovers a Cisco IOS device as an SNMP device, SL1 will automatically collect data supplied by the SNMP agent.

The following sections describe how to configure your Cisco IOS devices for SNMP and Syslog:

Configuring a Cisco IOS Router or Cisco IOS Switch to Use SNMPv1 and SNMPv2

To configure a Cisco Router or Cisco Switch to use SNMP, perform the following steps:

  1. Telnet to the device, enter "enable", and then enter the enable password to start configuration mode. From configuration mode, you can use the snmp-server commands. When you execute the first snmp-server command, that command enables the SNMP agent on the device.

  1. To set the SNMP server location, execute the following command:

snmp-server location ScienceLogic HQ Chantilly, VA

  1. To set the SNMP server contact, execute the following command:

snmp-server contact Rollins, Henry 571-555-6482

  1. To set the community string on your Cisco device, execute the following command:

    The community string is used in credentials for SNMPv1 and SNMPv2 to authenticate communication with the Cisco Router.

snmp-server community <community string> RO <access_list_number>

  1. To enable SNMP traps, execute the following commands:
  • If you are using an All-In-One Appliance, use the IP address of the All-In-One Appliance when executing these commands.
  • If you are using a Distributed System and the Collector Group that will monitor your Cisco router includes a Message Collector, use the IP address of the Message Collector when executing these commands.
  • If you are using a Distributed System and the Collector Group that will monitor your Cisco router includes a single Data Collector that performs the message collection function, use the IP address of the Data Collector when executing these commands.

snmp-server enable traps

 

snmp-server host <ip_address> <snmp_string>

Configuring a Cisco IOS Firewall to Use SNMPv1 and SNMPv2

To configure a Cisco Firewall to use SNMP, perform the following steps:

  • To set the SNMP server location, execute the following command:

Firewall(config)# snmp-server location ScienceLogic HQ Chantilly, VA

  • To set the SNMP server contact, execute the following command:

Firewall(config)# snmp-server contact Rollins, Henry 571-555-6482

  • To set the community string on your Cisco device, execute the following command:

The community string is used in credentials for SNMPv1 and SNMPv2 to authenticate communication with the Cisco Firewall.

Firewall(config)# snmp-server community <your community string>

  • To enable SNMP traps, execute the following commands:
  • If you are using an All-In-One Appliance, use the IP address of the All-In-One Appliance when executing these commands.
  • If you are using a Distributed System and the Collector Group that will monitor your Cisco router includes a Message Collector, use the IP address of the Message Collector when executing these commands.
  • If you are using a Distributed System and the Collector Group that will monitor your Cisco router includes a single Data Collector that performs the message collection function, use the IP address of the Data Collector when executing these commands.

Firewall(config)# snmp-server enable traps

 

Firewall(config)# snmp-server host <if_name> <EM7 appliance IP> poll

Configuring Cisco IOS Devices for Syslog

To configure a Cisco IOS Device to use syslog, perform the following steps:

  1. To make sure logging is enabled, use the logging on command.

router(config)# logging on

  1. To specify the IP address that is to receive the router syslog messages, use the logging ip_address command, where ip_address is the IP address of the SL1 appliance collecting the syslog messages. For example:
  • If you are using an All-In-One Appliance, use the IP address of the All-In-One Appliance when executing this command.
  • If you are using a Distributed System and the Collector Group that will monitor your Cisco router includes a Message Collector, use the IP address of the Message Collector when executing this command.
  • If you are using a Distributed System and the Collector Group that will monitor your Cisco router includes a single Data Collector that performs the message collection function, use the IP address of the Data Collector when executing this command.

router(config)# logging 172.16.23.140

  1. To limit the types of messages that can be logged to the SL1 appliance, set the appropriate logging trap level using the logging trap informational command, where informational signifies severity level 6. This means all messages from levels 0-5 (from emergencies to notifications) will be logged to the SL1 appliance. Best practices recommend setting the system to the error level so that only levels 0-4 are logged to the syslog server.

router(config)# logging trap informational error

  1. Valid logging facilities are local0 through local7. Valid levels can be:
  • emergency
  • alert
  • critical
  • error
  • warning
  • notification
  • informational
  • debug

  1. To check if the device is sending syslog messages, run the sh logging command.

  1. You should see the syslog messages being sent. If you are having problems seeing syslog messages, ensure that the following is configured:
  • logging on
  • logging console debug
  • logging monitor debug
  • logging trap debug

To see a device's syslog messages in SL1, perform the following steps:

  1. Go to the Device Manager page (Devices > Classic Devices, or Registry > Devices > Device Manager in the classic SL1 user interface).

  1. Find the device for which you want to see syslog messages. Select its wrench icon ().
  2. Click the Logs tab to see the device's log messages, which will include any syslog messages the device has sent.

In a distributed system, it can take up to five minutes to view syslog messages not associated with an event policy.

By default, SL1 includes multiple event policies based on syslog messages. ScienceLogic recommends that you review these policies to ensure that they suit your business needs. To view these policies, go to Registry > Events > Event Manager. Use the sort and filter tools to view all policies of type "syslog." From the same page, you can edit these event policies or create your own event policies based on syslog messages. For more information on event policies, see the section on Events.