Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 824
  • Last Modified:

How best to monitro Cisco's for bad ports/failover events etc...

We are in the process of setting up monitoring on 2 Cisco ASA 5510 firewalls that are configured for HA and 2 Cisco 2960 Catalyst switches. We would like to be able to catch events such as when the HA failover occurs on the ASA 5510 or when a port on the switch is failing etc...

We have access to PRTG and Kaseya for SNMP monitoring but I am thinking it would be pretty difficult to get exactly what we need out of SNMP because of the complexity involved with the MIBs and traps etc...

Would using a SYSLOG server work better for us for these purposes, or should we power through the complexity and try to get SNMP working?

Does anyone have a tried and true method for monitoring Cisco equipment?
0
menreeq
Asked:
menreeq
2 Solutions
 
TheTullCommented:
I have always used SYSLOG as my first measure of collecting at least the raw output of events that occur on my Cisco equipment.  It's pretty simple to setup to, cisco.com has many resources.  As for the log output, my preferred method has always been to just setup a Linux box with the syslog daemon and then let logrotate keep the log files rotated and zipped up.  This of course requires you to manually check the logs for certain events, which may defeat the purpose of what you're trying to do.

A more sophisticated log management tool is splunk (found at splunk.com), which can collect all of your syslog info and then do whatever you want with it, and I believe you can setup alerts with it do.  Splunk itself installs on whatever OS you want and is accessed via a web browser.
0
 
Lee_YCPCommented:
SYSLOG Server hands down.

We currently have two ASA 5520s w/IPS and 2 5505s along with several other Cisco 3845s/1841s/3750s.  On these devices we have Solarwinds Orion(like Kaseya) monitoring a custom SNMP RO community, but they all still feed one SYSLOG server for reattime issue details.  We use a Windows 7(32-bit) Hyper-V machine with a dedicated 1GB NIC for the Kiwi Syslog Server itself.  The good thing is that this allows you to put all your logs in one place and like "TheTull" said you can set them up to rotate.  It can also email you with alarms that you set the threshold on.

It is pretty easy to install/setup a SYSLOG Server.  Make sure your ports are open.  Then configure your devices to point to that SYSLOG server. No where near as complex as the SNMP route.

You need to do a little bit of capacity planning to decide how detailed you want the logs coming from the ASAs to be and set that on the ASAs.  The SYSLOG server just recieves and stores the messages.   I recommend not sending "debug" level messages from the ASA, but you may have someone dictating to you what level of logs you will save.  I would just send 'warning' and higher from the ASAs to the SYSLOG Server.   If there is a bottleneck on the server due to resource contention you will lose messages, so that is where the capacity planning comes in.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now