Solved

How best to monitro Cisco's for bad ports/failover events etc...

Posted on 2011-03-21
2
815 Views
Last Modified: 2012-05-11
We are in the process of setting up monitoring on 2 Cisco ASA 5510 firewalls that are configured for HA and 2 Cisco 2960 Catalyst switches. We would like to be able to catch events such as when the HA failover occurs on the ASA 5510 or when a port on the switch is failing etc...

We have access to PRTG and Kaseya for SNMP monitoring but I am thinking it would be pretty difficult to get exactly what we need out of SNMP because of the complexity involved with the MIBs and traps etc...

Would using a SYSLOG server work better for us for these purposes, or should we power through the complexity and try to get SNMP working?

Does anyone have a tried and true method for monitoring Cisco equipment?
0
Comment
Question by:menreeq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
TheTull earned 250 total points
ID: 35182741
I have always used SYSLOG as my first measure of collecting at least the raw output of events that occur on my Cisco equipment.  It's pretty simple to setup to, cisco.com has many resources.  As for the log output, my preferred method has always been to just setup a Linux box with the syslog daemon and then let logrotate keep the log files rotated and zipped up.  This of course requires you to manually check the logs for certain events, which may defeat the purpose of what you're trying to do.

A more sophisticated log management tool is splunk (found at splunk.com), which can collect all of your syslog info and then do whatever you want with it, and I believe you can setup alerts with it do.  Splunk itself installs on whatever OS you want and is accessed via a web browser.
0
 
LVL 6

Assisted Solution

by:Lee_YCP
Lee_YCP earned 250 total points
ID: 35184352
SYSLOG Server hands down.

We currently have two ASA 5520s w/IPS and 2 5505s along with several other Cisco 3845s/1841s/3750s.  On these devices we have Solarwinds Orion(like Kaseya) monitoring a custom SNMP RO community, but they all still feed one SYSLOG server for reattime issue details.  We use a Windows 7(32-bit) Hyper-V machine with a dedicated 1GB NIC for the Kiwi Syslog Server itself.  The good thing is that this allows you to put all your logs in one place and like "TheTull" said you can set them up to rotate.  It can also email you with alarms that you set the threshold on.

It is pretty easy to install/setup a SYSLOG Server.  Make sure your ports are open.  Then configure your devices to point to that SYSLOG server. No where near as complex as the SNMP route.

You need to do a little bit of capacity planning to decide how detailed you want the logs coming from the ASAs to be and set that on the ASAs.  The SYSLOG server just recieves and stores the messages.   I recommend not sending "debug" level messages from the ASA, but you may have someone dictating to you what level of logs you will save.  I would just send 'warning' and higher from the ASAs to the SYSLOG Server.   If there is a bottleneck on the server due to resource contention you will lose messages, so that is where the capacity planning comes in.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dell PowerConnect 2824 w/ two DHCP 6 64
Cisco router 4400 and switch connection. 27 77
Switch port problems 15 53
Cisco AnyConnect VPN 4 36
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question