Solved

How best to monitro Cisco's for bad ports/failover events etc...

Posted on 2011-03-21
2
816 Views
Last Modified: 2012-05-11
We are in the process of setting up monitoring on 2 Cisco ASA 5510 firewalls that are configured for HA and 2 Cisco 2960 Catalyst switches. We would like to be able to catch events such as when the HA failover occurs on the ASA 5510 or when a port on the switch is failing etc...

We have access to PRTG and Kaseya for SNMP monitoring but I am thinking it would be pretty difficult to get exactly what we need out of SNMP because of the complexity involved with the MIBs and traps etc...

Would using a SYSLOG server work better for us for these purposes, or should we power through the complexity and try to get SNMP working?

Does anyone have a tried and true method for monitoring Cisco equipment?
0
Comment
Question by:menreeq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
TheTull earned 250 total points
ID: 35182741
I have always used SYSLOG as my first measure of collecting at least the raw output of events that occur on my Cisco equipment.  It's pretty simple to setup to, cisco.com has many resources.  As for the log output, my preferred method has always been to just setup a Linux box with the syslog daemon and then let logrotate keep the log files rotated and zipped up.  This of course requires you to manually check the logs for certain events, which may defeat the purpose of what you're trying to do.

A more sophisticated log management tool is splunk (found at splunk.com), which can collect all of your syslog info and then do whatever you want with it, and I believe you can setup alerts with it do.  Splunk itself installs on whatever OS you want and is accessed via a web browser.
0
 
LVL 6

Assisted Solution

by:Lee_YCP
Lee_YCP earned 250 total points
ID: 35184352
SYSLOG Server hands down.

We currently have two ASA 5520s w/IPS and 2 5505s along with several other Cisco 3845s/1841s/3750s.  On these devices we have Solarwinds Orion(like Kaseya) monitoring a custom SNMP RO community, but they all still feed one SYSLOG server for reattime issue details.  We use a Windows 7(32-bit) Hyper-V machine with a dedicated 1GB NIC for the Kiwi Syslog Server itself.  The good thing is that this allows you to put all your logs in one place and like "TheTull" said you can set them up to rotate.  It can also email you with alarms that you set the threshold on.

It is pretty easy to install/setup a SYSLOG Server.  Make sure your ports are open.  Then configure your devices to point to that SYSLOG server. No where near as complex as the SNMP route.

You need to do a little bit of capacity planning to decide how detailed you want the logs coming from the ASAs to be and set that on the ASAs.  The SYSLOG server just recieves and stores the messages.   I recommend not sending "debug" level messages from the ASA, but you may have someone dictating to you what level of logs you will save.  I would just send 'warning' and higher from the ASAs to the SYSLOG Server.   If there is a bottleneck on the server due to resource contention you will lose messages, so that is where the capacity planning comes in.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question