Solved

How best to monitro Cisco's for bad ports/failover events etc...

Posted on 2011-03-21
2
803 Views
Last Modified: 2012-05-11
We are in the process of setting up monitoring on 2 Cisco ASA 5510 firewalls that are configured for HA and 2 Cisco 2960 Catalyst switches. We would like to be able to catch events such as when the HA failover occurs on the ASA 5510 or when a port on the switch is failing etc...

We have access to PRTG and Kaseya for SNMP monitoring but I am thinking it would be pretty difficult to get exactly what we need out of SNMP because of the complexity involved with the MIBs and traps etc...

Would using a SYSLOG server work better for us for these purposes, or should we power through the complexity and try to get SNMP working?

Does anyone have a tried and true method for monitoring Cisco equipment?
0
Comment
Question by:menreeq
2 Comments
 
LVL 7

Accepted Solution

by:
TheTull earned 250 total points
ID: 35182741
I have always used SYSLOG as my first measure of collecting at least the raw output of events that occur on my Cisco equipment.  It's pretty simple to setup to, cisco.com has many resources.  As for the log output, my preferred method has always been to just setup a Linux box with the syslog daemon and then let logrotate keep the log files rotated and zipped up.  This of course requires you to manually check the logs for certain events, which may defeat the purpose of what you're trying to do.

A more sophisticated log management tool is splunk (found at splunk.com), which can collect all of your syslog info and then do whatever you want with it, and I believe you can setup alerts with it do.  Splunk itself installs on whatever OS you want and is accessed via a web browser.
0
 
LVL 6

Assisted Solution

by:Lee_YCP
Lee_YCP earned 250 total points
ID: 35184352
SYSLOG Server hands down.

We currently have two ASA 5520s w/IPS and 2 5505s along with several other Cisco 3845s/1841s/3750s.  On these devices we have Solarwinds Orion(like Kaseya) monitoring a custom SNMP RO community, but they all still feed one SYSLOG server for reattime issue details.  We use a Windows 7(32-bit) Hyper-V machine with a dedicated 1GB NIC for the Kiwi Syslog Server itself.  The good thing is that this allows you to put all your logs in one place and like "TheTull" said you can set them up to rotate.  It can also email you with alarms that you set the threshold on.

It is pretty easy to install/setup a SYSLOG Server.  Make sure your ports are open.  Then configure your devices to point to that SYSLOG server. No where near as complex as the SNMP route.

You need to do a little bit of capacity planning to decide how detailed you want the logs coming from the ASAs to be and set that on the ASAs.  The SYSLOG server just recieves and stores the messages.   I recommend not sending "debug" level messages from the ASA, but you may have someone dictating to you what level of logs you will save.  I would just send 'warning' and higher from the ASAs to the SYSLOG Server.   If there is a bottleneck on the server due to resource contention you will lose messages, so that is where the capacity planning comes in.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Wireshark 7 54
Extending  a subnet 9 39
Difference between Cisco Multichassis Etherchannel and VSL 6 37
OSPF Cost 2 14
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now