Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How best to monitro Cisco's for bad ports/failover events etc...

Posted on 2011-03-21
2
Medium Priority
?
822 Views
Last Modified: 2012-05-11
We are in the process of setting up monitoring on 2 Cisco ASA 5510 firewalls that are configured for HA and 2 Cisco 2960 Catalyst switches. We would like to be able to catch events such as when the HA failover occurs on the ASA 5510 or when a port on the switch is failing etc...

We have access to PRTG and Kaseya for SNMP monitoring but I am thinking it would be pretty difficult to get exactly what we need out of SNMP because of the complexity involved with the MIBs and traps etc...

Would using a SYSLOG server work better for us for these purposes, or should we power through the complexity and try to get SNMP working?

Does anyone have a tried and true method for monitoring Cisco equipment?
0
Comment
Question by:menreeq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
TheTull earned 1000 total points
ID: 35182741
I have always used SYSLOG as my first measure of collecting at least the raw output of events that occur on my Cisco equipment.  It's pretty simple to setup to, cisco.com has many resources.  As for the log output, my preferred method has always been to just setup a Linux box with the syslog daemon and then let logrotate keep the log files rotated and zipped up.  This of course requires you to manually check the logs for certain events, which may defeat the purpose of what you're trying to do.

A more sophisticated log management tool is splunk (found at splunk.com), which can collect all of your syslog info and then do whatever you want with it, and I believe you can setup alerts with it do.  Splunk itself installs on whatever OS you want and is accessed via a web browser.
0
 
LVL 6

Assisted Solution

by:Lee_YCP
Lee_YCP earned 1000 total points
ID: 35184352
SYSLOG Server hands down.

We currently have two ASA 5520s w/IPS and 2 5505s along with several other Cisco 3845s/1841s/3750s.  On these devices we have Solarwinds Orion(like Kaseya) monitoring a custom SNMP RO community, but they all still feed one SYSLOG server for reattime issue details.  We use a Windows 7(32-bit) Hyper-V machine with a dedicated 1GB NIC for the Kiwi Syslog Server itself.  The good thing is that this allows you to put all your logs in one place and like "TheTull" said you can set them up to rotate.  It can also email you with alarms that you set the threshold on.

It is pretty easy to install/setup a SYSLOG Server.  Make sure your ports are open.  Then configure your devices to point to that SYSLOG server. No where near as complex as the SNMP route.

You need to do a little bit of capacity planning to decide how detailed you want the logs coming from the ASAs to be and set that on the ASAs.  The SYSLOG server just recieves and stores the messages.   I recommend not sending "debug" level messages from the ASA, but you may have someone dictating to you what level of logs you will save.  I would just send 'warning' and higher from the ASAs to the SYSLOG Server.   If there is a bottleneck on the server due to resource contention you will lose messages, so that is where the capacity planning comes in.
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question