I have configured snmp trap for cisco asa and riverbed steelconnect. but the logs in nagios seem hard to understand.
i would like to configure more straight forward log rather thn complicating to understand. pls assist.
log from steelconnect :
0d\u0002\u0001\u0001\u0004\nnagiossnmp\xA7S\u0002\u0004\u0002aV\x8C\u0002\u0001\u0000\u0002\u0001\u00000E0\u0010\u0006\b+\u0006\u0001\u0002\u0001\u0001\u0003\u0000C\u0004\u0003\xF3\v\xA40\u0017\u0006\n+\u0006\u0001\u0006\u0003\u0001\u0001\u0004\u0001\u0000\u0006\t+\u0006\u0001\u0006\u0003\u0001\u0001\u0005\u00050\u0018\u0006\n+\u0006\u0001\u0006\u0003\u0001\u0001\u0004\u0003\u0000\u0006\n+\u0006\u0001\u0004\u0001\xBF\b\u0003\u0002\n
log from asa :
0\x82\u0001\xC5\u0002\u0001\u0001\u0004\nnagiossnmp\xA7\x82\u0001\xB2\u0002\u0001\u0002\u0002\u0001\u0000\u0002\u0001\u00000\x82\u0001\xA50\u0010\u0006\b+\u0006\u0001\u0002\u0001\u0001\u0003\u0000C\u0004J6\xCD\xC00\u0019\u0006\n+\u0006\u0001\u0006\u0003\u0001\u0001\u0004\u0001\u0000\u0006\v+\u0006\u0001\u0004\u0001\t\t)\u0002\u0000\u00010\u0014\u0006\u000E+\u0006\u0001\u0004\u0001\t\t)\u0001\u0002\u0003\u0001\u0002\u0000\u0004\u0002200\u0013\u0006\u000E+\u0006\u0001\u0004\u0001\t\t)\u0001\u0002\u0003\u0001\u0003\u0000\u0002\u0001\u00050\u001D\u0006\u000E+\u0006\u0001\u0004\u0001\t\t)\u0001\u0002\u0003\u0001\u0004\u0000\u0004\vSyslog_Trap0\x82\u0001\u0012\u0006\u000E+\u0006\u0001\u0004\u0001\t\t)\u0001\u0002\u0003\u0001\u0005\u0000\u0004\x81\xFF<164>Sep 09 2020 12:03:56 192.168.100.1 : %ASA-4-313005: No matching connection for ICMP error message: icmp src inside:192.168.100.51 dst outside:8.8.8.8 (type 3, code 3) on inside interface. Original IP payload: udp src 8.8.8.8/53 dst 192.168.100.51/490\u0016\u0006\u000E+\u0006\u0001\u0004\u0001\t\t)\u0001\u0002\u0003\u0001\u0006\u0000C\u0004J6\xCD\xC0
snmp trap / syslog unable to understand
snmp trap / syslog unable to understand
You do not have the required permissions to view the files attached to this post.
Re: snmp trap / syslog unable to understand
If the devices are sending snmp traps to the NLS machine then they are sending to the wrong input. Instead of sending snmp traps to the NLS syslog input, you should create a new input for snmp traps. Per https://www.elastic.co/guide/en/logstas ... ptrap.html, an input could look like:
The devices would then need to be configured send their traps to the 1062 port and use the public community.
https://assets.nagios.com/downloads/nag ... Inputs.pdf covers adding inputs to NLS.
Note that adding an input usually requires opening the port on the NLS machine's local firewall. See the above document for the commands as they depend on your OS. You may also need to allow the port through other firewalls in your environment.
Code: Select all
snmptrap{
community => "public"
port => "1062"
}https://assets.nagios.com/downloads/nag ... Inputs.pdf covers adding inputs to NLS.
Note that adding an input usually requires opening the port on the NLS machine's local firewall. See the above document for the commands as they depend on your OS. You may also need to allow the port through other firewalls in your environment.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.