From: Pavel Bykov (slidersv@gmail.com)
Date: Mon Feb 16 2009 - 14:38:03 ARST
No, I was wrong. Hobbs, Net and Ivan have already corrected me :)
On Mon, Feb 16, 2009 at 8:43 AM, Ovidiu Neghina <o.neghina@gmail.com> wrote:
> Thank you Pavel for that.
> Are you sure about your statement?
> I have read again the usage guidelines for logging trap:
>
> http://www.cisco.com/en/US/docs/ios/12_3/configfun/command/reference/cfr_1g04.html#wp1033213
> Usage Guidelines
> A trap is an unsolicited message sent to a remote network management
> host. Logging traps should not be confused with SNMP traps (SNMP
> logging traps require the use of the CISCO -SYSLOG-MIB, are enabled
> using the snmp-server enable traps syslog command, and are sent using
> the Simple Network Management Protocol.)
> and the example shows that the logging host and logging trap are used
> togeter - nothing about SNMP:
> Examples
> In the following example, system messages of levels 0 (emergencies)
> through 5 (notifications) are sent to the host at 209.165.200.225:
> Router(config)# logging host 209.165.200.225
> Router(config)# logging trap notifications
>
>
> I did some configuration and capturing of packets using dynamips and
> capture feature on R4 for the following setup
> Rack1R4#sh run | i snmp|logg
> logging buffered 6400 debugging
> logging trap debugging
> snmp-server community CISCO RO
> snmp-server enable traps syslog
> snmp-server host 155.1.146.1 version 2c CISCORO
> logging synchronous
> Rack1R4#
> On the wireshark capture I see no snmp traps going through the interface .
>
> Then I played only with logging commands :
> Option 1:
> logging 155.1.146.1
> logging traps informational - so no debugs logs are sent to the station.
>
> In the packet capture I saw the syslog informational packets . I did a
> debug on the router and the debugs logs were NOT sent to 155.1.146.1.
>
> However , if I enabled
> < logging traps debugging >
> and then when I did a <debug ip packet>, on the capture i saw all the
> logs sent through syslog (udp 514).
>
> So conclusion for me is that <logging trap> has nothing to do with
> SNMP but syslog only.
>
> Br,
> Ovidiu
> On Sun, Feb 15, 2009 at 11:28 PM, Pavel Bykov <slidersv@gmail.com> wrote:
> > Ovidiu,
> > These are separate things.
> > 1. logging x.x.x.x command sends SYSLOG messages using UDP/514
> > 2. logging trap command is an auxiliary SNMP command (has to be used in
> > conjuction with other SNMP commands) that sends local SYSLOG messages
> into
> > SNMP traps and sends them using UDP/162
> >
> > On Sun, Feb 15, 2009 at 12:49 PM, Ovidiu Neghina <o.neghina@gmail.com>
> > wrote:
> >>
> >> Hi
> >> I have read the command reference for logging trap and I need your
> >> opinion.
> >> If we type < logging 223.1.9.100 > then the router will send by
> >> default logs up to and including informational level.
> >> I have a lab that asks for all log messages to be sent to server
> >> 223.1.9.100. My understanding is that we should type:
> >> < logging 223.1.9.100 >
> >> and
> >> <logging trap debugging >
> >> to have all logs messages sent to the server.
> >>
> >> The solution however shows only logging 223.1.9.100 which I believe
> >> it is incomplete.
> >>
> >> What do you think ?
> >>
> >> Br,
> >> Ovidiu
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
> > --
> > Pavel Bykov
> > ----------------
> > Don't forget to help stopping the braindumps, use of which reduces value
> of
> > your certifications. Sign the petition at http://www.stopbraindumps.com/
> >
>
-- Pavel Bykov ---------------- Don't forget to help stopping the braindumps, use of which reduces value of your certifications. Sign the petition at http://www.stopbraindumps.com/Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST