Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SNMP / syslog incongruities 2

Status
Not open for further replies.
rpast

rpast

MIS
Sep 3, 2002
87
0
0
US
Perplexed by something . I’m trying to clean up some 2950 L2 switch configs. On all switches, a predecessor configured snmp and syslog logging, but the configs reference a non-existent server IP address. That’s fine – I can just change the address to the correct netmon server. But what is baffling me is that syslog and SNMP are already both receiving information from the switches (confirmed with Wireshark). In other words, before changing anything in the configs, I wanted to confirm the problem and looked at data on the installed Cisco Network Assistant on the correct server. But what I see is that syslog and snmp are both receiving info from the switches. And the logged entries are current.

My question is ‘How can this be?’. How can an snmp or syslog server get information from an agent device that is incorrectly configured with the wrong server address?

Could it be that an SNMP community is all that is needed on an agent (and not snmp-server host)? (still wouldn't explain the syslog).

Thank you for any help you can provide.
 
Sort by date Sort by votes
Try and log into the switch and then log back out---does the syslog daemon on the server reflect this? Post a sh run and the IP address of the server...

Burt
 
Upvote 0 Downvote
To collect snmp info all you need is the correct string if you have a device that is collecting snmp info , as far as a switch actually sending a snmp trap or something like that it would have to have the correct snmp server host address. Are you sure the server is not going out and collecting this information as opposed to the cisco device sending the information ? As far as snmp goes you could do a debug on snmp packets and see if the switch is actually sending anything out and to what address. Not sure if there is a debug for syslog or not.
 
Upvote 0 Downvote
Thanks, guys. Burtsbees, an Informational syslog message appeared when I made an incidental config change on the agent switch. I have to say, syslog is the more baffling of the problems. I had to put this aside today, but will forward the config tomorrow. I believe it is just a 'logging n.n.n.n' (with wrong ip).

As for snmp, I neglected to mention that the 'info' being received by the server is only GET responses. As you say, vipergg, the server may be just sending GETs to the community, with community agents responding to the GETs, but these packets are unicast, aren't they? Can a server collect info from any unwitting agent that happens to have 'community public' configured? I was thinking the same thing, and had looked into the SmartPort technology (Cisco Network Assistant) with that in mind (apparently Smartport is something else).

Anyway, when did enter the correct server on one of the switches, there was no difference as far as traps being sent, leading me to believe that a restart of the SNMP service on the NMS might be needed.

I'll send out more tomorrow, and welcome your comments in the meantime. Thanks for your replies.
 
Upvote 0 Downvote
I might have to set something like this in a lab, and let my syslog server/snmp server try and collect snmp messages from the same public community strings. If this is true, that is surely a security risk, even inside the LAN...

Burt
 
Upvote 0 Downvote
Thank you. If you can load Cisco Network Assistant, this is what I'm using. It's grabbing everything on the remote devices.

Just looking at SYSLOG on several switches, all logging is disabled except buffer:

no logging exception
no logging console
no logging monitor
no logging trap
logging 10.128.0.253

And yet the Cisco Network Assistant (at different IP address) is consistently recording Notifications Errors, and Warnings. I’ve looked at the logging buffer to confirm that the data is accurate.

Thanks again.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dogg1
  • Locked
  • Question
CUCM SNMP Set Command
Replies
1
Views
96
whykap
whykap
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
38
acabezas2014
acabezas2014
disturbedone
  • Locked
  • Question
Not sending to Syslog server
Replies
3
Views
64
disturbedone
disturbedone
ThatGuyOnTheLeft
  • Locked
  • Question
Problem verifying IOS image via SNMP
Replies
0
Views
29
ThatGuyOnTheLeft
ThatGuyOnTheLeft
aravind0212
  • Locked
  • Question
Can we have a unimplemented SNMP OID in a table
Replies
0
Views
26
aravind0212
aravind0212

Part and Inventory Search

Sponsor

Back
Top