How can we disable all Spectrum Cisco Syslog traps that are being sent to Spectrum?
search cancel

How can we disable all Spectrum Cisco Syslog traps that are being sent to Spectrum?

book

Article ID: 428222

calendar_today

Updated On:

Products

Network Observability

Issue/Introduction

Spectrum will natively accept Cisco Syslog traps and process them without the need of a Syslog server.

However we are not interested in these Cisco Syslog Traps, how can we disable them globally in Spectrum.

KB Article How to filter out unwanted Cisco Syslog events and alarms in Spectrum

Allows this on a device by device basis, but we want to disable this on all Cisco devices.

 

Environment

Spectrum : ANY

Cause

Not interested in receiving any Cisco Syslog Traps in Spectrum

Resolution

There are 3 different ways that this can be accomplished from the most optimal to least optimal choices.

 

1. Disabling from the Cisco devices themselves the ability to send Syslog traps.  This can be done from a policy using NCM in Spectrum.

 

2. Disable Cisco Syslog Traps from reaching Spectrum through TrapXploder config.

 

 sample TrapX Config for this

 

# drop more unnecessary traps, after logging
# Cisco Syslog Traps
filter * * * * * 1.3.6.1.4.1.9.9.41.2 break

 

 

3.  Change the Cisco Syslog Events not to create alarms based on these event codes and OIDs. (Least Optimal as the traps are still sent and processed by Spectrum).

 

 

# ciscoSyslogMIBNotification
1.3.6.1.4.1.9.9.41.2.6.1     0x00210d40 1.3.6.1.4.1.9.9.41.1.2.3.1.2(1,0)\
                                        1.3.6.1.4.1.9.9.41.1.2.3.1.3(2,0)\
                                        1.3.6.1.4.1.9.9.41.1.2.3.1.4(3,0)\
                                        1.3.6.1.4.1.9.9.41.1.2.3.1.5(4,0)\
                                        1.3.6.1.4.1.9.9.41.1.2.3.1.6(5,0)
 

CISCO-SYSLOG-MIB

clogMessageGenerated NOTIFICATION-TYPE
    VARIABLES {
       clogHistFacility               1.3.6.1.4.1.9.9.41.1.2.3.1.2   DisplayString  
            clogHistSeverity               1.3.6.1.4.1.9.9.41.1.2.3.1.3   SyslogSeverity    
        {
           emergency(1)
           alert(2)
           critical(3)
           error(4)
           warning(5)
           notice(6)
           info(7)
           debug(8)
        }
       clogHistMsgName                1.3.6.1.4.1.9.9.41.1.2.3.1.4   DisplayString  
       clogHistMsgText                1.3.6.1.4.1.9.9.41.1.2.3.1.5   DisplayString                  
       clogHistTimestamp              1.3.6.1.4.1.9.9.41.1.2.3.1.6   TimeStamp                      
    }
    DESCRIPTION
    "When a syslog message is generated by the device a
                 clogMessageGenerated notification is sent.  The
                 sending of these notifications can be enabled/disabled
                 via the clogNotificationsEnabled object."
-- 1.3.6.1.4.1.9.9.41.2.0.1

 

Powered by Wolken Software