Syslog trap doesn't raise alarm on CiscoASA models

book

Article ID: 7673

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

I have configured my Firewall Cisco ASA (CiscoASA model type) device to send syslog trap to SpectroSERVER and confirmed that the traps arrived at SpectroSERVER machine, however Spectrum doesn't raise alarms. OneClick Console Events tab only shows event 0x210d40 with the following message momentarily.

An event occurred for models '<Cisco ASA model name>' of type 'CiscoASA' for which no event format file exists. 

Cause

This is Cisco ASA device certification issue. The 0x210d40 event was raised due to incoming Syslog trap from the devices. Syslog trap support for CiscoASA Model Type models is not implemented in Spectrum version before 10.2. Syslog trap support for CiscoASA Model Type models has been implemented from 10.2 onward.

Environment

Spectrum version before 10.2 on all OS platforms

Resolution

Upgrade to Spectrum 10.2 or later. The implementation of Syslog trap support for CiscoASA devices is recorded in Fixes to Certifications section in 10.2/10.2.1 online documentation. 

Symptom: Syslog Events for Cisco ASA devices not working.
Resolution: Added Syslog support for Cisco ASA devices.
(10.2.0, DE158440, 00356864)

You can do the following workaround if you don't want to upgrade, i.e. destroy the CiscoASA model type models and then rediscover the devices utilizing 'create by model type' method and set Rtr_Cisco model type during the remodeling. However this will remove subviews in the Information tab that specific to CiscoASA device.