cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Cisco ASA Firewall - anyone have real time change alerts working for NCM?

Jump to solution

I need help in defining syslog message alerts configuration and any additional configuration required to get this working. I have found one other post on here with some configurations that does not work

Please help...

Tags (2)
1 Solution
Level 12

I was able to get it working via Trap rules, instead of syslog. I can't remember if I attempted a syslog first, or if I went straight to the trap rule. 

For the trap rule, I left everything default except for the "trap Details" tab. It took a little testing, and watching the traps to see what info was sent when a config change was made. Here is the Trap Details Pattern that seems to work for me:

*end configuration*,*Begin configuration:*reading from http [POST]*      (Use Regular Expressions is Unchecked)

and of course I had to create an Alert action to trigger the download, just like you would with a syslog rule.

Hope that helps.

View solution in original post

5 Replies
Level 8

I have been trying to enable SNMP access on the ASA firewalls but can only get read access.  Is there a way make it read/write access, perhaps through ASDM?  Sorry for asking the question here but it is a predecessor to your question.

0 Kudos

Why would you want to allow SNMP management of an ASA?  

0 Kudos

For SolarWinds to use for polling and also download configs, but the only way I know of to do that is with SNMP R/W access.  Is there another way?

0 Kudos

Solarwinds logs in with SSH (also telnet but don't use telnet) to download configs.    You only need read only access for polling.   R/W access is ok for managing switches if you aren't a CLI person.   However, even for switches I would rather use https or ssh. 

SNMP is easy on ASA from the CLI.

snmp-server host inside <IP of NCM server> community <String other than public>

snmp-server host inside 10.15.61.244 version 3 npm.itc.local

snmp-server host inside 10.15.61.245 version 3 npm.itc.local

*** For Change detection

snmp-server enable traps syslog

snmp-server enable traps entity config-change

logging host inside <IP of NCM server>

Even if you send logs to another server, for change detection you are going to need to log to NCM.

This works beautifully for me.

0 Kudos
Level 12

I was able to get it working via Trap rules, instead of syslog. I can't remember if I attempted a syslog first, or if I went straight to the trap rule. 

For the trap rule, I left everything default except for the "trap Details" tab. It took a little testing, and watching the traps to see what info was sent when a config change was made. Here is the Trap Details Pattern that seems to work for me:

*end configuration*,*Begin configuration:*reading from http [POST]*      (Use Regular Expressions is Unchecked)

and of course I had to create an Alert action to trigger the download, just like you would with a syslog rule.

Hope that helps.

View solution in original post