This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Create Post
snipesnab
Level 7
‎04-24-2014 05:37 AM

Cisco ASA Firewall - anyone have real time change alerts working for NCM?

Jump to solution

I need help in defining syslog message alerts configuration and any additional configuration required to get this working. I have found one other post on here with some configurations that does not work

Please help...

Tags (2)
Reply
1 Solution
jcooler
Level 12
‎04-24-2014 07:22 AM

Jump to solution

I was able to get it working via Trap rules, instead of syslog. I can't remember if I attempted a syslog first, or if I went straight to the trap rule. 

For the trap rule, I left everything default except for the "trap Details" tab. It took a little testing, and watching the traps to see what info was sent when a config change was made. Here is the Trap Details Pattern that seems to work for me:

*end configuration*,*Begin configuration:*reading from http [POST]*      (Use Regular Expressions is Unchecked)

and of course I had to create an Alert action to trigger the download, just like you would with a syslog rule.

Hope that helps.

View solution in original post

Reply
5 Replies
1ashgarg
Level 8
‎04-28-2014 02:14 PM

Jump to solution

I have been trying to enable SNMP access on the ASA firewalls but can only get read access.  Is there a way make it read/write access, perhaps through ASDM?  Sorry for asking the question here but it is a predecessor to your question.

0 Kudos
Reply
William_Beattie
Level 9
In response to 1ashgarg
‎04-28-2014 03:47 PM

Jump to solution

Why would you want to allow SNMP management of an ASA?  

0 Kudos
Reply
1ashgarg
Level 8
In response to William_Beattie
‎04-28-2014 04:15 PM

Jump to solution

For SolarWinds to use for polling and also download configs, but the only way I know of to do that is with SNMP R/W access.  Is there another way?

0 Kudos
Reply
William_Beattie
Level 9
In response to 1ashgarg
‎04-28-2014 04:28 PM

Jump to solution

Solarwinds logs in with SSH (also telnet but don't use telnet) to download configs.    You only need read only access for polling.   R/W access is ok for managing switches if you aren't a CLI person.   However, even for switches I would rather use https or ssh. 

SNMP is easy on ASA from the CLI.

snmp-server host inside <IP of NCM server> community <String other than public>

snmp-server host inside 10.15.61.244 version 3 npm.itc.local

snmp-server host inside 10.15.61.245 version 3 npm.itc.local

*** For Change detection

snmp-server enable traps syslog

snmp-server enable traps entity config-change

logging host inside <IP of NCM server>

Even if you send logs to another server, for change detection you are going to need to log to NCM.

This works beautifully for me.

0 Kudos
Reply
jcooler
Level 12
‎04-24-2014 07:22 AM

Jump to solution

I was able to get it working via Trap rules, instead of syslog. I can't remember if I attempted a syslog first, or if I went straight to the trap rule. 

For the trap rule, I left everything default except for the "trap Details" tab. It took a little testing, and watching the traps to see what info was sent when a config change was made. Here is the Trap Details Pattern that seems to work for me:

*end configuration*,*Begin configuration:*reading from http [POST]*      (Use Regular Expressions is Unchecked)

and of course I had to create an Alert action to trigger the download, just like you would with a syslog rule.

Hope that helps.

View solution in original post

Reply

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
© 2021 SolarWinds Worldwide, LLC. All Rights Reserved.