• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 279 subscribers
  • Views 242 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Switch Errors without monitoring Interfaces

dalton948

Hello fellow SolarWinds aficionados,

I am in the process of implementing Switches into our monitoring and was wondering if it would be possible to pull switch errors without actually having to monitor each interface as we do not have the capacity for such a thing. Currently i have the switch as a node and the uplink port as an interface but with this information i can only alert on if the device is up or down\uplink is disconnected. What i would really like to see is data for errors on the switch. I am messing around with a custom poller but when i look at the way it polls onto a node it only shows the data for my 1 interface. Any suggestions?

  • 0

    Can you configure the switch to send syslog and trap data to your SIEM?  You'll be able to see information about switch errors without having to monitor all interfaces.

    It can be as simple (on a Cisco switch) as saying:

    config t

    snmp-server enable traps

    logging host x.x.x.x (insert the IP address of your syslog server here)

    end

    write memory

    Of course you'll have to have a syslog server and/or a trap receiving system in place.  NPM can do some of that for you if your environment isn't too large, and if you're not sending it debug information.

    Solarwinds Log Analyzer or Security Event Manager might be the tools for you if your environment isn't too big.  Splunk or its competitors might be your best solution if your environment sends more traffic than Solarwinds' products can efficiently manage (as is the case in my environment).

    I'm in a good spot where I CAN monitor all physical and virtual interfaces using NPM, but I also let the switches and routers send all traps and syslog data.  It makes it easy to display issues automatically, and I search the syslog or SIEM servers for specific data.  A good SIEM or properly managed syslog server will also be able to send you alerts and make recommendations about data its received.  A proper SIEM will also recognize suspicious patterns and make recommendations about data it receives that matches known attacks.

    Make the case to Management to purchase the right licensing and APE's and bandwidth to allow you to monitor all ports.  It's wonderful to be able to see every port with errors and call up their history and be able to tell the Help Desk "This port began seeing this kind of error on this date and time."  They can correlate the logs with scheduled changes (you DO use Change Management, right?) and it makes troubleshooting SO much easier!

    Rather than leave you hanging by saying "Get Management to properly fund your needs", I wrote a White Paper on how you might be able to get the funding by learning how to play Management's game.  It's here, if you're interested in learning ways to get past budget issues: 

    A Stratagem For Obtaining Funding For Your Projects

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.