ExtremeCloud IQ- Site Engine & Extreme Management Center

Expand all | Collapse all

Difference between trap and syslog message?

  • 1.  Difference between trap and syslog message?

    Posted 09-17-2018 11:24
    do anyone explain to me what is the difference between trap and syslog message?



  • 2.  RE: Difference between trap and syslog message?



  • 3.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:31
    Hi,

    a trap is an SNMP message, sent via SNMP protocol using UDP destination port 162 (by default). A Syslog message is message sent via Syslog protocoll using UDP desitnation port 514 (by default).

    SNMP was developed for network management, Syslog was developed for Unix-like systems.

    While Syslog uses text messages that are supposed to be easily read by humans, SNMP traps use structured binary data that needs to be translated to human readable form based on a formal definition (MIB).

    That said, both are used for the purpose of sending information regarding some kind of event to a central server.

    Thanks,
    Erik


  • 4.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:34
    Ok so I can receive via trap or syslog message the IP address of the computer (NO switch) that has generate the alarm?


  • 5.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc


  • 6.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:34
    You'd receive the trap and/or the syslog message from the device that is able to generate SNMP traps and/or syslog messages.

    The message inlcudes the IP from the sender.


  • 7.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    What PC ? To you mean the PC that is connected to the switch ?!


  • 8.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    yes ! It's enough for me the Alias of the pc also


  • 9.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    The switch is the sender of the message so this IP is included in the message and not the device that is connected to the port.


  • 10.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    which IP do you speak?
    In the message is not included the IP of the pc but only the port number




  • 11.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    The switch (192.168.10.106) doens't care about the IP of the device that is connected on slot 0 port 5 - the message is a link down message and doesn't include the IP of the device that is connected to 0/5.


  • 12.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    ok but I want to know if is there a way to include, inside of the "information" field, the ip address or the alias/name of the pc that has generate the "link down"


  • 13.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    AFAIK no.


  • 14.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    Hello Visconti,

    because the SNMP trap format is specified in the message information base (MIB), it cannot easily be extended with new information. While Syslog messages could theoretically be amended with additional information, switches generally do not provide that feature. On EXOS, one might be able to use a script to collect the relevant information and send it as a Syslog message, but I cannot tell you how exactly or even how hard that would be (I would have to find out how myself before).

    Thus you need to manually (or possibly with scripting on the NMS) use the info from the trap to find out e.g. the port description from the switch.

    Thanks,
    Erik


  • 15.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    what meens NMS ?


  • 16.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    NMS is the network management system, e.g. Extreme Management Center (XMC) — I hope I've got the name right, it has changed quite a lot. ;-)


  • 17.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    I'm trying desperately a way to create a "Flex view" using Extreme managment console but I can not understand what it is the field to add in the flex view that can show me the ip address of the pc besides the message information of the alarm.



  • 18.  RE: Difference between trap and syslog message?

    Posted 09-17-2018 11:42
    Well, it is not even certain that the switch the PC is connected to knows the IP address of the PC. If it does, you would need to query the respective tables where it is stored. That might be the ctAliasTable of Extreme switches, or something else. But after a link-down event relevant information is lost from the switch, e.g. the MAC address(es) seen on the port while it was up. Thus the switch might never have had the information (IP address), and it might have already forgotten the information (MAC address) you can use to find the IP on the router.

    Anyway, you still to somehow react to receiving the trap and then start looking for additional information.

    A good way to get all the information about an end-system that was connected to a switch port that went down would be via ExtremeControl, which can be deployed in a visibility only mode (using optional MAC based authentication).

    Sorry that I cannot give you a simple solution with just Extreme Managament Console (XMC).

    Thanks,
    Erik