Difference between trap and syslog message?

  • 17 September 2018
  • 17 replies
  • 981 views

Userlevel 1
do anyone explain to me what is the difference between trap and syslog message?

17 replies

Userlevel 7
Here you go...

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

https://en.wikipedia.org/wiki/Syslog
Userlevel 7
Hi,

a trap is an SNMP message, sent via SNMP protocol using UDP destination port 162 (by default). A Syslog message is message sent via Syslog protocoll using UDP desitnation port 514 (by default).

SNMP was developed for network management, Syslog was developed for Unix-like systems.

While Syslog uses text messages that are supposed to be easily read by humans, SNMP traps use structured binary data that needs to be translated to human readable form based on a formal definition (MIB).

That said, both are used for the purpose of sending information regarding some kind of event to a central server.

Thanks,
Erik
Userlevel 1
Ok so I can receive via trap or syslog message the IP address of the computer (NO switch) that has generate the alarm?
Userlevel 7
Ok so I can receive via trap or syslog message the IP address of the computer (NO switch) that has generate the alarm?
You'd receive the trap and/or the syslog message from the device that is able to generate SNMP traps and/or syslog messages.

The message inlcudes the IP from the sender.
Userlevel 1
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
Userlevel 7
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
What PC ? To you mean the PC that is connected to the switch ?!
Userlevel 1
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
yes ! It's enough for me the Alias of the pc also
Userlevel 7
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
The switch is the sender of the message so this IP is included in the message and not the device that is connected to the port.
Userlevel 1
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
which IP do you speak?
In the message is not included the IP of the pc but only the port number

Userlevel 7
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
The switch (192.168.10.106) doens't care about the IP of the device that is connected on slot 0 port 5 - the message is a link down message and doesn't include the IP of the device that is connected to 0/5.
Userlevel 1
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
ok but I want to know if is there a way to include, inside of the "information" field, the ip address or the alias/name of the pc that has generate the "link down"
Userlevel 7
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
AFAIK no.
Userlevel 7
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
Hello Visconti,

because the SNMP trap format is specified in the message information base (MIB), it cannot easily be extended with new information. While Syslog messages could theoretically be amended with additional information, switches generally do not provide that feature. On EXOS, one might be able to use a script to collect the relevant information and send it as a Syslog message, but I cannot tell you how exactly or even how hard that would be (I would have to find out how myself before).

Thus you need to manually (or possibly with scripting on the NMS) use the info from the trap to find out e.g. the port description from the switch.

Thanks,
Erik
Userlevel 1
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
what meens NMS ?
Userlevel 7
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
NMS is the network management system, e.g. Extreme Management Center (XMC) — I hope I've got the name right, it has changed quite a lot. 😉
Userlevel 1
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
I'm trying desperately a way to create a "Flex view" using Extreme managment console but I can not understand what it is the field to add in the flex view that can show me the ip address of the pc besides the message information of the alarm.
Userlevel 7
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
Well, it is not even certain that the switch the PC is connected to knows the IP address of the PC. If it does, you would need to query the respective tables where it is stored. That might be the ctAliasTable of Extreme switches, or something else. But after a link-down event relevant information is lost from the switch, e.g. the MAC address(es) seen on the port while it was up. Thus the switch might never have had the information (IP address), and it might have already forgotten the information (MAC address) you can use to find the IP on the router.

Anyway, you still to somehow react to receiving the trap and then start looking for additional information.

A good way to get all the information about an end-system that was connected to a switch port that went down would be via ExtremeControl, which can be deployed in a visibility only mode (using optional MAC based authentication).

Sorry that I cannot give you a simple solution with just Extreme Managament Console (XMC).

Thanks,
Erik

Reply