Header Only - DO NOT REMOVE - Extreme Networks

Difference between trap and syslog message?


do anyone explain to me what is the difference between trap and syslog message?

17 replies

Userlevel 7
Here you go...

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

https://en.wikipedia.org/wiki/Syslog
Userlevel 7
Hi,

a trap is an SNMP message, sent via SNMP protocol using UDP destination port 162 (by default). A Syslog message is message sent via Syslog protocoll using UDP desitnation port 514 (by default).

SNMP was developed for network management, Syslog was developed for Unix-like systems.

While Syslog uses text messages that are supposed to be easily read by humans, SNMP traps use structured binary data that needs to be translated to human readable form based on a formal definition (MIB).

That said, both are used for the purpose of sending information regarding some kind of event to a central server.

Thanks,
Erik
Ok so I can receive via trap or syslog message the IP address of the computer (NO switch) that has generate the alarm?
Userlevel 7
Visconti wrote:

Ok so I can receive via trap or syslog message the IP address of the computer (NO switch) that has generate the alarm?

You'd receive the trap and/or the syslog message from the device that is able to generate SNMP traps and/or syslog messages.

The message inlcudes the IP from the sender.
In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc
Userlevel 7
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

What PC ? To you mean the PC that is connected to the switch ?!
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

yes ! It's enough for me the Alias of the pc also
Userlevel 7
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

The switch is the sender of the message so this IP is included in the message and not the device that is connected to the port.
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

which IP do you speak?
In the message is not included the IP of the pc but only the port number

Userlevel 7
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

The switch (192.168.10.106) doens't care about the IP of the device that is connected on slot 0 port 5 - the message is a link down message and doesn't include the IP of the device that is connected to 0/5.
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

ok but I want to know if is there a way to include, inside of the "information" field, the ip address or the alias/name of the pc that has generate the "link down"
Userlevel 7
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

AFAIK no.
Userlevel 7
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

Hello Visconti,

because the SNMP trap format is specified in the message information base (MIB), it cannot easily be extended with new information. While Syslog messages could theoretically be amended with additional information, switches generally do not provide that feature. On EXOS, one might be able to use a script to collect the relevant information and send it as a Syslog message, but I cannot tell you how exactly or even how hard that would be (I would have to find out how myself before).

Thus you need to manually (or possibly with scripting on the NMS) use the info from the trap to find out e.g. the port description from the switch.

Thanks,
Erik
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

what meens NMS ?
Userlevel 7
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

NMS is the network management system, e.g. Extreme Management Center (XMC) — I hope I've got the name right, it has changed quite a lot. 😉
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

I'm trying desperately a way to create a "Flex view" using Extreme managment console but I can not understand what it is the field to add in the flex view that can show me the ip address of the pc besides the message information of the alarm.
Userlevel 7
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

Well, it is not even certain that the switch the PC is connected to knows the IP address of the PC. If it does, you would need to query the respective tables where it is stored. That might be the ctAliasTable of Extreme switches, or something else. But after a link-down event relevant information is lost from the switch, e.g. the MAC address(es) seen on the port while it was up. Thus the switch might never have had the information (IP address), and it might have already forgotten the information (MAC address) you can use to find the IP on the router.

Anyway, you still to somehow react to receiving the trap and then start looking for additional information.

A good way to get all the information about an end-system that was connected to a switch port that went down would be via ExtremeControl, which can be deployed in a visibility only mode (using optional MAC based authentication).

Sorry that I cannot give you a simple solution with just Extreme Managament Console (XMC).

Thanks,
Erik
Userlevel 7
Visconti wrote:

In the "information" field of Alarms windows I see only the port number of the switch but not the IP of the pc

Well, it is not even certain that the switch the PC is connected to knows the IP address of the PC. If it does, you would need to query the respective tables where it is stored. That might be the ctAliasTable of Extreme switches, or something else. But after a link-down event relevant information is lost from the switch, e.g. the MAC address(es) seen on the port while it was up. Thus the switch might never have had the information (IP address), and it might have already forgotten the information (MAC address) you can use to find the IP on the router.

Anyway, you still to somehow react to receiving the trap and then start looking for additional information.

A good way to get all the information about an end-system that was connected to a switch port that went down would be via ExtremeControl, which can be deployed in a visibility only mode (using optional MAC based authentication).

Sorry that I cannot give you a simple solution with just Extreme Managament Console (XMC).

Thanks,
Erik

Reply