1

Is't someshow possible to enable SNMPv3 failed/wrong authentification events to be sent to some logging server or just the log message to be triggered on device itself ?

I talking about IOSXR/IOS/IOS-XE and NX-OS devices.

edit:

The IOS-XE/IOS models would be: CISCO ISR 44xx, and Cisco WS-C2960+48TC-S.

The Cisco ISR 44xx configuration is here from (show running-configuration full)

logging history informational
logging snmp-trap emergencies
logging snmp-trap alerts
logging snmp-trap critical
logging snmp-trap errors
logging snmp-trap warnings
logging snmp-trap informational
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
Improve this question
6
  • 1
    Have you enabled logging trap notifications and snmp-server enable traps snmp authentication?
    – user36472
    Commented Jul 23, 2018 at 12:33
  • on nexus i see only [snmp-server enable traps snmp authentication] , but not [logging trap notifications]. After I enable only [snmp-server enable traps snmp authentication?]. And doing some incorrect authentiifiations - i dont see any alerts present..
    – saddayz
    Commented Jul 23, 2018 at 12:47
  • Try to enable log level for SNMP logging level snmpd 6
    – user36472
    Commented Jul 23, 2018 at 14:07
  • 2
    Please post your configuration, so that i can check if you need something. It works fine on my Nexus 6000.
    – user36472
    Commented Jul 23, 2018 at 14:10
  • thanks Crown, on NX-OS it's working. Any idea howto do it on IOSXR and IOS-XE ? Thanks!
    – saddayz
    Commented Jul 23, 2018 at 16:10

2 Answers 2

Reset to default
2

Assuming you have configured SNMPv3 correctly with group/user/views etc.

For IOS/IOS-XE (Sorry don't have any IOS XR available)

snmp-server enable traps snmp authentication
logging trap informational
logging history informational
logging snmp-trap informational

NX-OS on Nexus platforms etc.

snmp-server enable traps snmp authentication
logging level snmpd 6
Improve this answer
9
  • thank you, seems that commands on IOS-XE doesnt work fully, i enter them but no log on output..
    – saddayz
    Commented Jul 24, 2018 at 7:43
  • @saddayz that is very strange. Try logging snmp-trap informational on IOS XE. You can use the same command on IOS it seems...
    – user36472
    Commented Jul 24, 2018 at 8:19
  • tried it on IOS-XE and IOS. But no output is comming. Maybe something is left ?
    – saddayz
    Commented Jul 24, 2018 at 10:46
  • @saddayz for the sake of troubleshooting, try to enable all traps with snmp-server enable traps and see if it does anything. I don't understand as it works on my switches.
    – user36472
    Commented Jul 24, 2018 at 11:35
  • tahnks, did it, no message on "show logging" any more ideas ? :)
    – saddayz
    Commented Jul 24, 2018 at 13:48
0

the command debug snmp config enables snmp debug messages on the cli.
You can also use the debug snmp packets command to look at all incoming and outgoing snmp packets on the cli. It is recommended to limit the output of this debug command by applying it over an acl, this can be done by adding the detail <acl-name or acl-number>. I can see that you've enabled logging for levels 0-6 but left out the debugging(level 7). Make sure to enable snmp-trap debugging and logging for the same.

Improve this answer
3
  • thank you, debug snmp config doesnt work. Debug snmp packets drops this message "%IOSXE_INFRA-3-CONSOLE_DBUG_DROP: System dropped 204 bytes of console debug messages."
    – saddayz
    Commented Jul 30, 2018 at 14:44
  • This means that the console can't handle the message length,i recommend logging it in a buffer. An example of this is, logging buffered <buffer size in bytes(example 10000000 - for 10 mb)> no logging console no logging monitor logging trap debugging logging host <syslog server ip> The logging trap debugging command is needed only if logging to a syslog server is required.
    – ashraf
    Commented Jul 31, 2018 at 16:53
  • hello. Thanks, can you help me with the combination of commands to enable the SNMPv3 Failed authentification warnings onto the 'show loggs' output ?
    – saddayz
    Commented Aug 1, 2018 at 7:51

Not the answer you're looking for? Browse other questions tagged or ask your own question.