Archive
Highlighted

how to monitor switch, router, firewall, etc?

Explorer

If anyone out there has any relevant experience and could share some advice/guidance, that would be great.

Thanks!

Tags (2)
0 Karma
Highlighted

Re: how to monitor switch, router, firewall, etc?

Splunk Employee
Splunk Employee

this is a very general question that can be answered by reviewing the documentation. please provide more details about what you're trying to achieve--what do you want to know about your routers, switches, etc? what does your environment look like?
in the meantime, i recommend you go through the tutorial, here:
http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial

0 Karma
Highlighted

Re: how to monitor switch, router, firewall, etc?

Explorer

thank you for your respond. This can easy with everyone, but i feed very hard. I read the documentation, but i didn't find what i need.
suppose i want to get log SNMP trap of router. I attempt enable SNMP on router, then on Splunk machine i add data -> monitor->tcp/udp->setup port 162 to listen snmp trap. But Splunk cann't get log SNMP trap correctly from router.
this is image:
http://www.upsieutoc.com/image/W912

0 Karma
Highlighted

Re: how to monitor switch, router, firewall, etc?

Explorer

UPPPPPPPPPPP

0 Karma
Highlighted

Re: how to monitor switch, router, firewall, etc?

SplunkTrust
SplunkTrust

Hi leenguyen07, as an alternative to sending the snmp traps directly to splunk, you could leverage any existing trap collection mechanism, and write the events to that systems filesystem. Once it is written as a file, you can then configure a splunk forwarder to input that as a file

I'd also consider forwardering out syslog events from the network devices, writing them to a syslog server and inputing them just like the snmp traps.

Please let me know if this helps!

Highlighted

Re: how to monitor switch, router, firewall, etc?

Explorer

As i understand, has two way to monitor Switch/router.... use logging trap and use log snmp trap
1. THe first step: Configure logging trap on switch, it look as
Router(config)#Logging trap (trap level)
Router(config)#Logging host (Splunk Server) transport (tcp | udp) port (514)
Router(config)#Logging on
the Second step: setup Splunk to listen on port 514 (default), This way has success fully
But now my boss request me configure use snmp.
2. The first step, Configure use SNMP on router,switch it look as
Router(config)#snmp-server community (string) ro
Router(config)#snmp-server host (Splunk server) version (1,2,3) (string)
Router(config)#snmp-server enable trap snmp
the Second step, On Splunk i dont know what i do to get log trap from Router or switch. Can you help me do this tep?
If you has other way, can you recommend and write step by step to me. Thank you very much!

0 Karma