Discussion:
[Observium] Alert to monitor cisco ARP table
Lambert, Benoit
2015-06-16 13:05:10 UTC
Permalink
Hello Observium team,

Is there a way for an alert checker to check for a new ARP entry in the arp table?

Thanks.
Adam Armstrong
2015-06-16 13:07:16 UTC
Permalink
Not currently. I think that would take a different kind of alert than is
possible with the existing system.

In what scenario are you wanting to involve the ARP table in alerts?

Adam.

Sent with AquaMail for Android
http://www.aqua-mail.com
Post by Lambert, Benoit
Hello Observium team,
Is there a way for an alert checker to check for a new ARP entry in the arp table?
Thanks.
----------
_______________________________________________
observium mailing list
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Lambert, Benoit
2015-06-17 12:54:54 UTC
Permalink
We want an alert when a new mac address is added to an access port.

I did some more research and I got the switch to send a Mac-Notification-Change trap to the server.

Is there an easy way to implement this? I am testing with snmptrapd daemon.

I assume once the server receives the trap it can be re-routed to syslog-ng and brought into Observium.

Switch --> Server (udp 162) -->Script/Program that re-routes -->Server (udp 514) --> syslog-ng -->Observium instance

I was also struggling with the TRAP payload, the mac, port index and vlan weren't part of the message.
Do I need the CISCO-MAC-NOTIFICATION-MIB?

Thank you.
Adam Armstrong
2015-06-17 13:00:15 UTC
Permalink
You know we don't yet generate alerts from syslog, right? :)

You might just want to generate alerts directly from the trap daemon.

adam.

Sent from Mailbird [http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird]
On 17/06/2015 13:55:23, Lambert, Benoit <***@ntl.nt.net> wrote:
We want an alert when a new mac address is added to an access port.
 
I did some more research and I got the switch to send a Mac-Notification-Change trap to the server.
 
Is there an easy way to implement this? I am testing with snmptrapd daemon.
 
I assume once the server receives the trap it can be re-routed to syslog-ng and brought into Observium.
 
Switch à Server (udp 162) àScript/Program that re-routes àServer (udp 514) à syslog-ng àObservium instance
 
I was also struggling with the TRAP payload, the mac, port index and vlan weren’t part of the message.
Do I need the CISCO-MAC-NOTIFICATION-MIB?
 
Thank you.
 

Loading...