SNMP and syslog forwarders
Hi, It's looking like running all of our traps and syslog through a couple of relay devices (and then onwards to the various NMS's) would be quite a win for us. These relay devices just need to be dumb forwarders (we don't require any filtering or storing, just reflection), but we need an HA pair (across two sites) without creating duplicates. I have the coding skills to make this myself, but as coding skills come and go in our network team, we are looking for a commerical product so it will continnue to work after I get: hit by a bus / amnesia / visions of grandeur. Any recommendations / experience? This needs to scale to ~1,500 devices. Thanks, Sam
RE: SNMP and syslog forwarders
The free Kiwi Syslog Server will do this. Josh -Original Message- From: Sam Stickland [mailto:sam_mailingli...@spacething.org] Sent: Wednesday, March 04, 2009 3:52 AM To: NANOG list Subject: SNMP and syslog forwarders Hi, It's looking like running all of our traps and syslog through a couple of relay devices (and then onwards to the various NMS's) would be quite a win for us. These relay devices just need to be dumb forwarders (we don't require any filtering or storing, just reflection), but we need an HA pair (across two sites) without creating duplicates. I have the coding skills to make this myself, but as coding skills come and go in our network team, we are looking for a commerical product so it will continnue to work after I get: hit by a bus / amnesia / visions of grandeur. Any recommendations / experience? This needs to scale to ~1,500 devices. Thanks, Sam
Re: SNMP and syslog forwarders
Sam Stickland writes: It's looking like running all of our traps and syslog through a couple of relay devices (and then onwards to the various NMS's) would be quite a win for us. You can try the UDP samplicator: http://www.switch.ch/network/downloads/tf-tant/samplicator/ (The name indicates that it can also sample packets, but that is just an option that can be ignored for your application.) These relay devices just need to be dumb forwarders (we don't require any filtering or storing, just reflection), but we need an HA pair (across two sites) without creating duplicates. There is one complication with SNMP traps and also with typical Syslog packets: The IP source address carries important information that is not carried in the payload. So it's not sufficient for the relay to simply re-send the UDP datagrams without loss of information. Samplicator handles this with an option to spoof the IP source address when it resends the packets. (With this option, it must run as root, and you will have to drill holes in the ingress filters that you hopefully have even for your own servers. :-) I have the coding skills to make this myself, but as coding skills come and go in our network team, we are looking for a commerical product so it will continnue to work after I get: hit by a bus / amnesia / visions of grandeur. Not commercial, sorry. Maybe someone can sell you support for it (or life insurance). I should probably put it up on a code hosting service so that the community can maintain it. Any recommendations / experience? This needs to scale to ~1,500 devices. Shouldn't be a problem. The main trick is to ensure that the forwarder's UDP receive buffers are large enough to handle bursts that might arrive while the forwarder/server is catching its breath. Samplicator lets you tune this socket buffer size. -- Simon.
Re: SNMP and syslog forwarders
you can easily configure syslog-ng for forwarding/relaying syslog msgs to another box On Wed, Mar 4, 2009 at 1:51 AM, Sam Stickland sam_mailingli...@spacething.org wrote: Hi, It's looking like running all of our traps and syslog through a couple of relay devices (and then onwards to the various NMS's) would be quite a win for us. These relay devices just need to be dumb forwarders (we don't require any filtering or storing, just reflection), but we need an HA pair (across two sites) without creating duplicates. I have the coding skills to make this myself, but as coding skills come and go in our network team, we are looking for a commerical product so it will continnue to work after I get: hit by a bus / amnesia / visions of grandeur. Any recommendations / experience? This needs to scale to ~1,500 devices. Thanks, Sam
Re: SNMP and syslog forwarders
Hi Sam, For SNMP Traps, we were using 'Concord TrapExploder'. I'm not sure, if this is still named that way - it's now more than 1.5 years ago, I'd been involved in that project. As we had configured all network elements to send the Traps to both TrapExploders, we had to de-duplicate the traps on the EventManagement piece of our NMS platform. But that's been an easy one... For Syslog, we had used syslog-ng and it was just running like a charm.. .. just my 2ct's regards Martin It's looking like running all of our traps and syslog through a couple of relay devices (and then onwards to the various NMS's) would be quite a win for us. These relay devices just need to be dumb forwarders (we don't require any filtering or storing, just reflection), but we need an HA pair (across two sites) without creating duplicates. I have the coding skills to make this myself, but as coding skills come and go in our network team, we are looking for a commerical product so it will continnue to work after I get: hit by a bus / amnesia / visions of grandeur. Any recommendations / experience? This needs to scale to ~1,500 devices. Thanks, Sam
