DX NetOps

Hi,  I'd like to monitor syslog traps coming from the monitored devices. Devices are Cisco Nexus. Model type name of these devices is CiscoNXOS and Device type Cisco Nexus 5596UP. In the past I've enabled support for Cisco routers and switches and their syslog messages by editing files <$SPECROOT>/SS/CsVendor/Cisco_Router/Rtr.txt
<$SPECROOT>/SS/CsVendor/Ctron_CAT/Switch.txt
<$SPECROOT>/SS/CsVendor/Cisco_Router/GenCisco.txt
I've tried to edit the same files for Nexus devices but it doesn't work.  When I send a trap to Spectrum, it doesn't get mapped. I just get event 0x210d40 created. So my initial syslog message mapping is missing.

I've tested it with another Cisco router and alarming is working ok, my events are created when trap comes in. So I'm sure now that there is a problem with Nexus. Maybe there's another file which should be created/edited for mapping syslog traps from Nexus switches.

I'm using Trapgen software to test event behavior. I've been using this method before when configuring other syslog messages alarming and it has been working good every time.
Is there some way to get it working?

Regards

I believe the fundamental problem here is that Cisco Nexus doesn't have the ability to generate the 'syslog as trap' trap which is what is used to get this process started.

I would like to see Spectrum actually implement a true SYSLOG monitor implementation which would fix tis issue and several others related to needing to edit multiple files to get the desired behavior for all the various Cisco-type devices.

The functionality is tied into modeltypes.  My guess is that there was an oversight and the functionality wasn't tied to the CiscoNXOS modeltype.  I believe you've already opened a case (from some internal emails I've seen).  If you haven't opened a case, please do as we'll need to create a defect to have this changed/updated for the CiscoNXOS modeltype.

Cheers

Jay

PS - you could confirm by creating a duplicate model but choose a different modeltype.  For example, use the same ip/comm string and manually create it as a SwCiscoIOS instead of CiscoNXOS.  If the SwCiscoIOS processes the trap, the CiscoNXOS modeltype is the problem.

I have a case opened with support and they told me it's a bug. I'm currently waiting for L2 support to check it. In the meantime I have made a workaround. I've created a new model type - CiscoNXOS_custom and configured CiscoNXOS and SwCiscoIOS as its Base model types. It seems fine now. But Spectrum upgrades could lead into problems in the future so I don't like this solution. Before I've tested it with SwCiscoIOS instead of CiscoNXOS and it worked fine.