locked
SCOM 2012 SP1 Cisco Port Security Violations RRS feed

  • Question

  • Hello,

     

     

    I'm fairly new to System Center but have learning quite a bit over the last year. I am looking for some information on how to generate an alert  off of a port-security violation.  There's not much information about this so i'm wondering if anyone out there has experience doing this.

     

    Also, we run a fairly large Cisco environment (20000+ switchports), so my next question is, do I have to be monitoring every switchport to see a port-sec event happen.  I've run some debug snmp packets on my Cisco devices, and I do see the SNMP trap sent for the port-security violation.

     

    The universal device poller that I setup for this is: OID 1.3.6.1.4.1.9.9.315.1.2.1.1.2 or the MIB CISCO-PORT_SECURITY-MIB:cpsIfPortSecurityStatus, so i'm pretty confident that i've got the right data.  I'm just looking for a way to see these events happen without having to monitor every single switchport on my network and if the alert will tell me which switch, which port had the violation.


    Any help is always appreciated.

    Monday, April 27, 2015 2:55 PM

Answers

  • Hi,

    I have to say that I don't have experience doing this, but in my opinion, if you there is log files about that information, we can use SCOM to monitor the log file and fire alerts according to your requirements.

    Based on my research, the output of the port-security debug may have information about which switch, which port had the violation. (I am not familiar with cisco device, if there is any misunderstanding, please feel free let know)

    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Yan Li_ Friday, May 8, 2015 3:08 AM
    • Marked as answer by Yan Li_ Monday, May 11, 2015 6:54 AM
    Thursday, April 30, 2015 2:33 AM
  • If your switchs can send this info as an SNMP trap, just setup your SCOM to monitor snmp traps!

    http://blogs.technet.com/b/kevinholman/archive/2015/02/03/snmp-trap-monitoring-with-scom-2012-r2.aspx

    • Proposed as answer by Yan Li_ Friday, May 8, 2015 3:08 AM
    • Marked as answer by Yan Li_ Monday, May 11, 2015 6:54 AM
    Thursday, April 30, 2015 8:40 AM

All replies

  • Hi,

    I have to say that I don't have experience doing this, but in my opinion, if you there is log files about that information, we can use SCOM to monitor the log file and fire alerts according to your requirements.

    Based on my research, the output of the port-security debug may have information about which switch, which port had the violation. (I am not familiar with cisco device, if there is any misunderstanding, please feel free let know)

    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Yan Li_ Friday, May 8, 2015 3:08 AM
    • Marked as answer by Yan Li_ Monday, May 11, 2015 6:54 AM
    Thursday, April 30, 2015 2:33 AM
  • If your switchs can send this info as an SNMP trap, just setup your SCOM to monitor snmp traps!

    http://blogs.technet.com/b/kevinholman/archive/2015/02/03/snmp-trap-monitoring-with-scom-2012-r2.aspx

    • Proposed as answer by Yan Li_ Friday, May 8, 2015 3:08 AM
    • Marked as answer by Yan Li_ Monday, May 11, 2015 6:54 AM
    Thursday, April 30, 2015 8:40 AM