My Cacti Syslog Alerts – Cisco/ASA/Mikrotik/Centos
Here are a few of my Cacti alerts. I’m definitely a network guy, so you will mostly see network related alerts. If you have any you want to share with the world, add them to the comments!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | !!Start with a few Mikrotik alerts: sys error, accepted a DHCP address and failed login NAME TYPE TEXT Mikrotik System error Message Begins with system,error,critical Mikrotik Rogue - DHCP Client Message Contains dhcp,info,debug dhcp-client%got ip address Mikrotik incorrect login Message Contains system,error,critical login failure for user %from % !!A lot of Cisco alerts. Some of these, such as the POS interface may or may not apply to you :) Cisco BGP adjchange Message Contains BGP- Cisco dup address Message Contains Duplicate address Cisco Serial Interface Message Contains Interface Serial Cisco POS interfaces Message Contains LINEPROTO-5-UPDOWN: Line protocol on Interface POS Cisco hsrp Message Contains HSRP- Cisco OSPF Alert Message Contains OSPF- Cisco MPLS Neighbor Change Message Contains LDP- Cisco MPLS Message Contains cdt%mpls Cisco Duplex Mismatch Message Contains CDP-%-DUPLEX_MISMATCH Cisco err-disable Message Contains err-disable Cisco Spanntree Message Contains SPANTREE Cisco FIB TCAM error Message Contains fib tcam Cisco Power Failure Message Contains power%supply%fail Cisco Fan Message Contains BLOWER%fan%fail Cisco Voltage Message Contains ENV%Voltage measured Cisco Late Collision Message Contains \%PM_SCP-SP%late%collision Cisco RSP Message Contains %RSP Cisco LACP Message Contains \%EC%LACP Cisco Controller Message Contains \%CONTROLLER- !!User trying to login to your ASA via VPN failed authentication ASA failed vpn user Message Contains %ASA%Remote peer has failed user authentication !!Someone logging into your centos box via root Centos logon as root Message Contains Accepted password for root |
I’ve got a tutorial up on adding syslog export to your Cisco devices here.