SNMP is a layer 7 application layer protocol consisting of an SNMP manager, an SNMP agent and MIBs. Syslog is a way for network devices to send event messages to a logging server, usually known as a Syslog server.
- The SNMP manager can be a standalone server or part of a network management system such as CiscoWorks
- The agent and MIB (Management Information Base) reside on the switch/router/device
- To configure SNMP, define the relationship between the manager and the agent
- Using MIBs, an SNMP manager can request a value from an agent or store a value in the agent
- The SNMP manager can poll the agents for information (UDP port 161)
- The SNMP agent can also send unsolicited traps to the manager (UDP port 162)
- Traps are messages that typically alert the manager to a condition on the network, i.e. an interface is down, authentication failed, neighbor connection lost, etc.
- Syslog is a way for network devices to send event messages to a logging server, usually known as a Syslog server.
Syslog vs SNMP - Can't I just turn on SNMP traps and forget about Syslog?
The simple answer is: no. In general, there are significantly more Syslog messages available within IOS as compared to SNMP Trap messages. For example, a Cisco Catalyst 6500 switch running Cisco IOS Software Release 12.2(18)SXF contains about 90 SNMP trap notification messages, but has more than 6000 Syslog event messages.