Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Syslog and traps

You can use a web API wrapper for nm-msg-reporter.

Use the following syntax:

https://{server}/api-msg?
  password={pw};
  time={time filter};
  [addr={ip filter}];
  [type=syslog|trap];
  [device={name}|{regex}];
  [regex={regex filter}];
  [limit={qty messages}]

Examples

Retrieve all syslog messages for the past 30 minutes for devices with specific text:

https://{server}/api-msg?password={pw};time=last30m;type=syslog;device=/^swt/;

Retrieve up to a specific number of syslog messages for the past hour for a specific IP address:

https://{server}/api-msg?password={pw};time=last1h;addr=10.1.9.6;type=syslog;regex=down;limit=5;

To activate the Syslog and Traps web API:

Go to Admin > API > Web API Settings. Click the Syslog and Traps option On.

Click Save.

User api-ro is required.

nm-msg-reporter

AKIPS stores all syslog and SNMP traps in a single database.

Use the nm-msg-reporter command line tool to extract and filter messages.

Each syslog or trap message contains:

  • header line: {system timestamp} {type} {IP version} {IP Address}

  • message text

  • blank terminating line.

Examples

Retrieve all syslog messages for the past hour:

time last1h type syslog

1744253762 syslog 4 10.100.251.37
info local7 1 2025-04-10T12:56:02 10.100.251.37 vlan.msgs: Port 2 link down

1744253762 syslog 4 10.100.251.39
info local4 1 2025-04-10T12:56:02 10.100.251.39 Sensor[1]Port tg.1.2 rx power sensor indicates normal (0.023 mW)

1744253762 syslog 4 10.100.251.38
notice local4 1 2025-04-10T12:56:02 10.100.251.38 Default[1.tSyslogD]4 Messages Dropped

1744253762 syslog 4 10.100.251.40
info local7 1 2025-04-10T12:56:02 10.100.251.40 vlan.msgs: Port 37 link UP at speed 10 Mbps and full-duplex

1744253762 syslog 4 10.100.251.41
info local4 1 2025-04-10T12:56:02 10.100.251.41 Spantree[1]Port Status: DOWN on Port = ge.1.31

Retrieve all trap messages for the past day which contain specific text:

type trap time last1d regex OSPF

1436232075 trap 4 10.4.2.26
SNMPv2-MIB sysUpTime 0 TimeTicks 53803
SNMPv2-MIB snmpTrapOID 0 ObjectIdentifier CISCO-SYSLOG-MIB.clog MessageGenerated
CISCO-SYSLOG-MIB clogHistFacility 122 DisplayString OSPFv3
CISCO-SYSLOG-MIB clogHistSeverity 122 ENUM 6,notice
CISCO-SYSLOG-MIB clogHistMsgName 122 DisplayString ADJCHG
CISCO-SYSLOG-MIB clogHistMsgText 122 DisplayString Process 1, Nbr 10.4.45.1 on Serial1/6 from...
CISCO-SYSLOG-MIB clogHistTimestamp 122 TimeTicks 53803

1436232075 trap 4 10.4.2.26
SNMPv2-MIB sysUpTime 0 TimeTicks 53803
SNMPv2-MIB snmpTrapOID 0 ObjectIdentifier OSPF-TRAP-MIB.ospf NbrStateChange
OSPF-MIB ospfRouterId 10.4.2.20 IPAddress 10.4.40.1
OSPF-MIB ospfNbrIpAddr 10.4.2.20 IPAddress 10.4.2.166
OSPF-MIB ospfNbrAddressLessIndex 10.4.2.20 Integer 0
OSPF-MIB ospfNbrRtrId 10.4.2.20 IPAddress 10.4.45.1
OSPF-MIB ospfNbrState 10.4.2.20 ENUM 1,down

Retrieve all syslog and trap messages for today from a specific IP address:

time today addr 10.4.2.26

1436232275 syslog 4 10.4.2.26
notice local7 149:Jul 7 11:24:34.476: LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/6, changed...

1436232275 syslog 4 10.4.2.26
notice local7 150:Jul 7 11:24:34.572: OSPF-5-ADJCHG: Process 1, Nbr 10.4.45.1 onSerial1/6 from LOADING...

1436232275 trap 4 10.4.2.26
SNMPv2-MIB sysUpTime 0 TimeTicks 54003
SNMPv2-MIB snmpTrapOID 0 ObjectIdentifier OSPF-TRAP-MIB.ospf Nbr StateChange
OSPF-MIB ospfRouterId 10.4.2.20 IPAddress 10.4.40.1
OSPF-MIB ospfNbrIpAddr 10.4.2.20 IPAddress 10.4.2.166
OSPF-MIB ospfNbrAddressLessIndex 10.4.2.20 Integer 0
OSPF-MIB ospfNbrRtrId 10.4.2.20 IPAddress 10.4.45.1
OSPF-MIB ospfNbrState 10.4.2.20 ENUM 8,full

1436232276 trap 4 10.4.2.26
SNMPv2-MIB sysUpTime 0 TimeTicks 54004
SNMPv2-MIB snmpTrapOID 0 ObjectIdentifier OSPF-TRAP-MIB.ospf OriginateLsa
OSPF-MIB ospfRouterId 10.4.2.20 IPAddress 10.4.40.1
OSPF-MIB ospfLsdbAreaId 10.4.2.20 IPAddress 0.0.0.0
OSPF-MIB ospfLsdbType 10.4.2.20 ENUM 1,routerLink