Hi everyone,
I'm puzzled by something that I thought would be simple: CAM table update decoding. The objective is to see in a very simple way any adds and deletes to the CAM table of a Cisco switch. The mechanics are done via snmp traps and Splunk enterprise does receive and record those traps. My issue is with decoding the actual trap message. I need to see the interface and the mac address being added or deleted from the CAM table.
I did install the Datametrix add-on and the Cisco TA but none appear to decode those traps correctly.
Instead what I see is the raw snmp trap which I need to manually fiddle in order to derive interface from the OID and the actual mac address from the integers in string-value. Here's a screen shot of what it looks like:
![alt text][1]
[1]: /storage/temp/122266-cam1.png
What would you suggest in order to see the true mac plus interface plus vlan in plain human readable format?
Thank you!
↧