  | Administrator Handbook | TOC |
SNMP trap and snmp notification
What is snmp trap and snmp Notification ?
Network devices and systems that have snmp capabilities are able to send unattended snmp trap or snmp notification to a pre-configured snmp manager like LoriotPro. LoriotPro is able to receive and interpret these snmp trap. Loriotpro supports snmp trap of SNMP v1 and Notification of SNMP V2c or V3 (restricted). By configuration, devices send SNMP notifications as snmp trap (SNMP V1) or notification (SNMP V2c and V3).
Snmp trap are unreliable because the receiver does not send any acknowledgment when it receives a snmp snmp trap. The sender cannot determine if the snmp snmp trap was received.
LoriotPro assumes the necessary translation between standard snmp trap and the associated notifications of the V2c and V3.
In SNMP V1 there is only 6 Generic snmp snmp trap defined. The generic Enterprise snmp snmp trap is used to define other snmp trap by the means of a second number called Enterprise specific number.
| Version |
Generic snmp trap / Notification |
Icon |
Description |
| SNMP V1 |
0 - Cold Start |
|
A Cold Start snmp trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself and that its configuration may have been altered |
| SNMP
V1 |
1 - Warm Start |
|
A Warm Start snmp trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself such that its configuration is unaltered. |
| SNMP V1 |
2 - Link Down |
|
A Link Down snmp trap signifies that the SNMP entity, acting in an agent role, has a Network Interface becoming down. |
| SNMP V1 |
3 - Link Up |
|
A Link Down snmp trap signifies that the SNMP entity, acting in an agent role, has a Network Interface becoming up. |
| SNMP V1 |
4 - Authentication Failure |
|
An Authentication Failure snmp trap signifies that the SNMP entity, acting in an agent role, has received a protocol message that is not properly authenticated. |
| SNMP V1 |
5 - Egp |
|
EGP Router snmp trap |
| SNMP V1 |
6 - Enterprise |
|
An Enterprise snmp trap signifies that the SNMP entity, acting in an agent role, has sent a snmp trap that is defined in the private MIB section. Enterprise |
| unknown |
|
unrecognized trap | |
| SNMP V2 Notification |
V2 |
|
snmp v2c trap or snmp v2c notification type |
| SNMP V2 Notification |
V2 |
|
snmp v2c trap or snmp v2c notification type |
| SNMP V3 Notification |
V3 |
|
snmp v3 trap or snmp v3 notification type |
| SNMP V3 Notification |
V3 |
|
snmp v3 trap or snmp v3 notification type |
Example of a SNMP V1 Enterprise specific snmp snmp trap
Example of an SNMP V2 NOTIFICATION
By nature, LoriotPro received all snmp snmp trap on the UPD standard port 162. The software analyzes the different received snmp snmp trap types and displays the results in the snmp snmp trap window.
Snmp trap and snmp notification log list
In the snmp trap window, a contextual menu allow you to acknowledge received snmp trap/Inform.
|
|
Acknowledge Selection |
Select one or more snmp trap in the list and acknowledge them. Their color change to light grey on white background. |
|
|
Acknowledge All snmp trap |
All snmp trap are Acknowledged. Their color change to light grey on white background. |
|
|
Clear Acknowledged snmp trap |
Erase Acknowledged snmp trap from the display list. They are still logged in the snmp trap log files |
|
|
Clear All snmp trap |
Erase all snmp trap from the display list. They are still logged in the snmp trap log files |
|
|
Clear Selected snmp traps |
Erase the selected snmp traps from the display list. They are still logged in the snmp trap log files |
A double click on a snmp trap open the detailled window.
Snmp trap and snmp notification viewer
Creating Event on snmp trap reception
The snmp trapfilters.txt allows the administrator to trigger a local or remote event on specific snmp traps. The event is sent to the Event manager with a reference number (300 by default). This event could be filter as any Event and therefore trigger actions.
However, it is also possible to trigger an action when receiving a specific snmp trap.
Example
1. LoriotPro receives a snmp trap of LinkDown type on its UDP port 162 and display it in the snmp trap window.
2. This snmp trap is filtered in the snmp trapfilter.txt file, the associated action is to generate an event with number 10 002.
3. The snmp trap management process checks if any action should be executed for this snmp trap .
4. Actions if exist are executed.
5. The Event manager receives the 10 002 event, display it in the Global events window.
6. The Event manager filter the incoming event to see if action should be made.
snmp traps window
snmp traps are all displayed in the snmp traps window and forwarded to the Global Event window by default under the event number 300. The configuration is done in the snmp trap filter tree
The Link Down snmp trap is displayed as an Event
Global Events window
Warning: Only filtered snmp trap defined in the
snmp trapfilter.txt file generates events that will be displayed in the Global
Event window.
By default, snmp traps use the Event number 300 as defined in the snmp trapfilter.txt but other number could be set up. In our example the LinkDown snmp trap generates an event number 100002. LoriotPro locally manages the snmp trap, however it is possible to route a snmp trap to another LoriotPro by using a snmp trap associated action to define in the snmp trapfilter.txt file.
Example : Extract of snmp trapfilter.txt file
snmp trap LinkDown 2 0 6 "%r for %n from %i Interface
%1 at %t Description %1 Type %2 Status %3" 10002
action 0.0.0.0 0.0.0.0 * wave "wave/linedown.wav"
event 10002 0.0.0.0 0.0.0.0 1 smtp "unknow@domain.com LinkDown
%i %r %R %m"
The snmp trapfilter.txt syntax is explain in a next chapter.
Warning: If the snmp trap is not defined in the
snmp trapfilter.txt file there is no Event sending. Only the snmp trap window informs
you about the snmp trap reception.
snmp trap collection algorithm
SNMP snmp trap management principle
snmp traps log file
All received snmp trap are stored in log files.
When receiving a snmp trap, LoriotPro creates a new entry in the current snmp trap log file. A new file is created each 24 hours with a new name and contains a time-stamp. This log files are located in the directory /bin/www/log in a .csv format. The delimiter character is “;”.
File could be viewed from the LoriotPro graphical interface.
From the main menu select:
Supervise>See snmp traps Log Files…
A selection window appears, choose your file
snmp trap log file format
The snmp trap log file format use a CSV extension and could be read by a spreadsheet or any text editor. Each snmp trap generates two lines in the log file.
Line example
Date ;ip_source_packet ;ip_agent;snmp trap_OID;info;snmp trap_référence;snmp trap_spécifique ;valeur,OID ;valeur,OID ;…;<br>
Table of CSV field
| Filed |
Information |
| Date |
The date of the packet reception |
| Ip_source_packet |
The source IP address of the snmp trap sender. |
| Ip_agent |
The IP address of the agent who send the snmp trap SNMP (snmp trap V1) |
| snmp trap_OID |
The snmp trap name (This one should be use in the snmp trapfilter.txt |
| Info |
snmp trap Version |
| snmp trap reference |
snmp trap type V1 |
| snmp trap_specifique |
snmp trap specific references of ‘enterprise’ type |
| Options list |
All parameters
sent with the snmp trap |
| <br> |
Just here for a futur HTML use |
Warning: This format will be changed
in future version of LoriotPro.
Example : snmp trap_Feb_23_2002.csv
Sat Feb 23 13:31:39 2002;10.33.10.121;10.33.10.121;coldstart;ColdStart;0;0;4;6472,sysuptimeinstance;coldstart,snmpsnmp trapoid.0;Thu
Jan 01 02:47:52 1970,sysuptimeinstance;power-on,whyreload.0;<br>
Sat Feb 23 13:31:39 2002;10.33.10.121;10.33.10.121;coldstart;ColdStart;0;0;4;6479,sysuptimeinstance;coldstart,snmpsnmp trapoid.0;Thu
Jan 01 02:47:58 1970,sysuptimeinstance;power-on,whyreload.0;<br>
Sat Feb 23 13:31:40 2002;10.33.10.121;10.33.10.121;entconfigchange;snmp trapV3;6;0;3;6517,sysuptimeinstance;entconfigchange,snmpsnmp trapoid.0;Thu
Jan 01 02:48:36 1970,entlastchangetime.0;<br>
Sat Feb 23 14:25:45 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;snmp trapV3;6;0;5;331131,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmpsnmp trapoid.0;commandLine,ccmhistoryeventcommandsource.1;2,ccmhistoryeventconfigsource.1;3,ccmhistoryeventconfigdestination.1;<br>
Sat Feb 23 14:25:53 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;snmp trapV3;6;0;5;331893,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmpsnmp trapoid.0;commandLine,ccmhistoryeventcommandsource.2;2,ccmhistoryeventconfigsource.2;3,ccmhistoryeventconfigdestination.2;<br>
Sat Feb 23 14:27:18 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;snmp trapV3;6;0;5;340434,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmpsnmp trapoid.0;commandLine,ccmhistoryeventcommandsource.3;2,ccmhistoryeventconfigsource.3;3,ccmhistoryeventconfigdestination.3;<br>
Sat Feb 23 14:27:34 2002;10.33.10.121;10.33.10.121;linkup;LinkUp;3;0;6;342005,sysuptimeinstance;linkup,snmpsnmp trapoid.0;12,ifindex.12;Loopback10,ifdescr.12;softwareLoopback,iftype.12;up,locifreason.12;<br>
Sat Feb 23 14:27:39 2002;10.33.10.121;10.33.10.121;linkdown;LinkDown;2;0;6;342527,sysuptimeinstance;linkdown,snmpsnmp trapoid.0;12,ifindex.12;Loopback10,ifdescr.12;softwareLoopback,iftype.12;administratively
down,locifreason.12;<br>
snmp trap reception and action
The snmp trap manager process stores incoming snmp traps in the file and next displays them on the snmp traps window.
snmp traps window
LoriotPro reads the memory loaded filter (created form the snmp trapfilter.txt) and compares to the incomingsnmp trap . If one satisfies the filter condition, a customized event is sent to a LoriotPro Event manager (local or remote according to the configuration).
snmp trap forwarded to the Event manager
Example of LinkDown snmp trap configuration:
snmp trap LinkDown 2 0 6 "%r for %n from %i Interface
%1 at %t Description %1 Type %2 Status %3" 10002
action 10.33.10.121 255.255.255.255 public wave "wave/ding.wav"
action 10.33.10.121 255.255.255.255 * winrun "telnet %i"
action 0.0.0.0 0.0.0.0 * wave "wave/linedown.wav"
Remark: Consult the chapter about event filter creation for more information on the syntax used in the snmp trapfilter.txt.
In this example, the reception of a LinkDown snmp trap generates a level 6 event with the reference 10 002. The event will be sent by using the character string below.
("%r for %n from %i Interface %1 at %t Description %1 Type %2 Status %3")
The Event Manager process replaces the %x with the text string from the received SNMP variables. Furthermore, if the IP address included in the snmp trap matches the mask defined in the filter, associated actions are realized.
In our example the action wave linedown (twanging alarm) will be played each time a snmp trap LinkDown arrives. If the snmp trap comes from the agent 10.33.10.121 a wave ding will be played in complement.
snmp trap Algorithm
www.loriotpro.com |
|