Administrator Handbook Table of contents version française

SNMP trap and snmp notification


What is snmp trap and snmp Notification ?

Network devices and systems that have snmp agents are able to send snmp trap or snmp notification to a pre-configured snmp manager like LoriotPro.

LoriotPro is able to receive and interpret these snmp trap. Loriotpro supports snmp trap of SNMP v1 and Notification of SNMP V2c or V3 (restricted). By configuration, devices send SNMP notifications as snmp trap (SNMP V1) or  notification (SNMP V2c and V3).

Snmp trap are unreliable because the receiver does not send any acknowledgment when it receives a snmp trap. The sender cannot determine if the snmp snmp trap was received.

LoriotPro assumes the necessary translation between standard snmp trap and the associated notifications of the V2c and V3.
snmp trap,snmp traps,snmp notification,notification,snmp,trap,traps,filter,event,inform,v2c,acknowledge,log,linkdown,linkup, snmp trapfilter,snmp entity,linkdown snmp,notification snmp,snmp v2c trap,snmp v3 trap


snmp snmp trap types

In SNMP V1 there is only 6 Generic snmp snmp trap defined. The generic Enterprise snmp snmp trap is used to define other snmp trap by the means of a second number called Enterprise specific number.

Version

Generic snmp trap / Notification

Icon

Description

SNMP V1

0 - Cold Start

cold start trap

A Cold Start snmp trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself and that its configuration may have been altered

SNMP V1
 

1 - Warm Start

warm start trap

A Warm Start snmp trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself such that its configuration is unaltered.

SNMP V1

2 - Link Down

link down trap

A Link Down snmp trap signifies that the SNMP entity, acting in an agent role, has a Network Interface becoming down.

SNMP V1

3 - Link Up

link up trap

A Link Up snmp trap signifies that the SNMP entity, acting in an agent role, has a Network Interface becoming up.

SNMP V1

4 - Authentication Failure

authentication trap

An Authentication Failure snmp trap signifies that the SNMP entity, acting in an agent role, has received a protocol message that is not properly authenticated. 

SNMP V1

5 - Egp

egp trap

EGP Router snmp trap

SNMP V1

6 - Enterprise

enterprise trap

An Enterprise snmp trap signifies that the SNMP entity, acting in an agent role, has sent a snmp trap that is defined in the private MIB section. Enterprise

unknown

 

unknown trap

unrecognized trap

SNMP V2 Notification

V2

SNMP v2c notification

snmp v2c trap or snmp v2c notification type

SNMP V2 Notification

V2

SNMP v2c notification

snmp v2c trap or snmp v2c notification type

SNMP V3 Notification

V3

SNMP v3 notification

snmp v3 trap or snmp v3 notification type

SNMP V3 Notification

V3

SNMP v3 notification

snmp v3 trap or snmp v3 notification type

Example of a SNMP V1 Enterprise specific snmp snmp trap

trap details

Example of an SNMP V2 NOTIFICATION

 notification details


SNMP snmp trap window

By nature, LoriotPro received all snmp snmp trap on the UPD standard port 162. The software analyzes the different received snmp snmp trap types and displays the results in the snmp snmp trap window.

snmp trap and snmp notification window Snmp trap and snmp notification log list

In the snmp trap window, a contextual menu allow you to acknowledge received snmp trap/Inform.

snmp trap filter or snmp notification

Acknowledge Selection

Select one or more snmp trap in the list and acknowledge them. Their color change to light grey on white background.

multiple snmp trap  or snmp notification filter

Acknowledge All snmp trap

All snmp trap are Acknowledged. Their color change to light grey on white background.

delete trap filter

Clear Acknowledged snmp trap

Erase Acknowledged snmp trap from the display list. They are still logged in the snmp trap log files

delete trap or notification

Clear All snmp trap

Erase all snmp trap from the display list. They are still logged in the snmp trap log files

delete snmp trap or snmp notification

Clear Selected snmp traps

Erase the selected snmp traps from the display list. They are still logged in the snmp trap log files

A double click on a snmp trap open the detailled window.

trap viewer
Snmp trap and snmp notification viewer

Creating Event on snmp trap reception

The snmp trapfilters.txt allows the administrator to trigger a local or remote event on specific snmp traps. The event is sent to the Event manager with a reference number (300 by default). This event could be filter as any Event and therefore trigger actions.

However, it is also possible to trigger an action when receiving a specific snmp trap.

Example

1.      LoriotPro receives a snmp trap of LinkDown type on its UDP port 162 and display it in the snmp trap window.

2.      This snmp trap is filtered in the snmp trapfilter.txt file, the associated action is to generate  an event with number 10 002.

3.      The snmp trap management process checks if any action should be executed for this snmp trap .

4.      Actions if exist are executed.

5.      The Event manager receives the 10 002 event, display it in the Global events window.

6.      The Event manager filter the incoming event to see if action should be made.

trap oid
snmp traps window

snmp traps are all displayed in the snmp traps window and forwarded to the Global Event window by default under the event number 300. The configuration is done in the snmp trap filter tree

trap action

The Link Down snmp trap is displayed as an Event

trap forward as event
Global Events window

Warning: Only filtered snmp trap defined in the snmp trapfilter.txt file generates events that will be displayed in the Global Event window.

By default, snmp traps use the Event number 300 as defined in the snmp trapfilter.txt but other number could be set up. In our example the LinkDown snmp trap generates an event number 100002. LoriotPro locally manages the snmp trap, however it is possible to route a snmp trap to another LoriotPro by using a snmp trap associated action to define in the snmp trapfilter.txt file.

Example : Extract of snmp trapfilter.txt file

snmp trap  LinkDown 2 0 6 "%r for %n from %i  Interface %1 at %t Description %1 Type %2 Status %3" 10002
action 0.0.0.0 0.0.0.0  *  wave "wave/linedown.wav"
event 10002 0.0.0.0 0.0.0.0 1 smtp "unknow@domain.com  LinkDown %i %r %R %m"

The snmp trapfilter.txt syntax is explain in a next chapter.

Warning: If the snmp trap is not defined in the snmp trapfilter.txt file there is no Event sending. Only the snmp trap window informs you about the snmp trap reception.


snmp trap collection algorithm

trap filter algorithmSNMP snmp trap management principle


snmp traps log file

All received snmp trap are stored in log files.

When receiving a snmp trap, LoriotPro creates a new entry in the current snmp trap log file. A new file is created each 24 hours with a new name and contains a time-stamp. This log files are located in  the directory /bin/www/log in a .csv format. The delimiter character is “;”.

File could be viewed from the LoriotPro graphical interface.

From the main menu select:

Supervise>See snmp traps Log Files…

trap menu

A selection window appears, choose your file

trap log file

snmp trap log file format

The snmp trap log file format use a CSV extension and could be read by a spreadsheet or any text editor. Each snmp trap generates two lines in the log file.

Line example

Date ;ip_source_packet ;ip_agent;snmp trap_OID;info;snmp trap_référence;snmp trap_spécifique ;valeur,OID ;valeur,OID ;…;<br>

Table of CSV field

Filed

Information

Date

The date of the packet reception

Ip_source_packet 

The source IP address of the snmp trap sender.

Ip_agent 

The IP address of the agent who send the snmp trap SNMP (snmp trap V1)

snmp trap_OID 

The snmp trap name (This one should be use in the snmp trapfilter.txt

Info

snmp trap Version

snmp trap reference 

snmp trap type V1
( 6 for « enterprise »)
ColdStart 0 0
LinkDown 2 0
LinkUp 3 0
Authentication 4 0
cisco 6 1

snmp trap_specifique 

snmp trap specific references of  ‘enterprise’ type

Options list 

All parameters sent with the snmp trap
Valeur,OID ; Valeur,OID ; Valeur,OID ;…… Valeur,OID ;

<br>

Just here for a futur HTML use

 Warning: This format will be changed in future version of LoriotPro.

Example : snmp trap_Feb_23_2002.csv

Sat Feb 23 13:31:39 2002;10.33.10.121;10.33.10.121;coldstart;ColdStart;0;0;4;6472,sysuptimeinstance;coldstart,snmpsnmp trapoid.0;Thu Jan 01 02:47:52 1970,sysuptimeinstance;power-on,whyreload.0;<br>
Sat Feb 23 13:31:39 2002;10.33.10.121;10.33.10.121;coldstart;ColdStart;0;0;4;6479,sysuptimeinstance;coldstart,snmpsnmp trapoid.0;Thu Jan 01 02:47:58 1970,sysuptimeinstance;power-on,whyreload.0;<br>
Sat Feb 23 13:31:40 2002;10.33.10.121;10.33.10.121;entconfigchange;snmp trapV3;6;0;3;6517,sysuptimeinstance;entconfigchange,snmpsnmp trapoid.0;Thu Jan 01 02:48:36 1970,entlastchangetime.0;<br>
Sat Feb 23 14:25:45 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;snmp trapV3;6;0;5;331131,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmpsnmp trapoid.0;commandLine,ccmhistoryeventcommandsource.1;2,ccmhistoryeventconfigsource.1;3,ccmhistoryeventconfigdestination.1;<br>
Sat Feb 23 14:25:53 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;snmp trapV3;6;0;5;331893,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmpsnmp trapoid.0;commandLine,ccmhistoryeventcommandsource.2;2,ccmhistoryeventconfigsource.2;3,ccmhistoryeventconfigdestination.2;<br>
Sat Feb 23 14:27:18 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;snmp trapV3;6;0;5;340434,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmpsnmp trapoid.0;commandLine,ccmhistoryeventcommandsource.3;2,ccmhistoryeventconfigsource.3;3,ccmhistoryeventconfigdestination.3;<br>
Sat Feb 23 14:27:34 2002;10.33.10.121;10.33.10.121;linkup;LinkUp;3;0;6;342005,sysuptimeinstance;linkup,snmpsnmp trapoid.0;12,ifindex.12;Loopback10,ifdescr.12;softwareLoopback,iftype.12;up,locifreason.12;<br>
Sat Feb 23 14:27:39 2002;10.33.10.121;10.33.10.121;linkdown;LinkDown;2;0;6;342527,sysuptimeinstance;linkdown,snmpsnmp trapoid.0;12,ifindex.12;Loopback10,ifdescr.12;softwareLoopback,iftype.12;administratively down,locifreason.12;<br>

snmp trap reception and action

The snmp trap manager process stores incoming snmp traps in the file and next displays them on the snmp traps window.

trap icon snmp traps  window

LoriotPro reads the memory loaded filter (created form the snmp trapfilter.txt) and compares to the incomingsnmp trap . If one satisfies the filter condition, a customized event is sent to a LoriotPro Event manager (local or remote according to the configuration). 

event from trap
snmp trap forwarded to the Event manager

 Example of LinkDown snmp trap configuration:

snmp trap  LinkDown 2 0 6 "%r for %n from %i  Interface %1 at %t Description %1 Type %2 Status %3" 10002
action 10.33.10.121 255.255.255.255 public wave "wave/ding.wav"
action 10.33.10.121 255.255.255.255  * winrun "telnet %i"
action 0.0.0.0 0.0.0.0  *  wave "wave/linedown.wav"

Remark: Consult the chapter about event filter creation for more information on the syntax used in the snmp trapfilter.txt.

In this example, the reception of a LinkDown  snmp trap generates a level 6 event with the reference 10 002. The event will be sent by using the character string below.

("%r for %n from %i  Interface %1 at %t Description %1 Type %2 Status %3")

The Event Manager process replaces the  %x with the text string from the received SNMP variables. Furthermore, if the IP address included in the snmp trap matches the mask defined in the filter, associated actions are realized.

In our example the action wave linedown (twanging alarm) will be played each time a snmp trap LinkDown arrives. If the snmp trap comes from the agent 10.33.10.121 a wave ding will be played in complement.

trap filter concept

snmp trap Algorithm


www.loriotpro.com