snmp management software LoriotProsnmp management software LoriotPro

Administrator Handbook
www.loriotpro.com

TOC

Traps events

Devices are able to send on their own SNMP trap to a pre-configured management system. LoriotPro is able to receive and interpret these Traps. Loriotpro supports Traps of SNMP v1 and Notification or Inform of SNMP V2c or V3 (restricted).

LoriotPro assumes the necessary translation between standard Traps and the associated notifications of the V2c and V3.

By nature, LoriotPro received all trap on the UPD standard port 162. The software analyzes the different received trap types and displays the results in the trap window. The trapfilters.txt allows the administrator to trigger a local or remote event on specific traps. The event is sent to the Event manager with a reference number (300 by default). This event could be filter as any Event and therefore trigger actions.

However, it is also possible to trigger an action when receiving a specific trap.

Example

1)    LoriotPro receives a Trap of LinkDown type on its UDP port 162 and display it in the Trap window.
2)    This Trap is filtered in the trapfilter.txt file, the associated action is to generate  an event with number 10 002.
3)    The Trap management process checks if any action should be executed for this Trap .
4)    Actions if exist are executed.
5)    The Event manager receives the 10 002 event, display it in the Global events window.
6)    The Event manager filter the incoming event to see if action should be made.

Traps window

Traps are all displayed in the Traps window.

Global Events window

Warning: Only filtered Trap defined in the trapfilter.txt file generates events that will be displayed in the Global Event window.

By default, Traps use the Event number 300 as defined in the trapfilter.txt but other number could be set up. In our example the LinkDown Trap generates an event number 100002. LoriotPro locally manages the Trap, however it is possible to route a Trap to another LoriotPro by using a Trap associated action to define in the trapfilter.txt file.

Example : Extract of trapfilter.txt file

trap  LinkDown 2 0 6 "%r for %n from %i  Interface %1 at %t Description %1 Type %2 Status %3" 10002
action 0.0.0.0 0.0.0.0  *  wave "wave/linedown.wav"
event 10002 0.0.0.0 0.0.0.0 1 smtp "unknow@domain.com  LinkDown %i %r %R %m"

The trapfilter.txt syntax is explain in a next chapter.

Warning: If the Trap is not defined in the trapfilter.txt file there is no Event sending. Only the Trap window informs you about the Trap reception.

SNMP Trap management principle

Traps log file

All received Trap are stored in log files.

When receiving a Trap, LoriotPro creates a new entry in the current Trap log file. A new file is created each 24 hours with a new name and contains a time-stamp. This log files are located in  the directory /bin/www/log in a .csv format. The delimiter character is “;”.

File could be viewed from the LoriotPro graphical interface.

From the main menu select:

Supervise>See Traps Log Files…

A selection window appears, choose your file

Trap log file format

The Trap log file format use a CSV extension and could be read by a spreadsheet or any text editor. Each trap generates two lines in the log file.

Line example

Date ;ip_source_packet ;ip_agent;trap_OID;info;trap_référence;trap_spécifique ;valeur,OID ;valeur,OID ;…;<br>

Table of CSV field

Filed

Information

Date

The date of the packet reception

Ip_source_packet 

The source IP address of the Trap sender.

Ip_agent 

The IP address of the agent who send the trap SNMP (trap V1)

Trap_OID 

The trap name (This one should be use in the trapfilter.txt

Info

Trap Version

Trap reference 

Trap type V1
( 6 for « enterprise »)
ColdStart 0 0
LinkDown 2 0
LinkUp 3 0
Authentication 4 0
cisco 6 1

Trap_specifique 

Trap specific references of  ‘enterprise’ type

Options list 

All parameters sent with the Trap
Valeur,OID ; Valeur,OID ; Valeur,OID ;…… Valeur,OID ;

<br>

Just here for a futur HTML use

 Warning: This format will be changed in future version of LoriotPro.

Example : trap_Feb_23_2002.csv

Sat Feb 23 13:31:39 2002;10.33.10.121;10.33.10.121;coldstart;ColdStart;0;0;4;6472,sysuptimeinstance;coldstart,snmptrapoid.0;Thu Jan 01 02:47:52 1970,sysuptimeinstance;power-on,whyreload.0;<br>
Sat Feb 23 13:31:39 2002;10.33.10.121;10.33.10.121;coldstart;ColdStart;0;0;4;6479,sysuptimeinstance;coldstart,snmptrapoid.0;Thu Jan 01 02:47:58 1970,sysuptimeinstance;power-on,whyreload.0;<br>
Sat Feb 23 13:31:40 2002;10.33.10.121;10.33.10.121;entconfigchange;TrapV3;6;0;3;6517,sysuptimeinstance;entconfigchange,snmptrapoid.0;Thu Jan 01 02:48:36 1970,entlastchangetime.0;<br>
Sat Feb 23 14:25:45 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;TrapV3;6;0;5;331131,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmptrapoid.0;commandLine,ccmhistoryeventcommandsource.1;2,ccmhistoryeventconfigsource.1;3,ccmhistoryeventconfigdestination.1;<br>
Sat Feb 23 14:25:53 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;TrapV3;6;0;5;331893,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmptrapoid.0;commandLine,ccmhistoryeventcommandsource.2;2,ccmhistoryeventconfigsource.2;3,ccmhistoryeventconfigdestination.2;<br>
Sat Feb 23 14:27:18 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;TrapV3;6;0;5;340434,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmptrapoid.0;commandLine,ccmhistoryeventcommandsource.3;2,ccmhistoryeventconfigsource.3;3,ccmhistoryeventconfigdestination.3;<br>
Sat Feb 23 14:27:34 2002;10.33.10.121;10.33.10.121;linkup;LinkUp;3;0;6;342005,sysuptimeinstance;linkup,snmptrapoid.0;12,ifindex.12;Loopback10,ifdescr.12;softwareLoopback,iftype.12;up,locifreason.12;<br>
Sat Feb 23 14:27:39 2002;10.33.10.121;10.33.10.121;linkdown;LinkDown;2;0;6;342527,sysuptimeinstance;linkdown,snmptrapoid.0;12,ifindex.12;Loopback10,ifdescr.12;softwareLoopback,iftype.12;administratively down,locifreason.12;<br>

Trap reception and action

The Trap manager process stores incoming traps in the file and next displays them on the Traps window.


Traps  window

LoriotPro reads the memory loaded filter (created form the trapfilter.txt) and compares to the incomingTrap . If one satisfies the filter condition, a customized event is sent to a LoriotPro Event manager (local or remote according to the configuration). 


Trap manager forwarded to the Event manager

 Example of LinkDown Trap configuration:

trap  LinkDown 2 0 6 "%r for %n from %i  Interface %1 at %t Description %1 Type %2 Status %3" 10002
action 10.33.10.121 255.255.255.255 public wave "wave/ding.wav"
action 10.33.10.121 255.255.255.255  * winrun "telnet %i"
action 0.0.0.0 0.0.0.0  *  wave "wave/linedown.wav"

Remark: Consult the chapter about event filter creation for more information on the syntax used in the trapfilter.txt.

In this example, the reception of a LinkDown  trap generates a level 6 event with the reference 10 002. The event will be sent by using the character string below.

("%r for %n from %i  Interface %1 at %t Description %1 Type %2 Status %3")

The Event Manager process replaces the  %x with the text string from the received SNMP variables. Furthermore, if the IP address included in the Trap matches the mask defined in the filter, associated actions are realized.

In our example the action wave linedown (twanging alarm) will be played each time a Trap LinkDown arrives. If the Trap comes from the agent 10.33.10.121 a wave ding will be played in complement.

SNMP Traps Algorithm


www.loriotpro.com
Copyright © 2004 LUTEUS SARL. All rights reserved. This documentation is copyrighted by LUTEUS SARL. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying or otherwise, without the prior express written permission of LUTEUS SARL