Devices are able to send on their own SNMP trap to a pre-configured management system. LoriotPro is able to receive and interpret these Traps. Loriotpro supports Traps of SNMP v1 and Notification or Inform of SNMP V2c or V3 (restricted).
LoriotPro assumes the necessary translation between standard Traps and the associated notifications of the V2c and V3.
By nature, LoriotPro received all trap on the UPD standard port 162. The software analyzes the different received trap types and displays the results in the trap window. The trapfilters.txt allows the administrator to trigger a local or remote event on specific traps. The event is sent to the Event manager with a reference number (300 by default). This event could be filter as any Event and therefore trigger actions.
However, it is also possible to trigger an action when receiving a specific trap.
Example 1) LoriotPro receives
a Trap of LinkDown type on its UDP port 162 and display it in
the Trap window.
2) This Trap is filtered in the
trapfilter.txt file, the associated action is to generate an event
with number 10 002.
3) The Trap management process
checks if any action should be executed for this Trap .
4) Actions if exist are executed.
5) The Event manager receives
the 10 002 event, display it in the Global events window.
6) The Event manager filter the
incoming event to see if action should be made.
Traps window
Traps are all displayed in the Traps window.
Global Events window
Warning: Only filtered Trap defined in the trapfilter.txt file generates events that will be displayed in the Global Event window.
By default, Traps use the Event number 300 as defined in the trapfilter.txt but other number could be set up. In our example the LinkDown Trap generates an event number 100002. LoriotPro locally manages the Trap, however it is possible to route a Trap to another LoriotPro by using a Trap associated action to define in the trapfilter.txt file.
Example : Extract of trapfilter.txt file
trap LinkDown 2 0 6 "%r for %n from %i Interface
%1 at %t Description %1 Type %2 Status %3" 10002
action 0.0.0.0 0.0.0.0 * wave "wave/linedown.wav"
event 10002 0.0.0.0 0.0.0.0 1 smtp "unknow@domain.com
LinkDown %i %r %R %m"
The trapfilter.txt syntax is explain in a next chapter.
Warning: If the Trap is not defined in the trapfilter.txt file there is no Event sending. Only the Trap window informs you about the Trap reception.
SNMP Trap management principle
All received Trap are stored in log files.
When receiving a Trap, LoriotPro creates a new entry in the current Trap log file. A new file is created each 24 hours with a new name and contains a time-stamp. This log files are located in the directory /bin/www/log in a .csv format. The delimiter character is “;”.
File could be viewed from the LoriotPro graphical interface.
From the main menu select:
Supervise>See Traps Log Files…
A selection window appears, choose your file
The Trap log file format use a CSV extension and could be read by a spreadsheet or any text editor. Each trap generates two lines in the log file.
Line example
Date ;ip_source_packet ;ip_agent;trap_OID;info;trap_référence;trap_spécifique ;valeur,OID ;valeur,OID ;…;<br>
Table of CSV field
Filed |
Information |
Date |
The date of the packet reception |
Ip_source_packet |
The source IP address of the Trap sender. |
Ip_agent |
The IP address of the agent who send the trap SNMP (trap V1) |
Trap_OID |
The trap name (This one should be use in the trapfilter.txt |
Info |
Trap Version |
Trap reference |
Trap type V1 |
Trap_specifique |
Trap specific references of ‘enterprise’ type |
Options list |
All parameters sent with the
Trap |
<br> |
Just here for a futur HTML use |
Warning: This format will be changed in future version of LoriotPro.
Example : trap_Feb_23_2002.csv
Sat Feb 23 13:31:39 2002;10.33.10.121;10.33.10.121;coldstart;ColdStart;0;0;4;6472,sysuptimeinstance;coldstart,snmptrapoid.0;Thu
Jan 01 02:47:52 1970,sysuptimeinstance;power-on,whyreload.0;<br>
Sat Feb 23 13:31:39 2002;10.33.10.121;10.33.10.121;coldstart;ColdStart;0;0;4;6479,sysuptimeinstance;coldstart,snmptrapoid.0;Thu
Jan 01 02:47:58 1970,sysuptimeinstance;power-on,whyreload.0;<br>
Sat Feb 23 13:31:40 2002;10.33.10.121;10.33.10.121;entconfigchange;TrapV3;6;0;3;6517,sysuptimeinstance;entconfigchange,snmptrapoid.0;Thu
Jan 01 02:48:36 1970,entlastchangetime.0;<br>
Sat Feb 23 14:25:45 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;TrapV3;6;0;5;331131,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmptrapoid.0;commandLine,ccmhistoryeventcommandsource.1;2,ccmhistoryeventconfigsource.1;3,ccmhistoryeventconfigdestination.1;<br>
Sat Feb 23 14:25:53 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;TrapV3;6;0;5;331893,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmptrapoid.0;commandLine,ccmhistoryeventcommandsource.2;2,ccmhistoryeventconfigsource.2;3,ccmhistoryeventconfigdestination.2;<br>
Sat Feb 23 14:27:18 2002;10.33.10.121;10.33.10.121;ciscoconfigmanmibnotifications.1;TrapV3;6;0;5;340434,sysuptimeinstance;ciscoconfigmanmibnotifications.1,snmptrapoid.0;commandLine,ccmhistoryeventcommandsource.3;2,ccmhistoryeventconfigsource.3;3,ccmhistoryeventconfigdestination.3;<br>
Sat Feb 23 14:27:34 2002;10.33.10.121;10.33.10.121;linkup;LinkUp;3;0;6;342005,sysuptimeinstance;linkup,snmptrapoid.0;12,ifindex.12;Loopback10,ifdescr.12;softwareLoopback,iftype.12;up,locifreason.12;<br>
Sat Feb 23 14:27:39 2002;10.33.10.121;10.33.10.121;linkdown;LinkDown;2;0;6;342527,sysuptimeinstance;linkdown,snmptrapoid.0;12,ifindex.12;Loopback10,ifdescr.12;softwareLoopback,iftype.12;administratively
down,locifreason.12;<br>
The Trap manager process stores incoming traps in the file and next displays them on the Traps window.
Traps window
LoriotPro reads the memory loaded filter (created form the trapfilter.txt) and compares to the incomingTrap . If one satisfies the filter condition, a customized event is sent to a LoriotPro Event manager (local or remote according to the configuration).
Trap manager forwarded to the Event manager
trap LinkDown 2 0 6 "%r for %n from %i Interface %1
at %t Description %1 Type %2 Status %3" 10002
action 10.33.10.121 255.255.255.255 public wave "wave/ding.wav"
action 10.33.10.121 255.255.255.255 * winrun "telnet %i"
action 0.0.0.0 0.0.0.0 * wave "wave/linedown.wav"
Remark: Consult the chapter about event filter creation for more information on the syntax used in the trapfilter.txt.
In this example, the reception of a LinkDown trap generates a level 6 event with the reference 10 002. The event will be sent by using the character string below.
("%r for %n from %i Interface %1 at %t Description %1 Type %2 Status %3")
The Event Manager process replaces the %x with the text string from the received SNMP variables. Furthermore, if the IP address included in the Trap matches the mask defined in the filter, associated actions are realized.
In our example the action wave linedown (twanging alarm) will be played each time a Trap LinkDown arrives. If the Trap comes from the agent 10.33.10.121 a wave ding will be played in complement.
SNMP Traps Algorithm
www.loriotpro.com |
|