Yes, Gord, all traps have an enterprise id. The basic enterprise id is
assigned by the Internet Authority. For example, IBM's is 2, Cisco's is 9.
Thus the traps for all IBM products begin with 1.3.6.1.4.1.2 and for Cisco
1.3.6.1.4.1.9. The "1.3.6.1.4.1" is the part of the MIB which means
"iso.org.dod.internet.private.enterprises" . If you want an explanation of
this, get a book on SNMP management and read it.
After that each vendor is allowed to make whatever subdivisions he or she
wants. So all NetView traps begin with 1.3.6.1.4.1.2.6 (the "6" means
"NetView" if you like) and NetView decided that all network traps would be
further designated with a three, so if you go into Event Configuration you
will see that the NetView enterprise is defined as " 1.3.6.1.4.1.2.6 .3 ".
Within an enterprise traps are further identified by generic and specific
ids if they are unique to that vendor. There are five traps which SNMP
defines and from generic id 6 on, they are all unique to that vendor. What
I mean is that while each vendor could define his or her own specific trap
#1 , each would mean a different thing to that vendor. In other words,
Generic id 6 Specific trap 1 means something different for
1.3.6.1.4.1.2.6.3 (NetView) than it does for 1.3.6.1.4.1.9 (Cisco). That's
why you must have all three elements.
Type in xnmtrap and look how traps are defined. Then look in the Admin
Guide where it talls about adding your own. This isn't that hard and soon
it will make sense.
James Shanks
Tivoli (NetView for UNIX) L3 Support
Gord Michaels <gord_michaels@HOTMAIL.COM> on 05/20/99 10:12:07 AM
Please respond to Discussion of IBM NetView and POLYCENTER Manager on
NetView <NV-L@UCSBVM.UCSB.EDU>
To: NV-L@UCSBVM.UCSB.EDU
cc: (bcc: James Shanks/Tivoli Systems)
Subject: Re: Trap help....
Hello and Thankyou for your input.
So, essentially, in order for Netview to recognize I must edit my
trapd.conf
file and then I can choose to No Log or Display. Great.
But here is a more conceptual question....
Do specific traps have Enterprise Object ID values ?? I was under the
impression that each trap was uniquely defined by its Generic value and
Specific value, but I am reading about a Enterprise Object ID value for
traps ??
For example, in the Cisco traps.script I recently downloaded...
merge_trap 1.3.6.1.4.1.9.9.43.2 cisco-config-man "Status Events" 1 6 1
ciscoConfigManEvent \
"Notification of a configuration management event as \
recorded in ccmHistoryEventTable." \
"trap received from enterprise \$E with \$# arguments: \
ccmHistoryEventCommandSource=\$1; \
ccmHistoryEventConfigSource=\$2; \
ccmHistoryEventConfigDestination=\$3"
What is the "1.3.6.1.4.1.9.9.43.2" refer to ?? Does this identify the trap
or the device it pertains to ??
Secondly, do all Cisoc traps come with 6 variable bindings or does that
change on a per trap basis
Any info appreciated.
>From: Leslie Clark <lclark@US.IBM.COM>
>Reply-To: Discussion of IBM NetView and POLYCENTER Manager on NetView
> <NV-L@UCSBVM.ucsb.edu>
>To: NV-L@UCSBVM.ucsb.edu
>Subject: Re: Trap help....
>Date: Thu, 20 May 1999 07:14:19 -0400
>
>This is standard format (that is, verbose) for traps that have not been
>defined
>to Netview. The source is an internal netview notion, as in which
component
>of
>netview generated the trap. If configured, the source would be A, for
>Agent, as
>in
>it came from an snmp agent on a device, as oposed to n for netmon. The
>Generic/Specific numbers should be enough to let you find it in the Cisco
>documentation, although this one is well known by the name
tcpconnectclose.
>Most cisco devices are very flexible about which events they send, and you
>should be able to configure that one to be off. UNLESS you are getting
lots
>and
>lots of them, in which case they may be a symptom of a problem, which you
>will
>want to fix. For instance, I saved this helpful response:
>
> >I've had this problem before when migrating from rsrb to dlsw. The
>source of
> >the problem was a leftover source-bridge remote-peer statement in the
>cisco
> >config (with no matching peer statement on the remote router).
>
> >If you query the mib2 tcpConnTable for the routers in question, you
>should see
> >the ip addresses that are the source of the trouble. (You may need to
>issue
> >the query several times to see which connections keep opening and
>closing.)
>
> >Hope that helps...
>
> >Mike Flood
>
>Cordially,
>
>Leslie A. Clark
>IBM Global Services - Systems Mgmt & Networking
>
>
>Thanks,
>
>I am new to the Cisco side of things. Is this the standard format for a
>Cisco trap, it seems like something is wrong?? Why is the source unknown?
>What information can I get from the six variable bindings to turn it off
at
>the source or is the Specific # all need?
>
>Any info appreciated.
>
>Gord.
>
> >From: "Owens, Blaine C" <bowens@EASTMAN.COM>
> >Reply-To: Discussion of IBM NetView and POLYCENTER Manager on NetView
> > <NV-L@UCSBVM.ucsb.edu>
> >To: NV-L@UCSBVM.ucsb.edu
> >Subject: Re: Trap help....
> >Date: Wed, 19 May 1999 15:28:52 -0400
> >
> >This is Cisco specific trap #1 - TCP Connection Closed. Somebody did a
> >telnet to d2d5.gov.bc.ca and then logged off.
> >
> >Blaine Owens
> >Eastman Chemical Company
> >Phone - (423)-229-3579
> >Fax - (423)-229-1188
> >bowens@eastman.com
> >
> > > -----Original Message-----
> > > From: Gord Michaels [SMTP:gord_michaels@HOTMAIL.COM]
> > > Sent: Wednesday, May 19, 1999 12:20 PM
> > > To: NV-L@UCSBVM.ucsb.edu
> > > Subject: Trap help....
> > >
> > > Hello All.
> > >
> > > I am receiving a trap from a Cisco router which has "Source not known
> >(u).
> > > As a result, it does not look like a normal trap and I do not really
> >know
> > > how to interpret it. Basically, I want to turn this trap off at the
> > > source,
> > > but what info can I extract from this trap and provide to my Cisco
gut
> >in
> > > order for him to do this ??
> > >
> > > Here is the trap...
> > >
> > > DESCRIPTION: Tue May 19 09:38:41 1999 d2d5.gov.bc.ca u Trap: generic
6
> > > specific 1 args (6) :
> > > [1] private.enterprises.9.2.9.3.1.1.2.1 (Integer) : 5
> > > [2] tcpConnState.162.25.254.21.27138.162.26.254.22.23 (Integer) : 8
> > > [3] 9.2.6.1.1.5.162.25.254.21.27138.162.26.254.22.23 (Ticks) : 4101
> > > [4] 9.2.6.1.1.5.162.25.254.21.27138.162.26.254.22.23 (Integer) : 2779
> > > [5] 9.2.6.1.1.5.162.25.254.21.27138.162.26.254.22.23 (Integer) : 106
> > > [6] private.enterprises.9.2.9.2.1.18.2 (OctetString) :
> > > NOTES :
> > > INFO :
> > > HOSTNAME : d2d5.gov.bc.ca
> > > ENTERPRISE : cisco 1.3.6.1.4.1.9
> > > GENERIC : 6
> > > SPECIFIC : 1
> > > LOGGEDTIME : 05/19/99 09:38:41
> > > SEVERITY : Indeterminate
> > > CATEGORY : Status Events
> > > SOURCE : Source not known (u)
> > >
> > > Any help/info interpreting this trap appreciated.
> > >
> > > Sincerely,
> > >
> > > Gord Michaels.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > ______________________________________________________
> > > Get Your Private, Free Email at http://www.hotmail.com
>
>
>______________________________________________________
>Get Your Private, Free Email at http://www.hotmail.com
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
|