Ok James, I'm attempting to create a test trap using the snmptrap command
(before I actually write the script) and I'm lost. If I want the new trap to
basically read the same way as the original only adding some more text (to
possibly include a recommended action) how do I pass all the information from
the original trap to the script (ie. resource name that generated the trap
(firewall system), timestamp, all the other variables (specifically the
clogHistTextMsg))? Actually, what is the exact format of the snmptrap command
if I want to basically read the incoming trap and spit it back out with all the
same info plus some additional info? I did a 'man' for snmptrap, but I can't
seem to follow it.
James_Shanks@tivoli.com on 06/02/99 12:50:08 PM
Please respond to NV-L@ucsbvm.ucsb.edu
To: NV-L@ucsbvm.ucsb.edu
cc: (bcc: Lucy Premus/Bsg/MetLife/US)
Subject: Re: trap customization
You want to issue a new trap? Then you have two ways to go, but either
way you must write a script to issue the snmptrap command with your new
trap data in it. Then you can kick off that script either in a ruleset or
from an automatic action in trapd.conf. But writing the script is your
first step. You have to pass your script the elements of the trap you want
to pass along. Do you follow me?
James Shanks
Tivoli (NetView for UNIX) L3 Support
Lucy Premus <lpremus@METLIFE.COM> on 06/02/99 11:17:18 AM
Please respond to Discussion of IBM NetView and POLYCENTER Manager on
NetView <NV-L@UCSBVM.UCSB.EDU>
To: NV-L@UCSBVM.UCSB.EDU
cc: (bcc: James Shanks/Tivoli Systems)
Subject: trap customization
Below is an example of a trap we receive from our Cisco PIX firewalls. It
is
actually a syslog message, generated by the firewall, that is received by
NetView and converted to a trap via the Cisco syslog mib that I've loaded
into
NetView. There are several different syslog messages that can come into
NetView, from the firewalls, but they are all converted and displayed as
events
via the same syslog mib.
What I would like to do is capture the trap and display a different
customized
event, based on the clogHistMsgText=?????? field (which will be different
depending on the syslog message sent from the firewall). I believe that
field
is $4. Is this possible? Can it be done via a ruleset or some other
method?
Wed Jun 02 11:04:06 1999 192.168.34.1 A clogMessageGenerated trap
received from enterprise ciscoSylogMIBNotificationPrefix with 5 arguments:
clogHistFacility=20; clogHistSeverity=7; clogHistMsgName=Syslog Trap;
clogHistMsgText=302009; 0 in use, 16384 licensed, 3 most used;
clogHistTimestamp=0
SPECIFIC : 1 (hex: 1)
GENERIC : 6
CATEGORY : Status Events
ENTERPRISE : ciscoSyslogMIBNotificationPrefix 1.3.6.1.4.1.9.9.41.2
|