Leslie, Thank you for your response it was very helpful. However, there is one
small problem. When the trap is generated it comes in saying "NO FMT IN
TRAPD.CONF. Following is the actual command I'm entering (I'm just testing it
at the command line first, before I put it in a script):
snmptrap axscnv2 1.3.6.1.4.1.9.9.41.2 192.168.34.1 6 1 1
1.3.6.1.4.1.9.9.41.2.4 OctetString "302009 0 in use" (This is just a portion of
the actual trap text)
When the trap displays it adds 1.3.6.1.2.1 in front of the enterprise oid. The
enterprise oid 1.3.6.1.4.1.9.9.41.2 is in the trapd.conf, so I'm assuming its
saying theres NO FMT IN TRAPD.CONF because of the addition of the 1.3.6.1.2.1.
Do you know why it would be adding this? Or better yet, how do I stop it from
being added? Or maybe I'm doing something else wrong.
"Leslie Clark" <lclark@US.IBM.COM> on 06/02/99 03:58:20 PM
Please respond to "Discussion of IBM NetView and POLYCENTER Manager on NetView"
<NV-L@UCSBVM.ucsb.edu>
To: NV-L@UCSBVM.ucsb.edu
cc: (bcc: Lucy Premus/Bsg/MetLife/US)
Subject: Re: trap customization
Follow Ken's suggestion if you have no special reason to distiguish
the traps from each other and only want to change the format that is
displayed. But if you want a different format depending on content, you
will need to generate separate traps.
Here's an example of how to use the snmptrap command:
===========================================================================
#!/bin/ksh
# Use to generate ifdown trap real enough to test T/EC
NVHOST=NETMGR # the netview host
ABOUTHOST=RTR0001 # the node the trap is about or from
MYTRAPID=58916867 # Specific trap id (this is interface down)
ENTERPRISE='.1.3.6.1.4.1.2.6.3' # Netview enterprise
/usr/OV/bin/snmptrap $NVHOST $ENTERPRISE $ABOUTHOST 6 $MYTRAPID 1 \
.1.3.6.1.4.1.2.6.3.1.1.2 Integer 14 \
.1.3.6.1.4.1.2.6.3.1.1.3 OctetString $ABOUTHOST \
.1.3.6.1.4.1.2.6.3.1.1.4 OctetString "Interface BRI3/0 Down. CRITICAL" \
.1.3.6.1.4.1.2.6.3.1.1.5 OctetString "10.37.206.3 9345678 123 124"
==================================================================================
The oids that go with the variable bindings in this case are Netview oids.
The .3 is what Netview uses as $2 in events display formatting
and is usually the same as the 'abouthost' in the snmptrap
command. The last two match up with $3 and $4 in events display
formatting. I think the .2 identifies the source, as in N or A from
some enumeration somewhere. I always use 14. I forget why.
I would use the Netview enterprise, generic 6, then a range of
specifics depending on your groupings. The specific numbers
1000-1999 are reserved for customer use. Use the same oids for the
variable bindings as above, as many as you need to pass the data you
wantto pass. You could put all of it on one if you like. In your
action in the ruleset, parse out the values from the syslog trap and
fill them in on the snmptrap command.
The '1' to the right of the trapid is the timestamp.
Cordially,
Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Here's a simple stupid idea. Instead of capturing the trap and then issuing a
new reformatted snmptrap, why not just redefine that specific trap to NetView in
its trapd.conf file?
For example, go to Options-->Event Configuration-->Trap Customization:
Highlight cisco, highlight the specific trap, select "copy" and then enter a new
event name but keep the same generic and specific numbers. Select your sources
and then in the field for Event Log Message enter the following:
Router $A reports $4
where $A is the hostname issuing the trap and $4 is the datafield you wanted to
display.
Also you might want to add the same line in the data field for Popup
Notification.
Finally, call up the Trap Customization for the original trap, check the button
for "Status Events" and select "Don't Log or Display".
Regards,
ken
kgarst@giantofmaryland.com
Ok James, I'm attempting to create a test trap using the snmptrap command
(before I actually write the script) and I'm lost. If I want the new trap to
basically read the same way as the original only adding some more text (to
possibly include a recommended action) how do I pass all the information from
the original trap to the script (ie. resource name that generated the trap
(firewall system), timestamp, all the other variables (specifically the
clogHistTextMsg))? Actually, what is the exact format of the snmptrap command
if I want to basically read the incoming trap and spit it back out with all the
same info plus some additional info? I did a 'man' for snmptrap, but I can't
seem to follow it.
James_Shanks@tivoli.com on 06/02/99 12:50:08 PM
Please respond to NV-L@ucsbvm.ucsb.edu
To: NV-L@ucsbvm.ucsb.edu
cc: (bcc: Lucy Premus/Bsg/MetLife/US)
Subject: Re: trap customization
You want to issue a new trap? Then you have two ways to go, but either
way you must write a script to issue the snmptrap command with your new
trap data in it. Then you can kick off that script either in a ruleset or
from an automatic action in trapd.conf. But writing the script is your
first step. You have to pass your script the elements of the trap you want
to pass along. Do you follow me?
James Shanks
Tivoli (NetView for UNIX) L3 Support
Lucy Premus <lpremus@METLIFE.COM> on 06/02/99 11:17:18 AM
Please respond to Discussion of IBM NetView and POLYCENTER Manager on
NetView <NV-L@UCSBVM.UCSB.EDU>
To: NV-L@UCSBVM.UCSB.EDU
cc: (bcc: James Shanks/Tivoli Systems)
Subject: trap customization
Below is an example of a trap we receive from our Cisco PIX firewalls. It
is
actually a syslog message, generated by the firewall, that is received by
NetView and converted to a trap via the Cisco syslog mib that I've loaded
into
NetView. There are several different syslog messages that can come into
NetView, from the firewalls, but they are all converted and displayed as
events
via the same syslog mib.
What I would like to do is capture the trap and display a different
customized
event, based on the clogHistMsgText=?????? field (which will be different
depending on the syslog message sent from the firewall). I believe that
field
is $4. Is this possible? Can it be done via a ruleset or some other
method?
Wed Jun 02 11:04:06 1999 192.168.34.1 A clogMessageGenerated trap
received from enterprise ciscoSylogMIBNotificationPrefix with 5 arguments:
clogHistFacility=20; clogHistSeverity=7; clogHistMsgName=Syslog Trap;
clogHistMsgText=302009; 0 in use, 16384 licensed, 3 most used;
clogHistTimestamp=0
SPECIFIC : 1 (hex: 1)
GENERIC : 6
CATEGORY : Status Events
ENTERPRISE : ciscoSyslogMIBNotificationPrefix 1.3.6.1.4.1.9.9.41.2
|