Lucy, just add a period to the beginning of the oid - .1.3.6.1.4.1.9.9.41.2
Blaine Owens
Eastman Chemical Company
Phone - (423)-229-3579
Fax - (423)-229-1188
bowens@eastman.com
> -----Original Message-----
> From: Lucy Premus [SMTP:lpremus@METLIFE.COM]
> Sent: Thursday, June 03, 1999 1:22 PM
> To: NV-L@UCSBVM.ucsb.edu
> Subject: Re: trap customization
>
> Leslie, Thank you for your response it was very helpful. However, there
> is one
> small problem. When the trap is generated it comes in saying "NO FMT IN
> TRAPD.CONF. Following is the actual command I'm entering (I'm just
> testing it
> at the command line first, before I put it in a script):
>
> snmptrap axscnv2 1.3.6.1.4.1.9.9.41.2 192.168.34.1 6 1 1
> 1.3.6.1.4.1.9.9.41.2.4 OctetString "302009 0 in use" (This is just a
> portion of
> the actual trap text)
>
> When the trap displays it adds 1.3.6.1.2.1 in front of the enterprise oid.
> The
> enterprise oid 1.3.6.1.4.1.9.9.41.2 is in the trapd.conf, so I'm assuming
> its
> saying theres NO FMT IN TRAPD.CONF because of the addition of the
> 1.3.6.1.2.1.
> Do you know why it would be adding this? Or better yet, how do I stop it
> from
> being added? Or maybe I'm doing something else wrong.
>
>
>
>
>
>
> "Leslie Clark" <lclark@US.IBM.COM> on 06/02/99 03:58:20 PM
>
> Please respond to "Discussion of IBM NetView and POLYCENTER Manager on
> NetView"
> <NV-L@UCSBVM.ucsb.edu>
>
> To: NV-L@UCSBVM.ucsb.edu
> cc: (bcc: Lucy Premus/Bsg/MetLife/US)
> Subject: Re: trap customization
>
>
>
> Follow Ken's suggestion if you have no special reason to distiguish
> the traps from each other and only want to change the format that is
> displayed. But if you want a different format depending on content, you
> will need to generate separate traps.
>
> Here's an example of how to use the snmptrap command:
> ==========================================================================
> ==
> #!/bin/ksh
> # Use to generate ifdown trap real enough to test T/EC
>
> NVHOST=NETMGR # the netview host
> ABOUTHOST=RTR0001 # the node the trap is about or from
> MYTRAPID=58916867 # Specific trap id (this is interface down)
> ENTERPRISE='.1.3.6.1.4.1.2.6.3' # Netview enterprise
>
>
> /usr/OV/bin/snmptrap $NVHOST $ENTERPRISE $ABOUTHOST 6 $MYTRAPID 1 \
> .1.3.6.1.4.1.2.6.3.1.1.2 Integer 14 \
> .1.3.6.1.4.1.2.6.3.1.1.3 OctetString $ABOUTHOST \
> .1.3.6.1.4.1.2.6.3.1.1.4 OctetString "Interface BRI3/0 Down. CRITICAL"
> \
> .1.3.6.1.4.1.2.6.3.1.1.5 OctetString "10.37.206.3 9345678 123 124"
>
> ==========================================================================
> =========
>
>
> The oids that go with the variable bindings in this case are Netview oids.
> The .3 is what Netview uses as $2 in events display formatting
> and is usually the same as the 'abouthost' in the snmptrap
> command. The last two match up with $3 and $4 in events display
> formatting. I think the .2 identifies the source, as in N or A from
> some enumeration somewhere. I always use 14. I forget why.
>
> I would use the Netview enterprise, generic 6, then a range of
> specifics depending on your groupings. The specific numbers
> 1000-1999 are reserved for customer use. Use the same oids for the
> variable bindings as above, as many as you need to pass the data you
> wantto pass. You could put all of it on one if you like. In your
> action in the ruleset, parse out the values from the syslog trap and
> fill them in on the snmptrap command.
>
> The '1' to the right of the trapid is the timestamp.
>
> Cordially,
>
> Leslie A. Clark
> IBM Global Services - Systems Mgmt & Networking
>
>
>
> Here's a simple stupid idea. Instead of capturing the trap and then
> issuing a
> new reformatted snmptrap, why not just redefine that specific trap to
> NetView in
> its trapd.conf file?
>
> For example, go to Options-->Event Configuration-->Trap Customization:
> Highlight cisco, highlight the specific trap, select "copy" and then enter
> a new
> event name but keep the same generic and specific numbers. Select your
> sources
> and then in the field for Event Log Message enter the following:
>
> Router $A reports $4
>
> where $A is the hostname issuing the trap and $4 is the datafield you
> wanted to
> display.
>
> Also you might want to add the same line in the data field for Popup
> Notification.
>
> Finally, call up the Trap Customization for the original trap, check the
> button
> for "Status Events" and select "Don't Log or Display".
>
> Regards,
> ken
> kgarst@giantofmaryland.com
>
>
>
>
>
> Ok James, I'm attempting to create a test trap using the snmptrap command
> (before I actually write the script) and I'm lost. If I want the new trap
> to
> basically read the same way as the original only adding some more text (to
> possibly include a recommended action) how do I pass all the information
> from
> the original trap to the script (ie. resource name that generated the trap
> (firewall system), timestamp, all the other variables (specifically the
> clogHistTextMsg))? Actually, what is the exact format of the snmptrap
> command
> if I want to basically read the incoming trap and spit it back out with
> all the
> same info plus some additional info? I did a 'man' for snmptrap, but I
> can't
> seem to follow it.
>
>
>
>
>
> James_Shanks@tivoli.com on 06/02/99 12:50:08 PM
>
> Please respond to NV-L@ucsbvm.ucsb.edu
>
> To: NV-L@ucsbvm.ucsb.edu
> cc: (bcc: Lucy Premus/Bsg/MetLife/US)
> Subject: Re: trap customization
>
>
>
> You want to issue a new trap? Then you have two ways to go, but either
> way you must write a script to issue the snmptrap command with your new
> trap data in it. Then you can kick off that script either in a ruleset
> or
> from an automatic action in trapd.conf. But writing the script is your
> first step. You have to pass your script the elements of the trap you
> want
> to pass along. Do you follow me?
>
>
> James Shanks
> Tivoli (NetView for UNIX) L3 Support
>
>
>
> Lucy Premus <lpremus@METLIFE.COM> on 06/02/99 11:17:18 AM
>
> Please respond to Discussion of IBM NetView and POLYCENTER Manager on
> NetView <NV-L@UCSBVM.UCSB.EDU>
>
> To: NV-L@UCSBVM.UCSB.EDU
> cc: (bcc: James Shanks/Tivoli Systems)
> Subject: trap customization
>
>
>
>
>
> Below is an example of a trap we receive from our Cisco PIX firewalls. It
> is
> actually a syslog message, generated by the firewall, that is received by
> NetView and converted to a trap via the Cisco syslog mib that I've loaded
> into
> NetView. There are several different syslog messages that can come into
> NetView, from the firewalls, but they are all converted and displayed as
> events
> via the same syslog mib.
>
> What I would like to do is capture the trap and display a different
> customized
> event, based on the clogHistMsgText=?????? field (which will be different
> depending on the syslog message sent from the firewall). I believe that
> field
> is $4. Is this possible? Can it be done via a ruleset or some other
> method?
>
> Wed Jun 02 11:04:06 1999 192.168.34.1 A clogMessageGenerated trap
> received from enterprise ciscoSylogMIBNotificationPrefix with 5 arguments:
> clogHistFacility=20; clogHistSeverity=7; clogHistMsgName=Syslog Trap;
> clogHistMsgText=302009; 0 in use, 16384 licensed, 3 most used;
> clogHistTimestamp=0
>
> SPECIFIC : 1 (hex: 1)
> GENERIC : 6
> CATEGORY : Status Events
> ENTERPRISE : ciscoSyslogMIBNotificationPrefix 1.3.6.1.4.1.9.9.41.2
|