[Top] [All Lists]

[nv-l] Cursed Cisco Trap Formats

To: <nv-l@lists.tivoli.com>
Subject: [nv-l] Cursed Cisco Trap Formats
From: "Barr, Scott" <Scott_Barr@csgsystems.com>
Date: Thu, 3 Oct 2002 11:26:46 -0500
NetView 7.1.1 on Solaris 2.8
Okay guys, I am looking for a way to skin a Cisco cat. The problem is due to the fact that we run a wide variety of protocols and routers, we often do not run the latest Cisco IOS versions. I recently had a situation where I observed this in trapd.log:
1033361376 3 Sun Sep 29 23:49:36 2002 <routernamehere> A Cisco_Link_Down trap received from enterprise cisco with 3 arguments: ifIndex=24; ifDescr=ATM1/0.8-aal5 layer; ifType=49; locIfReason=FMT ERROR: accessing element #4, only 3 available                                                               
Notice the format error. The reason this occurs is because under most circumstances the cisco IOS is delivering only 3 elements and the trap format in trapd.conf has 4 elements defined. So I opened TAC case on this with Cisco and they told me to use the following command on the routers:
snmp-server trap link ietf
Now, the trap comes in and looks like this:
1033478849 3 Tue Oct 01 08:27:29 2002 <routernamehere> A Cisco_Link_Down trap received from enterprise cisco with 5 arguments: ifIndex=26; ifDescr=2; ifType=2;  locIfReason=ATM1/0.9-aal5 layer                  
Now we get five arguments (still only 4 defined in trapd.conf) Okay, first problem is the format is still wrong since trapd.conf is not matching up with the IETF standard (which I have not been able to find yet). But thats no big deal, since I assumed I was writing some code to catch the variables and make intelligent decisions about what to do with it.
But wait! There is more! A lot of the routers send in link up/down traps in this format:
1033480388 3 Tue Oct 01 08:53:08 2002 <routernamehere>  A Cisco_Link_Down trap received from enterprise cisco with 4 arguments: ifIndex=1; ifDescr=Serial0/0;  ifType=22;  locIfReason=administratively down
So, to sum it up, I get link up/down traps with either 3, 4, or 5 arguments depending on what router is sending it in. They all have the same cisco enterprise ID so using trapd.conf to bypass the issue is not possible. I use rulesets (not command for automatic action in trapd.conf) to suppress interface outages of less than 5 minutes. I lose this functionality if I just pass the trap via command for automatic action. So what I need is a script that I can run using an action node, that can decipher whether there are 3,4, or 5 arguments and then parse them out. I am paging/emailing in my ruleset using action nodes, I would have to move them to the parsing script (no problem - we use nvpage and mailx)
Suggestions on scripts? How to code trapd.conf? Where is Cisco headquarters and what is composition of the materials used to build it? I *am* not a script coder person, so if you send me a perl script write it the way any idiot C programmer could read it and not one of your fancy-only-takes-1-line-of-completely-unreadable code.
- Signed: stuck between a rock and  a hard place with a boulder on my head.
Scott Barr
Network Systems Engineer
CSG Systems
Phone: 402-431-7939
Fax: 402-431-7413
<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web