| To: | <nv-l@lists.tivoli.com> |
|---|---|
| Subject: | [nv-l] Cursed Cisco Trap Formats |
| From: | "Barr, Scott" <Scott_Barr@csgsystems.com> |
| Date: | Thu, 3 Oct 2002 11:26:46 -0500 |
|
NetView 7.1.1 on
Solaris 2.8
Okay guys, I am
looking for a way to skin a Cisco cat. The problem is due to the fact that we
run a wide variety of protocols and routers, we often do not run the latest
Cisco IOS versions. I recently had a situation where I observed this in
trapd.log:
1033361376 3 Sun Sep 29 23:49:36 2002 <routernamehere> A
Cisco_Link_Down trap received from enterprise cisco with 3 arguments:
ifIndex=24; ifDescr=ATM1/0.8-aal5 layer; ifType=49; locIfReason=FMT ERROR:
accessing element #4, only 3
available
Notice the format
error. The reason this occurs is because under most circumstances the cisco IOS
is delivering only 3 elements and the trap format in trapd.conf has 4 elements
defined. So I opened TAC case on this with Cisco and they told me to use the
following command on the routers:
snmp-server trap link ietf
Now, the trap comes
in and looks like this:
1033478849 3 Tue Oct 01 08:27:29 2002 <routernamehere> A
Cisco_Link_Down trap received from enterprise cisco with 5 arguments:
ifIndex=26; ifDescr=2; ifType=2; locIfReason=ATM1/0.9-aal5
layer
Now we get five
arguments (still only 4 defined in trapd.conf) Okay, first problem is the format
is still wrong since trapd.conf is not matching up with the IETF
standard (which I have not been able to find yet). But thats no big deal, since
I assumed I was writing some code to catch the variables and make intelligent
decisions about what to do with it.
But wait! There is
more! A lot of the routers send in link up/down traps in this
format:
1033480388 3 Tue Oct 01 08:53:08 2002 <routernamehere> A
Cisco_Link_Down trap received from enterprise cisco with 4 arguments: ifIndex=1;
ifDescr=Serial0/0; ifType=22; locIfReason=administratively
down
So, to sum it up, I
get link up/down traps with either 3, 4, or 5 arguments depending on what router
is sending it in. They all have the same cisco enterprise ID so using trapd.conf
to bypass the issue is not possible. I use rulesets (not command for automatic
action in trapd.conf) to suppress interface outages of less than 5 minutes. I
lose this functionality if I just pass the trap via command for automatic
action. So what I need is a script that I can run using an action node, that can
decipher whether there are 3,4, or 5 arguments and then parse them out. I am
paging/emailing in my ruleset using action nodes, I would have to move them to
the parsing script (no problem - we use nvpage and mailx)
Suggestions on
scripts? How to code trapd.conf? Where is Cisco headquarters and what is
composition of the materials used to build it? I *am* not a script coder person,
so if you send me a perl script write it the way any idiot C programmer could
read it and not one of your fancy-only-takes-1-line-of-completely-unreadable
code.
- Signed: stuck
between a rock and a hard place with a boulder on my
head.
Scott Barr
Network Systems
Engineer
CSG Systems
Phone:
402-431-7939
Fax:
402-431-7413
Email: Scott_Barr@csgsystems.com
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: [nv-l] Physical Address?, Barr, Scott |
|---|---|
| Next by Date: | Re: [nv-l] IP Internet submap colours, Robin James |
| Previous by Thread: | [nv-l] Physical Address?, Bursik, Scott {PBSG} |
| Next by Thread: | RE: [nv-l] Cursed Cisco Trap Formats, Stringfellow, William |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Archive operated by Skills 1st Ltd
See also: The NetView Web