Guys,
Good news is that i got this working. I manually added
OID based on the traps i received and now the traps
are showing up on my console...
Now i need another help here.. Since there are way
tooo many traps coming in so i decided to write a
rule in Netview... My rule is as below:
event stream ---->Trap settings (VPN OID)----> event
stream (NVATTR_3 equal to IKE/50)----> forward..
Am i doing this right? If so then it's not working.
I'm sure that NVATTR3=IKE/50 since in TEC nv_var3 is
showing up as IKE/50. Any ideas for this? Here is the
trap:
abcd u [2] private.enterprises.3076.2.1.4.4.37.50
(OctetString): 275850053 07/22/2005 11:10:27.740
SEV=5 IKE/50 RPT=346224 61.108.103.135
Many Thanks as usual,
Larry
--- "Barr, Scott" <Scott_Barr@csgsystems.com> wrote:
> We just catch everything from enterprise 3076 in
> trapd.conf and have a
> ruleset that catches it and passes the data as an
> environment variable
> to the perl script that does the parsing.
>
> I don't have an enterprise number. The oid is as you
> would expect
> 1.3.6.1.4.1.3076 but we never busted it down
> further. They are all
> generic trap 6 enterprise 0
>
>
> Sorry I can't be of more obvious help. This is not
> what I would call a
> fully integrated cisco product.
>
> -----Original Message-----
> From: owner-nv-l@lists.us.ibm.com
> [mailto:owner-nv-l@lists.us.ibm.com]
> On Behalf Of Larry Fagan
> Sent: Thursday, July 21, 2005 2:59 PM
> To: nv-l@lists.us.ibm.com
> Subject: RE: [nv-l] Altiga Cisco VPN concentrator
> Trap defintions!
>
> Thanks for the info guys.
> Our VPN team is forwarding particular events like
> below:
> 1121965582 7 Thu Jul 21 13:06:22 2005
> USKEN06DVP132.us.schp.com ? [2] private
> .enterprises.3076.2.1.4.4.37.50 (OctetString):
> 248355444 07/21/2005 13:08:03.480
> SEV=5 IKE/50 RPT=312369 14.207.66.106
> What the team is looking is for key word IKE/199. I
> can parse that once this is forwarded to TEC but the
> issue is what's the OID for this event?.
> thanks,
> Larry
>
> --- "Barr, Scott" <Scott_Barr@csgsystems.com> wrote:
>
> > I don't work on them anymore but I did in the
> past.
> >
> > Cisco is pulling your leg.
> >
> > In the syslog configuration on the device you can
> > set 9 levels of
> > logging from like 15 different topics. Then you
> can
> > specify what log
> > messages to turn into snmp events.
> >
> > And then the fun begins.
> >
> > Depending on your ios version, the concentrator
> > sends in all sorts of
> > different formats. In our case, we wanted to know
> > when tunnels came up
> > and down. Well it turned out that this actually
> was
> > in the user signon
> > log event. Our concentrator code supported both
> > concentrators for public
> > users and also for private connections.
> >
> > But the trap that comes in varies widely in
> spacing,
> > verbage and format.
> > We upgraded IOS versions and trashed the
> automation.
> > Worse yet, they all
> > come in as the same enterprise trap so you must
> have
> > some backend
> > parsing.
> >
> > Cisco is telling you that there are few traps
> > supported because I
> > believe the SNMP agent itself doesn't generate
> much
> > - all are syslog
> > traps that we worked with.
> >
> > I'm going to email you what work I had done
> already
> > pending approval
> > from my previous manager.
> >
> >
> > -----Original Message-----
> > From: owner-nv-l@lists.us.ibm.com
> > [mailto:owner-nv-l@lists.us.ibm.com]
> > On Behalf Of Larry Fagan
> > Sent: Thursday, July 21, 2005 1:51 PM
> > To: nv-l@lists.us.ibm.com
> > Subject: [nv-l] Altiga Cisco VPN concentrator Trap
> > defintions!
> >
> > Hello All,
> > I'm looking for the above 3000 series Trap
> > defintions.
> > In the MIB provided to me from Cisco Site, i
> did'nt
> > find any traps defined in them. I also see in the
> > list
> > someone posted a reply from Cisco support saying
> > that
> > there is very limited traps defined for VPN's or
> > rather no traps at all. See link below.
> >
> >
>
http://lists.skills-1st.co.uk/mharc/html/nv-l/2003-08/msg00006.html
> >
> >
> > Has anyone defined any traps for thess VPN's. I'm
> > trying if someone can help me here before i get to
> > deeply involved.Any hints will be greatly
> helpful.!
> > Many Thanks,
> > Larry
> >
> >
> >
> >
> >
> ____________________________________________________
> > Start your day with Yahoo! - make it your home
> page
> > http://www.yahoo.com/r/hs
> >
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
>
>
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
|