Use this Knowledge Script to monitor SNMP traps forwarded from NetIQ SNMP Trap Receiver. This script raises an event when an SNMP trap is received and when Trap Receiver is unavailable or subsequently becomes available. In addition, this script generates data streams for Trap Receiver availability.
This script checks for SNMP traps in the MIB tree. You can add Management Information Bases (MIBs) to the MIB tree. For more information, see the SNMPTrap_AddMIB Knowledge Script.
In general, a trap receiver is an application that receives traps from SNMP agents. Trap Receiver receives SNMP traps, filters them, and then forwards the traps to AppManager. For more information, see Section 4.50.5, Working with NetIQ SNMP Trap Receiver.
To allow this script to access the MIBs for Unified Communications Manager servers, configure your SNMP permissions in AppManager Security Manager before using the SNMPTrap_Async script. For more information, see Section 4.50.6, Configuring SNMP Permissions in Security Manager.
CiscoCM_TrapReceiver
By default, this script runs on an asynchronous schedule.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
Trap Filters |
|
|
List of trap OIDs |
Use this parameter to provide a list of the OIDs (object identifiers) of the traps you want to monitor. Separate multiple OIDs with a comma. For example: 1.3.6.1.2.1.2.2.1.1.1,1.3.6.1.2.1.2.2.1.7.1 |
|
Full path to file with list of trap OIDs |
If you have many OIDs to monitor, use this parameter to identify the full path to a file that contains a list of the OIDs. Each OID in the file should be on a separate line. For example: 1.3.6.1.2.1.2.2.1.1.1 1.3.6.1.2.1.2.2.1.7.1 Because the file must be accessible from the AppManager agent, the path must be a local directory on the agent computer or a UNC path. The netiqmc service must be running as a user that has access to the UNC path. |
|
List of MIB subtrees |
Use this parameter to monitor an OID and all of its subtrees. Provide a comma-separated list of the OIDs you want to monitor. For example: 1.3.6,1.3.7 |
|
Full path to file with list of MIB subtrees |
If you have many subtrees to monitor, use this parameter to provide the full path to a file that contains a list of the OIDs. Each OID in the file should be on a separate line. For example: 1.3.6 1.3.7 Because the file must be accessible from the AppManager agent, the path must be a local directory on the agent computer or a UNC path. The netiqmc service must be running as a user that has access to the UNC path. |
|
Event Notification |
|
|
Format trap data according to SNMP version |
Select the version of SNMP whose formatting should be used for trap event messages. The data provided by each format is the same; only the layout is different. The default is SNMPv2. |
|
Raise emergency alarm event? |
Select Yes to raise an event when the SNMP trap message contains information about an emergency alarm. The default is Yes. |
|
Event severity when emergency alarm received |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the SNMP trap message contains information about an emergency alarm. The default is 1. |
|
Raise alert alarm event? |
Select Yes to raise an event when the SNMP trap message contains information about an alert alarm. The default is Yes. |
|
Event severity when alert alarm received |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the SNMP trap message contains information about an alert alarm. The default is 2. |
|
Raise critical alarm event? |
Select Yes to raise an event when the SNMP trap message contains information about a critical alarm. The default is Yes. |
|
Event severity when critical alarm received |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the SNMP trap message contains information about a critical alarm. The default is 3. |
|
Raise error alarm event? |
Select Yes to raise an event when the SNMP trap message contains information about an error alarm. The default is Yes. |
|
Event severity when error alarm received |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the SNMP trap message contains information about an error alarm. The default is 5. |
|
Raise warning alarm event? |
Select Yes to raise an event when the SNMP trap message contains information about a warning alarm. The default is unselected. |
|
Event severity when warning alarm received |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the SNMP trap message contains information about a warning alarm. The default is 15. |
|
Raise notice alarm event? |
Select Yes to raise an event when the SNMP trap message contains information about a notice alarm. The default is unselected. |
|
Event severity when notice alarm received |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the SNMP trap message contains information about a notice alarm. The default is 25. |
|
Raise informational alarm event? |
Select Yes to raise an event when the SNMP trap message contains information about an informational alarm. The default is unselected. |
|
Event severity when informational alarm received |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the SNMP trap message contains information about an informational alarm. The default is 35. |
|
Raise unmapped alarm event? |
Select Yes to raise an event an SNMP trap is received but is not reflected in the .CSV mapping file. The default is Yes. Disable this parameter if you do not want to be informed about SNMP traps that are not mapped in the .CSV file. |
|
Event severity when unmapped alarm received |
Set the severity level, from 1 to 40, to indicate the importance of an event in which an SNMP trap is not mapped in the .CSV file. The default is 15. |
|
Raise Trap Receiver availability events? |
Select Yes to raise an event when Trap Receiver becomes unavailable and when Trap Receiver becomes available once again. The default is Yes. |
|
Event severity when Trap Receiver is unavailable |
Set the severity level, from 1 to 40, to indicate the importance of an event in which Trap Receiver becomes unavailable. The default is 5. |
|
Event severity when Trap Receiver becomes available |
Set the severity level, from 1 to 40, to indicate the importance of an event in which Trap Receiver becomes available after being unavailable. The default is 25. |
|
Data Collection |
|
|
Collect data for Trap Receiver availability? |
Select Yes to collect data for charts and reports. If enabled, data collection returns a “1” if Trap Receiver is available and a “0” if Trap Receiver is unavailable. The default is unselected. |
|
Interval for collecting Trap Receiver availability data |
Specify the frequency with which the script collects Trap Receiver availability data. The default is every 5 minutes. |
NetIQ SNMP Trap Receiver (Trap Receiver) is installed automatically when you install AppManager for Cisco Unified Communications Manager. Trap Receiver runs as a service, NetIQTrapReceiver.exe, and might compete for port usage with any other trap receiver installed on the same computer.
At its most basic, a trap receiver is an application that receives traps from SNMP agents. Trap Receiver receives, filters, and forwards SNMP traps to AppManager. When you use Trap Receiver with AppManager for Cisco Unified Communications Manager, the SNMPTrap_Async Knowledge Script raises events when SNMP traps are received.
Simple Network Management Protocol (SNMP) is a protocol-based system used to manage devices on TCP/IP-based networks. From devices on which an SNMP agent resides, such as routers and switches, SNMP sends unsolicited notifications, called traps, to network administrators when thresholds for certain conditions are exceeded. These conditions are defined by the vendor in a device’s MIB; the network administrator sets the thresholds.
Traps are composed of Protocol Data Units (PDUs). Each PDU contains the following information, organized in various ways depending on the version of SNMP in use:
SNMP version number
Community name of the SNMP agent
PDU type
Enterprise OID (object identifier), a unique number that identifies an enterprise and its system objects in the MIB
IP address of the SNMP agent
Generic trap type: Cold start, Warm start, Link down, Link up, Authentication failure, and Enterprise
Specific trap type. When the Generic trap type is set to “Enterprise,” a specific trap type is included in the PDU. A specific trap is one that is unique or specific to an enterprise.
Time the event occurred
Varbind (variable binding), a sequence of two fields that contain the OID and a value
Trap Receiver operates on a Client-Server architecture: the Server—the stand-alone Trap Receiver application—receives, filters, and forwards SNMP traps to the Client—an application that receives traps, such as AppManager. The Server can receive traps on standard UDP port 162 or on any other configured port. The Client and the Server can reside on the same computer or on separate computers.
Communication between Client and Server is implemented as XML messages over a TCP connection. Only one Server is allowed per computer, however, several Clients are allowed per computer. Clients that are registered to the same Server share the same TCP connection. The Server TCP port should be known to all potential Clients.
The configuration file for Trap Receiver, NetIQTrapReceiver.conf, identifies the UDP and TCP ports used by Trap Receiver: the UDP port is used for receiving traps; the TCP port is used for communicating with the Client, such as AppManager or another supported NetIQ application. The configuration file also identifies the level of logging you want to use and whether port forwarding is enabled.
By default, the configuration file is installed in [installation directory]\config, and has the following format:
############################################################## # # NetIQTrapReceiver.conf # # A configuration file for NetIQ SNMP Trap Receiver # ############################################################## ######################### # TCP port # Syntax: tcp_port [port] # E.g. : tcp_port 2735 ######################### tcp_port 2735 ######################### # UDP port # Syntax: udp_port [port] # E.g. : udp_port 162 ######################### udp_port 162 ######################### # Forwarding # Syntax: forward [address]:[port] [v1] # E.g. : forward 127.0.0.1:1000 v1 ######################### ######################### # Log level # Syntax: log_level error|warning|info|debug|xml # E.g. : log_level info ######################### log_level debug
If the configuration file cannot be found, cannot be parsed, or does not contain one of the required values, Trap Receiver is initialized with the default configuration as shown above.
When changing values in the configuration file, take into account the following:
If you change the TCP port number, stop all asynchronous Knowledge Script jobs associated with the modules that support Trap Receiver. Run the Discovery Knowledge Script on all monitored devices to enable the devices to recognize the new TCP port number.
If you change the UDP port number, also change the UDP port number configured on the devices that send traps to Trap Receiver.
If another service uses port 2735 or port 162, Trap Receiver will not start. The Trap Receiver log file will contain different levels of messages, based on the log_level you choose. Either change the port numbers in the configuration file, stop the service that is using the default Trap Receiver port numbers, or forward the traps coming in to UDP port 162.
To forward incoming traps to another trap receiver, such as Microsoft SNMP Trap Service, set the Forwarding values as follows:
forward [IP address of other trap receiver]:[port number of other trap receiver] [SNMP version]
For example: forward 10.40.40.25:167 v1. By default, incoming traps are not forwarded. For more information, see Coexisting with Microsoft SNMP Trap Service.
Restart Trap Receiver after any change to the configuration file. From Control Panel, double-click Administrative Tools and then double-click Services. Right-click NetIQ Trap Receiver and select Restart.
Two trap receivers cannot be in use on the same computer while using the same standard UDP port (162). If NetIQ SNMP Trap Receiver and another trap receiver such as Microsoft SNMP Trap Service are installed on the same computer and both are receiving traps, configure Trap Receiver to use the standard UDP port and to forward incoming traps (UDP forwarding) to the other trap receiver. For more information, see Understanding the Trap Receiver Configuration File.
Then, configure the other trap receiver to use a different, non-standard, UDP port that is not in use by another application. The following are instructions for configuring Microsoft SNMP Trap Service.
To configure Microsoft SNMP Trap Service to use another port:
Navigate to c:\Windows\system32\drivers\etc.
Open the services file.
In the row for snmptrap, change the value for udp from 162 to another port number that is not in use by any other application. Use the same port number you set as the forwarding port in the Trap Receiver configuration file.
Save and close the services file.
Restart Windows SNMP Trap Service. In Control Panel, double-click Administrative Tools and then double-click Services. Right-click SNMP Trap Service and select Restart.
HINT:To see which ports are in use, run netstat.exe from a command prompt. Then select an available port as the port for the other trap receiver service.
To allow the SNMPTrap_Async Knowledge Script to access the Management Information Bases (MIBs) for Unified Communications Manager servers, configure your SNMP permissions in AppManager Security Manager before using the SNMPTrap_Async script. The SNMP permissions act as a filter for incoming SNMP traps.
The type of information you configure varies according to the version of SNMP that is implemented in your network. AppManager for Cisco Unified Communications Manager supports SNMP versions 1, 2, and 3.
Configure community string and version information for each Unified Communications Manager server that is monitored by the proxy agent computer. Complete the following fields in the Custom tab of Security Manager.
|
Field |
Description |
|---|---|
|
Label |
SNMP |
|
Sub-label |
Indicates whether the community string information you are configuring will be used for a single Communications Manager or for all Communications Managers.
|
|
Value 1 |
Appropriate read-only community string value, such as private or public. |
SNMP trap monitoring in AppManager for Cisco Unified Communications Manager supports the following modes for SNMPv3:
No authentication; no privacy
Authentication; no privacy
Authentication and privacy
In addition, the module supports the following protocols for SNMPv3:
MD5 (Message-Digest algorithm 5, an authentication protocol)
SHA (Secure Hash Algorithm, an authentication protocol)
DES (Data Encryption Standard, encryption protocol)
Your SNMPv3 implementation might support one or more combinations of mode and protocol. That combination dictates the type of information you configure in AppManager Security Manager: user name (or entity), context name, protocol name, and protocol passwords.
Configure community string and version information for each Unified Communications Manager server that is monitored by the proxy agent computer. Complete the following fields in the Custom tab of Security Manager.
|
Field |
Description |
|---|---|
|
Label |
SNMP |
|
Sub-label |
Indicates whether the community string information you are configuring will be used for a single Communications Manager or for all Communications Managers.
|
|
Value 1 |
SNMP user name or entity configured for the device. All SNMPv3 modes require an entry in the Value 1 field. |
|
Value 2 |
Name of the context associated with the user name or entity you entered in the Value 1 field. A context is a collection of SNMP information that is accessible by an entity. If possible, enter a context that provides access to all MIBS for a device. If the device does not support context, type an asterisk (*). All SNMPv3 modes require an entry in the Value 2 field. |
|
Value 3 |
Combination of protocol and password appropriate for the SNMPv3 mode you have implemented.
|