NetIQ SNMP Trap Receiver (Trap Receiver) is installed automatically when you install the SNMP Toolkit. Trap Receiver runs as a service, NetIQTrapReceiver.exe, and may compete for port usage with any other trap receiver installed on the same computer. For more information, see Section 2.10.3, Understanding Trap Receiver Architecture.
At its most basic, a trap receiver is an application that receives traps from SNMP agents. Trap Receiver receives, filters, and forwards SNMP traps to AppManager. When you use Trap Receiver with the SNMP Toolkit, the SNMPTrap_Async Knowledge Script raises events when SNMP traps are received.
Simple Network Management Protocol (SNMP) is a protocol-based system used to manage devices on TCP/IP-based networks. From devices on which an SNMP agent resides, such as routers and switches, SNMP sends unsolicited notifications, called traps, to network administrators when thresholds for certain conditions are exceeded. These conditions are defined by the vendor in a device’s Management Information Base (MIB); the network administrator sets the thresholds.
Traps are composed of protocol data units (PDUs). Each PDU contains the following information, organized in various ways depending on the version of SNMP in use:
SNMP version number
Community name of the SNMP agent
PDU type
Enterprise OID (object identifier), a unique number that identifies an enterprise and its system objects in the MIB
IP address of the SNMP agent
Generic trap type: Cold start, Warm start, Link down, Link up, Authentication failure, and Enterprise
Specific trap type. When the Generic trap type is set to “Enterprise,” a specific trap type is included in the PDU. A specific trap is one that is unique or specific to an enterprise.
Time the event occurred
Varbind (variable binding), a sequence of two fields that contain the OID and a value
Trap Receiver operates on a Client-Server architecture: the Server—the stand-alone Trap Receiver application—receives, filters, and forwards SNMP traps to the Client—an application that receives traps, such as AppManager. The Server can receive traps on standard UDP port 162 or on any other configured port. The Client and the Server can reside on the same computer or on separate computers.
Communication between Client and Server is implemented as XML messages over a TCP connection. Only one Server is allowed per computer, however, several Clients are allowed per computer. Clients that are registered to the same Server share the same TCP connection. The Server TCP port should be known to all potential Clients.
Two trap receivers cannot be in use on the same computer while using the same standard UDP port (162). If NetIQ SNMP Trap Receiver and another trap receiver such as Microsoft SNMP Trap Service are installed on the same computer and both are receiving traps, configure Trap Receiver to use the standard UDP port and to forward incoming traps (UDP forwarding) to the other trap receiver. For more information, see Section 2.10.5, Understanding the Trap Receiver Configuration File.
Then, configure the other trap receiver to use a different, non-standard, UDP port that is not in use by another application. The following are instructions for configuring Microsoft SNMP Trap Service.
To configure Microsoft SNMP Trap Service to use another port:
Navigate to c:\Windows\system32\drivers\etc.
Open the services file.
In the row for snmptrap, change the value for udp from 162 to another port number that is not in use by any other application. Use the same port number you set as the forwarding port in the Trap Receiver configuration file. For more information, see Section 2.10.5, Understanding the Trap Receiver Configuration File.
Save and close the services file.
Restart Windows SNMP Trap Service. In Control Panel, double-click Administrative Tools and then double-click Services. Right-click SNMP Trap Service and select Restart.
HINT:To see which ports are in use, run netstat.exe from a command prompt. Then select an available port as the port for the other trap receiver service.
The configuration file for Trap Receiver, NetIQTrapReceiver.conf, identifies the UDP and TCP ports used by Trap Receiver: the UDP port is used for receiving traps; the TCP port is used for communicating with the Client, such as AppManager or another supported NetIQ application. The configuration file also identifies the level of logging you want to use and whether port forwarding is enabled.
By default, the configuration file is installed in [installation directory]\config.
The configuration file has the following format:
############################################################## # # NetIQTrapReceiver.conf # # A configuration file for NetIQ SNMP Trap Receiver # ############################################################## ######################### # TCP port # Syntax: tcp_port [port] # E.g. : tcp_port 2735 ######################### tcp_port 2735 ######################### # UDP port # Syntax: udp_port [port] # E.g. : udp_port 162 ######################### udp_port 162 ######################### # Forwarding # Syntax: forward [address]:[port] [v1] # E.g. : forward 127.0.0.1:1000 v1 ######################### ######################### # Log level # Syntax: log_level error|warning|info|debug|xml # E.g. : log_level info ######################### log_level debug
If the configuration file cannot be found, cannot be parsed, or does not contain one of the required values, Trap Receiver is initialized with the default configuration as shown above.
When changing values in the configuration file, take into account the following:
If you change the TCP port number, stop all asynchronous Knowledge Script jobs associated with the modules that support Trap Receiver. Run the appropriate Discovery Knowledge Script on all monitored devices to enable the devices to recognize the new TCP port number.
If you change the UDP port number, also change the UDP port number configured on the devices that send traps to Trap Receiver.
If another service uses port 2735 or port 162, Trap Receiver will not start. The Trap Receiver log file will contain the error message. Either change the port numbers in the configuration file, stop the service that is using the default Trap Receiver port numbers, or forward the traps coming in to UDP port 162.
To forward incoming traps to another trap receiver, such as Microsoft SNMP Trap Service, set the Forwarding values as follows: forward [IP address of other trap receiver]:[port number of other trap receiver] [SNMP version]. For example: forward 10.40.40.25:167 v1. By default, incoming traps are not forwarded. For more information, see Section 2.10.4, Coexisting with Microsoft SNMP Trap Service.
Restart Trap Receiver after any change to the configuration file. From Control Panel, double-click Administrative Tools and then double-click Services. Right-click NetIQ Trap Receiver and select Restart.
When installed as a stand-alone application on a computer that is not running an AppManager agent, Trap Receiver saves its log file, trap.log, in the [installation directory]\log directory.
When installed along with an AppManager module or on a computer with a previous installation of an AppManager agent, Trap Receiver saves its log file in the default AppManager location: \\Program Files\NetIQ\Temp\NetIQ_debug.
The trap.log file contains initialization data and error messages.
This topic provides tips for sending and receiving SNMP traps from one agent computer to another.
Establish which server is the Sender (source) and which one is the Receiver (destination). Note the hostnames of the servers and their roles. The Receiver should be the server on which the NetIQ SNMP Trap Receiver is installed.
On the Sender server, configure the Receiver server as a trap destination.
Before running Discovery_Snmp, add the required SNMP community strings in AppManager Security Manager. For more information, see Section 2.5, Configuring SNMP Permissions.
Run Discovery_Snmp on the Sender server and provide the following details in the Values tab:
List of SNMP devices parameter: Hostname of the Sender server.
Trap Receiver IP address parameter: IP address of the Receiver server.
Run SNMPTrap_Async on the Sender server. Leave the List of trap OIDs parameter blank the first time you run the script. You can set up filtering after testing.
Send an SNMP trap from the Sender to the Receiver to ensure an event is raised. If you send a trap from any other server, an event is not raised.
NOTE:
If the Sender has a community string of public, then the traps should contain the same community string that is specified in Security Manager. The traps are also designed to filter on community string.
Traps are designed to filter on the Sender IP address, the community string, and the OIDs, if specified. If one of these is incorrect, no event is raised.