This module installs a file named SNMPTraps_AlarmMappings.csv in the NetIQ\AppManager\bin\SNMPTraps folder on the AppManager agent. You can use the contents of this .csv file to customize the text of the AppManager events for the trap source devices you are monitoring.
View a brief video demonstration of this feature on the NetIQ YouTube channel:
Customizing the AppManager events in this way allows you and other AppManager users to easily identify problems related to SNMP traps in AppManager and quickly address those problems instead of spending time trying to decipher the meaning of the default trap messaging.
This file contains a list of NetIQ-specific mapping entries for the values in the MIBs installed by the module. The mapping entries in the .csv file use one of the following formats:
objMapping entries map a trap ODE to an AppManager event short message and an AppManager event severity. For more information, see Customizing Event Messages and Severities Based on Trap ODE.
severityMapping entries map varbind ODE and varbind value to an AppManager event severity. For more information, see Customizing Event Severities Based on Varbind Values.
varbindMapping entries map varbind ODE and varbind value to a human-readable string used by the AppManager event, replacing the default values generated by the trap. For more information, see Customizing Event Message Text Based on Varbind Values.
The SNMPTraps_TrapMonitor Knowledge Script uses these mappings to generate an AppManager event with an event severity or event message based on the parameters you selected in the SNMPTraps_TrapMonitor script.
For example, if you selected Yes for the Raise critical alarm parameter in the SNMPTraps_TrapMonitor script, and the following events occur:
The SNMPTraps_TrapMonitor script receives a trap,
The trap’s ODE matches an objMapping entry or a varbind ODE in the trap matches a severityMapping entry in the .csv file,
The entry in the .csv file has an AlarmSeverity of critical,
then the SNMPTraps_TrapMonitor script generates an AppManager event for that critical trap. You can specify the event severity level of the trap by using the Event severity when critical alarm received parameter, or you can use the default AppManager severity level for that parameter, which is 5.
The objMapping, severityMapping, and varbindMapping entry types in the SNMPTraps_AlarmMappings.csv file also supports the use of derived fields, which are varbind values that the module formats into values that are easier to understand.
If the SNMPTraps_AlarmMappings.csv file does not exist at the target location when you install this module, the installation process installs a new file in the target location. If the SNMPTraps_AlarmMappings.csv file already exists in the target location when you install this module, the installation process renames the existing file SNMPTraps_AlarmMappings_OLD.csv and installs the new SNMPTraps_AlarmMappings.csv file in the target location. If you already have a list of alarm mappings, you can specify this file using the Custom event mapping file parameter in the SNMPTraps_TrapMonitor script.
Each SNMPTraps_TrapMonitor job uses a unique version of the SNMPTraps_AlarmMappings.csv file from the NetIQ\AppManager\bin\SNMPTraps folder. Also, the TrapMonitor job reloads the .csv file every 24 hours.
When the SNMPTraps_TrapMonitor job receives a trap, and the trap ODE matches an objMapping entry in the SNMPTraps_AlarmMappings.csv file (or the file you specified in the Custom message mapping file parameter), the job creates an AppManager event for that trap. You can customize the AppManager event message and event severity for that trap by editing the entry in the .csv file.
The AppManager event message uses the event short message that comes after the fourth tilde (~) character in the relevant entry in the .csv file. The severity for the event corresponds with the event severity parameter for that type of alarm in the trap. Use the parameters in the Event Notification section of the SNMPTraps_TrapMonitor script to specify the AppManager alarm settings.
The ODE entries in the .csv file are not case-sensitive, and they use the following format:
objMapping,MIBName::TrapName,AlarmSeverity,~NetcoolPrefix1~NetcoolPrefix2~ NetcoolPrefix3~TrapText
objMapping states that this line contains a mapping of an SNMP trap ODE to an AppManager event short message and alarm severity category.
MIBName::TrapName specifies the trap ODE that you are mapping. The ODE contains both the MIB name and the trap name.
AlarmSeverity specifies the alarm severity category for this ODE. The following severity category values are supported: critical, major, minor, warning, indeterminate, unmapped, and cleared.
The final section of the entry is used to format the actual AppManager event short message. This portion is split into four sections, with each section prefixed with a tilde (~). Each of these four sections can contain normal text or substitution variables. Substitution variables represent different varbind values or derived fields (also known as derived varbind values) that you can substitute into an AppManager event message created for a trap. Substitution variables are listed with braces, such as {DerivedHostID}, and these variables should contain a substituted value at runtime.
The three NetcoolPrefix labels are only for Netcool connector support. The first label signifies an alert group, the second label signifies an alert key, and the third label signifies the source host and address. If you are not using the Netcool connector, leave these entries blank except for the three tildes (~~~).
TrapText specifies the event message text that will display for the AppManager event. You can customize this text, and the text is required.
The following is an example of an objMapping entry from the .csv file:
objMapping,LOAD-BAL-SYSTEM-MIB::loadBalTrapNoMem,major,~~~~ MAWS BOOT service cannot access SES database
The SNMPTraps_TrapMonitor script supports the following substitution variables in ODE entries:
{DerivedHostID} is the name of the trap-forwarding device, which can be a DNS host name or a custom name provided as input into the SNMPTraps_TrapMonitor script or input as part of a discovered Navigation pane or TreeView object.
{DerivedSourceIP} is the IP address of the forwarding device.
{DerivedTrapName} is the ODE of the SNMP trap received.
The SNMPTraps_TrapMonitor script also supports varbindMapping substitution variables.
When the SNMPTraps_TrapMonitor job receives a trap, and the trap varbind value matches a severityMapping entry in the SNMPTraps_AlarmMappings.csv file (or the file you specified in the Custom message mapping file parameter), the job creates an AppManager event that corresponds to the type of alarm in the SNMP trap. You can customize the AppManager event severity for that trap by editing the corresponding entry in the SNMPTraps_AlarmMappings.csv file.
Entries in the .csv file can specify a one-to-one mapping of varbind values to a alarm severities.
The severityMapping entries in the file are not case-sensitive, and they use the following format:
severityMapping,MIBName::VarbindName,VarbindValue,AlarmSeverity
severityMapping states that this line contains a mapping of a varbind value to an AppManager event severity category.
MIBName::VarbindName specifies the varbind ODE that you are mapping. The varbind ODE contains both the MIB name and the varbind name.
VarbindValue specifies an alphanumeric string for the varbind being represented.
AlarmSeverity specifies the alarm severity category for this varbind ODE. The following severity category values are supported: critical, major, minor, warning, indeterminate, and cleared.
The following is an example of a severityMapping entry from the .csv file:
severityMapping,G700-MG-MIB::cmgTrapSeverity,1,cleared
An entry in the .csv file that maps a derived field to an alarm severity uses the following format:
severityMapping,DerivedFieldName,DerivedFieldValue,AlarmSeverity
severityMapping states that this line contains a mapping of a derived field to an AppManager event severity category.
DerivedFieldName specifies the derived field that you are mapping. This name should be prefixed with the word Derived, though it is not required. Also, this name cannot contain any double colon characters (::).
DerivedFieldValue specifies an alphanumeric string that could be a possible value for the derived field being represented.
AlarmSeverity specifies the alarm severity category for this derived field. The following severity category values are supported: critical, major, minor, warning, indeterminate, and cleared.
The following is an example of how a severityMapping entry mapped with a derived field value might look:
severityMapping,DerivedDefAudFaultMessage,A:1,cleared
An AppManager event for an SNMP trap can contain a number of values for the various varbinds for that trap, and many times the varbinds do not clearly describe the conditions of the trap. You can replace a varbind value with a string of text that is more relevant and “human-readable” than the original varbind values.
Entries in the SNMPTraps_AlarmMappings.csv file (or the file you specified in the Custom message mapping file parameter) can specify a one-to-one mapping of varbind values to more readable strings of text.
The varbindMapping entries in the file are not case-sensitive, and they use the following format:
varbindMapping,MIBName::VarbindName,VarbindValue,HumanReadableString
varbindMapping states that this line contains a mapping of a varbind alphanumeric value to a “human-readable” string.
MIBName::VarbindName specifies the varbind ODE that you are mapping. The varbind ODE contains both the MIB name and the varbind name.
VarbindValue specifies an alphanumeric string for the varbind being represented.
HumanReadableString specifies any relevant identifying text you want to use to replace the varbind value.
The following is an example of a varbindMapping entry from the .csv file:
varbindMapping,AVAYA-LOAD-MIB::avGenOpLastFailureIndex,222,ftpResumeNotSupported
In addition to varbindMapping entries, you can apply substitutions to objMapping entries in the .csv file. If an objMapping entry contains a substitution variable that matches a varbind ODE defined in the relevant MIB, the resulting AppManager event short messages are updated so that the substitution variable is replaced with the alphanumeric value for that varbind ODE.
If the varbind ODE has a matching varbindMapping entry in the file specified in the Custom message mapping file parameter, the corresponding “human-readable” string replaces that alphanumeric value in the event short message.For example, an objMapping entry includes the following event short message:
~~~~ Trunk Layer 2 state changed to {applianXAlarmStatus}
This message displays like this if no matching varbindMapping entry exists:
Trunk Layer 2 state changed to 1
In this instance, the value of the varbind is substituted directly, but the “1” might not mean anything to you. If the file contains a matching varbindMapping entry, the following displays in the event short message:
Trunk Layer 2 state changed to up
Entries in the SNMPTraps_AlarmMappings.csv file (or the file you specified in the Custom message mapping file parameter) can specify a one-to-one mapping of derived fields to more readable strings of text.
The varbindMapping entries in the .csv file are not case-sensitive, and they use the following format:
varbindMapping,DerivedFieldName,DerivedFieldValue,HumanReadableString
varbindMapping states that this line contains a mapping of a derived field value to a “human-readable” string.
DerivedFieldName specifies the derived field that you are mapping. This name should be prefixed with the word Derived, though it is not required. Also, this name cannot contain any double colon characters (::).
DerivedFieldValue specifies an alphanumeric string that could be a possible value for the derived field being represented.
HumanReadableString specifies any relevant identifying text you want to use to replace the derived field value.
The following is an example of a varbindMapping entry with a derived field value from the .csv file:
varbindMapping,DerivedDefAudFaultMessage,0:LINK_PORTS,Check error log
AppManager for SNMP Traps includes vendor-specific formatting for Avaya G3 traps to make the AppManager event messages for those traps easier to read.
If you run an SNMPTraps_TrapMonitor job, and an Avaya G3 trap successfully passes all relevant filters to create an AppManager event for that trap, the SNMPTraps_TrapMonitor script provides vendor-specific formatting for all Avaya G3 traps (which are defined under the 1.3.6.1.4.1.6889.1.8.1.0 MIB subtree).
The detail portion of the event message for Avaya G3 traps includes the following information in the Trap details table:
CM Hostname: the script populates this value with the g3clientExternalName varbind, which defines the external name of the G3 client. If this varbind is not populated, the source IP address is set as the value.
Maintenance Object: the script populates this value with the g3alarmsMaintName varbind, which defines the Maintenance Object Name. Known values are populated in the SNMPTraps_AlarmMappings.csv file with varbindMapping entries so that a human-readable string is used. If the job does not find a corresponding varbindMapping entry in the SNMPTraps_AlarmMappings.csv file, the relevant cell will display just the varbind value.
Generation Time: the script populates this value with the g3alarmsAlarmNumber varbind, and it states the time the alarm was generated.
Resolution Time: the script populates this value with the g3alarmsAlarmNumber varbind, and it states the time that the condition causing the alarm was fixed.
New/Modified Alarm: this value can be New for a new alarm condition, or Modified for an existing alarm condition that was updated.
Derived G3 Alarm Port: the script populates this value with the g3alarmsPort varbind, which defines the location port in that particular system, such as cabinet(01-44):carrier(A-E):slot(01-20):port(01-32).
The following formatting changes occur in the Derived G3 Alarm Port column:
cmgTrapSubsystem will be replaced with SS.
cmgTrapOnBoard will be replaced with OB.
cmgTrapLocation will be replaced with LOC.
cmgActiveControllerAddress will be replaced with ACA.
cmgTrapTypes will be replaced with cmgTT.
If a varbind is empty and cannot be used to display a value in the new Trap details table, a value of N/A appears in the corresponding cell of the table.
The SNMPTraps_TrapMonitor script includes vendor-specific formatting for Avaya Communication Manager (Avaya CM) traps to make the AppManager event messages for those traps easier to read.
If you run an SNMPTraps_TrapMonitor job, and an Avaya CM trap successfully passes all relevant filters to create an AppManager event for that trap, the SNMPTraps_TrapMonitor script provides vendor-specific formatting for two of the three traps defined in the INADS-MIB definition:
INADS-MIB::inadssnmpAlarm
INADS-MIB::inadssnmpAlarmSet
Both of those traps expose the inadssnmpAlarmMessage varbind. The following is an example of the inadssnmpAlarmMessage varbind:
inadssmnpAlarmMessage: 1001119999 10/12:24,ACT|<27>May 10 12:23:28 CDOM snmpd[1425]: +01:00 2013 426 1 com.avaya.vsp | 0 cannot open /pro/net/snmp6
The detail portion of the event message for these two Avaya CM traps includes the following information in the Trap details table:
DerivedInadsProdID: the script populates this value with the first 10 characters of the inadssnmpAlarmMessage varbind. In the example above, this value is represented by 1001119999.
DerivedInadsAlarmTime: the script populates this value with the date and time from the inadssnmpAlarmMessage varbind. In the example above, the script uses the 10/12:24 data and adds the current month in front of it, resulting in the following value: June 10 12:24.
DerivedInadsAlarmType: the script populates this value with the three characters following the product ID and the timestamp in the inadssnmpAlarmMessage varbind. In the example above, this value is represented by ACT.
DerivedInadsAlarmMessage: the script populates this value with the remaining content in the inadssnmpAlarmMessage varbind. In the example above, this value is represented by <27>May 10 12:23:28 CDOM snmpd[1425]: +01:00 2013 426 1 com.avaya.vsp | 0 cannot open /pro/net/snmp6.