Re: OT: SNMP Trap Parsing

Hey,

Yes on both...I have tried just trapping "all" and also trapping the
specific trab inside the CISCO-ERRDISABLE mib. The MIB is also loaded into
WUG.

On Sun, Oct 2, 2011 at 7:37 AM, Radioactive Frog <pbhatkoti_at_gmail.com>wrote:

> Just checking - Have you setup trap filter to fireup the alarm?
> I am sure you've already checked that the WUG has MIB compiled in it.
>
>
> On Sat, Oct 1, 2011 at 2:36 AM, Joe Astorino <joeastorino1982_at_gmail.com>wrote:
>
>> Does anybody use a NMS solution to capture SNMP trap information and then
>> fire off some sort of alert (paging, email, text, etc)? I have an
>> existing
>> setup using What's Up Gold that I have configured to listen for traps. I
>> have some Cisco switches with port-security configured. My port-security
>> violation is the default action of shutdown, which does not fire off an
>> SNMP
>> trap, but I do have the switch configured to send an snmp trap for
>> errdisable.
>>
>> This works, and when the switch has a port that goes errdisabled it sends
>> the trap to the NMS. However, the NMS doesn't seem to parse the OID into
>> anything useful for something like an alert. Below is the trap that is
>> received by the NMS. The proper MIB containing these traps is loaded on
>> the
>> NMS. I was under the impression that the NMS could perhaps parse this
>> trap
>> information and tell me something like "Interface Gi4/0/10 went errdisable
>> due to a port-security violation" All that information is indeed in the
>> trap, but it is all encoded as OIDs
>>
>> For example, the trap "cErrDisableIfStatusCause.11610.0=9" has exactly
>> what
>> I need. In this case the interface index ID that went down is indeed
>> 11610. If you dig into the MIB you can see that cErrDisableIfStatusCause
>> 9
>> is for a port-security violation. I'm thinking there has to be a way to
>> take this trap information and make it into something useful to fire out
>> as
>> an alert to people. Thanks!
>>
>> TrapName=cErrDisableInterfaceEvent
>> TrapMajor=6
>> TrapMinor=1
>> CommunityName=T3chn0lOgy123
>> cErrDisableIfStatusCause.11610.0=9
>> Packet Type=SNMPv2 Trap
>> 1.3.6.1.2.1.1.3.0=61days 05:28:52.12
>> 1.3.6.1.6.3.1.1.4.1.0=1.3.6.1.4.1.9.9.548.0.1.1
>> Protocol Version=SNMPv2
>> snmpTrapOID.0=1.3.6.1.4.1.9.9.548.0.1.1 (cErrDisableInterfaceEvent)
>> Timetick=61days 05:28:52.12
>> 1.3.6.1.4.1.9.9.548.1.3.1.1.2.11610.0=9
>> Object=1.3.6.1.4.1.9.9.548.0.1 (cErrDisableNotificationsPrefix)
>> sysUpTimeInstance=61days 05:28:52.12
>>
>> --
>> Regards,
>>
>> Joe Astorino
>> CCIE #24347
>> Blog: http://astorinonetworks.com
>>
>> "He not busy being born is busy dying" - Dylan
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>

-- 
Regards,
Joe Astorino
CCIE #24347
Blog: http://astorinonetworks.com
"He not busy being born is busy dying" - Dylan
Blogs and organic groups at http://www.ccie.net