There are 2 types of linkDown alarm
linkDown (CISCO-GENERAL-TRAPS) 1.3.6.1.2.1.11.0.2
linkDown (IF-MIB) 1.3.6.1.6.3.1.1.5.3
linkDown from CISCO-GENERAL-TRAPS mib contains the below varbinds
1.ifIndex
2.ifDescr
3.ifType
4.locIfReason
linkDown from If-MIB mib contains the below varbinds
1.ifIndex
2.ifAdminStatus
3.ifOperStatus
But the linkDown that I received from ME1200 devices has the below varbinds
1.IfIndex
2.IfDesc
3.IfType
4.lifTable
,Since the SNMP trap doesn't contain either of locIfReason and IfAdminStatus, I couldn't process this linkDown trap.
The lifTable varbind contains the Admin Status related information, but my question is why either of locIfReason and IfAdminStatus varbind is not available?. How to get the IfAdminStatus varbind from the device?
That OID for CISCO-GENERAL-TRAPS (actually CISCOTRAP-MIB?) linkDown does not appear to be correct. Offhand, I find an SMIv1 TRAP-TYPE definition for it, not a NOTIFICATION-TYPE, which means it was defined with an integer (not an OID), and its OID would be determined by RFC 2576 translation rules. In the SMIv1 MIB I found, their version of linkDown is defined with ENTERPRISE "snmp", which (as Andrew says above) means they're rather redefining the standard trap in that MIB; they should have instead used their own ENTERPRISE OID, which would have made it unique.
RFC 2576 conversion rules require that traps with ENTERPRISE "snmp" be mapped to one of the standard OIDs. Per those rules, 1.3.6.1.2.1.11.0.2 would not be the correct OID for CISCO-GENERAL-TRAPS:linkDown, it would be the same as the standard (1.3.6.1.6.3.1.1.5.3).
That is, if the module imported (or otherwise defined "snmp" with the standard OID), but it doesn't, so I can only assume this is a modified version of the MIB where that's been fixed. 1.3.6.1.2.1.11 is the OID of "snmp", so the 1.3.6.1.2.1.11.0.2 would be the OID if it were converted according to rules for traps other than ENTERPRISE "snmp". Somewhere along the way it's been converted incorrectly, in addition to overloading the standard trap's definition.
The linkDown and linkUp traps are generic. These traps are defined in standard RFC and have predefined set of variable bindings:
linkDown NOTIFICATION-TYPE
OBJECTS { ifIndex, ifAdminStatus, ifOperStatus }
STATUS current
DESCRIPTION
"A linkDown trap signifies that the SNMP entity, acting in
an agent role, has detected that the ifOperStatus object for
one of its communication links is about to enter the down
state from some other state (but not from the notPresent
state). This other state is indicated by the included value
of ifOperStatus."
::= { snmpTraps 3 }
linkUp NOTIFICATION-TYPE
OBJECTS { ifIndex, ifAdminStatus, ifOperStatus }
STATUS current
DESCRIPTION
"A linkUp trap signifies that the SNMP entity, acting in an
agent role, has detected that the ifOperStatus object for
one of its communication links left the down state and
transitioned into some other state (but not into the
notPresent state). This other state is indicated by the
included value of ifOperStatus."
::= { snmpTraps 4 }
The Cisco should not have modified these traps as it is not allowed. Instead they should have defined so called Enterprise specific traps.
Related
I am developing an SNMP (2c) agent for a sensor product. I'm just learning about SNMP and MIB formats and struggling to represent a particular value that could be unknown.
For example, I've defined a temperature OBJECT-TYPE as an Integer32 but sometimes the value is not available or unknown. If I respond with a null value, the SNMP manager times out*. I would prefer to use a null value when the temperature value is unknown or not available, instead of agreeing upon some specific value to mean the same thing.
This leads me to the following questions:
Does SNMP v2c/MIB support a data type that is analogous to a nullable integer?
If so, what is the proper way to denote this in the MIB?
* I am using MG-SOFT's MIB Browser to get values as a testing method. If the value is null, it times out (even though the agent responded). If the value is an integer, it works as expected. I am using nSoftware IP*Works! SNMP library to develop the agent.
Posting from comment:
You should not be doing this. OID values should always be singular they should not be dynamically changed, if someone will use a mibfile for this it will be incorrect and misleading for the person who is implementing communication protocol for this sensor. The correct way to do it is to have 2 OIDs one with the value and another with the status of the sensor.
In experimenting, I've had some success dynamically changing the SNMP agent object type:
int? temperature = ReadTemperature();
snmpAgent.Objects[i].Value = temperature.ToString();
snmpAgent.Objects[i].ObjectType = temperature.HasValue ? SNMPObjectTypes.otInteger : SNMPObjectTypes.otNull;
When performing a GetRequest with a MIB browser, it appears to handle both cases. Even though the MIB doesn't specify that the particular OID can be null, just SYNTAX Integer32, it seems to work. Various SNMP managers will probably behave differently.
(This example is specific to IPWorks SNMP Agent.)
Conditions:
CA Console spectrum server receives SNMP traps (events), MIB definition file loaded to CA system.
Problem:
In events list I don't see color severity and I see only OIDs, but not fields names described by MIB file.
Does anyone have any suggestions about that?
Problem is resolved. Problem was not in MIB file, but in SNMP trap sender: it was sent trap ID incorrect and of course CA spectrim don't recognize event.
I Used library Lextm.SharpSnmpLib. Function Messenger.SendTrapV2 has parameter called "enterprise". But you must don't provide enterpriseOID to this parameter, you need to provide TRAP ID (!!!). It's non sense, but it working!
Hi I am trying to understand SNMP trap mechanism, I referred http://docstore.mik.ua/orelly/networking_2ndEd/snmp/ch02_06.htm#enettdg-CHP-2-TABLE-8.html and I understood that there are two types Generic and enterprise, Now In My Java code, I want to capture description from specific OID,
// variable binding for Enterprise Specific objects, Severity (should be defined in MIB file)
pdu.add(new VariableBinding(new OID(trapOid), new OctetString("Major")));
Here, Instead of "Major", what should I specify to get the severity for that specific OID?
Any help would be higly appreciated
In general, the severity is not an attribute of an SNMP trap.
Usually the custom severity mapping is defined in vendor specific MIB file as variable binding of specific trap. Here is an example:
sysLogMessageSeverity OBJECT-TYPE
SYNTAX INTEGER {
emergency (0), --system is unusable
alert (1), --action must be taken immediately
critical (2), --critical conditions
error (3), --error conditions
warning (4), --warning conditions
notice (5), --normal but significant condition
informational (6), --informational messages
debug (7) --debug-level messages
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Severity level of the message"
::= { sysLogMibObjects 5 }
Please also note that most of modern NMSs allow the user to assign custom severity to any received SNMP traps based on user-defined rules.
The most widely used tool to do that is NetDecision TrapVision. Find out more at: http://netmechanica.com/products/?prod_id=1003
i used two ways before:
1. adding a severity variable to MIB and including it in any sent trap.
2. classifying events causing traps to Critical, Major, ... and assigning an enterprise trap id range to each type like: traps with ids in range (1,100) are Critical, traps with ids in range (101,200) are Major and...
I am trying to configure SNMP on Ubuntu 14.04. There is a step where I have to edit the community string along with sysLocation and sysContact but I am not sure what goes there. What are the sysLocation and sysContact objects in the snmpd.conf file and how I can get those values for my machine?
All SNMP devices share the following common configurable parameters:
sysLocation
sysContact
sysName
Read-write and read-only access
community strings (and frequently, a trap community string)
Trap destination
sysLocation is the physical location for the device being monitored. Its definition in RFC 1213 is:
sysLocation OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The physical location of this node (e.g., 'telephone closet,
3rd floor')."
::= { system 6 }
RFC 1213's definition of sysContact is similar to that of sysLocation:
sysContact OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The textual identification of the contact person for this managed
node, together with information on how to contact this person."
::= { system 4 }
sysContact is a DisplayString. It's fairly obvious what it's used for: it identifies the primary contact for the device in question. It is important to set this object with an appropriate value, as it can help your operations staff determine who needs to be contacted in the event of some catastrophic failure. You can also use it to make sure you're notified, if you're responsible for a given device, when someone needs to take your device down for maintenance or repairs. As with sysLocation, make sure to keep this information up to date as your staff changes. It's not uncommon to find devices for which the sysContact is someone who left the company several years ago.
source: http://docstore.mik.ua/orelly/networking_2ndEd/snmp/ch07_01.htm
SysLocation and SysContact are simply arbitrary SNMP string variables that are part of SNMPV2-MIB and can be fetched with SNMP get.
OID 1.3.6.1.2.1.1.4 == SysContact
OID 1.3.6.1.2.1.1.6 == SysLocation
Most sites I have been involved with use SysLocation as a decription of the location of the SNMP managed network device, and SysContact as the contact details of somebody who is in some way responsible for the device.
Warning: SysContact also has a habit of becoming out of date without being modified when staff changes.
To get sysContact using snmpget command line:
snmpget -v1 -c public localhost system.sysContact.0
where "public" is your community string, and "localhost" is the ip address of the machine you want to send the SNMP query to.
These values are defined by the administrator. Common formats include:
syslocation Rack, Room, Building, City, Country [GPSX,Y]
syscontact Your Name <your#email.address>
If all the equipment you monitor is in the same country you can use the format google maps uses: "street, city, state zip". For example searching google maps for the white house returns:
1600 Pennsylvania Ave NW, Washington, DC 20500
syslocation is often used my monitoring applications to generate visual maps.
I am writing a MIB and a SNMP agent. I seem to be confused by an apparent conflict between DISPLAY-HINT and UNITS. Is it better for a NMS to have a DISPLAY-HINT, or knowledge of the UNITS?
The background for this question is as follows: One object in the MIB is mPowerVoltage:
FixedDiv10 ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d-1"
STATUS current
DESCRIPTION "Fixed point, one decimal"
SYNTAX Integer32
mPowerVoltage OBJECT-TYPE
SYNTAX FixedDiv10
UNITS "V/10"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Power Voltage in desiVolts"
::= { mPowerEntry 2 } -- an entry in a table with integer index
Actual transfer "on the wire" of the value I understand, for instance 10.8 V is transferred as 108 in an Integer32. And this is my motivation to set UNITS as "V/10" and describe the object as Power Voltage in desiVolts. However, when I use snmpget I get:
snmpget -c public -v 1 -m -MY-MIB 192.168.1.3 mPowerVoltage.1
MY-MIB::mPowerVoltage.1 = INTEGER: 10.8 V/10
which is indeed what I specified, but is clearly wrong.
But I can hardly change the UNITS to "V"? Hence the question, should I remove the DISPLAY-HINT, or should I remove the UNITS?
Baard
As I understand it, they're two diferent things, so neither takes precidence.
DISPLAY-HINT tells the caller how to place the decimal point - so in your example it prints out an "on-the-wire" value of 108 as 10.8.
UNITS is just a bit of text that gets appended after the number, exactly as you typed it. In this case you should definitely change the units to "V" because you've told the caller to display the number in V by dividing it by 10.
It does seem a bit inconsistent that one is part of the textual convention, while the other is part of the object definition, however.