Anything wrong with this trap message? - snmp

I am using this Linux command to send snmp v2c traps.
snmptrap -m ./ibmConvergedPowerSystems.mib -v 2c -c public 127.0.0.1 0 IBM-CPS-MIB::problemTrap cpsSystemSendTrap s "This is a test"
I am receiving this.
The way I am reading it is that it's got 3 OIDs.
sysUpTime oid (".1.3.6.1.2.1.1.3.0") - which is 0.
snmpTrapOID (".1.3.6.1.6.3.1.1.4.1.0") - which contains OID for this -> http://www.oidview.com/mibs/2/IBM-CPS-MIB.html
Enterprise specific trap with data (data for IBM-CPS-MIB).
Did I get it right?
Only thing I care about is #3. Is there a way to modify the command to get rid of the other two OIDs. Or v2c trap will always have the first two?

This is pretty normal Enterprise specific SNMP notification. The type of this notification (PDU format) is TRAPv2. This trap contains 3 varbinds. The first two are required by RFC1448. So you cannot get rid of them.
The first varbind snmpTrapOID.0 is the actual Object Identifier (OID) that identifies the type of Trap.
The second varbind sysUptime.0 is from RFC1213 (MIB-2). Basically it is the time since device was last rebooted.
I would add .0 to cpsSystemSendTrap as it is a scalar object.

Related

How to show fieldnames and severity in SNMP CA Spectrum?

Conditions:
CA Console spectrum server receives SNMP traps (events), MIB definition file loaded to CA system.
Problem:
In events list I don't see color severity and I see only OIDs, but not fields names described by MIB file.
Does anyone have any suggestions about that?
Problem is resolved. Problem was not in MIB file, but in SNMP trap sender: it was sent trap ID incorrect and of course CA spectrim don't recognize event.
I Used library Lextm.SharpSnmpLib. Function Messenger.SendTrapV2 has parameter called "enterprise". But you must don't provide enterpriseOID to this parameter, you need to provide TRAP ID (!!!). It's non sense, but it working!

Format of snmpwalk instruction

I'm working with SNMP and was given a command to use. However, I'm trying to break it down into its components so I can understand if I need to change anything. I've found documentation on pretty much everything except for the last part.
The command has this structure:
snmpwalk -v 2c -c communityname address.com .1
From my understanding the meaning of this structure is:
snmpwalk - command
-v 2c - specifies that the version is 2c, options are 1, 2c, 3
-c communityname - specifies the community name, which is like a password to an extent
address.com - the address of the computer in question
.1 - What is this ? I can't seem to find much documentation on it.
man snmpwalk and snmpwalk -h should give you the info you need on the various parameters.
The .1 is the OID and it is an optional parameter to that command, and it pinpoints a point in the hierarchical SNMP MIB on the SNMP agent host. The walk will retrieve all OIDs "below" that point.
Have a read at http://www.net-snmp.org and get a SNMP book to learn about SNMP and MIBs and OIDs; but quoting from SNMP wikipedia article:
SNMP itself does not define which information (which variables) a
managed system should offer. Rather, SNMP uses an extensible design,
where the available information is defined by management information
bases (MIBs). MIBs describe the structure of the management data of a
device subsystem; they use a hierarchical namespace containing object
identifiers (OID). Each OID identifies a variable that can be read or
set via SNMP.
EDIT: Here is image to show the OID tree with ".1" i.e. ISO just below the root.

SNMP OID for getting manufacturer serial number with SNMP version 1

I'm unable to get the manufacturer serial number when I do an SNMP get on an OID .2.47.1.1.1.1.11.1.0. If I do an snmpget with the below command on the OID with the command:
snmpget -v1 -c public 192.168.4.99 .2.47.1.1.1.1.11.1.0
I get the message:
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: joint-iso-ccitt.47.1.1.1.1.11.1.0
I did search on google for the possible cause of error by going to this SO thread as it is caused by missing the instance subidentifier.
I performed an SNMPtranslate for the OID and I got the below string joint-iso-ccitt.47.1.1.1.1.11.1.0.
And when I performed an snmpwalk on the OID by the below command i get the message as END OF MIB.
snmpwalk -v1 -c public 192.168.4.1 .2.47.1.1.1.1.11.1.0
Please let me know where I'm going wrong and let me know the exact generic OID to get the manufacturers serial number.
Who tells you the OID is .2.47.1.1.1.1.11.1.0?
Seriously speaking, a normal OID starts with .1, except .0.0 which is very special.
If you start with walking the top of the MIB tree, you'll soon find out which variables your equipment supports:
snmpwalk -v1 -c public -Ont 192.168.4.1 .1
Remove the "-Ont" to get translated names, where possible, instead of the fully numeric OIDs.
If you're looking for vendor-independent data, you could look into a MIB that most equipment supports, SNMPV2-MIB:
http://www.ietf.org/rfc/rfc3418.txt
However, you'll find it does not contain any serial number variable. Most vendors provide a vendor-specific (or product-specific) MIB which will define, among other things, serial number. However, like most things in SNMP, it's entirely up to each vendor which MIBs they choose to implement.

What snmp OID should I watch to see if my printers and switches is up an running

I am new to snmp, and I am trying to figure out what OID's I should get/trap to see if my printers, switches (and servers) is running? I do not need to know the details - just a simple test. I have successfully med get, getbulk, (and walk) request from a device, both from bash and iReasoning MIB browser.
Edit:
Maybe the
.1.3.6.1.2.1.1.3.0
Name/OID: sysUpTime.0; Value (TimeTicks): 194 hours 43 seconds (69844352)
is used for just that!? What happens when something is wrong? -will this be reset immediately? -or will it just stop counting? or is it just the time since last power on?
Printers
You should use the Printer MIBv2 to monitior printer error status for jams...
hrPrinterDetectedErrorState reports printer errors such as low toner, jams, etc... the RFC contains details on what specific codes mean
hrDeviceStatus will reveal the big picture ability of the printer to handle tasks. For more info, see Printer MIBv2, Section 2.2.13.2
sysUpTime.0 is an OID that reports the time a system's SNMP stack has been up (reference RFC 1213: MIB-II). If this value is returned and incrementing, it's a 99% safe bet that a printer is up. Most people use sysUpTime to detect whether the device has rebooted for some reason; if that happens, you'll see a sudden decrease in sysUpTime.0, unless your last value was around 248 days (where a 32-bit counter would roll).
Ethernet Switches
Checking the basic health of ethernet switches is usually done with checks to sysDescr.0 or sysUpTime.0; the problem with this heuristic comes if you care about the up/down status of particular links... at that point, you need to check values from ifOperStatus, which is indexed by ifIndex and uses interface names from ifName. See the following examples...
[mpenning#Hotcoffee ~]$ ## Walk ifName correlated to ifIndex
[mpenning#Hotcoffee ~]$ snmpwalk -v 2c -c Public 172.25.116.6 .1.3.6.1.2.1.31.1.1.1.1
iso.3.6.1.2.1.31.1.1.1.1.1 = STRING: "Fa0/0"
iso.3.6.1.2.1.31.1.1.1.1.2 = STRING: "Nu0"
[mpenning#Hotcoffee ~]$ ## Walk ifOperStatus (up==1)
[mpenning#Hotcoffee ~]$ snmpwalk -v 2c -c Public 172.25.116.6 .1.3.6.1.2.1.2.2.1.8
iso.3.6.1.2.1.2.2.1.8.1 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.8.2 = INTEGER: 1
[mpenning#Hotcoffee ~]$
Thus we know from the example that both interface "Fa0/0" (index: 1) and "Nu0" (index: 2) have an ifOperStatus of "up"; the index value is the last integer returned in the OID of the results.
Scripting
I assume you will use bash for your monitoring scripts; if so, check out Net-SNMP for your SNMP manager

How to translate SNMP "enterpriseSpecific trap" number to full OID?

I'm currently using net-snmp snmptranslate to translate the EnterpriseOID of
the traps received by my custom coded trap receiver using the following command:
snmptranslate -M. -mALL .1.3.6.1.2.1.39.2.2
Now, I am receiving SNMP v1 traps with
generic = enterpriseSpecific (6)
so I need to decode the specific trap number, e.g. 10003 to the 'full numeric' OID. Is there a way to do this using snmptranslate? I already have the MIB file associated with the traps.
I found out that I can convert an SNMP v1 specific number to OID using combining the enterprise OID, with a 0, followed by the specific trap number, e.g.
EnterpriseOID + '0' + SpecificTrap

Resources