How to translate SNMP "enterpriseSpecific trap" number to full OID? - snmp

I'm currently using net-snmp snmptranslate to translate the EnterpriseOID of
the traps received by my custom coded trap receiver using the following command:
snmptranslate -M. -mALL .1.3.6.1.2.1.39.2.2
Now, I am receiving SNMP v1 traps with
generic = enterpriseSpecific (6)
so I need to decode the specific trap number, e.g. 10003 to the 'full numeric' OID. Is there a way to do this using snmptranslate? I already have the MIB file associated with the traps.

I found out that I can convert an SNMP v1 specific number to OID using combining the enterprise OID, with a 0, followed by the specific trap number, e.g.
EnterpriseOID + '0' + SpecificTrap

Related

How to implement SET and TRAP in agent side with pysnmp?

I have implemented a SNMP Agent using pysnmp based on this example. This example demonstrates SNMP GET and GETNEXT queries. But I have found no pointer how can I implement SNMP SET and TRAP on top of this code. Examples I have found for SET and TRAP are completely different implementation. How can I implement SNMP SET and TRAP on top of this code?
Assuming you want to combine SNMP CommandResponder (which you have already implemented) with SNMP NotificationReceiver, look at this example. You basically can join both examples within the same Python module around a single I/O loop (e.g. transport dispatcher).
However, typically, NotificationReceiver resides at the NMS while CommandResponder is SNMP agent running inside the managed software/device.
Supporting SNMP SET within your existing code would require refactoring the way how your MIB objects are stored. With current example they are kept in a non-writeable storage (tuple) and the MIB objects are not designed to change their stored value (they return a constant). So you need to change that one way or the other.
Otherwise supporting SNMP SET is simple - just add condition like this:
...
elif reqPDU.isSameTypeWith(pMod.SetRequestPDU()):
for oid, val in pMod.apiPDU.getVarBinds(reqPDU):
if oid in mibInstrIdx:
# put your MIB instrumentation update code here
# smith like this, but not exactly:
mibInstrIdx[oid] = mibInstrIdx[oid].clone(val)
varBinds.append((oid, mibInstrIdx[oid](msgVer)))
else:
# No such instance
varBinds.append((oid, val))
pendingErrors.append(
(pMod.apiPDU.setNoSuchInstanceError, errorIndex)
)
break
into your cbFun.

Anything wrong with this trap message?

I am using this Linux command to send snmp v2c traps.
snmptrap -m ./ibmConvergedPowerSystems.mib -v 2c -c public 127.0.0.1 0 IBM-CPS-MIB::problemTrap cpsSystemSendTrap s "This is a test"
I am receiving this.
The way I am reading it is that it's got 3 OIDs.
sysUpTime oid (".1.3.6.1.2.1.1.3.0") - which is 0.
snmpTrapOID (".1.3.6.1.6.3.1.1.4.1.0") - which contains OID for this -> http://www.oidview.com/mibs/2/IBM-CPS-MIB.html
Enterprise specific trap with data (data for IBM-CPS-MIB).
Did I get it right?
Only thing I care about is #3. Is there a way to modify the command to get rid of the other two OIDs. Or v2c trap will always have the first two?
This is pretty normal Enterprise specific SNMP notification. The type of this notification (PDU format) is TRAPv2. This trap contains 3 varbinds. The first two are required by RFC1448. So you cannot get rid of them.
The first varbind snmpTrapOID.0 is the actual Object Identifier (OID) that identifies the type of Trap.
The second varbind sysUptime.0 is from RFC1213 (MIB-2). Basically it is the time since device was last rebooted.
I would add .0 to cpsSystemSendTrap as it is a scalar object.

How to define Severity in SNMP?

Hi I am trying to understand SNMP trap mechanism, I referred http://docstore.mik.ua/orelly/networking_2ndEd/snmp/ch02_06.htm#enettdg-CHP-2-TABLE-8.html and I understood that there are two types Generic and enterprise, Now In My Java code, I want to capture description from specific OID,
// variable binding for Enterprise Specific objects, Severity (should be defined in MIB file)
pdu.add(new VariableBinding(new OID(trapOid), new OctetString("Major")));
Here, Instead of "Major", what should I specify to get the severity for that specific OID?
Any help would be higly appreciated
In general, the severity is not an attribute of an SNMP trap.
Usually the custom severity mapping is defined in vendor specific MIB file as variable binding of specific trap. Here is an example:
sysLogMessageSeverity OBJECT-TYPE
SYNTAX INTEGER {
emergency (0), --system is unusable
alert (1), --action must be taken immediately
critical (2), --critical conditions
error (3), --error conditions
warning (4), --warning conditions
notice (5), --normal but significant condition
informational (6), --informational messages
debug (7) --debug-level messages
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Severity level of the message"
::= { sysLogMibObjects 5 }
Please also note that most of modern NMSs allow the user to assign custom severity to any received SNMP traps based on user-defined rules.
The most widely used tool to do that is NetDecision TrapVision. Find out more at: http://netmechanica.com/products/?prod_id=1003
i used two ways before:
1. adding a severity variable to MIB and including it in any sent trap.
2. classifying events causing traps to Critical, Major, ... and assigning an enterprise trap id range to each type like: traps with ids in range (1,100) are Critical, traps with ids in range (101,200) are Major and...

Format of snmpwalk instruction

I'm working with SNMP and was given a command to use. However, I'm trying to break it down into its components so I can understand if I need to change anything. I've found documentation on pretty much everything except for the last part.
The command has this structure:
snmpwalk -v 2c -c communityname address.com .1
From my understanding the meaning of this structure is:
snmpwalk - command
-v 2c - specifies that the version is 2c, options are 1, 2c, 3
-c communityname - specifies the community name, which is like a password to an extent
address.com - the address of the computer in question
.1 - What is this ? I can't seem to find much documentation on it.
man snmpwalk and snmpwalk -h should give you the info you need on the various parameters.
The .1 is the OID and it is an optional parameter to that command, and it pinpoints a point in the hierarchical SNMP MIB on the SNMP agent host. The walk will retrieve all OIDs "below" that point.
Have a read at http://www.net-snmp.org and get a SNMP book to learn about SNMP and MIBs and OIDs; but quoting from SNMP wikipedia article:
SNMP itself does not define which information (which variables) a
managed system should offer. Rather, SNMP uses an extensible design,
where the available information is defined by management information
bases (MIBs). MIBs describe the structure of the management data of a
device subsystem; they use a hierarchical namespace containing object
identifiers (OID). Each OID identifies a variable that can be read or
set via SNMP.
EDIT: Here is image to show the OID tree with ".1" i.e. ISO just below the root.

What snmp OID should I watch to see if my printers and switches is up an running

I am new to snmp, and I am trying to figure out what OID's I should get/trap to see if my printers, switches (and servers) is running? I do not need to know the details - just a simple test. I have successfully med get, getbulk, (and walk) request from a device, both from bash and iReasoning MIB browser.
Edit:
Maybe the
.1.3.6.1.2.1.1.3.0
Name/OID: sysUpTime.0; Value (TimeTicks): 194 hours 43 seconds (69844352)
is used for just that!? What happens when something is wrong? -will this be reset immediately? -or will it just stop counting? or is it just the time since last power on?
Printers
You should use the Printer MIBv2 to monitior printer error status for jams...
hrPrinterDetectedErrorState reports printer errors such as low toner, jams, etc... the RFC contains details on what specific codes mean
hrDeviceStatus will reveal the big picture ability of the printer to handle tasks. For more info, see Printer MIBv2, Section 2.2.13.2
sysUpTime.0 is an OID that reports the time a system's SNMP stack has been up (reference RFC 1213: MIB-II). If this value is returned and incrementing, it's a 99% safe bet that a printer is up. Most people use sysUpTime to detect whether the device has rebooted for some reason; if that happens, you'll see a sudden decrease in sysUpTime.0, unless your last value was around 248 days (where a 32-bit counter would roll).
Ethernet Switches
Checking the basic health of ethernet switches is usually done with checks to sysDescr.0 or sysUpTime.0; the problem with this heuristic comes if you care about the up/down status of particular links... at that point, you need to check values from ifOperStatus, which is indexed by ifIndex and uses interface names from ifName. See the following examples...
[mpenning#Hotcoffee ~]$ ## Walk ifName correlated to ifIndex
[mpenning#Hotcoffee ~]$ snmpwalk -v 2c -c Public 172.25.116.6 .1.3.6.1.2.1.31.1.1.1.1
iso.3.6.1.2.1.31.1.1.1.1.1 = STRING: "Fa0/0"
iso.3.6.1.2.1.31.1.1.1.1.2 = STRING: "Nu0"
[mpenning#Hotcoffee ~]$ ## Walk ifOperStatus (up==1)
[mpenning#Hotcoffee ~]$ snmpwalk -v 2c -c Public 172.25.116.6 .1.3.6.1.2.1.2.2.1.8
iso.3.6.1.2.1.2.2.1.8.1 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.8.2 = INTEGER: 1
[mpenning#Hotcoffee ~]$
Thus we know from the example that both interface "Fa0/0" (index: 1) and "Nu0" (index: 2) have an ifOperStatus of "up"; the index value is the last integer returned in the OID of the results.
Scripting
I assume you will use bash for your monitoring scripts; if so, check out Net-SNMP for your SNMP manager

Resources