Send SNMP Trap action parameters
Default event and incident varbind lists
To check what ENA has forwarded
To generate an ENA MIB for trap receivers
You can forward SNMP traps generated from ENA events and incidents to third party trap receivers. ENA trap forwarding can be used to provide two-way integrations with any third party software that can handle SNMP trap data.
To forward SNMP traps:
You can configure EMS to forward SNMP traps through the Send SNMP Trap action:
- forward incidents by associating the Send SNMP Trap action to a global trigger or to triggers defined against selected incidents.
- forward events by associating the Send SNMP Trap action to rules.
ENA determines whether it is forwarding an event or an incident as a trap, and uses the relevant varbind list when building the trap.
To forward incidents as SNMP traps:
The following example forwards incidents with an event severity level of Information or greater, and on any change to the incident status. Depending on the capabilities of the receiving trap software, this can be used to track the opening and closing of incidents. This example uses a new global trigger, and forwards to the trap receiver 10.44.1.157.
- Click Main Menu and then Administration.
- On the Administration page, click Event Administration.
- On the Event Administration page, click the Incidents tab.
- Click Edit Global Triggers at the bottom of the window.
- This will open the Edit Global Triggers window. Click Add.
- This will open the Create Trigger window. Complete the Name and Description fields as appropriate.
- Ensure that the On Transition To dropdown field is set to Any Change.
- Set Condition to None.
- In the Action Steps section, click Add.
- This will open the Add Test window. In the Type dropdown field, select 'Send SNMP Trap'.
- Set the host parameter to the IP address of the receiving software. You must enter the IP address in quotes, e.g. "10.44.1.157".
- Click OK to save and close the Action Step.
- Click OK to save and add the trigger.
- Save the event project by clicking the Save icon in the top right of the browser.
To forward events as SNMP traps:
The following example forwards events in the Madrid View, with an event severity level greater than Information, and using a new rule added to the Pre Storage > Initial Filtering processing stage. It will forward events to the trap receiver 10.44.1.157.
- On the Administration page, click Event Administration.
- On the Event Administration page, click the Rules tab.
- In the tree on the left, expand Pre Storage and then click Initial Filtering.
- Click Add Rule.
This will open the Add Rules window. - Ensure Type is set to Generic, and tick the enabled box.
- Enter an appropriate Name and Description.
- Set Condition to All tests must succeed, and then add the following tests:
- Event Severity Test with the Expression set to Minor or higher.
- View Membership Test with the View set to the required View, e.g. Madrid.
- Event Severity Test with the Expression set to Minor or higher.
- In the Action Steps section, add the Send SNMP Trap action, and set the host value to the IP address of the receiving software. You must enter the IP address in quotes, e.g. "10.44.1.157".
- Click OK to add the new rule to the Initial Filtering processing stage.
- Save the event project by clicking the Save icon in the top right of the browser.
Send SNMP Trap action parameters:
The Send SNMP Trap action is implemented through a Groovy Script. You must amend the script parameters to match the requirements of successfully sending traps to the trap receiver.
Parameter | Description |
---|---|
host | resolved hostname or IP address of the receiving third-party software. |
port | trap-receiving port of the receiving third-party software. This is provided as a string (even though it is a number), and therefore must be enclosed within quotes. |
version | SNMP trap version, i.e. 1, 2, or 3. |
community | SNMPv1/2c setting. Read community string. |
username | SNMPv3 setting. Security username. |
authProtocol |
SNMPv3 setting. There are 3 levels of authentication, specifying the authentication protocol:
|
authPassword | SNMPv3 setting. Authentication password required when authProtocol is set to 'MD5' or 'SHA'. The password must be at least 8 characters long. The parameter value must be enclosed in quotes, so the minimum entered length is 10 characters. |
privProtocol |
SNMPv3 setting. There are 3 levels of authentication, specifying the privacy protocol:
|
privPassword | SNMPv3 setting. Encryption password required when privProtocol is set to 'DES' or 'AES'. The password must be at least 8 characters long. The parameter value must be enclosed in quotes, so the minimum entered length is 10 characters. |
extraVarbinds | Applicable to ENA v17.0 P08 upwards. Set extraVarbinds to a map of values with OIDs and indices that will then be appended to the end of the frowarded SNMP trap data, e.g. ["1.3.6.1.4.1.2626.300.1":"hello world", "1.3.6.1.4.1.2626.300.2",7777] |
SNMPv3 traps require an engine identifier, and by default Entuity uses its server identifier (which is available in entuity.cfg from server.id). You can override this default value through the entuity.cfg setting events.engineIdOverwrite. The new value must be a hexadecimal string that only uses the symbols 0-9 and A-F, and is at least 5 bytes long but no more than 32 bytes.
When you associate the action to a rule or trigger, you can amend the parameter values used with that rule or trigger. You cannot amend the parameter type or change the varbinds. The action definition must include the address of the receiving software.
Default event and incident varbind lists:
The Send SNMP Trap action includes a default list of varbinds. Entuity identifies whether the trap that is being generated is based on an event or incident, and then selects the relevant event or incident list of varbinds. If you want to add custom varbinds to these SNMP traps, please contact Entuity Professional Services.
Each varbind has the following attributes:
- Object Identifier (OID), the object identifier that identifies the MIB instance.
- Data Type, the default varbinds are either Integer32 or String.
- Value, the value of the MIB instance.
The below table lists the default varbinds:
Default Varbinds | Description |
---|---|
eDescription | description of the event. |
eDetails | event name. |
eNumHigh | the higher 32 bits of the generated unique event number. |
eNumLow | the lower 32 bits of the generated unique event number. |
eObjectSummaryURL | URL of the object. It links to the object summary page on the Entuity server. |
eSeverity | event severity level. |
eTypeIDHigh | the higher 32 bits of the type identifier of the event. |
eTypeIDLow | the lower 32 bits of hte type identifier of the event. |
iNumHigh | the higher 32 bits of the generated unique incident number. |
iNumLow | the lower 32 bits of the generated unique incident number. |
iTypeIDHigh | the higher 32 bits of the type identifier of the incident. |
iTypeIDLow | the lower 32 bits of the type identifier of the incident. |
iDescription | description of the incident. |
iDetails | name of the incident. |
iLastUpdateTime | timestamp the incident was last updated. |
impactDescr | impacted object. |
iObjectSummaryURL | URL of the object. It links to the object Summary dashboard. |
iOpenTime | timestamp the incident was first opened. |
iSeverity | severity of the incident. |
objCompID | internal object identifier. |
objDescr | object this incident happens on - can be a port, a device or a service. |
objServerID | Entuity server identifier. |
objSWID | internal StormWorks identifier. |
Entuity internal identifiers are 64-bit integers. However, the MIB only supports 32-bit integers. Therefore, Entuity forwards each 64-bit integer as two separate high and low varbinds, e.g. eNumHigh and eNumLow.
To check what Entuity has forwarded:
The action steps of the Send SNMP Trap action are implemented through Groovy Script. To check the traps Entuity is forwarding, check the Groovy Script log file, entuity_home\log\groovyEvents.log.
Each line in the log file reports on the success or failure of forwarding an event or incident, e.g.:
03/23/2015 18:16:16 Forward 'Device Not Responding to SNMP' as SNMP trap to 10.44.1.157:162 SUCCEEDED
03/23/2015 18:17:31 Forward 'Device Average CPU Utilization High' as SNMP trap to 10.44.1.157:162 SUCCEEDED
By default, log entries are chronologically ordered, the event or incident named, the receiving software clearly identified, and the success of the operation detailed.
To generate an Entuity MIB for trap receivers:
For third party trap receiver to handle traps sent to it by Entuity, the trap receiver must recognize the trap's object identifiers (OIDs). You must therefore load an Entuity MIB that details Entuity events and incidents to the trap receiver.
Entuity MIBs are derived from the selected event project. An Entuity MIB includes:
- one trap definition for each event in the event project.
- two trap definitions (update and close) for each incident in the event project.
If you update the event project with new incidents or events that you want to forward as SNMP traps, then you must generate a new Entuity MIB file and load it to the trap receiver.
- Click Main Menu and then Administration.
- Click Event Administration. This will open the Event Administration page.
- Click View all projects. This will open the Project History page.
- From the list of event projects, highlight the project you want to use to generate the Entuity MIB, and then click Generate MIB at the bottom of the page.
Entuity will then generate a MIB file called entuity-[project id].mib. You can then open or download the MIB file, and then install the MIB file to the third party trap receiver.
Comments
0 comments
Please sign in to leave a comment.