Receiving generic and spanning tree traps
To import MIBs to the Entuity server
To load MIB definitions
To view imported trap definitions
To unload MIB definitions
To delete MIB definitions
To export MIB definitions
To discard traps from unmanaged devices
To configure an Entuity server to receive SNMPv3 informs
To forward SNMP traps to third party trap receivers
To handle SNMPv3 traps from non-managed devices
To handle SNMP trap port conflicts
Entuity trap management can receive and manage SNMPv1, SNMPv2c and SNMPv3 traps and inform requests. Entuity receives these traps using prologV2 and delivers them to the event management system (EMS).
The EMS performs a series of checks on each received trap:
- it checks for six generic and two spanning tree traps and maps them to Entuity events, e.g. Link Up
and Link Down traps respectively map to the Port Link Up and Port Link Down events. - it checks whether a trap definition loaded to the active event project of the Event Management
System.
Traps that are not mapped to an event are raised as Unknown Trap events and incidents.
When a check is successful, Entuity raises an appropriate event:
- traps from managed devices are displayed as events against those devices. These events are only visible in Views to which the devices belong.
- traps from unmanaged devices are displayed in all Views, with the exception of Views that have modified IP content filters that exclude the trap source IP addresses. You can also use the Discard Unknown Trap rule to discard traps from unknown devices. Entuity performs additional checks when handling SNMPv3 traps from unmanaged devices.
Receiving generic and spanning tree traps:
Entuity's first check on receiving a trap is to test whether it is one of the 8 traps for which it has mapped events and associated incidents:
- 6 standard traps:
Generic Trap Trap Name Trap OID Mapped Entuity Event 0 Cold Start 1.3.6.1.6.3.1.1.5.1 Device Cold Reboot 1 Warm Start 1.3.6.1.6.3.1.1.5.2 Device Warm Reboot 2 Link Down 1.3.6.1.6.3.1.1.5.3 Port Link Down 3 Link Up 1.3.6.1.6.3.1.1.5.4 Port Link Up 4 Authentication Failure 1.3.6.1.6.3.1.1.5.5 SNMP Authentication Failure 5 EGP Neighbor Loss 1.3.6.1.6.3.1.1.5.6 EGP Neighbor Loss
- 2 spanning tree traps:
Trap Name Trap OID Mapped Entuity Event Spanning tree root change 1.3.6.1.2.1.17(1) STP New Root Device Spanning tree topology change 1.3.6.1.2.1.17(2) STP VLAN Topology Change
When there is a match, Entuity generates the appropriate mapped event.
To define events for traps:
Please see this article for further help and information on managing MIB files and MIB definitions in Entuity.
To view the MIBs loaded to the Entuity server:
For Entuity to handle a trap, the MIB with the trap definition must be imported to the Entuity server. From this, the events and rules defined for the traps should be added to the live event management system event project.
As part of the import process, Entuity can automatically generate events and rules associated with the trap definitions in the MIB. You can amend, add to, and delete these rules and events. The trap management configuration is applied through the event project. Only when the event project with your trap management configuration is saved and deployed is that configuration available for use.
- In the Main Menu, click Administration.
- Click Event Administration. This opens the Event Administration page.
- Click the Traps tab. This page displays a tree list of all MIBs loaded to the server and a
table which details all loaded trap definitions.
To import MIBs to the Entuity server:
In order for Entuity to interpret incoming traps, you must load the appropriate MIBs with their trap definitions to the server. Entuity is shipped with a set of IETF and IANA MIB files (RFC-1212, RFC-1215, RFC1155-SMI, RFC1158-MIB, RFC1213-MIB and SNMPv2-SMI MIBs) in the MIBs directory which are available for you to load (parse). You can augment these by importing additional MIBs with trap definitions.
- Navigate to the Traps tab on the Event Administration page.
- Click Manage MIBs in the bottom left of the browser.
This will open the Manage MIBS window.
- Click Import, and navigate to the folder containing the MIB to import it to the server.
When you have access to the Entuity server, you can also directly upload all the MIB files to the MIB folder, which by default is entuity_home\lib\mibs.
To load MIB definitions:
When you have imported MIBs to the Entuity server, you can then also load (parse) them on the Entuity server. These loaded MIBs are then available through the EMS for use within event management projects. You can configure the import process to create custom events and rules for each trap definition as Entuity parses the MIBs, these events and rules are added to the event project that you are currently editing.
Entuity reports on the progress of the MIB loading:
- When it fails, e.g. there is an error in the MIB or if it has no object definitions:
File IPV6-TC failed to parse. (1 of 1 mibs processed)
File IPV6-TC has no object definitions - When it s,ucceeds and you selected the creation of custom events for the use with trap definitions, it reports the created custom events, for example:
File BGP4-MIB successfully parsed. (1 of 1 mibs processed)
Added custom events: bgpEstablishedNotification bgpBackwardTransNotification bgpEstablished bgpBackwardTransition
It also warns of any MIB substitutions, for example:
Warning: in C:\Entuity\lib\mibs\SNA-NAU-MIB: line 60:
missing import for 'mib-2', using definition from SNMPv2-SMI
When you have access to the Entuity server you can also directly upload MIBs parsed on one Entuity server to the loaded MIBs folder of another. The default folder for loaded MIBs is entuity_home\lib\mibs\parsed. To set up the receiving server with the same configuration as the original server would also require the importing of the event project from the original to the new server. The event project contains the rules, events and incidents to use with the traps.
To load MIBs to the Entuity server:
- Navigate to the Traps tab on the Event Administration page.
- Click Manage MIBs in the bottom left of the browser. This will open the Manage MIBS window.
- Check the Create Rules and Events from Trap Definitions box at the bottom of the window. When checked, Entuity will automatically create the trap processing rules and custom events to be used to handle the traps.
- From the list of MIBs in the main table, select the MIB or MIBs to load (select multiple using Ctrl or Shift) and click Load.
- Entuity will then report on the success or failure of each operation. Entuity will update the Loaded state of each successful load to Yes and in parenthesis include the MIB object name.
To view imported trap definitions:
- Navigate to the Traps tab of the Event Administration page. This displays a tree list of all MIBs loaded to the server and a table which details all loaded trap definitions.
- You can expand the All MIBS tree, highlight a MIB and view the traps imported for that MIB.
- Select the trap definition and click Details. This opens the Trap Definition Details window. The trap definition details are as follows:
Attribute Definition Trap Definition name of the trap. OID Trap Object Identifier (OID). An example OID is 1.3.6.1.4.1.2626.1.1.0.2, where:
-1.3.6.1.4.1.2626.1.1 is the enterprise OID.
-0 is the trap identifier, signified. 0 is always the enterprise trap identifier.
Description description of the trap. Varbind Details details of the varbinds included to the trap:
-Name, name of the varbind.
-TrapOid, trap OID associated to the varbind.
-Description, description imported with the trap definition.
-Type, type of variable together with legitimate values.
Enumerated and Bits Types identifies named values, e.g. when the varbind has a Type of Enum, this row:
-Name, identifies the trap definition referred to.
-Named Values identifies the enumerated values.
To unload MIB definitions:
Unloading a MIB deletes the parsed MIB from the parsed MIB folder, and therefore makes it unavailable through the event management system. Unloading a MIB does not remove any rules associated with the trap or custom events from the event project, because rules and events may potentially be shared by more than one MIB or trap definition.
Unloading a MIB does not update the event project, but Entuity does outline any events and rules within the event project that are affected by the removal of the MIB. If you delete rules and custom events associated with the MIB, this does change the event project, which you have to save then deploy for those changes to apply to the EMS.
- Navigate to the Traps tab on the Event Administration page.
- Click Manage MIBs in the bottom left of the browser. This will open the Manage MIBS window.
- From the list of MIBs in the main table, select the MIB or MIBs to unload (select multiple using Ctrl or Shift) and click Unload. Entuity will then delete the parsed MIBs from entuity_home/lib/mibs/parsed.
To delete MIB definitions:
Deleting a MIB will delete the following:
- the loaded MIB from the parsed MIB folder.
- the unparsed MIB files from the Entuity server.
- the trap definitions from the Event Management System.
Deleting a MIB does not remove any rules associated with the trap or custom events from event projects, because rules and events may potentially be shared by more than one MIB or trap definition.
Deleting a MIB does not update the event project, but Entuity does outline any events and rules within the event project that are affected by the removal of the MIB.
- Navigate to the Traps tab on the Event Administration page.
- Click Manage MIBs in the bottom left of the browser. This will open the Manage MIBS window.
- From the list of MIBs in the main table, select the MIB or MIBs to delete (select multiple using Ctrl or Shift) and click Delete.
- Click OK on the deletion confirmation. For the selected MIBs, Entuity will then delete:
- any parsed MIBS from entuity_home/lib/mibs/parsed.
- loaded MIBs from entuity_home/lib/mibs/.
To export MIB definitions:
You can export MIB files from the Entuity server, e.g. to import to another Entuity server:
- if you select one MIB, Entuity exports it as a single MIB file with the name of that MIB.
- if you select multiple MIBs, Entuity exports them as a single compressed file, named mibs.zip.
- Navigate to the Traps tab on the Event Administration page.
- Click Manage MIBs in the bottom left of the browser. This will open the Manage MIBS window.
- From the list of MIBs in the main table, select the MIB or MIBs to export (select multiple using Ctrl or Shift) and click Export. Entuity will then export the MIB file to the browser download directory. If you select to export:
- one MIB, it is exported as a single MIB file with the name of that MIB.
- multiple MIBs, they are exported as one compressed file named mibs.zip.
Custom events to handle traps:
When you load trap definitions you can configure EMS to automatically create trap processing rules and events associated with each trap. By default EMS sets events attributes as:
- Category to Custom. From the Events page you can sort on the Category column to group together all custom events.
- Name is set to the trap name.
- Severity is set to Information.
- Description is taken from the trap definition.
All of these attributes are configurable. You can also modify the associated rules and associate incidents.
To discard unknown traps:
If a trap is received and it is not one of the six generic traps or one of the two spanning tree traps, then by default Entuity will raise an Unknown Trap event and incident. The Unknown Trap incident has a default ageout of 2,400 seconds.
An Unknown Trap event contains the trap OID and arguments. However, the displayed Unknown Trap event varbinds are not interpreted according to their enumerated list, so the information within the trap is not easy to understand.
You can improve trap handling by creating custom events and incidents for the EMS to handle the trap. Trap processing interprets varbind values that rely on enumerated lists and displays varbind value names. Alternatively, you can prevent Entuity raising Unknown Trap events by activating the Discard Unknown Trap rule. By default, this rule is part of the Initial Filtering Pre Storage stage of event processing, the stage after the Trap Processing stage. It would therefore discard all Unknown Traps. To prevent Entuity from raising Unknown Traps:
- In the Main Menu, click Administration.
- Click Event Administration. This opens the Event Administration page.
- Click the Rules tab. Open the Pre Storage option on the left of the browser, and then open the Initial Filtering option.
- Select Discard Unknown Trap and click Edit.
This opens the Edit Rule window. - Check the enabled box in the top right of the window to activate the rule.
- Click OK to close the window, and then click the Save and deploy icon in the top right of the browser to save changes to the rule.
To discard traps from unmanaged devices and interfaces:
Entuity can handle traps from devices that are not under management. Entuity handles traps from unmanaged devices and interfaces in the same way as it handles traps from managed devices and interfaces.
Traps from unmanaged devices are displayed in all Views, unless a View has an IP address filter that would exclude the unmanaged device.
To find all traps from unmanaged devices:
- Create a View with no content.
- Create a content filter with the rule Source=Device.
To discard traps from unmanaged devices and interfaces:
- Go to the OTR section of entuity_home/etc/entuity.cfg. Here, you can control prologV2's default so that it excludes all traps from unmanaged devices and interfaces:
[OTR]
where:
suppressUnmanagedDevices=false
suppressUnmanagedInterfaces=false-
suppressUnmanagedDevices controls how Entuity handles unmanaged devices. When set to:
- false (default), Entuity handles traps from unmanaged devices.
- true, Entuity suppresses traps from unmanaged devices.
-
suppressUnmanagedInterfaces controls how Entuity handles unmanaged interfaces. When set to:
- false (default), Entuity handles traps from unmanaged devices.
- true, Entuity suppresses traps from unmanaged devices.
-
suppressUnmanagedDevices controls how Entuity handles unmanaged devices. When set to:
To configure an Entuity server to receive SNMPv3 informs:
You can configure Entuity to receive SNMPv3 informs from managed devices.
- Configure the device with the engineID of the Entuity server to which they are sending informs. You can find the Entuity server engineID near the beginning of the prologV2.log file, e.g.:
... INFO:(prologV2.cpp)Local engineID: 80001F88044B5439544D50, reboot counter:112 - Configure the user account to receive informs by editing the <EYE_HOME>/etc/snmpV3.cfg file, e.g.:
-u myUser -a MD5 -AmyPass -x DES -XmyKey - Stop and restart the Entuity server.
- Configure devices so that they use the Entuity server's engineID, username, encryption and authentication details when sending informs.
To forward SNMP traps to third party trap receivers:
Please see this article for further help and information on how to forward SNMP traps to third party trap receivers.
Trap processing:
Trap handling is actioned through trap rules. Rules in the EMS are processed in the order that they are placed in the Rules tree. EMS rules are divided into two stages:
- Pre Storage - before incoming event details are saved to the events database.
- Post Storage - after event details are saved to the event database, but before details are saved to the incident database.
Traps is the first substage of the Pre Storage stage. Rules in this stage are therefore the first rules actioned. Please see this section for further help and information about trap rules.
Multi-server installations:
When you have multiple Entuity servers, you can set up one server with the required trap management configuration and export it to your other servers.
On the first server (the server from which you are going to export its trap management configuration):
- Import and load to the server the required MIBs and trap definitions.
- Define event types and trap processing rules for handling traps. You can configure EMS to create rules and events when traps are parsed.
- Amend, if required, the automatically generated rules and custom events.
- Create any required custom events, trap processing rules and incidents.
- When you have the event project configured ensure you have saved and deployed it.
- Export the event project. (See Import and Export Event Projects)
- Ensure the MIBs and parsed MIBs are available for you to add to subsequent servers.
The Entuity servers that will receive the trap management configuration must be set up in the same way as the original server:
- Copy the MIBs and parse to the receiving server. By default the
- MIBs are copied to entuity_home\lib\mibs.
- MIBs are parsed to entuity_home\lib\mibs\parsed.
When MIBs are added to the Entuity server in this way it only recognizes them after you
restart the server.
- Import the event project. (See Import and Export Event Projects)
- Deploy the newly imported event project.
To handle SNMPv3 traps from non-managed devices:
For SNMPv3 traps, Entuity checks that it manages the sending device, so that it can retrieve information required to read the trap. When Entuity does not manage the device, it performs a second check, this time on the SNMPv3 configuration file, snmpV3.cfg. To this file you should include details of all devices that Entuity does not manage but which send SNMPv3 traps that you want Entuity to handle. For each device you must include device name, device engine identifier and user name and, depending upon the level of security enabled, authentication and privacy password details.
Entuity discards SNMPv3 traps from devices which it either does not manage, or does not have an appropriate entry for in snmpV3.cfg.
To handle SNMP trap port conflicts:
By default, devices send and prologV2 listens for SNMP traps on UDP port 162. If you have installed Entuity on the same machine as another application that listens on port 162, there is a conflict. You can only have one application listening to port 162.
To resolve this conflict is a 2-stage process:
- Configure the command line utility trapsplit to listen for SNMP traps on UDP port 162 (this is the default; it can listen on any port). When run, it then forwards the traps to one or more specified ports.
- Change the port on which prologV2 listens for SNMP traps to the one that trapsplit is forwarding them to. This is done using the trapportnum variable set in entuity.cfg.
For example, consider that you have two conflicting applications and decide to use trapsplit to forward traps to UDP ports 2162 and 1162:
- Set trapsplit to listen on UDP port 162 for SNMP traps.
- Through its configuration file, specify the two new destinations on the same port, e.g. 2162 and 1162.
- Adjust the listening programs to listen on the new ports rather than 162. For example, for Entuity, set trapportnum to 2162.
- From the command line, start trapsplit to forward each SNMP trap to the two ports.
- From UDP port 2162, prologV2 accepts the traps. Entuity displays these forwarded traps as events, together, with the originating agent address taken from the PDU header.
Comments
0 comments
Please sign in to leave a comment.