SNMPTRAPS Configuration Syntax

The SNMPTRAPS Configuration is used to setup SNMP Trap Manager which allows system administrators to proactively manage and monitor network devices. This provides a powerful tool for receiving, filtering, grouping and interpreting SNMP Trap messages from system and network devices.

SUBSYS SNMPTRAPS

DNS (<name>)
MIBDIR (<dir>[, <dir>])
TRAPPORT (<port>)
TCPIP-NAME (<name>[, <name>])
KEEPNEWEST (<maxtraps>)
KEEPOLDEST (<maxtraps>)

ACCEPTFILTER (<where>[, <where>])
IGNOREFILTER (<where>[, <where>])
BURSTFILTER (<period>, <number>, <restart>)
SUMMARYFILTER (<where>, <aging>[, <where>, <aging>])

STATUS (<open>, <closed>, <unacked>)
SUMMARYPARAMS (<maxsum>, <intervals>, <aging>)
MATCH (<match>, <where>[, GROUP(<group-by>, <field>[, <field>])])
[OTHER (<match>[, GROUP(<group-by>, <field>[, <field>])])]

STATICINFO ('<oid>', '<format>' | '<oid>', '<format>', 'SEV(<severity>[, <index>, <value>])'][, 'SEV(<severity>[, <index>, <value>])'])
SEVERITYMAP (<from>, <to>[, <from>, <to>])
DEFSEVERITY (<severity>)
DEFFORMAT (<format>)
GROUPDETAILS ("<format>")

AUTHUSER('<user-name>'[, '<auth-protocol>'[, '<encryption>']])
ENGINEID('<engine-id>', '<user-name>')

Syntax Elements

DNS

<name>Domain Name System server name or IP Address. The DNS server name is required for the resolution of host name and node fields.

Example: DNS ("150.50.130.6")
Default:    None

MIBDIR

<dir>Directories to scan for MIB files. MIB files are needed to translate OID’s into meaningful string descriptors. This can be a UNIX/Windows/OSS style directory name or a Guardian style sub-volume name. As a rule, a UNIX/Windows/OSS directory name MUST NOT contain the character $. If a path contains any space characters it must be enclosed in quotes.

Sub-directories or sub-folders of the named directory are not included in the scan unless explicitly added as a separate <dir> entry.

Example:  MIBDIR ("usr/snmp/mibs","c:/program files/snmp/mibs","$phys33.mibs"), or
                 MIBDIR ("D:/Prognosis/server/configuration/snmpmibs").
Default:     None

TRAPPORT

<port>Incoming SNMP Traps are captured on this UDP port.

Example:   TRAPPORT (162)
Default:      162

TCPIP-NAME (HPE NonStop Only)

<name>TCP/IP process name to open sockets on.

Example:  TCPIP-NAME ($ZB018,$ZB019)
Default:     as in the NETWORK Configuration, or $ZTC0.

KEEPNEWEST

<maxtraps>Maximum number of the most recent traps to be kept in a summary item. If this value is reached when a new trap is received, then the oldest trap under the summary item will be removed and the incoming trap added. If both KEEPNEWEST and KEEPOLDEST are specified, then the KEEPNEWEST entry will override the KEEPOLDEST.

Default:    0 (Disabled)

KEEPOLDEST

<maxtraps>Maximum number of the oldest traps to be kept in a summary item. If this value is reached when a new trap is received, then the incoming trap will not be added under the summary item. If both KEEPNEWEST and KEEPOLDEST are specified, then the KEEPNEWEST entry will override the KEEPOLDEST.

Default:    0 (Disabled)

ACCEPTFILTER

This will cause the Collector to accept all Traps that match the specified <where> clause and ignore any others. The default is: (ALL).

<where>

Where Clause.

Example:  ACCEPTFILTER (IPADDR MATCHES "150.*")

IGNOREFILTER

This will cause the Collector to ignore all Traps that match the specified <where> clause. The default is none.

<where>

Where Clause.

Example:  IGNOREFILTER (IPADDR MATCHES "150.*")

BURSTFILTER

This is the 'first line of defense' against Trap storms. If in a pre-configured duration, the number of Traps received is greater than the set value, it will close the port, log an error, wait for a pre-configured cool-down time, then re-listen for new Traps. The default is: 'Disabled'.

<period>

Number of seconds to monitor for a burst of Traps (>0).

<number>

Number of Traps received for the duration specified in <period>. If this number is exceeded the collector will disconnect and restart after <restart> seconds (>0) <restart> Number of seconds to wait after disconnecting (>0).

Example:  BURSTFILTER (60, 400, 30)

SUMMARYFILTER

This is a filter to ignore Traps in the SnmpTrapSummary (STSUMMRY) record. If defined, this filter will be applied first before applying any group MATCH criteria. If the Trap matches the filter criteria in the <where> clause, group MATCH criteria will not be applied further, hence the Trap will not be included in any groups. However, the Trap will persist in the internal Trap list for the duration specified by the <aging> parameter. The default is none.

<where>

Where Clause.

<aging>

Aging period in seconds for Traps ignored in the summary (must be >=0). After the aging period expires Traps are removed from the internal Trap list.

Example:  SUMMARYFILTER (OID MATCHES "1.3.6.1.4.1.311.*",10)

This configuration causes all Traps from 'Microsoft' to be ignored in the summary record.

STATUS

<open>

Label to display on the STATUS field of a summary record when an unacknowledged trap is added. (max 16 characters)

<closed>

Label to display on the STATUS field of a summary record when a summary row is acknowledged. (max 16 characters)

<unacked>

Label to display on the STATUS field of a details record when the Trap remains unacknowledged. (max 16 characters)

Default:  STATUS (OPEN,CLOSED,OPEN)

SUMMARYPARAMS

This parameter sets the maximum number of summary rows held in the SnmpTrapSummary (STSUMMARY) record, together with how many consecutive intervals an acknowledged row will persist for and the number of seconds that the Traps will remain in the internal Trap list.

<maxrows>

The maximum number of summary rows to submit. Excessive rows will not be submitted (>0).

<intervals>

The number of intervals that the row will persist for when the COUNTER field reaches zero as a result of acknowledgment (>=0).

<aging>

Number of seconds to keep acknowledged Traps in the internal Trap list after <intervals> expires. Then after <aging> expires those Traps will be deleted (>=0).

Example:  SUMMARYPARAMS (500,2,60)
In this example, the maximum number of summary rows in the SnmpTrapSummary record is set to 500. When a row is acknowledged it will persist for 2 consecutive intervals and then be removed from the record. After removal, any Traps included in the summary row will persist for another minute (60) in the internal Trap list, and will then be removed.

Default:  SUMMARYPARAMS (100,2,0)

MATCH and OTHER (Summary Criteria)

Using the MATCH and OTHER parameters, Traps can be matched by a Where Clause, grouped under a match label and optionally expanded under a group-by label. The default is none.

MATCH

Traps matched by a Where Clause are grouped under the specified <match> label.

OTHER

Traps NOT matched by any MATCH criteria are grouped under the specified <match> label.

GROUP

Traps matched by a Where Clause are expanded and grouped by the field list specified in the GROUP parameter. If the GROUP parameter is missing, Traps will not be grouped-by any field, no expansion will take place.

<match>

User defined label to group traps.

<where>

Where Clause.

<group-by>

User defined label to indicate how Traps are grouped (expanded).

<field>

The field to group-by (expand) the match group.  Valid fields are:
AGENTCOM, HOSTNAME, IPADDR, TRAPNAME, NODENAME, OID, SEVERITY, GENRTYPE and VENDOR.

STATICINFO

Static information stores information about a particular Trap OID. There are two kinds of static information, severity and formatted description. In order to relate a Trap OID and/or a variable value to a severity type and to a formatted description, the following syntax will be used:

<oid>

Trap OID to save static info against.

<format>

Format clause. See DEFFORMAT for details on formatting syntax.

<severity>

Severity string. If <index> and <value> are missing, the <severity> applies to <oid> regardless of variable binding list values.

<index>

Numeric index to Trap variable binding list (>=1).

<value>

The value of variable indexed by <index>. If the variable’s value matches this then the severity string specified in <severity> parameter will be used in the Trap record’s SEVERITY field.

Example:  In the following example the first OID will convey the severity type "Error" regardless of its variable binding list. The second OID will have severity "Warning" if its first variable has a value of 2, "Error" if it has a value of 3, and "Critical" if it has a value of 4. The third OID will have default severity as specified by the DEFSEVERITY clause.

STATICINFO ('1.3.6.1.4.1.9.1', 'This is an error.', 'SEV(Error)')

STATICINFO ('1.3.6.1.4.1.9.3', 'Numeric severity is $1.', 'SEV(Warning,1,2)', 'SEV(Error,1,3)', 'SEV(Critical,1,4)')

STATICINFO ('1.3.6.1.4.1.9.5', 'Good OID')

SnmpTrapDetails record:

OIDSEVERITYFORMDESC
1.3.6.1.4.1.9.1Error This is an error
1.3.6.1.4.1.9.3CriticalNumeric severity is 4
1.3.6.1.4.1.9.5DefaultGood OID

Default:  None

SEVERITYMAP

Mapping to SNMP Traps Manager severity can be accomplished using this parameter. The default is 'Disabled', i.e. native severity will be used without mapping to internal severity levels.

<from>The severity string to map from.
<to> The severity string to map to.

Example:  SEVERITYMAP (Critical, Error, Problem, Warning, Normal, Information)
This will map 'Critical' to 'Error' and so forth.

DEFSEVERITY 

<severity>This is the default severity indicator to appear in the SEVERITY field if no severity configuration can be found for a particular Trap. The default is 'Default'.

Example:  DEFSEVERITY (Unknown)
This example sets the default severity indicator to 'Unknown''

DEFFORMAT

<format>











This is the default format clause that is used in the FORMDESC field. Several special characters can be entered to allow control of the formatted output. To include information from the incoming Trap use the following formatting commands based on HP TRAPD Format Specification:

$C

Print the Trap community string.

$E

Print the enterprise as a text string if possible, otherwise as in the $e argument below.

$e

Print the enterprise as an Object ID string of numbers

$A

Print the Trap agent-addr using gethostbyaddr(3N) as a string. If this fails, use inetoa(3N) to print as an IP address.

$G

Print the generic-Trap (SNMP V1 only).

$S

Print the specific-Trap (SNMP V1 only).

$T

Print the time-stamp.  This is the remote machine's time in hundredths of a second between the last (re)initialization of the network entity and the generation of the Trap.

$*

Print all the variable-bindings supplied by the Trap as name-type-value strings.

$#

Print the number of variable-bindings in the Trap.

$$

Print the $ character.

$n

Print the value of the nth variable-binding in the Trap, where n is the variable-binding sequence number starting at 1 as it appears in VarBindList.

$-n

Print variable-binding #n as a name-type:value string.

$+n

Print variable-binding #n as a name:value string.

Example:  DEFFORMAT ($-n)

Default:     $*

GROUPDETAILS

”<format>”This is a print-like formatting construct to enlist group details. It may contain exactly two string place holders, the first one is for the group-by field name, and the second one is for the field’s value. The string following the second string place holder is taken as the separator.

Example:  GROUPDETAILS ("%s: %s,")
This may have mapped to: "IPADDR: 150.50.130.200,OID:1.3.5.7.9.11.13.15"

Default::    GROUPDETAILS ("%s(%s),")

AUTHUSER

(SNMP v3 only) This configuration entry defines a security user name and maps the security user name to the authentication protocol and encryption for a USM user profile. If an authentication protocol or encryption is specified, then a corresponding entry or entries must be added to the PASSWORDS configuration (see below).

<user-name>

The security user name of the USM user profile that the Agent has configured to send SNMPv3 Traps. There is no default security user name.

<auth-protocol>

The authentication protocol of the USM user profile that the Agent has configured to send SNMPv3 Traps. Valid options are ‘None’, ‘SHA’ and ‘MD5’. If authentication protocol is set to ‘None’ then only ‘no authentication, no encryption’ security level Traps can be received for the USM user profile. If authentication protocol is set to ‘SHA’ or ‘MD5’ then ‘authentication, no encryption’ or ‘authentication and encryption’ security level Traps can be received.

Default: ‘None’

<encryption>

The encryption of the USM user profile that the Agent has configured to send SNMPv3 Traps. Valid options are ‘None’, ‘AES128’, ‘AES192’, ‘AES256’, ‘DES’ and ‘3DES’. If encryption is set to ‘None’ then only ‘no authentication, no encryption’ or ‘authentication, no encryption’ security level Traps can be received for the USM user profile. If privacy protocol is ‘AES128’, ‘AES192’, ‘AES256’, ‘DES’ or ‘3DES’ then ‘authentication and encryption’ security level Traps can be received.  If authentication protocol is ‘None’ then privacy protocol must also be ‘None’.

Default: ‘None’

ENGINEID

(SNMP v3 only) This configuration entry maps the engine ID of an Agent to a configured AUTHUSER configuration by security name. Many engine IDs can reference the same AUTHUSER if the Agents have been configured to use the same security name and authentication and privacy protocols and passwords.

<engine-id>

The hexadecimal engine ID of the Agent sending SNMPv3 Traps eg. 0x0102030405. Consult documentation for the Agent device to see how to get the engine ID. There is no default engine ID.

<user-name>

The security name of the USM user profile that the Agent has configured to send SNMPv3 Traps. The ENGINEID configuration user name must reference an AUTHUSER configuration user name. Many ENGINEID entries can reference the same AUTHUSER entry if their Agent authentication and encryption credentials are the same. There is no default security user name.

Provide feedback on this article