Q. How does InterMapper handle traps?
A. The following items have good information about how InterMapper handles traps.
Basically, an InterMapper "trap probe" parses out the variables from the arriving trap's varbind list, and then uses the standard SNMP probe facilities to compare those variables to thresholds.
Example Trap Probe
Trap Viewer Probe:
This is a built-in probe in the SNMP section of the Set Probe... window that displays all the information about an arriving trap.
Handling Traps in Custom SNMP Probes
A trap is an unsolicited packet (or Protocol Data Unit - PDU) sent from a device to InterMapper (or other SNMP management console). The trap generally contains one or more data values that give information about the device's state.
When a trap arrives, InterMapper first determines which device(s) should receive the trap. InterMapper examines the Agent Address (for relayed traps) or the Source IP address, and passes a copy of the trap packet to each device on the maps whose IP address matches. For example, if a device with the IP address is on two maps, or is present twice on the same map, each of those devices will receive a copy of the trap.
InterMapper parses out the in the variable binding list (a list of name/value pairs, also called the VarBind List), and matches the OIDs to any variables defined in the section, just as if those values had been polled directly with a SNMP GetRequest or GetNextRequest. InterMapper then re-evaluates the expressions in the probe, and sets the device status appropriately. If a particular trap variable is not set by an incoming trap, expressions containing that variable will not be evaluated. See the Defining Trap Variables section below for details of defining trap variables.
Finally, as a result of receiving the trap, InterMapper will re-poll the device that sent the trap. This guarantees that InterMapper has the most up-to-date information about the device's state. If another trap arrives before the final response of this new poll has returned, InterMapper will complete the current poll and initiate another round of polling to get the new state.
Defining Trap Variables
A TrapVariable is a variable defined in a custom probe file that is set to the value of an OID received in the VarBind list. A TrapVariable will never be polled: that is, InterMapper never sends an SNMP GetRequest or GetNextRequest to retrieve its value. The only way to set its value is to receive a trap that contains the OID in its VarBind List. The Variables section of the Developer Guide describes the file format. Here is an example:
InterMapperTimeStamp, 1.3.6.1.4.1.6306.2.1.1.0, TRAPVARIABLE, "Timestamp"
In this example, the variable $InterMapperTimeStamp will be set every time a trap arrives containing the OID 1.3.6.1.4.1.6306.2.1.1.0 in the VarBind List. Trap variables that don't have values set by an incoming trap are left undefined.
An example Trap Viewer probe is available to download. This probe will display all the values from an arriving trap in the device's Status Window. It also provides a good prototype for building your own trap probes.
Defining Trap-Only Probes
By default, InterMapper's custom SNMP probes will query certain MIB-II system group items. You should use a probe type of "custom-snmp-trap" to define a probe that only receives traps. This setting means that InterMapper will not actively poll a device using SNMP GetRequest or GetNextRequest. For example, the
section of the file should look like this:
<header>
"type" = "custom-snmp-trap"
... etc ...
</header>
Trap Message Log File Entries
The contents of trap message are logged to the Event Log file at the time the trap is are received. There are two forms: Short and Verbose. (The format is controlled by the Verbose Trap Logging checkbox in the Server Settings > SNMP preference pane.)
Short Trap Format
06/08 20:50:29 TRAP TestMap:192.168.2.1 1.3.6.1.4.1.6306 (333)
{ "321", "456" } (via 192.168.1.233)
Verbose Trap Format:
06/08 20:50:05 TRAP TestMap:192.168.2.1 1.3.6.1.4.1.6306 (333)
{ 1.3.6.1.4.1.6306.99.1 : "321", 1.3.6.1.4.1.6306.99.2 : "456" }
(via 192.168.1.233)
The fields of the trap entry in the log file are defined below, with examples in "[ ... ]":
* The date and time followed by the word "TRAP" [ 06/08 20:50:05 TRAP ]
* The map name and device ID, separated by a colon (":") [ TestMap:192.168.2.1 ]
* The Enterprise OID, followed by the specific trap field in paren's [ 1.3.6.1.4.1.6306 (333) ]
* The contents of the VarBind List, enclosed in braces, and separated by commas ("{...}")
o In short format, the VarBind List shows only the values sent for each VarBind in quotes. [ "321" ]
o In the verbose format, the items show the OID, a colon (":"), and the OID's value in quotes. [ 1.3.6.1.4.1.6306.99.1 : "321" ]
* The address of the relaying computer, if present [ (via 192.168.1.233) ]
Additional SNMP Trap Variables
InterMapper 4.5 introduces a number of special variables that can be used inside the OID field to designate fields of the received trap. These special variables include:
* $GenericTrap The GenericTrap field in the trap (SNMPv1). This field can take on the values: 0 - coldStart; 1 - warmStart; 2 - linkDown; 3 - linkUp; 4 - authenticationFailure; 5 - egpNeighborLoss; 6 - An enterprise-specific value.
* $SpecificTrap The value of the SpecificTrap field in the trap. If the $GenericTrap value is 0-5, the $SpecificTrap is zero (0); otherwise it is a positive 32-bit value specified by the vendor (SNMPv1).
* $TimeStamp The TimeStamp field in the trap, in hundredths of a second.
* $Enterprise The value of the SNMPv1 enterprise field (SNMPv1)
* $CommunityString The value of the CommunityString field in the trap (SNMPv1, SNMPv2c).
* $TrapOID The value of the TrapOID field in the trap (SNMPv2c, SNMPv3).
* $AgentAddress The IP address of the SNMP agent that generated the trap.
* $SenderAddress The IP address of the device that sent the trap. This could be different from the $AgentAddress when the sender is forwarding traps for the agent.
* $SnmpVersion Represents the version of the trap. Values can be 0 (v1), 1 (v2c) or 3 (v3).
* $VarbindCount The number of variables contained in the VarBind list.
InterMapper can also parse values from the VarBind List by their position using variables of the form:
* $VarbindValueN the value of the N'th variable in the trap's VarBind List
* $VarbindTypeN the type of the N'th variable in the trap's VarBind List
* $VarbindOIDN the OID of the N'th variable in the trap's VarBind List
Note: N may be from 1 to 50.
Example Trapvariables
The following example is an excerpt from the Trap Viewer probe listed above.
<snmp-device-variables>
-- Variables from the trap packet itself
genericTrapVar, $GenericTrap, TRAPVARIABLE, "Generic Trap"
specificTrapVar, $SpecificTrap, TRAPVARIABLE, "Specific Trap"
timeStampVar, $TimeStamp, TRAPVARIABLE, "Timestamp"
enterpriseVar, $Enterprise, TRAPVARIABLE, "Enterprise"
commStringVar, $CommunityString, TRAPVARIABLE, "Community String"
trapOIDVar, $TrapOID, TRAPVARIABLE, "Trap OID"
agentAdrsVar, $AgentAddress, TRAPVARIABLE, "Agent Address"
senderAdrsVar, $SenderAddress, TRAPVARIABLE, "Sender Address"
snmpVersionVar $SnmpVersion, TRAPVARIABLE, "SNMP Version"
varbindCountVar, $VarbindCount, TRAPVARIABLE, "Varbind Count"
-- first two variables from the Varbind List
trap_var1, $VarbindValue1, TRAPVARIABLE, "First value"
trap_var2, $VarbindValue2, TRAPVARIABLE, "Second value"
</snmp-device-variables>
