SNMP Receiver

Definition

Protocol

SNMP

Description

Receive SNMP traps on Port (default 162) using network interface Host.

Comments

Use port 162 if Port is missing, blank, invalid or less that or equal to zero.

If Host blank, missing or invalid, use [hostname].

SNMP Object ID (OID)'s are left in numeric dot notation.

SNMP receiver supports v1/v2 version traps.

Event Field	Contents
ev:host	IP address of sending host
ev:app	SNMP
ev:log	IP address SNMP sending host/community:port
ev:srctime	formatted time
ev:protocol	protocol "SNMP v" version # of event received
ev:msg	all <snmp..*> messages concatenated with space in between in priority-order

Special XML characters are translated according to the XML character translation table.

Example

<source objectId="SnmpRecv1" type="SNMPReceiver" stdout="FS.DemoAlive">
	<parameter type="Port">162</parameter>
	<parameter type="Host">eventgnosis</parameter>
</source>

Event Mapping

Incoming SNMP v1 Trap

{
	Received SNMPv1 trap:
	Community: public
	Enterprise OID: .1.3.6.1.4.1.16057
	IP Address: 192.168.0.1
	Generic: enterpriseSpecific
	Specific: 1
	TimeStamp: 2967 hours 48 minutes 50 seconds
	.1.3.6.1.4.1.16057.1.2.4: Test message from SNMP Trap
	.1.3.6.1.4.1.16057.1.2.4: the second Test message from the same SNMP Trap
}

Resulting XML:

<?xml version="1.0"?>
<event xmlns:ev="http://www.eventgnosis.com/xml">
	<ev:host>192.168.0.1</ev:host>
	<ev:app>SNMP</ev:app>
	<ev:log>192.168.0.1/public:162</ev:log>
	<ev:srctime>2003.11.09 22:23:52 CET</ev:srctime>
	<ev:protocol>SNMP v1</ev:protocol>
	<ev:snmp.community>public</ev:snmp.community>
	<ev:snmp.enterpriseOID>.1.3.6.1.4.1.16057</ev:snmp.enterpriseOID>
	<ev:snmp.generic>enterpriseSpecific</ev:snmp.generic>
	<ev:snmp.specific>1</ev:snmp.specific>
	<ev:snmp.timestamp>1970.01.13 09:46:53 CET</ev:snmp.timestamp>
	<ev:snmp..1.3.6.1.4.1.16057.1.2.4>Test message from SNMP Trap</ev:snmp..1.3.6.1.4.1.16057.1.2.4>
	<ev:snmp..1.3.6.1.4.1.16057.1.2.4>the second Test message from the same SNMP Trap</ev:snmp..1.3.6.1.4.1.16057.1.2.4>
	<ev:msg> Test message from SNMP Trap the second Test message from the same SNMP Trap</ev:msg>
</event>

Incoming SNMP v2 Trap:

{
	Received SNMPv2 trap from 192.168.0.1
	Community: public
	sysUpTime.0: 2967 hours 48 minutes 50 seconds
	snmpTrapOID.0: .1.3.6.1.4.1.16057.0.1
	.1.3.6.1.4.1.16057.1.2.4:Trap version v2
	.1.3.6.1.4.1.16057.1.2.4: the second Test message from the same SNMP Trap
	.1.3.6.1.4.1.16057.1.2.4: the third Test message from the same SNMP Trap
}

Resulting XML:

<?xml version="1.0"?>
<event xmlns:ev="http://www.eventgnosis.com/xml">
	<ev:host>192.168.0.1</ev:host>
	<ev:app>SNMP</ev:app>
	<ev:log>192.168.0.1/public:162</ev:log>
	<ev:srctime>2003.11.09 22:23:55 CET</ev:srctime>
	<ev:protocol>SNMP v2</ev:protocol>
	<ev:snmp.community>public</ev:snmp.community>
	<ev:snmp.sysUpTime.0>2967 hours 48 minutes 50 seconds</ev:snmp.sysUpTime.0>
	<ev:snmp.snmpTrapOID.0>.1.3.6.1.4.1.16057.0.1</ev:snmp.snmpTrapOID.0>
	<ev:snmp..1.3.6.1.4.1.16057.1.2.4>Trap version v2</ev:snmp..1.3.6.1.4.1.16057.1.2.4>
	<ev:snmp..1.3.6.1.4.1.16057.1.2.4>the second Test message from the same SNMP Trap</ev:snmp..1.3.6.1.4.1.16057.1.2.4>
	<ev:snmp..1.3.6.1.4.1.16057.1.2.4>the third Test message from the same SNMP Trap</ev:snmp..1.3.6.1.4.1.16057.1.2.4>
	<ev:msg> Trap version v2 the second Test message from the same SNMP Trap the third Test message from the same SNMP Trap</ev:msg>
</event>

Summary of ev:snmp.generic trap field

Name	Value	Description
coldStart	0	The sending protocol entity is reinitializing itself such that the agent's configuration or the protocol entity implementation may be altered.
warmStart	1	The sending protocol entity is reinitializing itself such that neither the agent configuration nor the protocol entity implementation is altered.
linkDown	2	The sending protocol entity recognizes a failure in one of the communication links represented in the agent's configuration.
linkUp	3	The sending protocol entity recognizes that one of the communication links represented in the agent's configuration has come up.
authenticationFailure	4	The sending protocol entity is the addressee of a protocol message that is not properly authenticated. While implementations of the SNMP must be capable of generating this trap, they must also be capable of suppressing the emission of such traps via an implementation- specific mechanism.
egpNeighborLoss	5	An EGP neighbor for whom the sending protocol entity was an EGP peer has been marked down and the peer relationship no longer obtains.
enterpriseSpecific	6	Trap specific to local enterprise.