Trap Receiver

12 Trap Receiver

The trap receiver pane displays SNMPv1 traps, SNMPv2c/v3 notifications, and INFORM messages received on specified trap listener addresses. UDP and TCP trap listener addresses and ports are configured using the Trap Receiver section of the Preferences. See “Trap Receiver” on page 10.

The background color of the Notification ID field of a trap, notification, or inform message reflects the severity assigned for the object ID subtree the notification ID belongs to. A red background indicates a message with a severity of FATAL, an orange background indicates an ERROR, and a yellow background indicates a WARNING.

SNMPv3 traps and INFORMS are received on behalf of principals which can be configured by setting up a target.

To setup SNMPv3 INFORM request reception:

In contrast to SNMPv3 trap reception or sending of SNMPv3 requests, MIB Explorer is the authoritative entity when receiving SNMPv3 INFORM requests. To enable reception of such requests on behalf an USM user, one has to configure an user as follows:

The Localization Engine ID (if specified at all) has to be set to engine ID of MIB Explorer which can be found in SNMPv3 section of the Preferences dialog.
The Principal check box has to be selected for that USM user.

12.1 Toolbars

Figure 8: Trap Receiver‘s main toolbar.

Acknowledge

Moves selected traps from the list of new traps to the notification history. The notification history contains acknowledged traps for further reference.

Save As

Saves the selected trap as a MIB Explorer PDU file. This PDU file can then be loaded and modified with the PDU editor or used in MIB Explorer Scripts.

Delete

Deletes the selected traps/notifications from the list of new traps or the notification history respectively.

Redo

Redo last change.

Undo

Undo last change. You can undo trap deletions and acknowledgments.

Properties

Open the Trap Severities dialog for specifying logging severities for incoming traps, notifications, and inform messages. In addition, scripts can be specified for each notification category to be executed when receiving a notification whose ID matches that category.

Notification History

Toggles the display between list of new traps and notification history. If selected (dark background), the notification history is shown, otherwise the list of new traps is displayed.

Figure 9: Trap Receiver‘s acknowledgement toolbar.

Suspend Trap Table Update

Note: If the trap receiver receives more than given number of traps per second, MIB Explorer will automatically suspend update of the trap table. Suspension has to be disabled manually. The number of traps per second to be tolerated by the auto-inhibition can be configured in Preferences.

Suspend the update of the trap table. Press this button to save processor time or to stabilize the trap list while MIB Explorer is receiving a lot of traps. The new traps received while the Pause button is selected will be counted by the Hidden traps counter (see below). By reactivating the trap table update, any hidden traps will be inserted into the table according to the current sort settings.

The total number of traps received that have not yet been acknowledged.

Acknowledged

The total number of traps in the notification history list.

Hidden

The total number of traps received while the trap table update is suspended.

Total

The total number of traps, new traps and acknowledged traps, available in the trap receiver.

12.2 Traps/Notifications Table

The traps table displays new and acknowledged traps/notifications depending on the status of the Notification History toggle button. Each row represents an event. The row label indicates the time and date when the event has been received. The other columns are as follows:

Notification ID

The notification ID is the OID identifying the event. Although, SNMPv1 traps are not identified by OIDs, but identified by a combination of an OID and an integer value, SNMPv1 traps can be easily mapped to an unique OID.
The "generic traps" are mapped to the notification IDs defined under the snmpTraps (1.3.6.1.6.3.1.1.5) node. The "specific traps" are mapped to an OID value by using the ENTERPRISE OID value of the trap, adding a zero OID sub-identifier, and adding a final sub-identifier value corresponding to the specific trap value. See RFC 2576 for details on this mapping.

The background color of the Notification ID field reflects the assigned severity for this notification ID:

FATAL, ERROR, WARN, INFO

Originator

Note: If there is no UDP port specified, then the displayed address is not the originator's UDP transport address, but the IP address value of the agent address field of the SNMPv1 trap received.

The originator address denotes the IP address (host name) and UDP port of the SNMP entity that sent the event.

Destination

The destination address value denotes trap listener address on whose behalf the trap has been received.

System Up Time

The system up time value represents the up time of the system (e.g. SNMP agent) that sent the trap.

Security Name

The security name denotes the security user on whose behalf the event was sent (SNMPv3) or the community of the trap/notification (SNMPv1 and SNMPv2c).

Version

The SNMP version of the event message.

Context

For SNMPv3 events, the context value denotes the event generating subsystem.

Context Engine ID

For SNMPv3 events, the context engine ID value denotes the engine ID of the subsystem that sent the event.

By clicking a row, the variable bindings contained in an event message are displayed in the below described Trap Payload Table.

12.3 Traps Payload Table

The trap payload table displays the variable bindings contained in the first selected trap (event) message of the Traps Table. The variable bindings are displayed in the same manner as described for the Browse Tab. See “Browse Tab” on page 55.

12.4 Trap Severity Editor

The Trap Severities Editor dialog that lets you specify (logging) severities for categories of incoming traps, notifications, and inform messages. The severity is determined by analysis of the notification ID. For each incoming trap/notification, the Trap Severities table will be searched for the entry (category) whose subtree OID is the longest possible match. The severity for this message will then be set to the severity specified for the matched category.

If there has been assigned a MIB Explorer Script for the matched category, then the corresponding script will be executed with the snmp, utils, and mib contexts and additionally the following special context values:

Table 8: Special context values for MIB Explorer Scripts triggered by traps.
Context	Description
severity	The assigned severity for the received notification as one of the following strings: FATAL, ERROR, WARN, and INFO.
comment	The comment string assigned to the category the received notification matches or null if the comment is left empty.
sourceAddress	The complete source address of the notification.
sourceHost	The host (IP address) of the notification source.
sourcePort	The UDP or TCP port of the notification source.

To Open the Trap Severities Editor

1. Choose Trap Receiver from the Tools menu.

2. Click on the Properties () button.

3. Add or remove categories by either using the Add or Remove buttons respectively or alternatively using the context menu of the shown table.

4. Press OK to save your changes.

To Configure a Script for a Notification Category

1. Select the category row by clicking on the row's Script column cell.

2. Open the context menu by pressing the right mouse button.

3. Choose Script... and choose or enter the file name of the script to run for notifications of this category.

4. Press OK to save your changes to the category.

There is an example for sending an email when receiving a trap in the examples directory of the MIB Explorer installation directory named email_on_trap.vm.