How to to send traps to the snmptd probe from a network device
search cancel

How to to send traps to the snmptd probe from a network device

book

Article ID: 265264

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

We have setup the snmptd probe to include Vbrick switch related traps. Vbrick support has tried sending numerous times and we haven't seen anything on the Nimsoft side. Would like to meet with someone with knowledge of the snmptd probe if possible to see if anything is missing with our snmptd probe setup. 

Environment

  • Release: 20.4
  • snmptd v3.40

Resolution

Via raw configure for the snmptd probe set loglevel to 5, logsize to 100000.

Ensure that the relevant TRAP or SYSTEM MIBs as well as any dependent MIBs listed under the IMPORTS section of the MIBs have been imported-loaded into snmptd.

Deactivate-Activate snmptd.

As per netstat command output results, is the port open and LISTENING on the robot where snmptd is deployed?

   netstat -ano -p udp

netstat should show snmptd.exe process LISTENING on port 162. To validate this run:

   netstat -aB >> file1

Open file1

look for:

  UDP    0.0.0.0:162            *:*                    
 [snmptd.exe]

Send a few test traps

In Windows Services, select and configure the SNMP Service agent and traps with community string and destination (IP of robot where snmptd is deployed),
on a Windows server to send some basic traps as a test.

How to send an SNMP trap from a Windows Server to test trap send/reception?

  • In the console tree, expand Services and Applications, and then click Services.
  • In the right pane, double-click SNMP Service.
  • Click the Security tab.
  • Click to select the ‘Send authentication trap’ check box (if it is not already selected) if you want a trap message sent whenever authentication fails.

or...

Download and use an snmptrap utility to send a few traps, such as:
https://ezfive.com/snmpsoft-tools/snmp-trap-gen/ 

Here is an example SnmpTrapGen command to generate and send traps from a Windows server:

   SnmpTrapGen.exe -r:10.48.xxx.xx -t:20  -c:"n3tcool" -to:.1.3.6.1.4.1.4289.3.3.1.2

   -r: = device ip address
   -t: = timeout
   -c: = community name
   -to: = OID

Example of command output:

Traps were then successfully received by the snmptd probe as per the results in the snmptd Trap Monitor window in less than a minute.

Therefore this proves that the snmptd probe side is setup properly and communication and trap reception is verified.

The customer must recheck with his network team regarding the device setup and traps since they are simply not reaching the robot where snmptd is deployed.

Potential causes of interference may include:

  • local or remote/intermediate firewall
  • security software
  • network route
  • traffic filtering
  • misconfiguration of the network device, e.g., wrong community name, wrong user name value, etc.

Additional Information

Troubleshooting (debug) tips:

If the traps were not received by the snmptd probe during the test, a Wireshark trace can be performed on the robot where snmptd is deployed.

Other causes of no traps in the trap monitor could be due to:

  • SNMP Community string is wrong or not configured or using the wrong case
  • SNMP agent not enabled on the device
  • SNMP not configured properly on the device
  • SNMP Security configuration
  • Network routing issues

     
If you still see no traps in the SNMP Trap Monitor:

Check the snmptd.log for this error:  snmptd: Rejected! Community not in list 

In snmptd probe GUI config under Security-> Properties

1. Confirm if the community string related to this device is present or not.
    If present, double-check the correct community string spelling.

    This is in the probe settings under Security Manager -> Community tab. Please note that this is CASE-sensitive as well. 

2. Alternatively, you can add a "*" in the community string for testing

To convert SNMP Trap alarms to Nimsoft alarms:

Create a profile to convert the trap into an alarm which you can do from the trap monitor.
 
Please refer to:
 
Search for -> Convert to Nimsoft Alarm
 
Other helpful notes:

The SNMP-TRAP contains many elements, such as the Enterprise identifier, community string, trap types (generic and specific), and a variable list. The snmptd probe provides the means of extracting this information from the SNMP-TRAP as variables. You can use this information as part of the alarm message body.
 
When you type $ (a dollar sign) in the Message text box, the following list of variables appears:
 
$E   :    Defines the enterprise identification.
$C   :    Defines the community string.
$IP   :    Defines the source IP address.
$GENERIC_TYPE   :    Returns the generic trap type, which is a number.
$SPECIFIC_TYPE   :    Returns the specific trap type (used if the trap is an Enterprise Specific (6) trap).
$TRAP_DESCR   :    Represents a string describing the SNMP-TRAP generic type.
$MIB_DESCR    :     Provides the trap description that is defined in the MIB file.
$NUM_VARIABLES    :     Indicates the number of variables in the SNMP-TRAPs.
$VARIABLES    :    Indicates that all variables in the SNMP-TRAP are expanded.
$n, where n > 0    :    Expands into the variable at position n. For example, $1 expands the first variable.
$VARIABLE_DUMP    :    Functions identical to $VARIABLES, but includes the variable position.
$OID    :     Sets the object ID as a parameter.
 
Alarm message -> "Alarm message text is empty" comes when there is no message defined for the first variable irrespective of any condition in the PDU Variables tab. Severity will be the same as of Default Msg Severity.
To resolve this issue, as soon as you define the message of 1st variable, this error goes irrespective of any condition in the PDU Variables tab.

$1, $2 etc. are reserved by the probe to display their corresponding values from the trap. So, if you put $1, $2 etc in the trap variable value, it will be expanded.