TrapX filter configuration tips and tricks
search cancel

TrapX filter configuration tips and tricks

book

Article ID: 412374

calendar_today

Updated On:

Products

Network Observability CA Performance Management

Issue/Introduction

Are there rules around using the trap translation flags?

When do we need to use the trap translation flags for SNMPv3 to vSNMP1 and SNMPv2c to SNMPv1 translation?

Does the v3 to v1 translation flag also cover v2c to v1 conversions?

What if both v3 and v2c traps are received? Do we need different filters with the different translation flags to cover those traps? Can we use a single filter?

How do the filter forward/break examples work?

What do the following filter forward/break lines in the example trapX.config file tell us?

# filter * * * * * 1.3.6.1.6.3.1.1.5 forward ##.##.##.## translate_v3_traps:0:public "AND[1.3.6.1.6.3.1.1.4.1.0:Equals:1.3.6.1.6.3.1.1.5.3]"
# filter * * * * * 1.3.6.1.6.3.1.1.5 break
# filter * * * * * 1.3.6.1.4.1.9.9.187 forward ##.##.##.## translate_v3_traps:1:public "AND[1.3.6.1.6.3.1.1.4.1.0:Equals:1.3.6.1.4.1.9.9.187.0.2]"
# filter * * * * * 1.3.6.1.4.1.9.9.187 break
# filter * * * * * * forward ##.##.##.##

What about logging filters to write traps to a log for tracking? This helps validate what has been received when end users or device admins ask if a particular trap was received or why one wasn't received.

Can multiple filters writing traps received to the same log file be configured?

Can we use two filters to write traps to the same log file?

If one filter with file action is needed for v1/v2c, and another for v3, do we need different files with unique/different file names for each filter entry?

Would using these lines work and log the traps to the specified file?

filter * * * * * * file /opt/CA/SDMConnector/trapx.out *
filter * * * * * * translate_v3_traps:1:NetOps file /opt/CA/SDMConnector/trapx.out *

Do filters using file actions work with v3 traps at all? In the SDC TrapX Support documentation where it defines the file action for filters it states the following.

  • file: Logs the Trap PDU to a file specified by the Option field. SDC TrapX creates the file if it does not exist. This option is applicable only for SNMPv1 traps SNMPv2 traps, when performing SNMPv2c to SNMPv1 trap translation.  

Do filters using file actions work with the tunnelfwd filter action in place? Would it prevent any functionality from working when that's set?

Environment

All supported Network Observability DX NetOps TrapX releases

Resolution

Trap translation flag usage and rules?

  • The "translate_v2c_traps" flag is exclusively for translating SNMPv2c traps to SNMPv1 traps.
  • The "translate_v3_traps" flag is exclusively for translating SNMPv3 traps to SNMPv1 traps.
  • To facilitate SNMPv3 trap translation, a local SNMPv3 SNMP Profile MUST be created in a SpectroSERVER in the environment. This will then be pushed to SDC-TrapX for processing SNMPv3 traps.
  • There is no single filter available for converting both v2 and v3 traps to v1 traps simultaneously. If the same filtered trap could arrive in both SNMPv2c and SNMPv3 formats, a filter for each using the appropriate translation flag will be required.

How do the filter forward/break examples work?

  • The forward action will be used for forwarding traps that match the defined filter criteria.
  • The 1st line with "translate_v3_traps" will convert any traps matching the filter criteria from SNMPv3 to SNMPv1. It will then forward the converted SNMPv1 trap to the specified destination address.
  • Anything matching the 2nd line with the break will be stopped there. It won't be processed further by other filters further down in the config.

Can we configure multiple filters that write traps to the same common log file?

  • Yes, the configuration supports multiple filter entries writing traps to the same common log file.
  • There shouldn't be a need for log file filters using the trap translation flags. These would be the recommend filter configs to use:

filter * * * * * * file /opt/CA/SDMConnector/bin/traps.log *
filter * ##.##.##.## * * * * file /opt/CA/SDMConnector/bin/traps_src.log *
filter * * * * * 1.3.6.1.4.1.1302.3.12.10.2 file /opt/CA/SDMConnector/bin/traps_OID.log *

Do filters using file actions work with SNMPv3 traps? The documentation statement can be confusing.

  • File action codes work for all SNMPv1, SNMPv2c and SNMPv3 traps.
  • For logging SNMPv3 traps an SNMPv3 packet has to be decrypted which requires an SNMPv3 profile created in a SpectroSERVER.
Powered by Wolken Software