Configuring the SNMP Trap Receiver
The SNMP Trap Receiver handles SNMP traps sent by network devices or network management systems. The receiver supports v1, v2c, and v3 traps. These traps are used in event integration, and can be forwarded to other Riverbed products.
SNMP Trap Receiver Wizard
Use the SNMP Trap Receiver Wizard to configure the SNMP Trap Receiver. It will allow you to:
• Turn on/off the SNMP Trap Receiver
• Set the port number for the receiver
• Specify whether to accept all v1/v2c traps or only traps with certain community strings
• Specify whether to accept all v3 traps or only authenticated traps
• Create / delete SNMP v1/v2c community strings or SNMP v3 credentials
• Community strings/credentials stored on NetIM are encrypted
Perform the following procedure to enable and configure the SNMP Trap Receiver.
Enabling and Configuring the SNMP Trap Receiver
1. Login to the UI as a user with administrative privilege.
2. Navigate to CONFIGURE->All Settings->Integrate->SNMP Trap Receiver.
The SNMP Trap Receiver Settings wizard appears, as shown in the following screen:
Wizard Step 1 - Basic Settings:
3. SNMP Trap Receiver:
– Click On to turn on the SNMP Trap Receiver.
– Click Off to disable the SNMP Trap Receiver.
4. Port Number: Set the port number for the Trap Receiver to listen on. The default setting is 162.
5. SNMP v1/v2c Traps: Select whether to accept all SNMP v1/v2c traps or only authenticated traps.
6. SNMP v3 Traps: Select whether to accept all readable SNMP v3 traps or to accept only authenticated traps.
– To accept all readable traps means that if a trap is not using an authentication method, but NetIM has the credentials to read it, it will be accepted.
– To accept only authenticated traps means to only accept traps that use an authentication method, provided NetIM has valid credentials for them.
7. Click Next >>.
Wizard Step 2 - Community Strings:
(This step appears only if you selected Accept Only Authenticated Traps under SNMP v1/v2c Traps in Basic Settings.)
8. Enter the community strings you want to use to validate SNMP v1/v2c traps.
To hide the display of community strings, click the Hide Community Strings checkbox in the lower-right.
The community string list in the Trap Receiver does not affect the community string list in the Global Discovery Settings.
To add community strings, use one of the following methods:
– Enter a community string in the Community String field and click the Add button.
– Click the Load From File icon (above the community string list), and select a file to import.
For examples and a description of the requirements for this file, refer to the snmpTrapCommStrings.txt file, which is located on NetIM core in the following directory:
<install_dir>/input/trapReceiver
9. Click Next >>.
Wizard Step 3 - SNMP v3 Credentials:
Enter the credentials you would like to use to validate SNMP v3 traps. Only the User Security Model (USM) is supported by NetIM.
To hide the display of passwords, click the Hide Passwords checkbox in the lower right.
The credential list in the Trap Receiver does not affect the credential list in the Global Discovery Settings.
10. Add credentials using either of the following methods:
• Enter credentials in the following text fields and click the Add button.
– Security Level: Select the security level of the trap to be received.
– Username: Enter the username used to authenticate the trap.
– Auth Protocol: Select the authorization protocol of the trap.
– Auth Password: Enter the password used to authenticate the trap.
– Priv Protocol: Select the privacy protocol of the trap.
– Priv Password: Enter the privacy password used to authenticate the trap.
– Engine ID: Enter the engine ID of the device that is sending the trap. If you do not know the Engine ID, you can enter the Host and Port Number and click the Get Engine ID button.
Engine IDs are required by SNMP for authenticating and decrypting v3 traps. They may be either preconfigured on your devices or configured by your network administrator. If your network administrator has configured the engine ID for your devices, you will need to acquire that information before entering credentials.
– - Host: The hostname or IP address of the device that is sending the traps.
– - Port: The SNMP communication port of the device that is sending the traps.
• Click the Load From File icon above existing credentials list, and select a file to import.
For examples and a description of the requirements for this file, refer to the snmpTrapv3UsmCredentials.txt file, which is located in <install_dir>/input/trapReceiver.
11. Click Next >>.
Wizard Step 3 - Summary:
12. Review the SNMP Trap Receiver settings. If you need to make a change, click << Previous.
13. Click Finish.
SNMP Trap Management
NetIM 2.0 enhanced SNMP trap receiving and management. SNMP Trap receiving occurs on the NetIM Core; however, devices must be configured to send traps to the IP address of the NetIM Core. NetIM allows you to control trap severity mapping and configure alerting and notification based on incoming SNMP traps. All supported SNMP traps are now mapped to a default severity and category. Additionally, system-defined global and OID-specific trap severity mapping rules are provided. Your administrator can redefine the trap category and severity by editing files as well as authoring and installing advanced trap rules on the NetIM Core.
Configuring Alerting Based on Trap Severity
Supported SNMP Traps can be mapped to one of the following severity levels:
• Critical = 5
• Major = 4
• Minor = 3
• Info = 2
• Cleared = 1
• Unknown = 0
You can then use the SNMP trap severity value to create minor, major, and critical alerts on the NetIM
Alerts Profiles Page. For more information, see
Chapter: Configuring Metric Alerts, Primary Trap Management Files
The following table lists the files that control the NetIM Trap handling behavior which are located on the NetIM Core VM under the directory /opt/riverbed/NetIM/<version_build>/lib/xml/res:
File Name | Description |
trapList.res | Pre-compiled information for the 15,000 NetIM-supported SNMP traps. |
trapListVarBind.res | Pre-compiled information from the 15,000 NetIM-supported traps containing name-mapping of SNMP OID varbinds to friendly name. |
trapMappingSettings.res | Contains properties and their settings that control the behavior of the trap management including: • location of the default settings file • snmpTrap/defaultSettingsFile = <install-dir> /lib/xml/res/trapDefaultSettings.csv • Global Default Severity: • snmpTrap/severity/defaultSeverity = “Minor” • Global switch to allow use of trap severity mapping rules: snmpTrap/severity/Use Drools = "TRUE" • Root directory for trap severity mapping rules: snmpTrap/severity/trapSeverityDroolRuleRootDir = <install-dir>/lib/xml/rules/snmpTrap/severity |
trapDefaultSetting.csv | Contains the per trap default and custom settings for severity and category. |
Trap Severity
To determine an incoming trap’s severity, NetIM trap management performs the following evaluation, in the following priority order, for each incoming trap:
1. A Custom OID-specific Trap Severity Mapping Rule (drool rule) matches the trap.
2. A Custom OID-specific default severity is assigned for the trap.
3. A system-defined OID-specific Trap Severity Mapping Rule (drool rule) matches the trap.
4. A Global Severity Mapping Rule (drool rule) matches the trap.
5. A system-defined default severity is assigned for the trap.
If none of the preceding are true, then the system-defined Global default severity is used for severity mapping.
Briefly, this means that any of the OID-specific, user-provided customizations take precedence, with custom OID-specific rules taking the highest precedence. This is followed by system-provided OID-specific rules or system-provided global rules. Finally, any system defined default severities are used.
Your NetIM administrator can customize trap severity mapping behavior by providing rules or customizing severity mappings in various files. The following table will help you and your administrator understand the methods, priorities and files associated with each method.
Priority | Severity Mapping Method | Found in |
1 | Custom OID-specific Trap Severity Mapping Rule | .drl file under <install_dir>/lib/xml/rules/snmpTrap/severity/OidSpecific/Custom directory |
2 | Custom OID-specific default severity | customDefaultSeverity column setting in trapDefaultSettings.csv |
3 | System-defined OID-specific Trap Severity Mapping rule | .drl file in under <install_dir>/lib/xml/rules/snmpTrap/severity/OidSpecific directory |
4 | Global Trap Rules (System Defined and Custom Global Rules are merged) | .drl files under <install_dir>/lib/xml/rules/snmpTrap/severity/Global and <install_dir>/lib/xml/rules/snmpTrap/severity/Global/Custom |
5 | System-defined OID-specific default severity | DefaultSeverity column setting in trapDefaultSetting.csv |
6 | System-defined global default severity | Property setting in trapMappingSettings.res file (defaultSeverity property) |
Setting a Custom OID-Specific Severity and Category
The easiest way to customize specific trap severity and category mappings is to use a spreadsheet program to edit the trapDefaultSettings.csv file and add your own custom settings. The trapDefaultSettings.csv file contains entries for all the supported traps. Columns in the trapDefaultSettings.csv file include:
• trapOID
The unique dotted notation ID associated with the trap.active: Controls whether NetIM trap management will process the trap.
• displayOID:
The friendly name defined for the trap.
• moduleName
The MIB that contains the trap definition.
• defaultCategory
The system provided category associated with the trap.
• defaultSeverity
The system defined severity associated with the trap.
• useGlobalRule
Controls whether the Global rules should be used for this trap.
• oidSpecificRules
Reserved for future use.
• customDefaultCategory
The user-provided category associated with the trap.
• customDefaultSeverity
The user provided severity associated with the trap.
• description
Description of the trap provided in the MIB that defines the trap, as shown in the following screen:
Customize Trap Severity and Trap Category Mapping
To customize the trap severity and category mapping, follow these steps:
1. Log into NetIM core as netimadmin.
2. Change your working directory to <install_dir>/lib/xml/res
3. Copy trapDefaultSettings.csv to trapDefaultSettings.csv.orig
4. Open the trapDefaultSettings.csv file using a spreadsheet editor or text editor.
5. Edit the customDefaultSeverity or customDefaultCategory columns and save the file.
6. Restart NetIM Core services by entering the following command:
start ALL
Resetting Custom OID-Specific Severity and Category
To reset the OID-specific severity and category mapping, follow these steps:
1. Log into NetIM core as netimadmin.
2. Change your working directory to <install_dir>/lib/xml/res
3. Copy trapDefaultSettings.csv to trapDefaultSettings.csv.orig
4. Open the trapDefaultSettings.csv file using a spreadsheet editor or text editor.
5. Clear the contents of the customDefaultSeverity and customDefaultCategory columns and save the file.
6. Restart NetIM Core services by entering the following command:
start ALL
Trap Severity Mapping Rules (drool rules)
Trap Severity Mapping Rules can be Global or OID-specific. You can author and install your own Custom Global or Custom OID-specific Trap Severity Mapping Rules. Example Drools rules are provided within the <install_dir>/rules/snmpTrap/severity directory to help you in developing your own rules. These rules follow the Drools syntax (see https://www.drools.org/). Under <install_dir>/lib/xml/rules /snmpTrap/severity you will find a directory structure similar to the following:
Global Trap Severity Mapping Rules
System-defined Global Trap Severity Mapping Rules are stored under the following directory
<install_dir>/lib/xml/rules/snmpTrap/severity/Global
:Custom Global Trap Severity Mapping Rules are stored under the following directory:
<install_dir>/lib/xml/rules/snmpTrap/severity/Global/Custom
All Custom Global rules and System-defined Global rules are merged and evaluated together as a single rule base. As such, Custom Global rules must follow the following:
• CRITICAL rules must be defined with a salience between 5000-5999
• MAJOR rules must be defined with a salience between 4000-4999
• MINOR rules must be defined with a salience between 3000-3999
• INFO rules must be defined with a salience between 2000-2999
• CLEAR rules must be defined with a salience between 1000-1999
OID-Specific Severity Mapping Rules
File names for the OID specific rules must be named with the dotted notation of the specific Trap OID (excluding the leading dot), for example, 1.3.6.1.4.1.9.9.43.2.0.1.drl.
System-defined OID-specific Trap Severity Mapping rules are stored under the following directory:
<install_dir>/lib/xml/rules/snmpTrap/severity/OidSpecific
Custom OID-Specific Rules are stored under the following directory:
<install_dir>/lib/xml/rules/snmpTrap/severity/OidSpecific/Custom
Custom OID-Specific Rules fire independently and following the salience convention is optional:
• CRITICAL rules should be defined with a salience between 5000-5999
• MAJOR rules should be defined with a salience between 4000-4999
• MINOR rules should be defined with a salience between 3000-3999
• INFO rules should be defined with a salience between 2000-2999
• CLEAR rules should be defined with a salience between 1000-1999
Authoring SNMP Trap Management Rules
The Common.drl file defines common variables, imports, and functions that can be shared by all rules. Common.drl includes the following useful functions for creating Trap Severity Mapping rules:
• Get Trap OID:
Syntax: SnmpTrapProcessor.getTrapOID(evalObj.getPdu())
• Trap VARBIND match/compare to Regular Expression.
Note: Any VAR type can use this but pay attention to the escape of '.' if Regex includes the OID)
Syntax: SnmpTrapProcessor.trapVarBindValueMatches(PDU, OID, RegExp)
Example:
SnmpTrapProcessor.trapVarBindValueMatches(evalObj.getPdu(), ".1.3.6.1.4.1.9.9.43.1.1.6.1.4", ".*running|3.*")
• Trap VARBIND numerical value compared to a threshold.
Counter, Counter64, TimeTick, Int, Enum, Gauge can all be converted to a long value)
Syntax: SnmpTrapProcessor.getTrapVarBindNumericalValue(PDU, OID)
Example:
SnmpTrapProcessor.getTrapVarBindNumericalValue(evalObj.getPdu(), ".1.3.6.1.4.1.9.9.156.1.10.1") <= 3
The following is an example of a trap management rule where the trap itself contains an embedded severity and the rule evaluates the internal trap severity and maps it to a NetIM trap severity value:
The following is an example of a rule that processes a configuration change trap. In the rule, if the change is to the running-config then we map that to a severity of Major. If the change is to the startup-config the web map that to a severity of minor:
SNMP Trap Management Rule Triggering
All the rules files will be loaded into the trap severity rules system as multiple rule bases. For any received trap, up to 3 rule bases may be triggered. The following rules bases are identified:
• Custom OID-specific Rules Base
– Common.drl plus each file under the directory OidSpecific/Custom only applicable to the particular trap OID.
• System-Defined OID-specific Rules Base
– Common.drl plus each file under the directory OidSpecific/ only applicable to the particular trap OID.
• Global Rules Base
– Common.drl plus each rule file under the directory Global/* applicable to all traps turned on/off per trap OID based on "useGlobalRule" setting in trapDefaultSettings.csv.
When a new rule is added to any rules base the NetIM Core services should be restarted to update the rules base.
