Re: [IM-Talk] SNMP Trap Question

[Jürgen Brändle]

Hi Rich, thanks for this information. I managed to get the traps look like I wanted them to look like ;-) 22/04 16:13:09: Message from InterMapper 5.6.7 Event: TRAP Name: swi-dz-1og-2 Document: 8.4-Vert-DZ Address: <CISCO-IP> Probe Type: SNMP Traffic (port 161 SNMPv2c) Condition: cisco (1) { OLD-CISCO-TS-MIB::tslineSesType.1.1 : "5",  TCP-MIB::tcpConnState.<CISCO-IP>.23.<SOURCE-IP>.60280 : "4",  OLD-CISCO-TCP-MIB::loctcpConnElapsed.<CISCO-IP>.23.<SOURCE-IP>.60280 : "3076", OLD-CISCO-TCP-MIB::loctcpConnInBytes.<CISCO-IP>.23.<SOURCE-IP>.60280 : "88", OLD-CISCO-TCP-MIB::loctcpConnOutBytes.<CISCO-IP>.23.<SOURCE-IP>.60280 : "172", OLD-CISCO-TS-MIB::tsLineUser.1 : "<TTYUSER>" } Comment:  Time since last reported down: 9 days, 22 hours, 56 minutes, 50 seconds Device's up time: 434 days, 3 hours, 34 minutes, 40 seconds I only needed to import the correct Cisco MIB files into Intermapper. So your very first sentence was the clue. The rest was already clear. But now one more question. As you can see in the output under Condition: Condition: cisco (1) { OLD-CISCO-TS-MIB::tslineSesType.1.1 : "5",  There is a "5" given for the "tslineSesType" In the matching Cisco MIB I can find, that "5" stands for "telnet" Do you think that Intermapper will be also able to dissolve this? Object Information Object tslineSesType OID 1.3.6.1.4.1.9.2.9.3.1.1 Type INTEGER Permission read-only Status mandatory Values 1 : unknown 2 : pad 3 : stream 4 : rlogin 5 : telnet 6 : tcp 7 : lat 8 : mop 9 : slip 10 : xremote 11 : rshell MIB OLD-CISCO-TS-MIB ;   -   View Supporting Images  Description Type of session. Thanks a lot for your help Jürgen Am 22.04.2013 um 15:06 schrieb Richard Brown <rich.br...@intermapper.com>: Hi Jürgen, Thanks for the note. In general, InterMapper will translate the contents/OIDs of a trap if you have imported the MIB. In doing research for this answer, I happened upon the following article:  https://supportforums.cisco.com/thread/145095 It says that the particular trap is caused by a telnet connection disconnecting from the particular device, and the final posting suggests a fix. I have not tried it to verify, though. Please get back to me if you have further questions. Thanks! Rich Brown InterMapper ________________________________________ From: InterMapper-Talk@list.dartware.com [InterMapper-Talk@list.dartware.com] On Behalf Of Jürgen Brändle [n...@braendle-net.de] Sent: Friday, April 19, 2013 8:53 AM To: intermapper-talk@list.dartware.com Subject: [IM-Talk] SNMP Trap Question Hi there, im using some cisco snap traps via inter mapper to get some information via mail. e.g. One of my cisco routers sends traps when ISDN Backups connect and terminate. I get something like this: 16/04 09:43:12: Message from InterMapper 5.6.7 Event: TRAP Name: vpnbackup Document: 4.3-VSS-TOTR-RZ1 Address:  xxx.xxx.xxx.xxx Probe Type: SNMP - Cisco - Process and Memory Pool (port 161 SNMPv2c) Condition: CISCO-SMI::ciscoMgmt.26.2 (2) { CISCO-SMI::ciscoMgmt.26.1.1.1.1.3.37.17 : "67", CISCO-SMI::ciscoMgmt.26.1.1.1.1.4.37.17 : "PPP USERNAME", CISCO-SMI::ciscoMgmt.26.1.1.1.1.5.37.17 : "PHONENUMBER", CISCO-SMI::ciscoMgmt.26.1.1.1.1.8.37.17 : "CONNECTION TIME IN SECONDS", CISCO-SMI::ciscoMgmt.26.1.1.1.1.9.37.17 : "Normal call clearing", CISCO-SMI::ciscoMgmt.26.1.1.1.1.10.37.17 : "0x10", CISCO-SMI::ciscoMgmt.26.1.1.1.1.17.37.17 : "1" } Comment: Time since last reported down: 3 days, 16 hours, 31 minutes, 0 seconds Device's up time: 303 days, 0 hours, 20 minutes, 2 seconds This mail body is quite easy to understand because I know, that this must have something to do with the ISDN Backups. But this week I tried to use this feature on some cisco switches to get some more Information via trap. So one of the messages I got was: 16/04 07:46:42: Message from InterMapper 5.6.7 Event: TRAP Name: swi-dz-1og-2 Document: 8.4-Vert-DZ Address: xxx.xxx.xxx.xxx Probe Type: SNMP Traffic (port 161 SNMPv2c) Condition: CISCO-SMI::cisco (1) { CISCO-SMI::local.9.3.1.1.1.1 : "5", TCP-MIB::tcpConnState.172.16.4.180.23.172.16.203.40.63257 : "7", CISCO-SMI::local.6.1.1.5.172.16.4.180.23.172.16.203.40.63257 : "28", CISCO-SMI::local.6.1.1.1.172.16.4.180.23.172.16.203.40.63257 : "86", CISCO-SMI::local.6.1.1.2.172.16.4.180.23.172.16.203.40.63257 : "18137", CISCO-SMI::local.9.2.1.18.1 : "TTY USERNAME" } Comment: Time since last reported down: 3 days, 14 hours, 30 minutes, 23 seconds Device's up time: 427 days, 19 hours, 8 minutes, 14 seconds Here I can only try to guess what the single trap values mean or have to go to http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=local.6.1.1.5&translate=Translate&submitValue=SUBMIT&submitClicked=true to translate the OIDs to human readable values. OK somebody can tell me now, that I should know what my switches send via TRAP, but the mail schooled also be readable by non cisco freaks. Has anybody an idea to let intermapper read out the OIDs in the trap packet and translate it automatically to human readable values? The needed cisco MIB files are available. Any help welcome Jürgen____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: intermapper-talk-...@list.dartware.com _______________ Confidentiality Notice: This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. ________________ ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: intermapper-talk-...@list.dartware.com