Skip to content
CA Unified Infrastructure Management Probes
Documentation powered by DocOps

snmptd IM Configuration

Last update July 9, 2018

This article describes the configuration concepts and procedures to set up the Simple Network Management Protocol Trap Daemon Monitoring (snmptd) probe. You can configure the snmptd probe to trigger an alarm for an incoming SNMP-TRAP. You can define the severity levels, subsystem identification, and a variable expansion scheme for this alarm. In addition to generating an alarm, the snmptd probe can generate a CA UIM message that is published under the subject "SNMP-TRAP". The alarm is useful whenever SNMP parsing requirements or correlation is needed.

The snmptd probe is also capable of relaying all version 1 SNMP-TRAPs to a list of other SNMP-TRAP managers. When you install the probe for the first time, QOS_SNMPTD is the default QoS that is available.

This article is for probe versions 3.2 or later.

The following diagram outlines the process to configure the snmptd probe to monitor SNMP Trap Messages.

Configuring snmptd 3.1 IM

Contents

Verify Prerequisites

Verify that required hardware and software is available and any installation consideration is met before you configure the probe. For more information, see snmptd (Simple Network Management Protocol Trap Daemon Monitoring) Release Notes.

(Optional) Set Up General Properties

You can set up the logging and global monitoring properties of the probe.

Follow these steps:

  1. Click the General Setup () button from the toolbar.
    The Setup window appears.
  2. Click the Setup tab and complete the following information:
    • SNMP TRAP Ports (udp, comma separated): defines the UDP port for listening. You can specify multiple ports in a comma-separated list.
    • SNMP Relay targets (comma separated): defines a comma-separated list of IP addresses or host names that receives relayed SNMP-TRAPs.
    • Log Level: specifies the level of details that are written to the log file. You can select the following log levels:
      • 0 - Logs only severe information (default)
      • 1 - Logs error information
      • 2 - Logs warning information
      • 3 - Logs general information
      • 4 - Logs debugging information
      • 5 - Logs tracing/low-level debugging information

      Note: Log as little as possible during normal operation to minimize disk consumption, and increase the amount of detail when debugging.

    • Log Size: defines the maximum size (in KB) for the log file.
    • Enable Name Resolution: enables the probe to resolve a host name to the corresponding IP address (if a host name is specified in the SNMP Relay targets field).
    • Enable Generic: enables the Generic tab. By default, this tab is disabled.
    • Remove Double Quotes: removes double quotes from the string variable values.
    • Enhance MIB Parsing: enables or disables the auto-population of the Severity and Message text fields. You can create a profile based on the severity and description defined in MIB. For more information about how to use this capability, see Example: Create a profile using MIB file information.

      Important! The Enhanced MIB Parsing feature is not supported on Solaris 64-bit operating systems. This feature is also not supported for SNMP v3 traps on all platforms.

    • Add PDU Variables Automatically: enables the addition of PDU variables from captured traps or MIB files to profiles. The profiles are created without PDU variables if the checkbox is not selected.

    • Interval for sending QoS on traps: specifies the interval after which the probe sends QoS messages on the number of traps.
      Default: 1 minute.

      Note: Reduce this interval to generate alarms and QoS frequently. A shorter interval can also increase the system load.

  3. Click the Generic tab and complete the following information:
    • Convert to Nimsoft SNMP-TRAP message: converts the incoming trap to a message. The message is published under the subject SNMP-TRAP.
    • Log trap to file: logs the incoming trap to the trap.log log file.
    • Send QoS on number of traps: allows you to send the QoS messages that are based on the number of traps. Here, the source is the IP address and target is the trap name or OID and specific trap number, if available. A QoS message is sent based on the number of times a specific trap has been received during the interval. By default, the interval is 1 minute and it can be set through the Setup tab.
    • Convert to Nimsoft Alarm: convert the incoming trap to an alarm. The parameters for the alarm are specified in the following tabs:
      • Default Tab: Configure the default alarm messages for the profile.
        • Message Text: specifies the alarm message text. The variable can be expanded using a “$”. For more information, see Variable Expansion.

        • Subsystem: specifies the subsystem identifier of the alarm.

      • Advanced Tab: Configure the advanced alarm parameters. 
        • Alarm Source: specifies the originator of the alarm. The variable can be expanded using “$”.
        • Alarm Suppression Key: groups several alarm messages into a single message. The variable can be expanded using “$”. 

          Note: When you specify a custom suppression key and perform PDU variable matching with the Process all rules checkbox disabled, the probe does not append variable number to the suppression key on a PDU variable rule match.

  4. Click OK 

Variable Expansion

The SNMP-TRAP contains many elements, such as the Enterprise identifier, community string, trap types (generic and specific), and a variable list. The snmptd probe provides the means of extracting this information from the SNMP-TRAP as variables. You can use this information as part of the alarm message body.

When you type $ (a dollar sign) in the Message text box, the following list of variables appears:

  • $E
    Defines the Enterprise identification.
  • $C
    Defines the community string.
  • $IP
    Defines the source IP address.
  • $GENERIC_TYPE
    Returns the generic trap type, which is a number.
  • $SPECIFIC_TYPE
    Returns the specific trap type (used if the trap is an Enterprise Specific (6) trap).
  • $TRAP_DESC
    Represents a string describing the SNMP-TRAP generic type. The possible values are:
    • Authentication failure
    • Cold start
    • EGP Neighbor loss
    • Enterprise specific
    • Link down
    • Link up
    • Unknown generic trap
    • Warm start
  • $MIB_DESCR
    Provides the trap description that is defined in the MIB file.
  • $NUM_VARIABLES
    Indicates the number of variables in the SNMP-TRAPs.
  • $VARIABLES
    Indicates that all variables in the SNMP-TRAP are expanded.
  • $n, where n > 0
    Expands into the variable at position n. For example, $1 expands the first variable.
  • $VARIABLE_DUMP
    Indicates that the alarm message should have variable name and value.
  • $OID
    Sets the object ID as a parameter.

(Optional) Add MIB Files

Management Information Bases (MIBs) are a collection of definitions. MIBs define the properties of the managed object within the device to be managed. Every managed device keeps a database of values for each of the definitions that are written in the MIB. An MIB can be regarded as an information warehouse. For example, if you want to monitor a printer for low toner, contact the manufacturer for the associated MIB file for the toner and add that file to the probe.

Running the MIB Setup Wizard helps you to add or remove the MIB files from your local MIB repository.

Note: The MIB files that are downloaded from the Internet can contain errors and references to other MIB files. These MIB files cannot be imported at the probe start-up.

The MIB is included in the probe distribution and is stored in the MIBS directory in the CA UIM installation directory.

Follow these steps:

  1. Click the Launch MIB Setup Wizard button in the toolbar.
    The MIB Setup Wizard dialog appears.
  2. Click the link to download and store the MIB files locally on your computer.
  3. Click Next
    The dialog for Step 1 appears.
  4. Click the green plus button to add the MIB files to your MIB repository.
  5. Click the red cross button to remove the MIB files from your MIB repository.

    Note: You can also select multiple MIB files from a folder (using Windows explorer) and drag and drop them onto the list in the wizard.

  6. Click Next
    The dialog for Step 2 appears.
  7. Select the Reload new MIBS on ‘Finish’ check box and click Finish to activate your modifications.

You have now added or removed the required MIB files from your local MIB repository. You have also notified the probe of the changes to the MIB directory.

View Traps

The salient features of MIB are as follows:

  • MIB must have a valid trap type or notification type else the trap details are not visible in the designated place.
  • Name of the MIB visible in the MIB Trap Browser must be the name corresponding to the Definition section in MIB and not the filename of the MIB.
  • MIB would not be visible in the MIB Trap browser if any of the MIBs mentioned in the Imports section are not present.

You can view all the traps that are enabled in the MIB. 

Follow these steps:

  1. Click the Launch the MIB Trap Browser button on the toolbar.
    The MIB Trap Browser dialog appears. 
  2. Select an option from the Select Module to Display list to filter the traps for the selected module.
  3. To create or delete a profile from the list of traps, right-click the trap and click the required option from the context menu.

Create and Configure Profiles

You can create a profile to monitor SNMP v1, v2, and v3 traps and convert them to CA UIM alarm messages.

Follow these steps:

  1. Open the snmptd probe configuration GUI in Infrastructure Manager.
  2. Create a profile using any of the following methods:

    • Create a profile for any trap of the selected Enterprise Identifier
      Select the required Enterprise Identifier in the left pane. In the right pane, right-click in the profile list and select New.
    • Create a profile from a captured trap in the SNMP Trap Monitor window.
      Right-click on a trap and select Create Profile.

      Note: You can create profiles from captured traps one at a time. The probe creates the profile for the last selected trap if you select multiple profiles.

    • Create a profile from a trap defined in the MIB Trap Browser window
      Right-click on a trap and select Create Profile.

      Note: You can create profiles for multiple traps simultaneously from the MIB Trap Browser. The PDU variables for the profiles are not automatically added. You can configure the profiles by modifying them from the main window.

      For example, right-click the low toner trap from the printer MIB file and select Create Profile.

    The trap profile window appears. 
  3. Enter the values for the following fields:
    • Name: specifies a name for the trap profile.

    • Generic trap type: specifies the type of the trap applicable for this profile. This field is only applicable for SNMP v1 traps. An Enterprise specific trap has a specific trap number and can have PDU variable rules. The other trap types do not support them. 

    • Specific trap number: specifies the trap number to identify the Enterprise specific SNMP v1 trap. The number represents the alarm severity if a CA UIM alarm is sent as an SNMP trap.

    • Convert to Nimsoft SNMP-TRAP message: convert the incoming trap to a CA UIM message (generated under the subject SNMP-TRAP).

    • Log trap to file: log the incoming trap to the trap.log log file.

    • Send QoS on number of traps: send the QoS messages on the number of traps sent from the source to the target in the probe monitoring interval. By default, the interval is 1 minute and is defined in Interval for sending QoS on traps field of the Setup window.

      Note: The probe must capture a new trap before it generates QoS messages on the count of traps when snmptd is deactivated and then activated again.

      (From version 3.30) You can also generate alarm messages when the number of traps breach the defined threshold. Right-click in the Send QoS on number of traps section and select New. Select the Operator, Value for the threshold, and the Severity for the alarm. Define the other thresholds in the similar format. 

      Important! You can only specify one threshold for an alarm of each severity. The probe generates alarm for the highest severity on threshold breach.

    • Convert to Nimsoft Alarm
      Convert the incoming trap to an alarm. The parameters for the alarm are specified in the following tabs:
      • Default Tab: enables you to configure the default alarm messages for the profile.
        • (From version 3.30) Set PDU MultipleThreshold: enables the PDU MultiThreshold Rules tab where you can define multiple threshold rules for a variable. If you select this option, the PDU Variable Rules tab is disabled. For more information, see Create Multiple Thresholds for a Rule.
          Default: Not selected
      • PDU Variable Rules Tab: enables you to create one or more rules to check the list of variables of the Protocol Data Units (PDU). For more information, see Create PDU Variable Rules

        Note: If you create the profile using the SNMP Trap Monitor, the PDU Variable Rules tab contains some predefined variables. When you create new PDU variable rules, the OID values are generated using the predefined variable values for that profile.

        The PDU Variable Rules tab contains the following fields in addition to the variable rules:

        • Process all rules: enables you to apply all the defined PDU Variable Rules in this tab to the profile. The profile generates alarm messages for all the rules that match the trap.

          Note: By default, the probe processes only the first rule.

        • Send Default message if no match: send the message specified in the Message Text field in the Default tab if no PDU variable rules are breached.

          Note: If the Message Text field is empty when the PDU threshold breaches, the probe generates the following message:
          alarm message text is empty.

      • Advanced Tab
        Configure advanced alarm details for the profile.
        • Alarm source: specifies the origin of the alarm. You can type $ to view or use variables in this field.
          For more information, see Variable Expansion.
        • Alarm Suppression Key: groups several alarm messages into a single message. The variable can be expanded using “$”.

          Note: When you specify a custom suppression key and perform PDU variable matching with the Process all rules checkbox disabled, the probe does not append variable number to the suppression key on a PDU variable rule match.

        • Use Agent IP as Source: set the agent IP address as the originator of the alarm. If you select this check box, the Alarm Source field is disabled.

      • (From version 3.30) PDU MultiThreshold Rules Tab: enables you to create one or more rules with multiple thresholds to check the list of variables of the PDU. For more information, see Create Multiple Thresholds for a Rule.
        The PDU MultiThreshold Rules tab contains the following fields in addition to the variable rules:
        • Process for All:  enables you to apply all the defined PDU Variable Rules in this tab to the profile. The profile generates alarm messages for all the rules that match the trap.
        • Send Default if no match: sends the message specified in the Message Text field in the Default tab if no PDU variable rules are breached.

          Note: If the Message Text field is empty when the PDU threshold breaches, the probe generates the following message:
          alarm message text is empty.

  4. Click OK.
    The profile is created.
  5. Save the configuration to start monitoring.

Note: The identifier for the profile must be active to monitor the traps in these profiles. For information about activating the profile identifier, see Activate Enterprise Identifier.

Monitor SNMP Traps

You can capture the incoming SNMP-TRAPs using the SNMP Trap Monitor dialog. You can also generate profiles using the contents of the SNMP Trap Monitor

Follow these steps:

  1. Click the Start The SNMP Trap Monitor button from the toolbar.
    The SNMP Trap Monitor dialog appears.
  2. Use the toolbar buttons in this dialog to perform the following operations:
    • Start: engages an SNMP-TRAP "sniffer" in the snmptd probe. A green diode indicates that "sniffing" is in progress. All traps (known as well as unknown) appear in the list. Unknown SNMP-TRAPs (traps without a profile) are indicated with a question mark because these are unidentified traps.

      Note: When you generate any trap and create a profile for the same, this profiles gets created in the group based on the Enterprise ID. As a group is disabled, by default, you must manually enable the group by clicking its respective checkbox. However, if the group is active and you generate the same trap for which profile has been created, then, this trap is displayed as an identified trap.

    • Stop: stops the SNMP-TRAP monitor.
    • Clear the event list: clears all entries in the SNMP-TRAP list.
    • Block multiple instances of the same trap: prevents the list from being filled with multiple instances of the same trap. A trap appears in the list only once. The Count column in the list indicates the number of times the trap has been received.
    • Edit trap profile: opens the trap properties dialog for the selected trap enabling you to edit the properties.
    • View trap details: opens the window with information about the selected trap. The SNMP-TRAP is also decoded and displayed by selecting the Trap Details from the right-click menu (or by double-clicking the list element). A list of SNMP-TRAP variables appears.

Notes:

  • You must restart the probe to complete the modifications made to the profiles.
  • When you generate a trap and create any profile for the unknown SNMP-TRAP  using the Create profile option from the context menu, the profiles gets created in the group based on the Enterprise ID. As a group is disabled, by default, so you must enable it by clicking on its respective check box. If the group is active and you generate the same trap for which profile has been created, then this profile would come as identified.

Manage User and Security

The snmptd probe enables you to manage the SNMP user and security.

Follow these steps:

  1. Click the User/Security Manager toolbar button.
    The Security Properties dialog appears.
  2. You can specify the following security aspects:
    • Community: The SNMP-TRAP v1 contains community strings. Here you can specify the incoming traps that the snmptd probe accepts. Normally, the community string Public is used. A * (or no community string at all) means that all incoming traps are accepted.
    • User: This tab applies to SNMP v3 only. If there is a SNMPv3 trap, the message is rejected unless the SNMPv3 user sending the trap is defined. You can refer the user using a combination of the name of the user and an identifier for the given SNMP application that you are talking to (called an "EngineID").
    • Denied Hosts: This tab allows you to define a list of hosts from where the probe does not accept incoming traps. You can specify one or more specific IP addresses. Else, you can specify a subnet of the form 193.71.55.XX, where all hosts on the subnet are denied. 

Note: A context menu is available for all three tabs (Community, User, and Denied Hosts) to perform New, Add, and Delete functions. The plus or cross toggle button allows you to add or delete definitions from the lists.

(Optional) Create PDU Variable Rules

You can define certain rules to monitor the variables in the Protocol Data Units (PDU). The probe also enables you to add or edit a rule to check the varbind values in the content of the incoming traps. You can also specify the alarm thresholds for the variable value in traps.

For example, an incoming toner low trap is sent from a printer. Some printers send a separate toner low trap whereas other printers send a standard trap with the variable value as toner low. You can then use the PDU variable rules to check the value of the variable.

Follow these steps:

  1. Double-click the profile for which you want to add a PDU variable rule.
  2. Select the PDU Variable Rules tab in the profile properties dialog.
  3. Right-click in the list of variables and select New from the context menu.
    The PDU Variable Comparison Rule window appears.
  4. Specify the variable number for the rule.
    The probe uses the value of the variable in the specified position in the trap.

  5. Select the operator for the threshold.

    Note: If you select re as the operator, the value field will represent a regular expression.
    For more information, see Using Regular Expressions

  6. Specify the threshold value for the variable.
  7. Specify the severity and message text for the alarm.
  8. Click OK to save the PDU Variable rule. 

(Optional) Create Multiple Thresholds for a Rule

From version 3.30, you can also specify multiple thresholds for a rule. Here, the probe generates alarms only if the rule breaches all the specified thresholds.

Follow these steps:

  1. Double-click the profile for which you want to add a PDU variable rule with multiple thresholds.
  2. Select the Set PDU Multiple Threshold field in the profile properties dialog.
    The PDU MultiThreshold Rules tab is enabled while the PDU Variable Rules tab is disabled.
  3. Navigate to the PDU MultiThreshold Rules tab.
  4. Right-click in the variables section and select New.
    The Add Rule dialog appears.
  5. Define a Rule Name.

  6. Specify the Severity and Message text for the alarm.
  7. Specify the Variable number for the rule.
    The probe uses the value of the variable in the specified position in the trap.

  8. Select the Operator for the threshold.

    Note: If you select re as the operator, the value field will represent a regular expression.
    For more information, see Using Regular Expressions

  9. Specify the threshold Value for the variable.
  10. Click Add to add the threshold to the variable.

  11. Repeat steps 7-9 to add multiple thresholds.
  12. After you create all the thresholds, click OK to save the PDU variable rule.
    The profile generates an alarm only if all specified thresholds breach.

(Optional) Use Regular Expressions

The probe uses regular expressions for variable values in thresholds. This allows you to configure alarms to be generated for multiple values of a PDU variable. For example: a printer can send both TonerLow or Toner Low values in a variable. The regular expression Toner*Low can be used to generate alarms in both cases.

A regular expression (regex for short) is a special text string to describe a search pattern. Constructing regular expression and pattern matching requires meta characters. The probe supports Perl Compatible Regular Expression (PCRE) which are enclosed within forward slash (/). For example, the expression /[0-9A-C]/ matches any character in the range to in the target string.

You can also use simple text with some wild card operators for matching the target string. For example, *test* expression matches the text test in target string.

The following table describes some examples of regex and pattern matching for the snmptd probe.

Regular expression

Type of regular expression

Explanation

[A-Z]

Standard (PCRE)

Matches any uppercase alpha character.
Example: ALPHA 

/[A-Z]

Custom

Matches for any string with exactly one Uppercase character.
Example: G 

.

Standard (PCRE)

Matches a single instance of any character or numeral.
Example: a 

.e*

Custom

Matches any string where the second character is lowercase e.
Example: beta

*

Standard (PCRE)

Matches against zero or more occurrences of the previous character or expression.
Example: alert23a 

/[a-d]*

Custom

Matches for any string name which starts from letters a, b, c, or d.
Example: delta 

(Optional) Activate Enterprise Identifier

The Enterprise identifiers for the SNMP traps are automatically activated when you create a profile for the identifier. 

The snmptd probe GUI displays the monitored SNMP v1, v2, and v3 Enterprises. Each Enterprise identifies the type of object causing the trap. A list of registered Enterprise numbers is available at http://www.iana.org/assignments/enterprise-numbers.

The probe monitors the following types of SNMP traps: 

  • V1 Traps: These traps contain the profiles for SNMPv1 traps. The V1 Traps folder is present by default and contains two profiles: Default/Standard SNMP Traps and Nimsoft Traps Examples. This folder further contains the following subfolders:
    • CIM Traps: contains the profiles for the SNMP traps sent from HP or Compaq Insight Manager. Using these profiles, you can convert the HP or Compaq Insight Manager messages to alarms.
    • DOM Traps: contains the profiles for the SNMP traps sent from Dell OpenManage. Using these profiles, you can convert the Dell OpenManage messages to alarms.
  • V2 & V3 Traps: These traps contain the profiles for SNMPv2 and SNMPv3 traps. The V2 & V3 Traps folder contains two default profiles, which are IF-MIB and SNMPv2 Traps (unknown MIB).

Note: To add, edit, or delete entries, right-click in the Enterprise identifier list and click the required option from the context menu.

You can activate or deactivate an existing identifier.

Follow these steps:

  1. Select the identifier group in the left pane.
    The identifiers of the group appear in the right pane.
  2. Select the checkbox next to the identifier to activate the profiles in the identifier. You can also remove the selection to deactivate profiles.
    All profiles in an active identifier are also active.

Example: Create a profile using MIB file information

You can create a profile based on the severity and the description defined in the MIB file.

Follow these steps:

  1. From the Setup window, select the Enhance MIB Parsing check box.

    The probe hard restarts after the check box is enabled.
  2. Add the MIB using MIB Set up wizard.
  3. Create a profile using the MIB trap browser.

    The message text and severity appears from the MIB file.
Was this helpful?

Please log in to post comments.

  1. Tomas Vrbka
    2016-09-19 05:10

    following https://communities.ca.com/ideas/235720718 The switch Process all rules doesn't apply AND logic for all conditions: Then what is the behaviour with multiple rules enabled. IF Processs rules enabled then each rule triggers one alarm? ELSE Process rules disabled - firsrt matched rul then one alarmy only at all? Thank you

    1. Raka Saha
      2016-09-21 02:39

      Process all rules: enables you to apply all the defined PDU Variable Rules in this tab to the profile. The profile generates alarm messages for all the rules that match the trap.

      1. Fotis Koutsoukos
        2017-05-02 07:03

        Hello docs team.

        Do you have an update on Tomas question?

        Thank you, Fotis

        1. Raka Saha
          2017-06-07 02:30

          Hello Tomas Vrbka and Fotis Koutsoukos. We have updated the IM configuration document to include the following:

          Process all rules: enables you to apply all the defined PDU Variable Rules in this tab to the profile. The profile generates alarm messages for all the rules that match the trap.

          Please let us know if this information answers your query.

          -Documentation Team. 

          1. Tomas Vrbka
            2017-06-09 09:20

            Hello, yes this is more clear. Thank You PS vote up for multiple rules matching with and&or support https://communities.ca.com/ideas/235720718