Sending & Receiving SNMP traps

Hi All

I am failry new in all this but I would like to consult with you experts regarding SNMP sending and receiving. We are using a network monitoring SW called "Alchemy Eye" which monitors about 100 client throughout our network, and I'm having problems receiving and translating the SNMP trap that are being send from the monitored client to Alchemy.
As far as the monitored clients side - everything is configured correctly ( I made sure of it by consulting with the vendors) so the problems may be in the monitoring SW...
I have added some screen shots of the Alchemy SW so you can see what I'm talking about...I need to know how to configure this tool to receive traps and translate them into actual events.

Thanks Alcmey
marmoor99Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FideliusCommented:
Hello!

Most of SNMP monitoring SW's require loading of MIBs into database. They have some standard  and most common MIB's already pre-loaded, but for specific traps you must import appropriate MIB.

Hope this helps!


What type of devices do you monitor? Please send some example of traps. Thanks!

Regards!
 
marmoor99Author Commented:
I see - well there is an MIB folder in the directory where the Alchemy is installed but all the MIB there are with .txt suffix..if I find an MIB and save it as .txt file and drop it in this folder..will it work?
I am trying to get traps from UPS & FW mostly - here are some exsamples of traps I'm getting:
1.3.6.1.6.3.1.1.5.5  - this is a FW trap from Juniper SRX210
1.3.6.1.4.1.232.165.0.2  - this is a trap from HP R5500 UPS
I am getting those trap IDs by mail but I need to figure out that they are...

Thanks
FideliusCommented:
Hello!

The first one is:
Notification Name:
authenticationFailure
In MIB:
SNMPv2-MIB
Registered at OID:
.1.3.6.1.6.3.1.1.5.5
Notification Description:      

An authenticationFailure trap signifies that the SNMP
entity has received a protocol message that is not
properly authenticated.  While all implementations
of SNMP entities MAY be capable of generating this
trap, the snmpEnableAuthenTraps object indicates
whether this trap will be generated.



As I can see here http://www.net-snmp.org/docs/mibs/snmpMIB.html it is "Deprecated or obsolete or historic object".

The second one you can find in "CPQPOWER-MIB" (http://www.oidview.com/mibs/232/CPQPOWER-MIB.html). This one you should probably import (or compile).
You can find it here: http://h18004.www1.hp.com/products/servers/proliantstorage/power-protection/software/hard-firmware.html#1 under HP MIBs or download it directly from ftp://ftp.hp.com/pub/c-products/servers/proliantstorage/power-protection/software/cpqpower1.62.zip

You can try copy it and rename to .txt in the folder you mentioned, but there should be Import or Add function in the software to add new MIB's.
As I can see on their web:
December, 2005. Version 7.5
- Added: MIB import function for SNMP Traps monitoring type


Hope it helps!

Regards!

Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

marmoor99Author Commented:
Hi

Thanks for all the valuable information :)

So if I understand what you are saying...the fist trap ID is a general trap and not Juniper related..while the second trap is a UPS related trap.
I tried to import this "CPQPOWER-MIB" to Alchemy and it generated some error messages:
 error1 error2 error3Do you think that addtional supported MIB should be imported first? If so, How can find out what are they??

Thanks
FideliusCommented:
Hello,

Yes, you're right about first trap, it is a general one, not Juniper.

First alert is telling you which MIB is missing: CPQHOST-MIB. Try to load that one first.
http://www.oidview.com/mibs/232/CPQHOST-MIB.html 
Click on ZIP icon in front of MIB name to download.

If some other MIB will be missing you should get alert as in 1.jpg with MIB name. Other errors are because of first one.


Regards!



 
marmoor99Author Commented:
Hi

So I tried to import the CPQHOST-MIB to Alchemy and it worked. Afterwards I imported the CPQPOWER-MIB and it worked as well  and I gave Alchemy the general trap OID for UPS as you can see from this picture
 snmp1Now, this here is the SNMP trap moitor preferences box;
 snmp2If I check the Trap OID and give it the trap from the prevoius picture...will it alert me regarding all trap IDs under it? or it will only look for this one?
Aslo, can you tell me what is the enterprise trap and why do I need it?

Thanks
FideliusCommented:
Hello,

I assume you mean enterprise OID, because there is no such thing as enterprise trap.
Enterprise OID is number that represents organization which issued particular MIB, and it is unique.
For Compaq, enterprise OID is 232. You can find all enterprise OIDs here http://www.iana.org/assignments/enterprise-numbers

I'm not familiar with Alchemy software, but I guess it will alert you for all traps beneath entered trap ID.
You can use Kiwi Syslog Daemon to catch raw SNMP traps, so you can set UPS to send to both software to compare the results.
If you have any documentation for Alchemy, send me link or pdf, so I can take a look, and confirm you assumptions.

Regards!
marmoor99Author Commented:
Hi

I dowloaded KIwi Syslog Daemon and will install it and compate the traps like you suggested...I'll let you know how goes..
In the meantime, I have attached the only user Guide I have for this SW - hope you can find out anything regarding the SNMP traps
Alchemy.pdf

Thanks a lot.
FideliusCommented:
First of all Happy New Year! :):)

If I understand correctly from this guide, software always receives all traps, but regarding the filter options it will trigger alarm. If you want to receive all traps from device, only IP address of device is needed. Only if you want to be alerted on particular trap you use Trap OID field. As none of the filter options is mandatory (you can use all, none, or any combination - checkboxes suggest that), Enterprise OID can be used to alert you on traps from specific vendor without specifying every single device IP.
For example you have 5 HP UPS devices, so if want to receive alerts on all events from all 5 devices, you will check only Enterprise OID end enter HP Enterprise OID number and create one Filter rule for all 5 devices. You can also achieve that by creating 5 filters based on 5 IP addresses of the UPS.

So using more filter options gives you more granularity in filter.

As there is no mentioning of filter options in PDF, I can not guarantee that 100%. I hope that my explanation makes any sense to you. Give it a try, and let me know what you get as result. I hope it will help!

Regards!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
marmoor99Author Commented:
Hi

Sorry for the late response...first of all - that a lot for the explanation - it has proven very helpful.
I have not tried using enterprise OID yet since I've somewhat pre-occupied with other projects...
I'll be sure to try those suggestions and update on result.

Thanks again.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.