FC2ブログ

スポンサーサイト

上記の広告は1ヶ月以上更新のないブログに表示されています。
新しい記事を書く事で広告が消せます。

SNMPTT その1

1. SNMPTT とは

snmptrapd では format1 / format2 オプションでログのフォーマットを指定することができますが、全てのトラップに対して共通のフォーマットが適用されるため、一般的な NMS のようにトラップごとの細かい制御を行うことができません。

例えば、snmptrapd に以前紹介したフォーマットを適用してトラップを受信した際のログは以下のようになります。

2011/7/9 17:57:46
 hostname = "Router6"
 source = "UDP: [10.0.6.2]:57705"
 security = "TRAP2, SNMP v2c, community public"
 variable-bindings:
 + sysUpTimeInstance = 0:6:52:05.03
 + snmpTrapOID.0 = cHsrpStateChange
 + cHsrpGrpStandbyState.1.1 = initial

2011/7/9 17:57:48
 hostname = "Router6"
 source = "UDP: [10.0.6.2]:57705"
 security = "TRAP2, SNMP v2c, community public"
 variable-bindings:
 + sysUpTimeInstance = 0:6:52:07.98
 + snmpTrapOID.0 = linkDown
 + ifIndex.1 = 1
 + ifDescr.1 = FastEthernet1/0
 + ifType.1 = ethernetCsmacd
 + locIfReason.1 = "administratively down"

2011/7/9 17:57:56
 hostname = "Router6"
 source = "UDP: [10.0.6.2]:57705"
 security = "TRAP2, SNMP v2c, community public"
 variable-bindings:
 + sysUpTimeInstance = 0:6:52:15.99
 + snmpTrapOID.0 = linkUp
 + ifIndex.1 = 1
 + ifDescr.1 = FastEthernet1/0
 + ifType.1 = ethernetCsmacd
 + locIfReason.1 = "up"

2011/7/9 17:58:15
 hostname = "Router6"
 source = "UDP: [10.0.6.2]:57705"
 security = "TRAP2, SNMP v2c, community public"
 variable-bindings:
 + sysUpTimeInstance = 0:6:52:34.55
 + snmpTrapOID.0 = cHsrpStateChange
 + cHsrpGrpStandbyState.1.1 = active

一方、代表的な NMS の一つである HP 社の NNMi 9.1 では同様のトラップが以下のように表示されます。

snmptt_1-1.png

トラップ管理という観点から見た NNM と snmptrapd の機能差異として、大きく以下の 4 点が挙げられます。

① メッセージのフォーマットをトラップごとに指定できる。
② 受信したトラップの VarBind をメッセージの任意の場所に挿入できる。
③ 重要度、カテゴリなどの付加情報を指定できる。
④ イベント管理用のコンソール GUI を備えている。

これらのうち、snmptrapd に不足している①~③の機能を補うツールが SNMPTT です。④については Nagios や Splunk のような外部ツールに SNMPTT が出力するログを渡すことで実現すればよいでしょう。

上記のトラップを SNMPTT 経由でログに出力した場合、メッセージは以下のようになります。

Sat Jul  9 19:59:13 2011 cHsrpStateChange Warning "Status Events" Router6 - HSRP グループの 状態が変化しました。状態:initial
Sat Jul  9 19:59:16 2011 linkDown Critical "Status Events" Router6 - インターフェース FastEthernet1/0 が停止しました。ステータス:administratively down
Sat Jul  9 19:59:28 2011 linkUp Normal "Status Events" Router6 - インターフェース FastEthernet1/0 が動作を開始しました。ステータス:up
Sat Jul  9 19:59:46 2011 cHsrpStateChange Warning "Status Events" Router6 - HSRP グループの 状態が変化しました。状態:active

今回は、CentOS 6 に SNMPTT 1.3 をインストールし、一般トラップと幾つかの Cisco トラップを監視できるようセットアップを行うところまでを解説します。

2. 前提条件の確認

SNMPTT は snmptrapd の利用を前提とした Perl ベースのツールのため、インストールする前に Net-SNMP と Perl 本体、いくつかの Perl モジュールのインストールを済ませておく必要があります。

以下は、バージョン 1.3 の前提条件です。最新の情報についてはこちらでご確認ください。

必須モジュール:
Perl 5.6.1 以降
SNMPTT は 5.6.1 および 5.8.0 で開発されていますが、異なるバージョンの Perl でも動作するでしょう。
Net-SNMP
以前は UCD-SNMP という名称でした。特に snmptrapd が必要となります。
Text::ParseWords モジュール
多くのディストリビューションに標準で含まれています(ActivePerl を含む)。
Getopt::Long モジュール
多くのディストリビューションに標準で含まれています(ActivePerl を含む)。
Posix モジュール
多くのディストリビューションに標準で含まれています(ActivePerl などの一部のディストリビューションを除く)。
Config::IniFiles モジュール
Time::HiRes モジュール
SNMPTT をデーモンモードで動作させる際にのみ必要となります(snmptthandler によって使用されます)。
Sys::Hostname モジュール
多くのディストリビューションに標準で含まれています(ActivePerl などの一部のディストリビューションを除く)。
File::Basename モジュール
多くのディストリビューションに標準で含まれています(ActivePerl などの一部のディストリビューションを除く)。
Text::Balanced モジュール
多くのディストリビューションに標準で含まれています(ActivePerl などの一部のディストリビューションを除く)。

オプションモジュール:
Socket モジュール
多くのディストリビューションに標準で含まれています(ActivePerl などの一部のディストリビューションを除く)。
DNS による名前解決に必要となります。
Sys::Syslog モジュール
多くの UNIX ディストリビューションに含まれています。
Syslog サポートに必要となります。
DBI モジュール
DBD::MySQL, DBD::PgPP, DBD::ODBC サポートに必要となります。
DBD::mysql モジュール
MySQL サポートに必要となります。
DBD::PgPP もしくは DBD:Pg モジュール
PostgreSQL サポートに必要となります。
DBD::ODBC モジュール
Linux / Windows での ODBC アクセスに必要となります(DBD::ODBC を使用する場合には Win32::ODBC は不要です)。
Win32::ODBC モジュール
Windows での ODBC アクセスに必要となります(Win32::ODBC を使用する場合には DBD::ODBC は不要です)。
Net-SNMP Perl モジュール
数値形式の OID をシンボル名(文字列)に変換するために必要となります。
パッチ 722075 を適用した Net-SNMP 5.0.8 以降、もしくは Net-SNMP 5.1.1 以降の利用が推奨されます。
なお、本モジュールは CPAN からダウンロードできる Net::SNMP とは異なるものです。
threads 及び Thread モジュール
多くのディストリビューションに標準で含まれています(ActivePerl などの一部のディストリビューションを除く)。
EXEC ステートメントでのコマンド実行のために threads (マルチスレッド機能)を有効化する場合に必要となります。
Digest::MD5 モジュール
多くのディストリビューションに標準で含まれています(ActivePerl などの一部のディストリビューションを除く)。
トラップの重複検知機能を有効化する場合に必要となります。
snmptrapd の組み込み Perl サポート
snmptthandler-embedded を利用するには、Net-SNMP のコンパイル時に snmptrapd の組み込み Perl サポート ("--enable-embedded-perl" オプション)が有効化されている必要があります。


① Perl のセットアップ

今回は OS インストール時に Minimal を選択しているため、上記前提モジュールが殆どインストールされていない状態ですので、まずは Perl 本体のインストールから行っていきます。また、あわせて CPAN モジュール及び yum からインストール可能な必須モジュールについてもインストールしてしまいます。

[root@centos6 ~]# yum install perl perl-CPAN perl-YAML perl-Module-Build perl-Time-HiRes
~省略~
==========================================================================================
 Package                        Arch          Version                   Repository   Size
==========================================================================================
Installing:
 perl                           x86_64        4:5.10.1-115.el6          base         10 M
 perl-CPAN                      x86_64        1.9402-115.el6            base        243 k
 perl-Module-Build              x86_64        1:0.3500-115.el6          base        226 k
 perl-Time-HiRes                x86_64        4:1.9721-115.el6          base         45 k
 perl-YAML                      noarch        0.70-4.el6                base         81 k
Installing for dependencies:
 perl-Archive-Tar               x86_64        1.58-115.el6              base         69 k
 perl-Compress-Raw-Zlib         x86_64        2.023-115.el6             base         66 k
 perl-Compress-Zlib             x86_64        2.020-115.el6             base         42 k
 perl-ExtUtils-CBuilder         x86_64        1:0.27-115.el6            base         44 k
 perl-ExtUtils-MakeMaker        x86_64        6.55-115.el6              base        289 k
 perl-ExtUtils-ParseXS          x86_64        1:2.2003.0-115.el6        base         41 k
 perl-IO-Compress-Base          x86_64        2.020-115.el6             base         65 k
 perl-IO-Compress-Zlib          x86_64        2.020-115.el6             base        132 k
 perl-IO-Zlib                   x86_64        1:1.09-115.el6            base         29 k
 perl-Module-Pluggable          x86_64        1:3.90-115.el6            base         36 k
 perl-Package-Constants         x86_64        1:0.02-115.el6            base         23 k
 perl-Pod-Escapes               x86_64        1:1.04-115.el6            base         29 k
 perl-Pod-Simple                x86_64        1:3.13-115.el6            base        208 k
 perl-Test-Harness              x86_64        3.17-115.el6              base        228 k
 perl-devel                     x86_64        4:5.10.1-115.el6          base        419 k
 perl-libs                      x86_64        4:5.10.1-115.el6          base        576 k
 perl-version                   x86_64        3:0.77-115.el6            base         48 k

Transaction Summary
==========================================================================================
Install      22 Package(s)
Upgrade       0 Package(s)

Total download size: 13 M
Installed size: 41 M
Is this ok [y/N]: y
~省略~
Installed:
  perl.x86_64 4:5.10.1-115.el6                 perl-CPAN.x86_64 0:1.9402-115.el6
  perl-Module-Build.x86_64 1:0.3500-115.el6    perl-Time-HiRes.x86_64 4:1.9721-115.el6
  perl-YAML.noarch 0:0.70-4.el6

Dependency Installed:
  perl-Archive-Tar.x86_64 0:1.58-115.el6
  perl-Compress-Raw-Zlib.x86_64 0:2.023-115.el6
  perl-Compress-Zlib.x86_64 0:2.020-115.el6
  perl-ExtUtils-CBuilder.x86_64 1:0.27-115.el6
  perl-ExtUtils-MakeMaker.x86_64 0:6.55-115.el6
  perl-ExtUtils-ParseXS.x86_64 1:2.2003.0-115.el6
  perl-IO-Compress-Base.x86_64 0:2.020-115.el6
  perl-IO-Compress-Zlib.x86_64 0:2.020-115.el6
  perl-IO-Zlib.x86_64 1:1.09-115.el6
  perl-Module-Pluggable.x86_64 1:3.90-115.el6
  perl-Package-Constants.x86_64 1:0.02-115.el6
  perl-Pod-Escapes.x86_64 1:1.04-115.el6
  perl-Pod-Simple.x86_64 1:3.13-115.el6
  perl-Test-Harness.x86_64 0:3.17-115.el6
  perl-devel.x86_64 4:5.10.1-115.el6
  perl-libs.x86_64 4:5.10.1-115.el6
  perl-version.x86_64 3:0.77-115.el6

Complete!

インストール済みのモジュールを確認します。

[root@centos6 ~]# find `perl -e 'print "@INC"'` -name '*.pm' -print | egrep "(Text/ParseWords|Getopt/Long|Posix|Config/IniFiles|Time/HiRes|Sys/Hostname|File/Basename|Text/Balanced|Socket|Sys/Syslog|DBI|DBD/mysql|DBD/PgPP|DBD/Pg|DBD/ODBC|Win32/ODBC|threads|Thread)\.pm"
/usr/lib64/perl5/threads.pm
/usr/lib64/perl5/Time/HiRes.pm
/usr/lib64/perl5/Sys/Syslog.pm
/usr/lib64/perl5/Sys/Hostname.pm
/usr/lib64/perl5/Socket.pm
/usr/lib64/perl5/IO/Socket.pm
/usr/share/perl5/File/Basename.pm
/usr/share/perl5/Text/Balanced.pm
/usr/share/perl5/Text/ParseWords.pm
/usr/share/perl5/Thread.pm
/usr/share/perl5/Getopt/Long.pm

必須モジュールの Config::IniFiles が不足しているため、CPAN からインストールを行います。

CPAN を起動する前に、CPAN によって使用されるパッケージをいくつかインストールしておきます。

ここでは標準のレポジトリからダウンロード可能なコマンドのみをインストールしていますが、ncftp 等もインストールしたい場合は EPEL を有効にするとよいでしょう。

[root@centos6 ~]# which bzip2 gzip tar unzip make curl lynx wget ftp gpg patch gcc
/usr/bin/bzip2
/bin/gzip
/bin/tar
/usr/bin/which: no unzip in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
/usr/bin/which: no make in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
/usr/bin/curl
/usr/bin/which: no lynx in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
/usr/bin/which: no wget in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
/usr/bin/which: no ftp in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
/usr/bin/gpg
/usr/bin/which: no patch in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
/usr/bin/which: no gcc in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
[root@centos6 ~]# yum install unzip make lynx wget ftp patch gcc
~省略~
==========================================================================================
 Package                  Arch           Version                    Repository       Size
==========================================================================================
Installing:
 ftp                      x86_64         0.17-51.1.el6              base             57 k
 gcc                      x86_64         4.4.4-13.el6               base             10 M
 lynx                     x86_64         2.8.6-27.el6               base            1.3 M
 make                     x86_64         1:3.81-19.el6              base            389 k
 patch                    x86_64         2.6-6.el6                  base             90 k
 unzip                    x86_64         6.0-1.el6                  base            149 k
 wget                     x86_64         1.12-1.4.el6               base            481 k
Installing for dependencies:
 centos-indexhtml         noarch         6-1.el6.centos             base             70 k
 cloog-ppl                x86_64         0.15.7-1.2.el6             base             93 k
 cpp                      x86_64         4.4.4-13.el6               base            3.7 M
 glibc-devel              x86_64         2.12-1.7.el6_0.5           updates         961 k
 glibc-headers            x86_64         2.12-1.7.el6_0.5           updates         592 k
 kernel-headers           x86_64         2.6.32-71.29.1.el6         updates         991 k
 libgomp                  x86_64         4.4.4-13.el6               base            108 k
 mpfr                     x86_64         2.4.1-6.el6                base            157 k
 ppl                      x86_64         0.10.2-11.el6              base            1.3 M
Updating for dependencies:
 glibc                    x86_64         2.12-1.7.el6_0.5           updates         3.7 M
 glibc-common             x86_64         2.12-1.7.el6_0.5           updates          14 M

Transaction Summary
==========================================================================================
Install      16 Package(s)
Upgrade       2 Package(s)

Total download size: 38 M
Is this ok [y/N]: y
~省略~
Installed:
  ftp.x86_64 0:0.17-51.1.el6    gcc.x86_64 0:4.4.4-13.el6    lynx.x86_64 0:2.8.6-27.el6
  make.x86_64 1:3.81-19.el6     patch.x86_64 0:2.6-6.el6     unzip.x86_64 0:6.0-1.el6
  wget.x86_64 0:1.12-1.4.el6

Dependency Installed:
  centos-indexhtml.noarch 0:6-1.el6.centos   cloog-ppl.x86_64 0:0.15.7-1.2.el6
  cpp.x86_64 0:4.4.4-13.el6                  glibc-devel.x86_64 0:2.12-1.7.el6_0.5
  glibc-headers.x86_64 0:2.12-1.7.el6_0.5    kernel-headers.x86_64 0:2.6.32-71.29.1.el6
  libgomp.x86_64 0:4.4.4-13.el6              mpfr.x86_64 0:2.4.1-6.el6
  ppl.x86_64 0:0.10.2-11.el6

Dependency Updated:
  glibc.x86_64 0:2.12-1.7.el6_0.5          glibc-common.x86_64 0:2.12-1.7.el6_0.5

Complete!
[root@centos6 ~]# which bzip2 gzip tar unzip make curl lynx wget ftp gpg patch gcc
/usr/bin/bzip2
/bin/gzip
/bin/tar
/usr/bin/unzip
/usr/bin/make
/usr/bin/curl
/usr/bin/lynx
/usr/bin/wget
/usr/bin/ftp
/usr/bin/gpg
/usr/bin/patch
/usr/bin/gcc

CPAN を起動して初期セットアップを行います。ここではマニュアルで各種パラメータの指定を行っていますが、面倒な場合は最初の質問に yes と答えて自動設定に任せてもよいでしょう。

[root@centos6 ~]# cpan


CPAN is the world-wide archive of perl resources. It consists of about
300 sites that all replicate the same contents around the globe. Many
countries have at least one CPAN site already. The resources found on
CPAN are easily accessible with the CPAN.pm module. If you want to use
CPAN.pm, lots of things have to be configured. Fortunately, most of
them can be determined automatically. If you prefer the automatic
configuration, answer 'yes' below.

If you prefer to enter a dialog instead, you can answer 'no' to this
question and I'll let you configure in small steps one thing after the
other. (Note: you can revisit this dialog anytime later by typing 'o
conf init' at the cpan prompt.)
Would you like me to configure as much as possible automatically? [yes] no


The following questions are intended to help you with the
configuration. The CPAN module needs a directory of its own to cache
important index files and maybe keep a temporary mirror of CPAN files.
This may be a site-wide or a personal directory.



First of all, I'd like to create this directory. Where?

 
CPAN build and cache directory? [/root/.cpan]

Unless you are accessing the CPAN on your filesystem via a file: URL,
CPAN.pm needs to keep the source files it downloads somewhere. Please
supply a directory where the downloaded files are to be kept.

 
Download target directory? [/root/.cpan/sources]

 
Directory where the build process takes place? [/root/.cpan/build]

Until version 1.88 CPAN.pm never trusted the contents of the build_dir
directory between sessions. Since 1.88_58 CPAN.pm has a YAML-based
mechanism that makes it possible to share the contents of the
build_dir/ directory between different sessions with the same version
of perl. People who prefer to test things several days before
installing will like this feature because it safes a lot of time.

If you say yes to the following question, CPAN will try to store
enough information about the build process so that it can pick up in
future sessions at the same state of affairs as it left a previous
session.

 
Store and re-use state information about distributions between
CPAN.pm sessions? [no]

CPAN.pm can store customized build environments based on regular
expressions for distribution names. These are YAML files where the
default options for CPAN.pm and the environment can be overridden and
dialog sequences can be stored that can later be executed by an
Expect.pm object. The CPAN.pm distribution comes with some prefab YAML
files that cover sample distributions that can be used as blueprints
to store one own prefs. Please check out the distroprefs/ directory of
the CPAN.pm distribution to get a quick start into the prefs system.

 
Directory where to store default options/environment/dialogs for
building modules that need some customization? [/root/.cpan/prefs]

Normally CPAN.pm keeps config variables in memory and changes need to
be saved in a separate 'o conf commit' command to make them permanent
between sessions. If you set the 'auto_commit' option to true, changes
to a config variable are always automatically committed to disk.

 
Always commit changes to config variables to disk? [no] yes

CPAN.pm can limit the size of the disk area for keeping the build
directories with all the intermediate files.

 
Cache size for build directory (in MB)? [100]

The CPAN indexes are usually rebuilt once or twice per hour, but the
typical CPAN mirror mirrors only once or twice per day. Depending on
the quality of your mirror and your desire to be on the bleeding edge,
you may want to set the following value to more or less than one day
(which is the default). It determines after how many days CPAN.pm
downloads new indexes.

 
Let the index expire after how many days? [1]

By default, each time the CPAN module is started, cache scanning is
performed to keep the cache size in sync. To prevent this, answer
'never'.

 
Perform cache scanning (atstart or never)? [atstart]

To considerably speed up the initial CPAN shell startup, it is
possible to use Storable to create a cache of metadata. If Storable is
not available, the normal index mechanism will be used.

Note: this mechanism is not used when use_sqlite is on and SQLLite is
running.

 
Cache metadata (yes/no)? [yes]

CPAN::SQLite is a layer between the index files that are downloaded
from the CPAN and CPAN.pm that speeds up metadata queries and reduces
memory consumption of CPAN.pm considerably.

 
Use CPAN::SQLite if available? (yes/no)? [no]

The CPAN module can detect when a module which you are trying to build
depends on prerequisites. If this happens, it can build the
prerequisites for you automatically ('follow'), ask you for
confirmation ('ask'), or just ignore them ('ignore'). Please set your
policy to one of the three values.

 
Policy on building prerequisites (follow, ask or ignore)? [ask]

When a module declares another one as a 'build_requires' prerequisite
this means that the other module is only needed for building or
testing the module but need not be installed permanently. In this case
you may wish to install that other module nonetheless or just keep it
in the 'build_dir' directory to have it available only temporarily.
Installing saves time on future installations but makes the perl
installation bigger.

You can choose if you want to always install (yes), never install (no)
or be always asked. In the latter case you can set the default answer
for the question to yes (ask/yes) or no (ask/no).

 
Policy on installing 'build_requires' modules (yes, no, ask/yes,
ask/no)? [ask/yes]

CPAN packages can be digitally signed by authors and thus verified
with the security provided by strong cryptography. The exact mechanism
is defined in the Module::Signature module. While this is generally
considered a good thing, it is not always convenient to the end user
to install modules that are signed incorrectly or where the key of the
author is not available or where some prerequisite for
Module::Signature has a bug and so on.

With the check_sigs parameter you can turn signature checking on and
off. The default is off for now because the whole tool chain for the
functionality is not yet considered mature by some. The author of
CPAN.pm would recommend setting it to true most of the time and
turning it off only if it turns out to be annoying.

Note that if you do not have Module::Signature installed, no signature
checks will be performed at all.

 
Always try to check and verify signatures if a SIGNATURE file is in
the package and Module::Signature is installed (yes/no)? [no]

The goal of the CPAN Testers project (http://testers.cpan.org/) is to
test as many CPAN packages as possible on as many platforms as
possible.  This provides valuable feedback to module authors and
potential users to identify bugs or platform compatibility issues and
improves the overall quality and value of CPAN.

One way you can contribute is to send test results for each module
that you install.  If you install the CPAN::Reporter module, you have
the option to automatically generate and email test reports to CPAN
Testers whenever you run tests on a CPAN package.

See the CPAN::Reporter documentation for additional details and
configuration settings.  If your firewall blocks outgoing email,
you will need to configure CPAN::Reporter before sending reports.

 
Email test reports if CPAN::Reporter is installed (yes/no)? [no]

When a distribution has already been tested by CPAN::Reporter on
this machine, CPAN can skip the test phase and just rely on the
test report history instead.

Note that this will not apply to distributions that failed tests
because of missing dependencies.  Also, tests can be run
regardless of the history using "force".

 
Do you want to rely on the test report history (yes/no)? [no]

At the time of this writing (2009-03) there are three YAML
implementations working: YAML, YAML::Syck, and YAML::XS. The latter
two are faster but need a C compiler installed on your system. There
may be more alternative YAML conforming modules. When I tried two
other players, YAML::Tiny and YAML::Perl, they seemed not powerful
enough to work with CPAN.pm. This may have changed in the meantime.

 
Which YAML implementation would you prefer? [YAML]

Warning (maybe harmless): 'YAML' not installed.
Both YAML.pm and YAML::Syck are capable of deserialising code. As this
requires a string eval, which might be a security risk, you can use
this option to enable or disable the deserialisation of code via
CPAN::DeferredCode. (Note: This does not work under perl 5.6)

 
Do you want to enable code deserialisation (yes/no)? [no]



The CPAN module will need a few external programs to work properly.
Please correct me, if I guess the wrong path for a program. Don't
panic if you do not have some of them, just press ENTER for those. To
disable the use of a program, you can type a space followed by ENTER.

 
Where is your bzip2 program? [/usr/bin/bzip2]

 
Where is your gzip program? [/bin/gzip]

 
Where is your tar program? [/bin/tar]

 
Where is your unzip program? [/usr/bin/unzip]

 
Where is your make program? [/usr/bin/make]

 
Where is your curl program? [/usr/bin/curl]

 
Where is your lynx program? [/usr/bin/lynx]

 
Where is your wget program? [/usr/bin/wget]

Warning: ncftpget not found in PATH[/usr/local/sbin;/usr/local/bin;/sbin;/bin;/usr/sbin;/sr/bin;/root/bin]
 
Where is your ncftpget program? []

Warning: ncftp not found in PATH[/usr/local/sbin;/usr/local/bin;/sbin;/bin;/usr/sbin;/usrbin;/root/bin]
 
Where is your ncftp program? []

 
Where is your ftp program? [/usr/bin/ftp]

 
Where is your gpg program? [/usr/bin/gpg]

 
Where is your patch program? [/usr/bin/patch]

Warning: applypatch not found in PATH[/usr/local/sbin;/usr/local/bin;/sbin;/bin;/usr/sbin/usr/bin;/root/bin]
 
Where is your applypatch program? []

 
What is your favorite pager program? [/usr/bin/less]

 
What is your favorite shell? [/bin/bash]

When CPAN.pm uses the tar command, which switch for the verbosity
shall be used? Choose 'none' for quiet operation, 'v' for file
name listing, 'vv' for full listing.

 
Tar command verbosity level (none or v or vv)? [v]

When CPAN.pm loads a module it needs for some optional feature, it
usually reports about module name and version. Choose 'v' to get this
message, 'none' to suppress it.

 
Verbosity level for loading modules (none or v)? [v]

When CPAN.pm extends @INC via PERL5LIB, it prints a list of
directories added (or a summary of how many directories are
added).  Choose 'v' to get this message, 'none' to suppress it.

 
Verbosity level for PERL5LIB changes (none or v)? [v]

When the CPAN shell is started it normally displays a greeting message
that contains the running version and the status of readline support.

 
Do you want to turn this message off? [no]

When you have Module::Build installed and a module comes with both a
Makefile.PL and a Build.PL, which shall have precedence?

The main two standard installer modules are the old and well
established ExtUtils::MakeMaker (for short: EUMM) which uses the
Makefile.PL. And the next generation installer Module::Build (MB)
which works with the Build.PL (and often comes with a Makefile.PL
too). If a module comes only with one of the two we will use that one
but if both are supplied then a decision must be made between EUMM and
MB. See also http://rt.cpan.org/Ticket/Display.html?id=29235 for a
discussion about the right default.

Or, as a third option you can choose RAND which will make a random
decision (something regular CPAN testers will enjoy).

 
In case you can choose between running a Makefile.PL or a Build.PL,
which installer would you prefer (EUMM or MB or RAND)? [MB]

Every Makefile.PL is run by perl in a separate process. Likewise we
run 'make' and 'make install' in separate processes. If you have
any parameters (e.g. PREFIX, UNINST or the like) you want to
pass to the calls, please specify them here.

If you don't understand this question, just press ENTER.

Typical frequently used settings:

    PREFIX=~/perl    # non-root users (please see manual for more hints)

 
Parameters for the 'perl Makefile.PL' command? [INSTALLDIRS=site]

Parameters for the 'make' command? Typical frequently used setting:

    -j3              # dual processor system (on GNU make)

 
Your choice: []

Do you want to use a different make command for 'make install'?
Cautious people will probably prefer:

    su root -c make
 or
    sudo make
 or
    /path1/to/sudo -u admin_account /path2/to/make

 
or some such. Your choice: [/usr/bin/make]

Parameters for the 'make install' command?
Typical frequently used setting:

    UNINST=1         # to always uninstall potentially conflicting files

 
Your choice: [] UNINST=1

A Build.PL is run by perl in a separate process. Likewise we run
'./Build' and './Build install' in separate processes. If you have any
parameters you want to pass to the calls, please specify them here.

Typical frequently used settings:

    --install_base /home/xxx             # different installation directory

 
Parameters for the 'perl Build.PL' command? [--installdirs site]

Parameters for the './Build' command? Setting might be:

    --extra_linker_flags -L/usr/foo/lib  # non-standard library location

 
Your choice: []

Do you want to use a different command for './Build install'? Sudo
users will probably prefer:

    su root -c ./Build
 or
    sudo ./Build
 or
    /path1/to/sudo -u admin_account ./Build

 
or some such. Your choice: [./Build]

Parameters for the './Build install' command? Typical frequently used
setting:

    --uninst 1                           # uninstall conflicting files

 
Your choice: [] --uninst 1

Sometimes you may wish to leave the processes run by CPAN alone
without caring about them. Because the Makefile.PL or the Build.PL
sometimes contains question you're expected to answer, you can set a
timer that will kill a 'perl Makefile.PL' process after the specified
time in seconds.

If you set this value to 0, these processes will wait forever. This is
the default and recommended setting.

 
Timeout for inactivity during {Makefile,Build}.PL? [0]

Normaly, CPAN.pm continues processing the full list of targets and
dependencies, even if one of them fails.  However, you can specify
that CPAN should halt after the first failure.

 
Do you want to halt on failure (yes/no)? [no]



If you're accessing the net via proxies, you can specify them in the
CPAN configuration or via environment variables. The variable in
the $CPAN::Config takes precedence.

 
Your ftp_proxy? []

 
Your http_proxy? []

 
Your no_proxy? []

 
Shall we always set the FTP_PASSIVE environment variable when dealing
with ftp download (yes/no)? [yes]

CPAN.pm changes the current working directory often and needs to
determine its own current working directory. Per default it uses
Cwd::cwd but if this doesn't work on your system for some reason,
alternatives can be configured according to the following table:

    cwd         Cwd::cwd
    getcwd      Cwd::getcwd
    fastcwd     Cwd::fastcwd
    backtickcwd external command cwd

 
Preferred method for determining the current working directory? [cwd]

The prompt of the cpan shell can contain the current command number
for easier tracking of the session or be a plain string.

 
Do you want the command number in the prompt (yes/no)? [yes]

When using Term::ReadLine, you can turn ornaments on so that your
input stands out against the output from CPAN.pm.

 
Do you want to turn ornaments on? [yes]

The next option deals with the charset (aka character set) your
terminal supports. In general, CPAN is English speaking territory, so
the charset does not matter much but some CPAN have names that are
outside the ASCII range. If your terminal supports UTF-8, you should
say no to the next question. If it expects ISO-8859-1 (also known as
LATIN1) then you should say yes. If it supports neither, your answer
does not matter because you will not be able to read the names of some
authors anyway. If you answer no, names will be output in UTF-8.

 
Your terminal expects ISO-8859-1 (yes/no)? [yes] no

If you have one of the readline packages (Term::ReadLine::Perl,
Term::ReadLine::Gnu, possibly others) installed, the interactive CPAN
shell will have history support. The next two questions deal with the
filename of the history file and with its size. If you do not want to
set this variable, please hit SPACE RETURN to the following question.

If you have one of the readline packages (Term::ReadLine::Perl,
Term::ReadLine::Gnu, possibly others) installed, the interactive CPAN
shell will have history support. The next two questions deal with the
filename of the history file and with its size. If you do not want to
set this variable, please hit SPACE RETURN to the following question.

 
File to save your history? [/root/.cpan/histfile]

 
Number of lines to save? [100]

The 'd' and the 'm' command normally only show you information they
have in their in-memory database and thus will never connect to the
internet. If you set the 'show_upload_date' variable to true, 'm' and
'd' will additionally show you the upload date of the module or
distribution. Per default this feature is off because it may require a
net connection to get at the upload date.

 
Always try to show upload date with 'd' and 'm' command (yes/no)? [no]

During the 'r' command CPAN.pm finds modules without version number.
When the command finishes, it prints a report about this. If you
want this report to be very verbose, say yes to the following
variable.

 
Show all individual modules that have no $VERSION? [no]

During the 'r' command CPAN.pm finds modules with a version number of
zero. When the command finishes, it prints a report about this. If you
want this report to be very verbose, say yes to the following
variable.

 
Show all individual modules that have a $VERSION of zero? [no]

If you have never defined your own C in your configuration
then C will be hesitant to use the built in default sites for
downloading. It will ask you once per session if a connection to the
internet is OK and only if you say yes, it will try to connect. But to
avoid this question, you can choose your favorite download sites once
and get away with it. Or, if you have no favorite download sites
answer yes to the following question.

 
If no urllist has been chosen yet, would you prefer CPAN.pm to connect
to the built-in default sites without asking? (yes/no)? [no] yes

You have no /root/.cpan/sources/MIRRORED.BY
  I'm trying to fetch one
Warning: no success downloading '/root/.cpan/sources/MIRRORED.BY.tmp2220'. Giving up on i. at /usr/share/perl5/CPAN/FirstTime.pm line 1424
  LWP not available

Trying with "/usr/bin/curl -L -f -s -S --netrc-optional" to get
    "http://www.perl.org/CPAN/MIRRORED.BY"


Now we need to know where your favorite CPAN sites are located. Push
a few sites onto the array (just in case the first on the array won't
work). If you are mirroring CPAN to your local workstation, specify a
file: URL.

First, pick a nearby continent and country by typing in the number(s)
in front of the item(s) you want to select. You can pick several of
each, separated by spaces. Then, you will be presented with a list of
URLs of CPAN mirrors in the countries you selected, along with
previously selected URLs. Select some of those URLs, or just keep the
old list. Finally, you will be prompted for any extra URLs -- file:,
ftp:, or http: -- that host a CPAN mirror.

(1) Africa
(2) Asia
(3) Central America
(4) Europe
(5) North America
(6) Oceania
(7) South America
Select your continent (or several nearby continents) [] 2

(1) Bangladesh
(2) China
(3) Hong Kong
(4) India
(5) Indonesia
(6) Israel
(7) Japan
(8) Kazakhstan
(9) Pakistan
(10) Republic of Korea
(11) Russia
(12) Saudi Arabia
(13) Singapore
(14) Taiwan
(15) Thailand
(16) Turkey
Select your country (or several nearby countries) [] 7

(1) ftp://ftp.dti.ad.jp/pub/lang/CPAN/
(2) ftp://ftp.jaist.ac.jp/pub/CPAN/
(3) ftp://ftp.kddilabs.jp/CPAN/
(4) ftp://ftp.nara.wide.ad.jp/pub/CPAN/
(5) ftp://ftp.riken.jp/lang/CPAN/
(6) ftp://ftp.ring.gr.jp/pub/lang/perl/CPAN/
(7) ftp://ftp.u-aizu.ac.jp/pub/CPAN/
(8) ftp://ftp.yz.yamagata-u.ac.jp/pub/lang/cpan/
Select as many URLs as you like (by number),
put them on one line, separated by blanks, hyphenated ranges allowed
 e.g. '1 4 5' or '7 1-4 8' [] 5 3 1

Enter another URL or RETURN to quit: []
New urllist
  ftp://ftp.riken.jp/lang/CPAN/
  ftp://ftp.kddilabs.jp/CPAN/
  ftp://ftp.dti.ad.jp/pub/lang/CPAN/


commit: wrote '/usr/share/perl5/CPAN/Config.pm'
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9402)
Enter 'h' for help.


cpan[1]>

Config::IniFiles モジュールをインストールします。前提モジュールのインストールを行うか確認するプロンプトが何度か表示されますが、全て yes で応答します。

cpan[1]> install Config::IniFiles
~省略~
Building Config-IniFiles
Installing /usr/local/share/perl5/Config/IniFiles.pm
Installing /usr/local/share/man/man3/Config::IniFiles.3pm
  SHLOMIF/Config-IniFiles-2.68.tar.gz
  ./Build install --uninst 1 -- OK

cpan[2]>

② Net-SNMP のセットアップ

net-snmp および net-snmp-perl をインストールします。net-snmp-utils については必須ではありませんが、動作確認に使用するので、ここでインストールしておきましょう。

[root@centos6 ~]# yum install net-snmp net-snmp-utils net-snmp-perl
~省略~
==========================================================================================
 Package                 Arch           Version                     Repository       Size
==========================================================================================
Installing:
 net-snmp                x86_64         1:5.5-27.el6_0.1            updates         297 k
 net-snmp-perl           x86_64         1:5.5-27.el6_0.1            updates         312 k
 net-snmp-utils          x86_64         1:5.5-27.el6_0.1            updates         166 k
Installing for dependencies:
 lm_sensors-libs         x86_64         3.1.1-10.el6                base             37 k
 net-snmp-libs           x86_64         1:5.5-27.el6_0.1            updates         1.5 M

Transaction Summary
==========================================================================================
Install       5 Package(s)
Upgrade       0 Package(s)

Total download size: 2.3 M
Installed size: 7.6 M
Is this ok [y/N]: y
~省略~
Installed:
  net-snmp.x86_64 1:5.5-27.el6_0.1             net-snmp-perl.x86_64 1:5.5-27.el6_0.1
  net-snmp-utils.x86_64 1:5.5-27.el6_0.1

Dependency Installed:
  lm_sensors-libs.x86_64 0:3.1.1-10.el6       net-snmp-libs.x86_64 1:5.5-27.el6_0.1

Complete!

MIB ディレクトリ(CentOS での RPM インストール時は /usr/share/snmp/mibs)に以下の MIB ファイルを配置します。これらの MIB ファイルは、Cisco の FTP サイトからダウンロードできます。

CISCO-CONFIG-MAN-MIB.my
CISCO-GENERAL-TRAPS.my
CISCO-ENVMON-MIB.my
CISCO-HSRP-MIB.my
CISCO-PROCESS-MIB.my
CISCO-SMI.my
CISCO-SYSLOG-MIB.my
CISCO-TC.my
OLD-CISCO-INTERFACES-MIB.my
OLD-CISCO-SYSTEM-MIB.my
OLD-CISCO-TCP-MIB.my
OLD-CISCO-TS-MIB.my

ちなみに、ロード対象の MIB ファイルに記述漏れや誤りがあった場合、snmptrapd や snmptt 等のデーモンプロセスの起動時や snmptrap や snmpttconvertmib 等のコマンドの実行時にエラーメッセージが出力されることがあります。

例えば、上記のファイルの中では、CISCO-GENERAL-TRAPS.my をロードする際に以下のようなメッセージが表示されます。

[root@centos6 ~]# /etc/init.d/snmptt start
snmptt を起動中: Unlinked OID in CISCOTRAP-MIB: snmp# ::= { snmp 0 }
Undefined identifier: snmp near line 74 of /usr/share/snmp/mibs/CISCO-GENERAL-TRAPS.my
Unlinked OID in CISCOTRAP-MIB: snmp# ::= { snmp 0 }
Undefined identifier: snmp near line 64 of /usr/share/snmp/mibs/CISCO-GENERAL-TRAPS.my
Unlinked OID in CISCOTRAP-MIB: snmp# ::= { snmp 0 }
Undefined identifier: snmp near line 50 of /usr/share/snmp/mibs/CISCO-GENERAL-TRAPS.my
Unlinked OID in CISCOTRAP-MIB: snmp# ::= { snmp 0 }
Undefined identifier: snmp near line 40 of /usr/share/snmp/mibs/CISCO-GENERAL-TRAPS.my
Unlinked OID in CISCOTRAP-MIB: snmp# ::= { snmp 0 }
Undefined identifier: snmp near line 30 of /usr/share/snmp/mibs/CISCO-GENERAL-TRAPS.my
                                                           [  OK  ]

このメッセージは、IMPORTS ブロックに記述がない外部オブジェクト(ここでは SNMPv2-MIB で定義されている snmp)が MIB ファイル内で使用されていることを示すもので、IMPORTS ブロックの適切な箇所に記述を追加することで出力を止めることができます(「一般トラップのエンタープライズなのだから、本来は snmpTraps じゃないの?」という指摘は脇に置くとして…)。

    CISCOTRAP-MIB DEFINITIONS ::= BEGIN

          IMPORTS
              snmpTraps
                   FROM SNMPv2-MIB
              sysUpTime, ifIndex, ifDescr, ifType, egpNeighAddr, 
              tcpConnState
                   FROM RFC1213-MIB
              cisco
                   FROM CISCO-SMI
              whyReload, authAddr
                   FROM OLD-CISCO-SYSTEM-MIB
              locIfReason
                   FROM OLD-CISCO-INTERFACES-MIB
              tslineSesType, tsLineUser
                   FROM OLD-CISCO-TS-MIB
              loctcpConnElapsed, loctcpConnInBytes, loctcpConnOutBytes
                   FROM OLD-CISCO-TCP-MIB
              TRAP-TYPE
                   FROM RFC-1215;
~省略~

なお、よく似たメッセージに以下のものがありますが、こちらは依存関係のある MIB モジュール(ここでは CISCO-QOS-PIB-MIB)がロードされていないことを示すもので、通常は MIB ファイル自体の誤りではありません。この場合の対処は、CISCO-QOS-PIB-MIB を MIB ディレクトリに配置し、ロード対象モジュールに含める、といったものになります。

Cannot find module (CISCO-QOS-PIB-MIB): At line 15 in /usr/share/snmp/mibs/CISCO-MEMORY-POOL-MIB-V1SMI.my
Did not find 'Percent' in module #-1 (/usr/share/snmp/mibs/CISCO-MEMORY-POOL-MIB-V1SMI.my)

ちなみに、CISCOTRAP-MIB モジュールについては上記のエラーの他にも snmpttconvertmib 実行時に注意が必要となるのですが、そちらについてはまた別の機会に説明したいと思います。

③ Firewall の受信許可設定

Firewall を有効にしている場合は、162/udp の受信を許可するルールを追加します。方法としては、コマンドで追加する方法とファイルを直接編集する方法がありますが、今回はファイルの編集を行います。

/etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -p udp --dport 162 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

ファイルの編集が完了したら、iptables を再起動します。

[root@centos6 snmptt_1.3]# service iptables restart
iptables: ファイアウォールルールを消去中:                  [  OK  ]
iptables: チェインをポリシー ACCEPT へ設定中filter         [  OK  ]
iptables: モジュールを取り外し中:                          [  OK  ]
iptables: ファイアウォールルールを適用中:                  [  OK  ]

以上で準備は完了です。引き続き、SNMPTT のインストールを行っていきます。

3. SNMPTT のインストール

① SNMPTT のダウンロード

SourceForge の ダウンロードサイトから SNMPTT をダウンロードします。2011/7/10 時点の最新バージョンは 1.3 です。

[root@centos6 src]# wget http://downloads.sourceforge.net/project/snmptt/snmptt/snmptt_1.3/snmptt_1.3.tgz
~省略~
100%[================================================>] 146,314     83.9K/s 時間 1.7s

2011-07-10 15:03:23 (83.9 KB/s) - `snmptt_1.3.tgz' へ保存完了 [146314/146314]

[root@centos6 src]# tar zxvf snmptt_1.3.tgz
snmptt_1.3/
~省略~
[root@centos6 src]# cd snmptt_1.3
[root@centos6 snmptt_1.3]# ls -la
合計 420
drwxrwxr-x. 6 mockbuild mockbuild   4096 11月 15 22:36 2009 .
drwxr-xr-x. 3 root      root        4096  7月 18 01:02 2011 ..
-rw-rw-r--. 1 root      root           1  2月 22 05:01 2003 BUGS
-rw-rw-r--. 1 root      root       18009  4月 19 23:16 2002 COPYING
-rw-rw-r--. 1 root      root       43359 11月 15 22:31 2009 ChangeLog
-rw-rw-r--. 1 root      root         135  4月 16 13:17 2005 INSTALL
-rw-rw-r--. 1 root      root         135  4月 16 13:17 2005 README
drwxrwxr-x. 2 root      root        4096 11月 15 22:36 2009 bin
drwxrwxr-x. 2 root      root        4096 11月 15 22:36 2009 contrib
drwxrwxr-x. 2 root      root        4096 11月 15 22:36 2009 docs
drwxrwxr-x. 2 root      root        4096 11月 15 22:36 2009 examples
-rw-rw-r--. 1 root      root         384  1月  7 03:34 2003 sample-trap
-rw-rw-r--. 1 root      root         395  8月 17 03:12 2004 sample-trap-daemon
-rw-rw-r--. 1 root      root         321  8月 17 03:12 2004 sample-unknown-trap
-rw-rw-r--. 1 root      root         332  8月 17 03:12 2004 sample-unknown-trap-daemon
-rwxrwxr-x. 1 root      root      174107 11月 15 22:31 2009 snmptt
-rw-rw-r--. 1 root      root        2603  3月  1 01:30 2003 snmptt-eventlog.mc
-rwxrwxr-x. 1 root      root        1702  5月 18 00:56 2009 snmptt-init.d
-rwxrwxr-x. 1 root      root        7507 10月 13 08:39 2007 snmptt-net-snmp-test
-rw-rw-r--. 1 root      root       25952 11月 15 22:31 2009 snmptt.ini
-rw-rw-r--. 1 root      root       25444 11月 15 22:31 2009 snmptt.ini-nt
-rw-rw-r--. 1 root      root         276  5月 19 21:49 2009 snmptt.logrotate
-rwxrwxr-x. 1 root      root        3291 11月 15 22:31 2009 snmpttconvert
-rwxrwxr-x. 1 root      root       30438 11月 15 22:31 2009 snmpttconvertmib
-rwxrwxr-x. 1 root      root        6488 11月 15 22:31 2009 snmptthandler
-rw-rw-r--. 1 root      root        9038 11月 15 22:31 2009 snmptthandler-embedded

② セットアップ

SNMPTT のセットアップを行います。今回インストールする v1.3 の場合、 snmptt プロセスの動作モードとして、snmptrapd から直接呼びだされるコマンドとして動作するスタンドアロンモードと、システムに常駐して spool に出力されたログを定期的に処理するデーモンモードの 2 種類が選択可能です。また、デーモンモードでの利用時には、使用するハンドラーを snmptthandler(標準ハンドラー)と snmptthandler-embedded(組み込みハンドラー)の 2 種類から選べるため、合計で 3 種類の動作モードが存在します。

それぞれの動作モードにはメリット、デメリットがありますが、今回は設定が最も容易なスタンドアロンモードで設定を行います。

まずは必要なファイルを適切なディレクトリに配置し、パーミッションを設定します。

[root@centos6 snmptt_1.3]# cp -p snmptt /usr/sbin
[root@centos6 snmptt_1.3]# cp -p snmpttconvertmib /usr/sbin
[root@centos6 snmptt_1.3]# cp -p snmptt.ini /etc/snmp
[root@centos6 snmptt_1.3]# cp -p snmptt.logrotate /etc/logrotate.d/snmptt
[root@centos6 snmptt_1.3]# chmod 755 /usr/sbin/snmptt
[root@centos6 snmptt_1.3]# chmod 755 /usr/sbin/snmpttconvertmib
[root@centos6 snmptt_1.3]# chmod 644 /etc/snmp/snmptt.ini
[root@centos6 snmptt_1.3]# chmod 644 /etc/logrotate.d/snmptt

snmptt の動作に必要となるログディレクトリを作成します。

[root@centos6 snmptt_1.3]# mkdir /var/log/snmptt
root@centos6 snmptt_1.3]# chmod 644 /var/log/snmptt

snmptrapd の自動起動の設定を行います。

[root@centos6 snmptt_1.3]# chkconfig --level 2345 snmptrapd on
[root@centos6 snmptt_1.3]# chkconfig --list snmptrapd
snmptrapd       0:off   1:off   2:on    3:on    4:on    5:on    6:off

snmptrapd の起動スクリプトを編集し、起動オプションを変更します。

/etc/init.d/snmptrapd
#!/bin/bash

# ucd-snmp init file for snmptrapd
#
# chkconfig: - 50 50
# description: Simple Network Management Protocol (SNMP) Trap Daemon
#
# processname: /usr/sbin/snmptrapd
# config: /etc/snmp/snmptrapd.conf
# config: /usr/share/snmp/snmptrapd.conf
# pidfile: /var/run/snmptrapd.pid


### BEGIN INIT INFO
# Provides: snmptrapd
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Should-Start:
# Should-Stop:
# Default-Start:
# Default-Stop:
# Short-Description: start and stop Net-SNMP trap daemon
# Description: Simple Network Management Protocol (SNMP) trap daemon
### END INIT INFO

# source function library
. /etc/init.d/functions

#OPTIONS="-Lsd -p /var/run/snmptrapd.pid"
OPTIONS="-m +ALL -Lsd -On -p /var/run/snmptrapd.pid"
if [ -e /etc/sysconfig/snmptrapd ]; then
  . /etc/sysconfig/snmptrapd
fi

RETVAL=0
prog="snmptrapd"
binary=/usr/sbin/snmptrapd
pidfile=/var/run/snmptrapd.pid

start() {
        [ -x $binary ] || exit 5
        echo -n $"Starting $prog: "
        daemon --pidfile=$pidfile /usr/sbin/snmptrapd $OPTIONS
        RETVAL=$?
        echo
        touch /var/lock/subsys/snmptrapd
        return $RETVAL
}

stop() {
        echo -n $"Stopping $prog: "
        killproc -p $pidfile /usr/sbin/snmptrapd
        RETVAL=$?
        echo
        rm -f /var/lock/subsys/snmptrapd
        return $RETVAL
}

reload(){
        stop
        start
}

restart(){
        stop
        start
}

condrestart(){
    [ -e /var/lock/subsys/snmptrapd ] && restart
    return 0
}

case "$1" in
  start)
        start
        RETVAL=$?
        ;;
  stop)
        stop
        RETVAL=$?
        ;;
  restart)
        restart
        RETVAL=$?
        ;;
  reload|force-reload)
        reload
        RETVAL=$?
        ;;
  condrestart|try-restart)
        condrestart
        RETVAL=$?
        ;;
  status)
        status snmptrapd
        RETVAL=$?
        ;;
  *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload}"
        RETVAL=2
esac

exit $RETVAL

snmptrapd の設定ファイルを編集し、snmptt と連携するための設定を追記します。

/etc/snmp/snmptrapd.conf
# Example configuration file for snmptrapd
#
# No traps are handled by default, you must edit this file!
#
# authCommunity   log,execute,net public
# traphandle SNMPv2-MIB::coldStart    /usr/bin/bin/my_great_script cold

authCommunity execute public
traphandle default /usr/sbin/snmptt

SNMPTT の設定ファイルを編集します。

/etc/snmp/snmptt.ini
#
# SNMPTT v1.3 Configuration File
#
# Linux / Unix
#

[General]
# Name of this system for $H variable.  If blank, system name will be the computer's
# hostname via Sys::Hostname.
snmptt_system_name = 

# Set to either 'standalone' or 'daemon'
# standalone: snmptt called from snmptrapd.conf
# daemon: snmptrapd.conf calls snmptthandler
# Ignored by Windows.  See documentation
mode = standalone

# Set to 1 to allow multiple trap definitions to be executed for the same trap.
# Set to 0 to have it stop after the first match.
# This option should normally be set to 1.  See the section 'SNMPTT.CONF Configuration 
# file Notes' in the SNMPTT documentation for more information.
# Note: Wildcard matches are only matched if there are NO exact matches.  This takes
# 	into consideration the NODES list.  Therefore, if there is a matching trap, but
#	the NODES list prevents it from being considered a match, the wildcard entry will
#	only be used if there are no other exact matches.
multiple_event = 0

# SNMPTRAPD passes the IP address of device sending the trap, and the IP address of the
# actual SNMP agent.  These addresses could differ if the trap was sent on behalf of another
# device (relay, proxy etc).
# If DNS is enabled, the agent IP address is converted to a host name using a DNS lookup
# (which includes the local hosts file, depending on how the OS is configured).  This name
# will be used for: NODES entry matches, hostname field in logged traps (file / database), 
# and the $A variable.  Host names on the NODES line will be resolved and the IP address 
# will then be used for comparing.
# Set to 0 to disable DNS resolution
# Set to 1 to enable DNS resolution
dns_enable = 1

# Set to 0 to enable the use of FQDN (Fully Qualified Domain Names).  If a host name is
# passed to SNMPTT that contains a domain name, it will not be altered in any way by
# SNMPTT.  This also affects resolve_value_ip_addresses.
# Set to 1 to have SNMPTT strip the domain name from the host name passed to it.  For 
# example, server01.domain.com would be changed to server01
# Set to 2 to have SNMPTT strip the domain name from the host name passed to it
# based on the list of domains in strip_domain_list
strip_domain = 0

# List of domain names that should be stripped when strip_domain is set to 2.
# List can contain one or more domains.  For example, if the FQDN of a host is
# server01.city.domain.com and the list contains domain.com, the 'host' will be
# set as server01.city.
strip_domain_list = <<END
domain.com
END

# Configures how IP addresses contained in the VALUE of the variable bindings are handled.
# This only applies to the values for $n, $+n, $-n, $vn, $+*, $-*.
# Set to 0 to disable resolving ip address to host names
# Set to 1 to enable resolving ip address to host names
# Note: net_snmp_perl_enable *must* be enabled.  The strip_domain settings influence the
# format of the resolved host name.  DNS must be enabled (dns_enable)
resolve_value_ip_addresses = 0

# Set to 1 to enable the use of the Perl module from the UCD-SNMP / NET-SNMP package.
# This is required for $v variable substitution to work, and also for some other options
# that are enabled in this .ini file.
# Set to 0 to disable the use of the Perl module from the UCD-SNMP / NET-SNMP package.
# Note: Enabling this with stand-alone mode can cause SNMPTT to run very slowly due to
#       the loading of the MIBS at startup.
net_snmp_perl_enable = 1

# This sets the best_guess parameter used by the UCD-SNMP / NET-SNMP Perl module for 
# translating symbolic nams to OIDs and vice versa.
# For UCD-SNMP, and Net-SNMP 5.0.8 and previous versions, set this value to 0.
# For Net-SNMP 5.0.9, or any Net-SNMP with patch 722075 applied, set this value to 2.
# A value of 2 is equivalent to -IR on Net-SNMP command line utilities.
# UCD-SNMP and Net-SNMP 5.0.8 and previous may not be able to translate certain formats of
# symbolic names such as RFC1213-MIB::sysDescr.  Net-SNMP 5.0.9 or patch 722075 will allow
# all possibilities to be translated.  See the FAQ section in the README for more info
net_snmp_perl_best_guess = 2

# Configures how the OID of the received trap is handled when outputting to a log file /
# database.  It does NOT apply to the $O variable.
# Set to 0 to use the default of numerical OID
# Set to 1 to translate the trap OID to short text (symbolic form) (eg: linkUp)
# Set to 2 to translate the trap OID to short text with module name (eg: IF-MIB::linkUp)
# Set to 3 to translate the trap OID to long text (eg: iso...snmpTraps.linkUp)
# Set to 4 to translate the trap OID to long text with module name (eg: 
# IF-MIB::iso...snmpTraps.linkUp)
# Note: -The output of the long format will vary depending on the version of Net-SNMP you
#        are using.
#       -net_snmp_perl_enable *must* be enabled
#       -If using database logging, ensure the trapoid column is large enough to hold the
#        entire line
translate_log_trap_oid = 1

# Configures how OIDs contained in the VALUE of the variable bindings are handled.
# This only applies to the values for $n, $+n, $-n, $vn, $+*, $-*.  For substitutions
# that include variable NAMES ($+n etc), only the variable VALUE is affected.
# Set to 0 to disable translating OID values to text (symbolic form)
# Set to 1 to translate OID values to short text (symbolic form) (eg: BuildingAlarm)
# Set to 2 to translate OID values to short text with module name (eg: UPS-MIB::BuildingAlarm)
# Set to 3 to translate OID values to long text (eg: iso...upsAlarm.BuildingAlarm)
# Set to 4 to translate OID values to long text with module name (eg: 
# UPS-MIB::iso...upsAlarm.BuildingAlarm)
# For example, if the value contained: 'A UPS Alarm (.1.3.6.1.4.1.534.1.7.12) has cleared.',
# it could be translated to: 'A UPS Alarm (UPS-MIB::BuildingAlarm) has cleared.'
# Note: net_snmp_perl_enable *must* be enabled
translate_value_oids = 1

# Configures how the symbolic enterprise OID will be displayed for $E.
# Set to 1, 2, 3 or 4.  See translate_value_oids options 1,2,3 and 4. 
# Note: net_snmp_perl_enable *must* be enabled
translate_enterprise_oid_format = 1

# Configures how the symbolic trap OID will be displayed for $O.
# Set to 1, 2, 3 or 4.  See translate_value_oids options 1,2,3 and 4. 
# Note: net_snmp_perl_enable *must* be enabled
translate_trap_oid_format = 1

# Configures how the symbolic trap OID will be displayed for $v, $-n, $+n, $-* and $+*.
# Set to 1, 2, 3 or 4.  See translate_value_oids options 1,2,3 and 4. 
# Note: net_snmp_perl_enable *must* be enabled
translate_varname_oid_format = 1

# Set to 0 to disable converting INTEGER values to enumeration tags as defined in the 
# MIB files
# Set to 1 to enable converting INTEGER values to enumeration tags as defined in the 
# MIB files
# Example: moverDoorState:open instead of moverDoorState:2
# Note: net_snmp_perl_enable *must* be enabled
translate_integers = 1

# Allows you to set the MIBS environment variable used by SNMPTT
# Leave blank or comment out to have the systems enviroment settings used
# To have all MIBS processed, set to ALL
# See the snmp.conf manual page for more info
#mibs_environment = ALL

# Set what is used to separate variables when wildcards are expanded on the FORMAT /
# EXEC line.  Defaults to a space.  Value MUST be within quotes.  Can contain 1 or 
# more characters
wildcard_expansion_separator = " "

# Set to 1 to allow unsafe REGEX code to be executed.
# Set to 0 to prevent unsafe REGEX code from being executed (default).
# Enabling unsafe REGEX code will allow variable interopolation and the use of the e
# modifier to allow statements such as substitution with captures such
# as:            (one (two) three)(five $1 six)
# which outputs: five two six
# or:            (one (two) three)("five ".length($1)." six")e
# which outputs: five 3 six
#
# This is considered unsafe because the contents of the regular expression 
# (right) is executed (eval) by Perl which *could contain unsafe code*.
# BE SURE THAT THE SNMPTT CONFIGURATION FILES ARE SECURE!
allow_unsafe_regex = 0

# Set to 1 to have the backslash (escape) removed from quotes passed from
# snmptrapd.  For example, \" would be changed to just "
# Set to 0 to disable
remove_backslash_from_quotes = 0

# Set to 1 to have NODES files loaded each time a trap is processed.
# Set to 0 to have all NODES files loaded when the snmptt.conf files are loaded.
# If NODES files are used (files that contain lists of NODES), then setting to 1
# will cause the list to be loaded each time an EVENT is processed that uses
# NODES files.  This will allow the NODES file to be modified while SNMPTT is 
# running but can result in many file reads depending on the number of traps
# received.  Defaults to 0
dynamic_nodes = 0

# This option allows you to use the $D substitution variable to include the
# description text from the SNMPTT.CONF or MIB files.
# Set to 0 to disable the $D substitution variable.  If $D is used, nothing
#  will be outputted.
# Set to 1 to enable the $D substitution variable and have it use the
#  descriptions stored in the SNMPTT .conf files.  Enabling this option can
#  greatly increase the amount of memory used by SNMPTT.
# Set to 2 to enable the $D substitution variable and have it use the
#  description from the MIB files.  This enables the UCD-SNMP / NET-SNMP Perl 
#  module save_descriptions variable.  Enabling this option can greatly 
#  increase the amount of memory used by the Net-SNMP SNMP Perl module, which 
#  will result in an increase of memory usage by SNMPTT.
description_mode = 0

# Set to 1 to remove any white space at the start of each line from the MIB
# or SNMPTT.CONF description when description_mode is set to 1 or 2.
description_clean = 1

# Warning: Experimental.  Not recommended for production environments.
#          When threads are enabled, SNMPTT may quit unexpectedly.
# Set to 1 to enable threads (ithreads) in Perl 5.6.0 or higher.  If enabled,
# EXEC will launch in a thread to allow SNMPTT to continue processing other
# traps.  See also threads_max.
# Set to 0 to disable threads (ithreads).
# Defaults to 0
threads_enable = 0

# Warning: Experimental.  Not recommended for production environments.
#          When threads are enabled, SNMPTT may quit unexpectedly.
# This option allows you to set the maximum number of threads that will 
# execute at once.  Defaults to 10
threads_max = 10

# The date format for $x in strftime() format.  If not defined, defaults 
# to %a %b %e %Y.
#date_format = %a %b %e %Y

# The time format for $X in strftime() format.  If not defined, defaults 
# to %H:%M:%S.
#time_format = %H:%M:%S 

# The date time format in strftime() format for the date/time when logging 
# to standard output, snmptt log files (log_file) and the unknown log file 
# (unknown_trap_log_file).  Defaults to localtime().  For SQL, see 
# date_time_format_sql.
# Example:  %a %b %e %Y %H:%M:%S
#date_time_format = 

[DaemonMode]
# Set to 1 to have snmptt fork to the background when run in daemon mode
# Ignored by Windows.  See documentation
daemon_fork = 1

# Set to the numerical user id (eg: 500) or textual user id (eg: snmptt)
# that snmptt should change to when running in daemon mode.  Leave blank
# to disable.  The user used should have read/write access to all log
# files, the spool folder, and read access to the configuration files.
# Only use this if you are starting snmptt as root.
# A second (child) process will be started as the daemon_uid user so
# there will be two snmptt processes running.  The first process will 
# continue to run as the user that ran snmptt (root), waiting for the
# child to quit.  After the child quits, the parent process will remove 
# the snmptt.pid file and exit. 
daemon_uid = snmptt

# Complete path of file to store process ID when running in daemon mode.
pid_file = /var/run/snmptt.pid

# Directory to read received traps from.  Ex: /var/spool/snmptt/
# Don't forget the trailing slash!
spool_directory = /var/spool/snmptt/

# Amount of time in seconds to sleep between processing spool files
sleep = 5

# Set to 1 to have SNMPTT use the time that the trap was processed by SNMPTTHANDLER
# Set to 0 to have SNMPTT use the time the trap was processed.  Note:  Using 0 can
# result in the time being off by the number of seconds used for 'sleep'
use_trap_time = 1

# Set to 0 to have SNMPTT erase the spooled trap file after it attempts to process
# the trap even if it did not successfully log the trap to any of the log systems.
# Set to 1 to have SNMPTT erase the spooled trap file only after it successfully
# logs to at least ONE log system.
# Set to 2 to have SNMPTT erase the spooled trap file only after it successfully
# logs to ALL of the enabled log systems.  Warning:  If multiple log systems are
# enabled and only one fails, the other log system will continuously be logged to
# until ALL of the log systems function.
# The recommended setting is 1 with only one log system enabled.
keep_unlogged_traps = 1

# How often duplicate traps will be processed.  An MD5 hash of all incoming traps
# is stored in memory and is used to check for duplicates.  All variables except for
# the uptime variable are used when calculating the MD5.  The larger this variable,
# the more memory snmptt will require.
# Note:  In most cases it may be a good idea to enable this but sometimes it can have a 
#        negative effect.  For example, if you are trying to troubleshoot a wireless device
#        that keeps losing it's connection you may want to disable this so that you see
#        all the associations and disassociations.
# 5 minutes = 300
# 10 minutes = 600
# 15 minutes = 900
duplicate_trap_window = 0

[Logging]
# Set to 1 to enable messages to be sent to standard output, or 0 to disable.
# Would normally be disabled unless you are piping this program to another
stdout_enable = 0

# Set to 1 to enable text logging of *TRAPS*.  Make sure you specify a log_file 
# location
log_enable = 1

# Log file location.  The COMPLETE path and filename.  Ex: '/var/log/snmptt/snmptt.log'
log_file = /var/log/snmptt/snmptt.log

# Set to 1 to enable text logging of *SNMPTT system errors*.  Make sure you 
# specify a log_system_file location
log_system_enable = 1

# Log file location.  The COMPLETE path and filename.  
# Ex: '/var/log/snmptt/snmpttsystem.log'
log_system_file = /var/log/snmptt/snmpttsystem.log

# Set to 1 to enable logging of unknown traps.  This should normally be left off
# as the file could grow large quickly.  Used primarily for troubleshooting.  If
# you have defined a trap in snmptt.conf, but it is not executing, enable this to
# see if it is being considered an unknown trap due to an incorrect entry or 
# simply missing from the snmptt.conf file.
# Unknown traps can be logged either a text file, a SQL table or both.
# See SQL section to define a SQL table to log unknown traps to.
unknown_trap_log_enable = 1

# Unknown trap log file location.  The COMPLETE path and filename.  
# Ex: '/var/log/snmptt/snmpttunknown.log'
# Leave blank to disable logging to text file if logging to SQL is enabled
# for unknown traps
unknown_trap_log_file = /var/log/snmptt/snmpttunknown.log

# How often in seconds statistics should be logged to syslog or the event log.
# Set to 0 to disable
# 1 hour = 216000
# 12 hours = 2592000
# 24 hours = 5184000
statistics_interval = 0

# Set to 1 to enable logging of *TRAPS* to syslog.  If you do not have the Sys::Syslog
# module then disable this.  Windows users should disable this.
syslog_enable = 0

# Syslog facility to use for logging of *TRAPS*.  For example: 'local0'
syslog_facility = local0

# Set the syslog level for *TRAPS* based on the severity level of the trap
# as defined in the snmptt.conf file.  Values must be one per line between 
# the syslog_level_* and END lines, and are not case sensitive.  For example:
#   Warning
#   Critical
# Duplicate definitions will use the definition with the higher severity.
syslog_level_debug = <<END
END
syslog_level_info = <<END
END
syslog_level_notice = <<END
END
syslog_level_warning = <<END
END
syslog_level_err = <<END
END
syslog_level_crit = <<END
END
syslog_level_alert = <<END
END

# Syslog default level to use for logging of *TRAPS*.  For example: warning
# Valid values: emerg, alert, crit, err, warning, notice, info, debug 
syslog_level = warning

# Set to 1 to enable logging of *SNMPTT system errors* to syslog.  If you do not have the 
# Sys::Syslog module then disable this.  Windows users should disable this.
syslog_system_enable = 0

# Syslog facility to use for logging of *SNMPTT system errors*.  For example: 'local0'
syslog_system_facility = local0

# Syslog level to use for logging of *SNMPTT system errors*..  For example: 'warning'
# Valid values: emerg, alert, crit, err, warning, notice, info, debug 
syslog_system_level = warning

[SQL]
# Determines if the enterprise column contains the numeric OID or symbolic OID
# Set to 0 for numeric OID
# Set to 1 for symbolic OID
# Uses translate_enterprise_oid_format to determine format
# Note: net_snmp_perl_enable *must* be enabled
db_translate_enterprise = 0

# FORMAT line to use for unknown traps.  If not defined, defaults to $-*.
db_unknown_trap_format = '$-*'

# List of custom SQL column names and values for the table of received traps
# (defined by *_table below).  The format is
#   column name
#   value
#
# For example:
#
#   binding_count
#   $#
#   uptime2
#   The agent has been up for $T.
sql_custom_columns = <<END
END

# List of custom SQL column names and values for the table of unknown traps
# (defined by *_table_unknown below).  See sql_custom_columns for the format.
sql_custom_columns_unknown = <<END
END

# MySQL: Set to 1 to enable logging to a MySQL database via DBI (Linux / Windows)
# This requires DBI:: and DBD::mysql
mysql_dbi_enable = 0

# MySQL: Hostname of database server (optional - default localhost)
mysql_dbi_host = localhost

# MySQL: Port number of database server (optional - default 3306)
mysql_dbi_port = 3306

# MySQL: Database to use
mysql_dbi_database = snmptt

# MySQL: Table to use
mysql_dbi_table = snmptt

# MySQL: Table to use for unknown traps
# Leave blank to disable logging of unknown traps to MySQL
# Note: unknown_trap_log_enable must be enabled.
mysql_dbi_table_unknown = snmptt_unknown

# MySQL: Table to use for statistics
# Note: statistics_interval must be set.  See also stat_time_format_sql.
#mysql_dbi_table_statistics = snmptt_statistics
mysql_dbi_table_statistics = 

# MySQL: Username to use
mysql_dbi_username = snmpttuser

# MySQL: Password to use
mysql_dbi_password = password

# MySQL: Whether or not to 'ping' the database before attempting an INSERT
# to ensure the connection is still valid.  If *any* error is generate by 
# the ping such as 'Unable to connect to database', it will attempt to 
# re-create the database connection.
# Set to 0 to disable
# Set to 1 to enable
# Note:  This has no effect on mysql_ping_interval.
mysql_ping_on_insert = 1

# MySQL: How often in seconds the database should be 'pinged' to ensure the
# connection is still valid.  If *any* error is generate by the ping such as 
# 'Unable to connect to database', it will attempt to re-create the database
# connection.  Set to 0 to disable pinging.
# Note:  This has no effect on mysql_ping_on_insert.
# disabled = 0
# 5 minutes = 300
# 15 minutes = 900
# 30 minutes = 1800
mysql_ping_interval = 300

# PostgreSQL: Set to 1 to enable logging to a PostgreSQL database via DBI (Linux / Windows)
# This requires DBI:: and DBD::PgPP
postgresql_dbi_enable = 0

# Set to 0 to use the DBD::PgPP module
# Set to 1 to use the DBD::Pg module
postgresql_dbi_module = 0

# Set to 0 to disable host and port network support
# Set to 1 to enable host and port network support
# If set to 1, ensure PostgreSQL is configured to allow connections via TCPIP by setting 
# tcpip_socket = true in the $PGDATA/postgresql.conf file, and adding the ip address of 
# the SNMPTT server to $PGDATApg_hba.conf.  The common location for the config files for
# RPM installations of PostgreSQL is /var/lib/pgsql/data.  
postgresql_dbi_hostport_enable = 0

# PostgreSQL: Hostname of database server (optional - default localhost)
postgresql_dbi_host = localhost

# PostgreSQL: Port number of database server (optional - default 5432)
postgresql_dbi_port = 5432

# PostgreSQL: Database to use
postgresql_dbi_database = snmptt

# PostgreSQL: Table to use for unknown traps
# Leave blank to disable logging of unknown traps to PostgreSQL
# Note: unknown_trap_log_enable must be enabled.
postgresql_dbi_table_unknown = snmptt_unknown

# PostgreSQL: Table to use for statistics
# Note: statistics_interval must be set.  See also stat_time_format_sql.
#postgresql_dbi_table_statistics = snmptt_statistics
postgresql_dbi_table_statistics = 

# PostgreSQL: Table to use
postgresql_dbi_table = snmptt

# PostgreSQL: Username to use
postgresql_dbi_username = snmpttuser

# PostgreSQL: Password to use
postgresql_dbi_password = password

# PostgreSQL: Whether or not to 'ping' the database before attempting an INSERT
# to ensure the connection is still valid.  If *any* error is generate by 
# the ping such as 'Unable to connect to database', it will attempt to 
# re-create the database connection.
# Set to 0 to disable
# Set to 1 to enable
# Note:  This has no effect on postgresqll_ping_interval.
postgresql_ping_on_insert = 1

# PostgreSQL: How often in seconds the database should be 'pinged' to ensure the
# connection is still valid.  If *any* error is generate by the ping such as 
# 'Unable to connect to database', it will attempt to re-create the database
# connection.  Set to 0 to disable pinging.
# Note:  This has no effect on postgresql_ping_on_insert.
# disabled = 0
# 5 minutes = 300
# 15 minutes = 900
# 30 minutes = 1800
postgresql_ping_interval = 300

# ODBC: Set to 1 to enable logging to a database via ODBC using DBD::ODBC.  
# This requires both DBI:: and DBD::ODBC
dbd_odbc_enable = 0

# DBD:ODBC: Database to use
dbd_odbc_dsn = snmptt

# DBD:ODBC: Table to use
dbd_odbc_table = snmptt

# DBD:ODBC: Table to use for unknown traps
# Leave blank to disable logging of unknown traps to DBD:ODBC
# Note: unknown_trap_log_enable must be enabled.
dbd_odbc_table_unknown = snmptt_unknown

# DBD:ODBC: Table to use for statistics
# Note: statistics_interval must be set.  See also stat_time_format_sql.
#dbd_odbc_table_statistics = snmptt_statistics
dbd_odbc_table_statistics = 

# DBD:ODBC: Username to use
dbd_odbc_username = snmptt

# DBD:DBC:: Password to use
dbd_odbc_password = password


# DBD:ODBC: Whether or not to 'ping' the database before attempting an INSERT
# to ensure the connection is still valid.  If *any* error is generate by 
# the ping such as 'Unable to connect to database', it will attempt to 
# re-create the database connection.
# Set to 0 to disable
# Set to 1 to enable
# Note:  This has no effect on dbd_odbc_ping_interval.
dbd_odbc_ping_on_insert = 1

# DBD:ODBC:: How often in seconds the database should be 'pinged' to ensure the
# connection is still valid.  If *any* error is generate by the ping such as 
# 'Unable to connect to database', it will attempt to re-create the database
# connection.  Set to 0 to disable pinging.
# Note:  This has no effect on dbd_odbc_ping_on_insert.
# disabled = 0
# 5 minutes = 300
# 15 minutes = 900
# 30 minutes = 1800
dbd_odbc_ping_interval = 300

# The date time format for the traptime column in SQL.  Defaults to 
# localtime().  When a date/time field is used in SQL, this should
# be changed to follow a standard that is supported by the SQL server.
# Example:  For a MySQL DATETIME, use %Y-%m-%d %H:%M:%S.
#date_time_format_sql = 

# The date time format for the stat_time column in SQL.  Defaults to 
# localtime().  When a date/time field is used in SQL, this should
# be changed to follow a standard that is supported by the SQL server.
# Example:  For a MySQL DATETIME, use %Y-%m-%d %H:%M:%S.
#stat_time_format_sql = 

[Exec]

# Set to 1 to allow EXEC statements to execute.  Should normally be left on unless you
# want to temporarily disable all EXEC commands
exec_enable = 1

# Set to 1 to allow PREEXEC statements to execute.  Should normally be left on unless you
# want to temporarily disable all PREEXEC commands
pre_exec_enable = 1

# If defined, the following command will be executed for ALL unknown traps.  Passed to the
# command will be all standard and enterprise variables, similar to unknown_trap_log_file
# but without the newlines.
unknown_trap_exec = 

# FORMAT line that is passed to the unknown_trap_exec command.  If not defined, it
# defaults to what is described in the unknown_trap_exec setting.  The following
# would be *similar* to the default described in the unknown_trap_exec setting
# (all on one line):
# $x !! $X: Unknown trap ($o) received from $A at: Value 0: $A Value 1: $aR 
# Value 2: $T Value 3: $o Value 4: $aA Value 5: $C Value 6: $e Ent Values: $+*
unknown_trap_exec_format = 

# Set to 1 to escape wildards (* and ?) in EXEC, PREEXEC and the unknown_trap_exec
# commands.  Enable this to prevent the shell from expanding the wildcard 
# characters.  The default is 1.
exec_escape = 1

[Debugging]
# 0 - do not output messages
# 1 - output some basic messages
# 2 - out all messages
DEBUGGING = 0

# Debugging file - SNMPTT
# Location of debugging output file.  Leave blank to default to STDOUT (good for
# standalone mode, or daemon mode without forking)
DEBUGGING_FILE = 
# DEBUGGING_FILE = /var/log/snmptt/snmptt.debug

# Debugging file - SNMPTTHANDLER
# Location of debugging output file.  Leave blank to default to STDOUT
DEBUGGING_FILE_HANDLER = 
# DEBUGGING_FILE_HANDLER = /var/log/snmptt/snmptthandler.debug

[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file).  The COMPLETE path 
# and filename.  Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt-cisco.conf
/etc/snmp/snmptt-standard.conf
END

SNMPTT のトラップ定義ファイルを作成します。ファイルの書式は 7.x 以前のバージョンの NNM の trapd.conf と同じなので、過去に NNM を使用したことがある方はその時の trapd.conf を転用してもよいでしょう。

まずは標準トラップ用のトラップ定義ファイルを作成します。

/etc/snmp/snmptt-standard.conf
##########################################################################################
#
# SNMPv2-MIB
#
##########################################################################################
EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
FORMAT エージェントが再起動しました。種別:coldStart
SDESC
A coldStart trap signifies that the SNMPv2 entity, acting
in an agent role, is reinitializing itself and that its
configuration may have been altered.
EDESC
#
#
#
EVENT warmStart .1.3.6.1.6.3.1.1.5.2 "Status Events" Normal
FORMAT エージェントが再起動しました。種別:warmStart
SDESC
A warmStart trap signifies that the SNMPv2 entity, acting
in an agent role, is reinitializing itself such that its
configuration is unaltered.
EDESC
#
#
#
EVENT authenticationFailure .1.3.6.1.6.3.1.1.5.5 "Status Events" Warning
FORMAT コミュニティ名が不正です。
SDESC
An authenticationFailure trap signifies that the SNMP
entity has received a protocol message that is not
properly authenticated.  While all implementations
of SNMP entities MAY be capable of generating this
trap, the snmpEnableAuthenTraps object indicates
whether this trap will be generated.
EDESC
##########################################################################################
#
# IF-MIB
#
##########################################################################################
EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Critical
FORMAT インターフェース $1 が停止しました。状態:$2/$3
SDESC
A linkDown trap signifies that the SNMP entity, acting in
an agent role, has detected that the ifOperStatus object for
one of its communication links is about to enter the down
state from some other state (but not from the notPresent
state).  This other state is indicated by the included value
of ifOperStatus.
Variables:
  1: ifIndex
     Syntax="INTEGER32"
     Descr="A unique value, greater than zero, for each interface.  It
            is recommended that values are assigned contiguously
            starting from 1.  The value for each interface sub-layer
            must remain constant at least from one re-initialization of
            the entity's network management system to the next re-
            initialization."
  2: ifAdminStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
     Descr="The desired state of the interface.  The testing(3) state
            indicates that no operational packets can be passed.  When a
            managed system initializes, all interfaces start with
            ifAdminStatus in the down(2) state.  As a result of either
            explicit management action or per configuration information
            retained by the managed system, ifAdminStatus is then
            changed to either the up(1) or testing(3) states (or remains
            in the down(2) state)."
  3: ifOperStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
       4: unknown
       5: dormant
       6: notPresent
       7: lowerLayerDown
     Descr="The current operational state of the interface.  The
            testing(3) state indicates that no operational packets can
            be passed.  If ifAdminStatus is down(2) then ifOperStatus
            should be down(2).  If ifAdminStatus is changed to up(1)
            then ifOperStatus should change to up(1) if the interface is
            ready to transmit and receive network traffic; it should
            change to dormant(5) if the interface is waiting for
            external actions (such as a serial line waiting for an
            incoming connection); it should remain in the down(2) state
            if and only if there is a fault that prevents it from going
            to the up(1) state; it should remain in the notPresent(6)
            state if the interface has missing (typically, hardware)
            components."
EDESC
#
#
#
EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal
FORMAT インターフェース $1 が動作を開始しました。状態:$2/$3
SDESC
A linkUp trap signifies that the SNMP entity, acting in an
agent role, has detected that the ifOperStatus object for
one of its communication links left the down state and
transitioned into some other state (but not into the
notPresent state).  This other state is indicated by the
included value of ifOperStatus.
Variables:
  1: ifIndex
     Syntax="INTEGER"
     Descr="A unique value, greater than zero, for each interface.  It
        is recommended that values are assigned contiguously
        starting from 1.  The value for each interface sub-layer
        must remain constant at least from one re-initialization of
        the entity's network management system to the next re-
        initialization."
  2: ifAdminStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
     Descr="The desired state of the interface.  The testing(3) state
        indicates that no operational packets can be passed.  When a
        managed system initializes, all interfaces start with
        ifAdminStatus in the down(2) state.  As a result of either
        explicit management action or per configuration information
        retained by the managed system, ifAdminStatus is then
        changed to either the up(1) or testing(3) states (or remains
        in the down(2) state)."
  3: ifOperStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
       4: unknown
       5: dormant
       6: notPresent
       7: lowerLayerDown
     Descr="The current operational state of the interface.  The
        testing(3) state indicates that no operational packets can
        be passed.  If ifAdminStatus is down(2) then ifOperStatus
        should be down(2).  If ifAdminStatus is changed to up(1)
        then ifOperStatus should change to up(1) if the interface is
        ready to transmit and receive network traffic; it should
        change to dormant(5) if the interface is waiting for
        external actions (such as a serial line waiting for an
        incoming connection); it should remain in the down(2) state
        if and only if there is a fault that prevents it from going
        to the up(1) state; it should remain in the notPresent(6)
        state if the interface has missing (typically, hardware)
        components."
EDESC
#
#
#

Cisco 機器用のトラップ定義ファイルを作成します。

/etc/snmp/snmptt-cisco.conf
##########################################################################################
#
# CISCOTRAP-MIB
#
##########################################################################################
EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Cisco Status Events" Normal
FORMAT エージェントが再起動しました。種別:coldStart, 理由:$2
NODES /etc/snmp/snmptt-cisco.nodes
SDESC
A coldStart trap signifies that the sending
protocol entity is reinitializing itself such
that the agent's configuration or the protocol
entity implementation may be altered.
Variables:
  1: sysUpTime
     Syntax="TICKS"
     Descr="The time (in hundredths of a second) since the
                      network management portion of the system was last
                      re-initialized."
  2: whyReload
     Syntax=""
EDESC
#
#
#
EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Cisco Status Events" Critical
FORMAT インターフェース $2 が停止しました。状態:$4
NODES /etc/snmp/snmptt-cisco.nodes
SDESC
A linkDown trap signifies that the sending
protocol entity recognizes a failure in one of
the communication links represented in the
agent's configuration.
Variables:
  1: ifIndex
     Syntax="INTEGER"
     Descr="A unique value for each interface.  Its value
                      ranges between 1 and the value of ifNumber.  The
                      value for each interface must remain constant at
                      least from one re-initialization of the entity's
                      network management system to the next re-
                      initialization."
  2: ifDescr
     Syntax="OCTETSTR"
     Descr="A textual string containing information about the
                      interface.  This string should include the name of
                      the manufacturer, the product name and the version
                      of the hardware interface."
  3: ifType
     Syntax="INTEGER"
       1: other
       10: iso88026-man
       11: starLan
       12: proteon-10Mbit
       13: proteon-80Mbit
       14: hyperchannel
       15: fddi
       16: lapb
       17: sdlc
       18: ds1
       19: e1
       2: regular1822
       20: basicISDN
       21: primaryISDN
       22: propPointToPointSerial
       23: ppp
       24: softwareLoopback
       25: eon
       26: ethernet-3Mbit
       27: nsip
       28: slip
       29: ultra
       3: hdh1822
       30: ds3
       31: sip
       32: frame-relay
       4: ddn-x25
       5: rfc877-x25
       6: ethernet-csmacd
       7: iso88023-csmacd
       8: iso88024-tokenBus
       9: iso88025-tokenRing
     Descr="The type of interface, distinguished according to
                      the physical/link protocol(s) immediately `below'
                      the network layer in the protocol stack."
  4: locIfReason
     Syntax="OCTETSTR"
     Descr="Reason for interface last status change."
EDESC
#
#
#
EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Cisco Status Events" Normal
FORMAT インターフェース $2 が動作を開始しました。状態:$4
NODES /etc/snmp/snmptt-cisco.nodes
SDESC
A linkUp trap signifies that the sending
protocol entity recognizes that one of the
communication links represented in the agent's
configuration has come up.
Variables:
  1: ifIndex
     Syntax="INTEGER"
     Descr="A unique value for each interface.  Its value
                      ranges between 1 and the value of ifNumber.  The
                      value for each interface must remain constant at
                      least from one re-initialization of the entity's
                      network management system to the next re-
                      initialization."
  2: ifDescr
     Syntax="OCTETSTR"
     Descr="A textual string containing information about the
                      interface.  This string should include the name of
                      the manufacturer, the product name and the version
                      of the hardware interface."
  3: ifType
     Syntax="INTEGER"
       1: other
       10: iso88026-man
       11: starLan
       12: proteon-10Mbit
       13: proteon-80Mbit
       14: hyperchannel
       15: fddi
       16: lapb
       17: sdlc
       18: ds1
       19: e1
       2: regular1822
       20: basicISDN
       21: primaryISDN
       22: propPointToPointSerial
       23: ppp
       24: softwareLoopback
       25: eon
       26: ethernet-3Mbit
       27: nsip
       28: slip
       29: ultra
       3: hdh1822
       30: ds3
       31: sip
       32: frame-relay
       4: ddn-x25
       5: rfc877-x25
       6: ethernet-csmacd
       7: iso88023-csmacd
       8: iso88024-tokenBus
       9: iso88025-tokenRing
     Descr="The type of interface, distinguished according to
                      the physical/link protocol(s) immediately `below'
                      the network layer in the protocol stack."
  4: locIfReason
     Syntax="OCTETSTR"
     Descr="Reason for interface last status change."
EDESC
#
#
#
EVENT authenticationFailure .1.3.6.1.6.3.1.1.5.5 "Cisco Management Events" Warning
FORMAT コミュニティ名が不正です。リクエスト送信元:$1
NODES /etc/snmp/snmptt-cisco.nodes
SDESC
An authenticationFailure trap signifies that
the sending protocol entity is the addressee
of a protocol message that is not properly
authenticated.  While implementations of the
SNMP must be capable of generating this trap,
they must also be capable of suppressing the
emission of such traps via an implementation-
specific mechanism.
Variables:
  1: authAddr
     Syntax=""
EDESC
#
#
#
EVENT egpNeighborLoss .1.3.6.1.6.3.1.1.5.6 "Cisco Status Events" Critical
FORMAT EGP ネイバーとの接続が切断されました。ネイバー:$1
NODES /etc/snmp/snmptt-cisco.nodes
SDESC
An egpNeighborLoss trap signifies that an EGP
neighbor for whom the sending protocol entity
was an EGP peer has been marked down and the
peer relationship no longer obtains.
Variables:
  1: egpNeighAddr
     Syntax="IPADDR"
     Descr="The IP address of this entry's EGP neighbor."
EDESC
#
#
#
EVENT reload .1.3.6.1.4.1.9.0.0 "Cisco Status Events" Normal
FORMAT ノードの再起動を開始します。理由:$2
SDESC
A reload trap signifies that the sending
protocol entity is reinitializing itself such
that the agent's configuration or the protocol
entity implementation may be altered.
Variables:
  1: sysUpTime
     Syntax="TICKS"
     Descr="The time (in hundredths of a second) since the
                      network management portion of the system was last
                      re-initialized."
  2: whyReload
     Syntax=""
EDESC
#
#
#
EVENT tcpConnectionClose .1.3.6.1.4.1.9.0.1 "Cisco Management Events" Normal
FORMAT TTY セッションが終了しました。セッション種別:$1
SDESC
A tty trap signifies that a TCP connection,
previously established with the sending
protocol entity for the purposes of a tty
session, has been terminated.
Variables:
  1: tslineSesType
     Syntax="INTEGER"
       1: unknown
       10: xremote
       11: rshell
       12: ipc
       13: udptn
       2: pad
       3: stream
       4: rlogin
       5: telnet
       6: tcp
       7: lat
       8: mop
       9: slip
     Descr="Type of session."
  2: tcpConnState
     Syntax="INTEGER"
       1: closed
       10: closing
       11: timeWait
       12: deleteTCB
       2: listen
       3: synSent
       4: synReceived
       5: established
       6: finWait1
       7: finWait2
       8: closeWait
       9: lastAck
     Descr="The state of this TCP connection.

                      The only value which may be set by a management
                      station is deleteTCB(12).  Accordingly, it is
                      appropriate for an agent to return a `badValue'
                      response if a management station attempts to set
                      this object to any other value.

                      If a management station sets this object to the
                      value deleteTCB(12), then this has the effect of
                      deleting the TCB (as defined in RFC 793) of the
                      corresponding connection on the managed node,
                      resulting in immediate termination of the
                      connection.

                      As an implementation-specific option, a RST
                      segment may be sent from the managed node to the
                      other TCP endpoint (note however that RST segments
                      are not sent reliably)."
  3: loctcpConnElapsed
     Syntax="TICKS"
     Descr="How long this TCP connection has been
                           established."
  4: loctcpConnInBytes
     Syntax="INTEGER"
     Descr="Bytes input for this TCP connection."
  5: loctcpConnOutBytes
     Syntax="INTEGER"
     Descr="Bytes output for this TCP connection."
  6: tsLineUser
     Syntax="OCTETSTR"
     Descr="TACACS user name, if TACACS enabled, of user
                           on this line."
EDESC
##########################################################################################
#
# CISCO-SYSLOG-MIB
#
##########################################################################################
EVENT clogMessageGenerated .1.3.6.1.4.1.9.9.41.2.0.1 "Cisco Syslog Events" Normal
FORMAT $5 $1-$3: $2: $4
SDESC
When a syslog message is generated by the device a
clogMessageGenerated notification is sent.  The
sending of these notifications can be enabled/disabled
via the clogNotificationsEnabled object.
Variables:
  1: clogHistFacility
     Syntax="OCTETSTR"
     Descr="Name of the facility that generated this message.
                 For example: 'SYS'."
  2: clogHistSeverity
     Syntax="INTEGER"
       1: emergency
       2: alert
       3: critical
       4: error
       5: warning
       6: notice
       7: info
       8: debug
     Descr="The severity of the message."
  3: clogHistMsgName
     Syntax="OCTETSTR"
     Descr="A textual identification for the message type.
                 A facility name in conjunction with a message name
                 uniquely identifies a message type."
  4: clogHistMsgText
     Syntax="OCTETSTR"
     Descr="The text of the message.  If the text of the message
                 exceeds 255 bytes, the message will be truncated to
                 254 bytes and a '*' character will be appended -
                 indicating that the message has been truncated."
  5: clogHistTimestamp
     Syntax="TICKS"
     Descr="The value of sysUpTime when this message was
                 generated."
EDESC
##########################################################################################
#
# CISCO-CONFIG-MAN-MIB
#
##########################################################################################
EVENT ciscoConfigManEvent .1.3.6.1.4.1.9.9.43.2.0.1 "Cisco Management Events" Normal
FORMAT コンフィグ変更管理イベントが発行されました。変更手段:$1, 変更元:$2, 変更対象:$3
SDESC
Notification of a configuration management event as
recorded in ccmHistoryEventTable.
Variables:
  1: ccmHistoryEventCommandSource
     Syntax="INTEGER"
       1: commandLine
       2: snmp
     Descr="The source of the command that instigated the event."
  2: ccmHistoryEventConfigSource
     Syntax="INTEGER"
       1: erase
       2: commandSource
       3: running
       4: startup
       5: local
       6: networkTftp
       7: networkRcp
       8: networkFtp
       9: networkScp
     Descr="The configuration data source for the event."
  3: ccmHistoryEventConfigDestination
     Syntax="INTEGER"
       1: erase
       2: commandSource
       3: running
       4: startup
       5: local
       6: networkTftp
       7: networkRcp
       8: networkFtp
       9: networkScp
     Descr="The configuration data destination for the event."
EDESC
#
#
#
EVENT ccmCLIRunningConfigChanged .1.3.6.1.4.1.9.9.43.2.0.2 "Cisco Management Events" Normal
FORMAT CLI からコンフィグが変更されました。ターミナル種別:$2
SDESC
This notification indicates that the running
configuration of the managed system has changed
from the CLI.
If the managed system supports a separate
configuration mode(where the configuration commands
are entered under a  configuration session which
affects the running configuration of the system),
then this notification is sent when the configuration
mode is exited.
During this configuration session there can be
one or more running configuration changes.
Variables:
  1: ccmHistoryRunningLastChanged
     Syntax="TICKS"
     Descr="The value of sysUpTime when the running configuration
            was last changed.

                    If the value of ccmHistoryRunningLastChanged is
                    greater than ccmHistoryRunningLastSaved, the
                    configuration has been changed but not saved."
  2: ccmHistoryEventTerminalType
     Syntax="INTEGER"
       1: notApplicable
       2: unknown
       3: console
       4: terminal
       5: virtual
       6: auxiliary
     Descr="If ccmHistoryEventCommandSource is 'commandLine',
            the terminal type, otherwise 'notApplicable'."
EDESC
#
#
#
EVENT ccmCTIDRolledOver .1.3.6.1.4.1.9.9.43.2.0.3 "Cisco Management Events" Normal
FORMAT コンフィグ変更トラッキング ID の値が上限に達したため、リセットされます。
SDESC
This notification indicates that the Config Change Tracking
ID has rolled over and will be reset.
EDESC
##########################################################################################
#
# CISCO-HSRP-MIB
#
##########################################################################################
EVENT cHsrpStateChange .1.3.6.1.4.1.9.9.106.2.0.1 "Cisco Status Events" Critical
FORMAT HSRP グループの状態が変化しました。状態:$1
SDESC
A cHsrpStateChange notification is sent when a
cHsrpGrpStandbyState transitions to either active or
standby state, or leaves active or standby state. There
will be only one notification issued when the state change
is from standby to active and vice versa.
Variables:
  1: cHsrpGrpStandbyState
     Syntax="INTEGER"
       1: initial
       2: learn
       3: listen
       4: speak
       5: standby
       6: active
     Descr="The current HSRP state of this group on this interface."
EDESC
#
#
#

/etc/snmp/snmptt-cisco.nodes という名前でファイルを作成し、Cisco 機器のアドレスを記載します。以下は記述例ですので、環境に合わせて適切なアドレスを指定してください。

/etc/snmp/snmptt-cisco.nodes
# address list of Cisco routers and switches
192.168.0.1
192.168.100.0/24
192.168.200.0-192.168.200.255
:

上記のファイルを作成している理由ですが、Cisco の MIB で定義されるトラップの中には、CISCOTRAP-MIB の linkUp や linkDown のように標準 MIB で定義されているものと同じ OID を持つものがあります。こうしたトラップには、変数バインディングを追加するなどのベンダー独自の拡張が行われているため、標準に準拠しているトラップとは定義を分けて監視する必要があります。

今回は特定ベンダーの機器を他の機器と区別するために、トラップ定義ファイルで NODES 行に外部ファイルを指定し、ファイルに対象機器のアドレスを追記していく方式を採っています。また、標準トラップ定義の記述の簡略化のため、snmptt.ini で multiple_event = 0 を指定し、トラップ定義ファイルの記述順を制御することで、最初にマッチした条件で処理を終了するようにしています。

③ hosts への監視対象機器の登録

今回の環境では snmptt.ini で dns_enable = 1 を設定しているため、監視対象機器のアドレスを全て hosts に登録しておきましょう。特に OS の設定で DNS による名前解決を有効にしている場合、DNS サーバとの間に不要なトラフィックが流れたり、ログへの書き込みが遅延するなどの問題が発生する可能性があります。

また、大規模環境においては snmptt をインストールしたサーバに DNS を立てることも選択肢の一つになります。

④ サービスの起動と動作確認

ここまでの設定が完了したら、最後に snmptrapd を起動します。

[root@centos6 ~]# service snmptrapd start
snmptrapd を起動中:                                        [  OK  ]

snmptrap コマンドでテスト用のトラップを飛ばして、正常にログに記録されるかを確認しましょう。以下のようなコマンドを実行することで、Cisco ルータの linkUp トラップを擬似的に発生させることができます。ここではエージェントアドレスに 192.168.100.100 を指定していますが、コマンド実行をする際は snmptt-cisco.nodes に記載のあるアドレスに書き換えて下さい。

snmptrap -v 1 -c public localhost 1.3.6.1.6.3.1.1.5 192.168.100.100 3 0 '' .1.3.6.1.2.1.2.2.1.1.1 i 1 .1.3.6.1.2.1.2.2.1.2.1 s FastEthernet0/0 .1.3.6.1.2.1.2.2.1.3.1 i 6 .1.3.6.1.4.1.9.2.2.1.1.20.1 s up

/var/log/snmptt/snmptt.log に以下のようなログが書き込まれたら、正常に監視ができています。

Mon Jul 18 11:52:22 2011 linkUp Normal "Status Events" router6 - インターフェース FastEthernet0/0 が動作を開始しました。状態:up

メッセージが以下のようになっている場合は、Cisco 用のトラップ定義にマッチしていませんので、snmptt-cisco.nodes の内容や snmptrap コマンド実行時のエージェントアドレスの指定を見直してみてください。

Mon Jul 18 11:45:47 2011 linkUp Normal "Status Events" router6 - インターフェース 1 が動作を開始しました。状態:FastEthernet0/0/ethernetCsmacd



今回はひとまずここまで。

次回以降、snmpttconvertmib の使い方や Splunk との連携などについて解説していきたいと思います。
スポンサーサイト

テーマ : おすすめソフトウェア
ジャンル : コンピュータ

SNMPTT その2

今回は SNMPTT で Cisco ルータ/スイッチのトラップを監視するためのトラップ定義ファイルを作成するための手順について解説します。

1. 監視対象機器の設定

SNMPTT の設定について見ていく前に、まずはトラップ通知に関する監視対象機器側の設定について確認しておきましょう。ここでは、Cisco のルータでトラップ通知を有効化する手順について解説します。

① 通知先ホストの設定(必須)

トラップの通知先ホストのアドレスとトラップ PDU のバージョン、コミュニティ名を指定します。

Router(config)#snmp-server host <n.n.n.n> version <1|2c> <community>

② 送信元アドレスの設定(オプション)

通常、トラップを送信する際の送信元アドレスには、ルーティングで通知先ホストに最も近いインターフェースのアドレスが用いられます。

監視セグメントに直接接続できない機器で、Loopback インターフェースに管理用のアドレスを割り当てて、そのアドレスをトラップの送信元アドレスに設定したいといった要件がある場合には、以下のコマンドを設定することで対応可能です。

Router(config)#snmp-server trap-source <interface>

③ トラップ送信キュー長の設定(オプション)

多数のインターフェースを持った L3 スイッチなどでは、再起動時に多数の linkUp / linkDown トラップが発生してトラップの送信キューがオーバーフローしてしまい、一部のトラップが送信できずに破棄されてしまうことがあります。そうした状況に対処するには、以下のコマンドでキューの拡張を行います(デフォルトは 10 です)。

Router(config)#snmp-server queue-limit notification-host <1-5000>

※ このコマンドは、以前は snmp-server queue-length というコマンドでした。

④ ifIndex のマッピング固定設定(オプション)

再起動後も ifIndex とインターフェースのマッピングを保持するよう設定します。

Router(config)#snmp-server ifindex persist

※ 本コマンドは固定型スイッチなどではサポートされない場合があるので、マニュアルをよく確認した上で設定してください。

⑤ 送信トラップの設定(必須)

対象機器のコマンドプロンプトから、送信可能なトラップの一覧を確認してみます。

Router(config)#snmp-server enable traps ?
  aaa_server       Enable SNMP AAA Server traps
  alarms           Enable SNMP alarms traps
  atm              Enable SNMP atm traps
  bfd              Allow SNMP BFD traps
  bgp              Enable BGP traps
  bulkstat         Enable Data-Collection-MIB Collection notifications
  call-home        Enable SNMP CISCO-CALLHOME-MIB traps
  ccme             Enable SNMP ccme traps
  cnpd             Enable NBAR Protocol Discovery traps
  config           Enable SNMP config traps
  config-copy      Enable SNMP config-copy traps
  config-ctid      Enable SNMP config-ctid traps
  cpu              Allow cpu related traps
  dial             Enable SNMP dial control traps
  dnis             Enable SNMP DNIS traps
  ds1              Enable SNMP DS1 traps
  ds3              Enable SNMP DS3 traps
  dsp              Enable SNMP dsp traps
  eigrp            Enable SNMP EIGRP traps
  entity           Enable SNMP entity traps
  envmon           Enable SNMP environmental monitor traps
  ethernet         Enable SNMP Ethernet traps
  event-manager    Enable SNMP Embedded Event Manager traps
  firewall         Enable SNMP Firewall traps
  flash            Enable SNMP FLASH notifications
  frame-relay      Enable SNMP frame-relay traps
  fru-ctrl         Enable SNMP entity FRU control traps
  gatekeeper       Enable SNMP gatekeeper traps
  hsrp             Enable SNMP HSRP traps
  ima              Enable SNMP ATM IMA traps
  ipmobile         Enable SNMP ipmobile traps
  ipmulticast      Enable SNMP ipmulticast traps
  ipsec            Enable IPsec traps
  ipsla            Enable SNMP IP SLA traps
  isakmp           Enable ISAKMP traps traps
  isdn             Enable SNMP isdn traps
  isis             Enable IS-IS traps
  l2tun            Enable SNMP L2 tunnel protocol traps
  mpls             Enable SNMP MPLS traps
  msdp             Enable SNMP MSDP traps
  mvpn             Enable Multicast Virtual Private Networks traps
  nhrp             Enable SNMP NHRP traps
  ospf             Enable OSPF traps
  pim              Enable SNMP PIM traps
  pppoe            Enable SNMP pppoe traps
  pw               Enable SNMP PW traps
  resource-policy  Enable CISCO-ERM-MIB notifications
  rf               Enable all SNMP traps defined in CISCO-RF-MIB
  rsvp             Enable RSVP flow change traps
  snmp             Enable SNMP traps
  srp              Enable SRP protocol traps
  srst             Enable SNMP srst traps
  syslog           Enable SNMP syslog traps
  tty              Enable TCP connection traps
  voice            Enable SNMP voice traps
  vrfmib           Allow SNMP vrfmib traps
  vrrp             Enable SNMP vrrp traps
  xgcp             Enable XGCP protocol traps
  <cr>

ここに表示されているキーワードは通知タイプと呼ばれ、linkUp や coldStart といった個別のトラップが所属するカテゴリにあたるものです。多くの場合、通知タイプは MIB モジュール(MIB ファイル)と一対一で対応していますが、snmp のように複数の MIB モジュールに分かれて定義されているもの、あるいは ipsec と isakmp のように一つ MIB モジュールが複数の通知タイプのトラップを定義しているものもあります。

トラップを有効化する際には、通知タイプ単位で有効化するものと、個別のトラップ単位で有効化できるものがあり、後者の場合は通知タイプの後に通知オプションとしてトラップ名を指定します。

例えば、snmp という通知タイプの場合、以下のように 5 つの一般トラップの有効・無効を個別に切り替えることができます。

Router(config)#snmp-server enable traps snmp ?
  authentication  Enable authentication trap
  coldstart       Enable coldStart trap
  linkdown        Enable linkDown trap
  linkup          Enable linkUp trap
  warmstart       Enable warmStart trap
  <cr>

Router(config)#snmp-server enable traps snmp coldstart linkdown linkup
Router(config)#do show run | inc traps
snmp-server enable traps snmp linkdown linkup coldstart

また、通知オプションを指定しなかった場合には、通知タイプに所属する全てのトラップが有効化されます。

Router(config)#snmp-server enable traps snmp
Router(config)#do show run | inc traps
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

さらに、通知タイプを指定しなかった場合には、その機器で設定可能な全てのトラップが有効化されます。

Router(config)#snmp-server enable traps
Router(config)#do show run | inc traps
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps gatekeeper
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps xgcp
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps srp
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ima
snmp-server enable traps rf
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps bfd
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps pw vc
snmp-server enable traps firewall serverstatus
snmp-server enable traps ipmobile
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps alarms informational
snmp-server enable traps ccme
snmp-server enable traps srst
snmp-server enable traps mpls vpn
snmp-server enable traps voice
snmp-server enable traps dnis
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down


注意:設定できるからといって、全てのトラップが対象機器上でサポートされるわけではないことに注意しましょう。

例えば、Catalyst 3560 Software Configuration Guide, Release 12.2(58)SE には以下の記述があります。

Note: Though visible in the command-line help strings, the fru-ctrl, insertion, and removal keywords are not supported.

また、実際にトラップを有効化するために、追加のコマンド設定が必要なものもあります。

有効化するトラップを決定する際は、MIB Locatorマニュアル等で MIB やトラップのサポート状況を確認し、構築時の試験などで動作を確認しておくとよいでしょう。


送信可能なトラップが確認できたら、そのトラップが定義されている MIB ファイルをダウンロードします。通知タイプと MIB ファイル(と、その中で定義されているトラップ)の対応関係については、メーカーのサイトでも十分な情報が提供されているとは言い難い状況で、マニュアルやその他技術情報を個別に確認する必要があります。

ただ、通知タイプは一般に <通知タイプ名>-MIB もしくは CISCO-<通知タイプ名>-MIB という名前の MIB モジュールに定義さていることが多いため、まずはそういった名前の MIB モジュールがないか探してみるとよいでしょう。

一応、以下に主要なトラップと通知タイプとの関係をまとめていますが、全てを実機で確認しているわけではないので、あくまで参考程度に見ていただければと思います。

通知タイプMIB モジュールトラップOID
aaa_serverCISCO-AAA-SERVER-MIBcasServerStateChange.1.3.6.1.4.1.9.10.56.2.0.1
alarmsCISCO-ENTITY-ALARM-MIBceAlarmAsserted
ceAlarmCleared
.1.3.6.1.4.1.9.9.138.2.0.1
.1.3.6.1.4.1.9.9.138.2.0.2
atmCISCO-IETF-ATM2-PVCTRAP-MIB
CISCO-ATM-PVCTRAP-EXTN-MIB
atmIntfPvcFailuresTrap
catmIntfPvcUpTrap
catmIntfPvcOAMFailureTrap
catmIntfPvcSegCCOAMFailureTrap
catmIntfPvcEndCCOAMFailureTrap
catmIntfPvcAISRDIOAMFailureTrap
catmIntfPvcAnyOAMFailureTrap
catmIntfPvcOAMRecoverTrap
catmIntfPvcSegCCOAMRecoverTrap
catmIntfPvcEndCCOAMRecoverTrap
catmIntfPvcAISRDIOAMRecoverTrap
catmIntfPvcAnyOAMRecoverTrap
catmIntfPvcUp2Trap
catmIntfPvcDownTrap
.1.3.6.1.4.1.9.10.29.2.1.0.1
.1.3.6.1.4.1.9.10.97.2.0.1
.1.3.6.1.4.1.9.10.97.2.0.2
.1.3.6.1.4.1.9.10.97.2.0.3
.1.3.6.1.4.1.9.10.97.2.0.4
.1.3.6.1.4.1.9.10.97.2.0.5
.1.3.6.1.4.1.9.10.97.2.0.6
.1.3.6.1.4.1.9.10.97.2.0.7
.1.3.6.1.4.1.9.10.97.2.0.8
.1.3.6.1.4.1.9.10.97.2.0.9
.1.3.6.1.4.1.9.10.97.2.0.10
.1.3.6.1.4.1.9.10.97.2.0.11
.1.3.6.1.4.1.9.10.97.2.0.12
.1.3.6.1.4.1.9.10.97.2.0.13
bfdCISCO-IETF-BFD-MIBciscoBfdSessUp
ciscoBfdSessDown
.1.3.6.1.4.1.9.10.137.0.1
.1.3.6.1.4.1.9.10.137.0.2
bgpBGP4-MIB
CISCO-BGP4-MIB
bgpEstablished
bgpBackwardTransition
cbgpFsmStateChange
cbgpBackwardTransition
cbgpPrefixThresholdExceeded
cbgpPrefixThresholdClear
cbgpPeer2EstablishedNotification
cbgpPeer2BackwardTransNotification
cbgpPeer2FsmStateChange
cbgpPeer2BackwardTransition
cbgpPeer2PrefixThresholdExceeded
cbgpPeer2PrefixThresholdClear
.1.3.6.1.2.1.15.7.1
.1.3.6.1.2.1.15.7.2
.1.3.6.1.4.1.9.9.187.0.1
.1.3.6.1.4.1.9.9.187.0.2
.1.3.6.1.4.1.9.9.187.0.3
.1.3.6.1.4.1.9.9.187.0.4
.1.3.6.1.4.1.9.9.187.0.5
.1.3.6.1.4.1.9.9.187.0.6
.1.3.6.1.4.1.9.9.187.0.7
.1.3.6.1.4.1.9.9.187.0.8
.1.3.6.1.4.1.9.9.187.0.9
.1.3.6.1.4.1.9.9.187.0.10
bulkstatCISCO-DATA-COLLECTION-MIBcdcVFileCollectionError
cdcFileXferComplete
.1.3.6.1.4.1.9.9.312.0.1
.1.3.6.1.4.1.9.9.312.0.2
call-homeCISCO-CALLHOME-MIBccmSmtpServerFailNotif
ccmAlertGroupTypeAddedNotif
ccmAlertGroupTypeDeletedNotif
ccmSmtpMsgSendFailNotif
ccmEventNotif
.1.3.6.1.4.1.9.9.300.0.1
.1.3.6.1.4.1.9.9.300.0.2
.1.3.6.1.4.1.9.9.300.0.3
.1.3.6.1.4.1.9.9.300.0.4
.1.3.6.1.4.1.9.9.300.0.5
ccmeCISCO-CCME-MIBccmeStatusChangeNotif
ccmeEphoneUnRegThresholdExceed
ccmeEPhoneDeceased
ccmeEPhoneRegFailed
ccmeEphoneLoginFailed
ccmeNightServiceChangeNotif
ccmeLivefeedMohFailedNotif
ccmeMaxConferenceNotif
ccmeKeyEphoneRegChangeNotif
.1.3.6.1.4.1.9.9.439.0.0.1
.1.3.6.1.4.1.9.9.439.0.0.2
.1.3.6.1.4.1.9.9.439.0.0.3
.1.3.6.1.4.1.9.9.439.0.0.4
.1.3.6.1.4.1.9.9.439.0.0.5
.1.3.6.1.4.1.9.9.439.0.0.6
.1.3.6.1.4.1.9.9.439.0.0.7
.1.3.6.1.4.1.9.9.439.0.0.8
.1.3.6.1.4.1.9.9.439.0.0.9
cnpdCISCO-NBAR-PROTOCOL-DISCOVERY-MIBcnpdThresholdRisingEvent
cnpdThresholdFallingEvent
.1.3.6.1.4.1.9.9.244.0.1
.1.3.6.1.4.1.9.9.244.0.2
configCISCO-CONFIG-MAN-MIBciscoConfigManEvent
ccmCLIRunningConfigChanged
.1.3.6.1.4.1.9.9.43.2.0.1
.1.3.6.1.4.1.9.9.43.2.0.2
config-copyCISCO-CONFIG-COPY-MIBccCopyCompletion.1.3.6.1.4.1.9.9.96.2.1.1
config-ctidCISCO-CONFIG-MAN-MIBccmCLIRunningConfigChanged
ccmCTIDRolledOver
.1.3.6.1.4.1.9.9.43.2.0.3
cpuCISCO-PROCESS-MIBcpmCPURisingThreshold
cpmCPUFallingThreshold
.1.3.6.1.4.1.9.9.109.2.0.1
.1.3.6.1.4.1.9.9.109.2.0.2
dialDIAL-CONTROL-MIBdialCtlPeerCallInformation
dialCtlPeerCallSetup
.1.3.6.1.2.1.10.21.2.0.1
.1.3.6.1.2.1.10.21.2.0.2
dnisCISCO-VOICE-DNIS-MIBcvDnisMappingUrlInaccessible.1.3.6.1.4.1.9.9.219.2.0.1
ds1DS1-MIB
CISCO-DS1-EXT-MIB
dsx1LineStatusChange
cds1StatThresholdAlarm
.1.3.6.1.2.1.10.18.15.0.1
.1.3.6.1.4.1.9.9.229.1.4.0.1
ds3DS3-MIBdsx3LineStatusChange.1.3.6.1.2.1.10.30.15.0.1
dspCISCO-DSP-MGMT-MIBcdspMIBCardStateNotification
cdspOperStateNotification
.1.3.6.1.4.1.9.9.86.2.0.2
eigrpCISCO-EIGRP-MIBcEigrpAuthFailureEvent
cEigrpRouteStuckInActive
.1.3.6.1.4.1.9.9.449.0.1
.1.3.6.1.4.1.9.9.449.0.2
entityENTITY-MIBentConfigChange.1.3.6.1.2.1.47.2.0.1
envmonCISCO-ENVMON-MIBciscoEnvMonShutdownNotification
ciscoEnvMonVoltageNotification
ciscoEnvMonTemperatureNotification
ciscoEnvMonFanNotification
ciscoEnvMonRedundantSupplyNotification
ciscoEnvMonVoltStatusChangeNotif
ciscoEnvMonTempStatusChangeNotif
ciscoEnvMonFanStatusChangeNotif
ciscoEnvMonSuppStatusChangeNotif
.1.3.6.1.4.1.9.9.13.3.0.1
.1.3.6.1.4.1.9.9.13.3.0.2
.1.3.6.1.4.1.9.9.13.3.0.3
.1.3.6.1.4.1.9.9.13.3.0.4
.1.3.6.1.4.1.9.9.13.3.0.5
.1.3.6.1.4.1.9.9.13.3.0.6
.1.3.6.1.4.1.9.9.13.3.0.7
.1.3.6.1.4.1.9.9.13.3.0.8
.1.3.6.1.4.1.9.9.13.3.0.9
ethernet cfmCISCO-ETHER-CFM-MIBcEtherCfmCcMepUp
cEtherCfmCcMepDown
cEtherCfmCcCrossconnect
cEtherCfmCcLoop
cEtherCfmCcConfigError
cEtherCfmXCheckMissing
cEtherCfmXCheckUnknown
cEtherCfmXCheckServiceUp
.1.3.6.1.4.1.9.9.461.0.0.1
.1.3.6.1.4.1.9.9.461.0.0.2
.1.3.6.1.4.1.9.9.461.0.0.3
.1.3.6.1.4.1.9.9.461.0.0.4
.1.3.6.1.4.1.9.9.461.0.0.5
.1.3.6.1.4.1.9.9.461.0.0.6
.1.3.6.1.4.1.9.9.461.0.0.7
.1.3.6.1.4.1.9.9.461.0.0.8
event-managerCISCO-EMBEDDED-EVENT-MGR-MIBcEventMgrServerEvent
cEventMgrPolicyEvent
.1.3.6.1.4.1.9.10.91.0.1
.1.3.6.1.4.1.9.10.91.0.2
firewallCISCO-UNIFIED-FIREWALL-MIBciscoUFwUrlfServerStateChange
ciscoUFwL2StaticMacAddressMoved
.1.3.6.1.4.1.9.9.491.0.1
.1.3.6.1.4.1.9.9.491.0.2
flashCISCO-FLASH-MIBciscoFlashCopyCompletionTrap
ciscoFlashPartitioningCompletionTrap
ciscoFlashMiscOpCompletionTrap
ciscoFlashDeviceChangeTrap
ciscoFlashDeviceInsertedNotif
ciscoFlashDeviceRemovedNotif
ciscoFlashDeviceInsertedNotifRev1
ciscoFlashDeviceRemovedNotifRev1
.1.3.6.1.4.1.9.9.10.1.3.0.1
.1.3.6.1.4.1.9.9.10.1.3.0.2
.1.3.6.1.4.1.9.9.10.1.3.0.3
.1.3.6.1.4.1.9.9.10.1.3.0.4
.1.3.6.1.4.1.9.9.10.1.3.0.5
.1.3.6.1.4.1.9.9.10.1.3.0.6
.1.3.6.1.4.1.9.9.10.1.3.0.7
.1.3.6.1.4.1.9.9.10.1.3.0.8
frame-relayRFC1315-MIBfrDLCIStatusChange.1.3.6.1.2.1.10.32.0.1
frame-relay multilink bundle-mismatchFR-MFR-MIBmfrMibTrapBundleLinkMismatch.1.3.6.1.2.1.10.47.4.0.1
fru-ctrlCISCO-ENTITY-FRU-CONTROL-MIBcefcModuleStatusChange
cefcPowerStatusChange
cefcFRUInserted
cefcFRURemoved
cefcUnrecognizedFRU
cefcFanTrayStatusChange
cefcPowerSupplyOutputChange
.1.3.6.1.4.1.9.9.117.2.0.1
.1.3.6.1.4.1.9.9.117.2.0.2
.1.3.6.1.4.1.9.9.117.2.0.3
.1.3.6.1.4.1.9.9.117.2.0.4
.1.3.6.1.4.1.9.9.117.2.0.5
.1.3.6.1.4.1.9.9.117.2.0.6
.1.3.6.1.4.1.9.9.117.2.0.7
gatekeeperCISCO-GATEKEEPER-MIBciscoGatekeeperEvent.1.3.6.1.4.1.9.10.40.2.0.1
hsrpCISCO-HSRP-MIBcHsrpStateChange.1.3.6.1.4.1.9.9.106.2.0.1
imaIMA-MIBimaFailureAlarm.1.3.6.1.4.1.353.5.7.1.2.0.1
ipmobileMIP-MIB
CISCO-MOBILE-IP-MIB
mipAuthFailure
cmiMrStateChange
cmiMrCoaChange
cmiMrNewMA
cmiHaMnRegReqFailed
.1.3.6.1.2.1.44.2.0.1
.1.3.6.1.4.1.9.9.174.0.1
.1.3.6.1.4.1.9.9.174.0.2
.1.3.6.1.4.1.9.9.174.0.3
.1.3.6.1.4.1.9.9.174.0.4
ipmulticastCISCO-IPMROUTE-MIBciscoIpMRouteMissingHeartBeats.1.3.6.1.4.1.9.10.2.3.1.0.1
ipsecCISCO-IPSEC-FLOW-MONITOR-MIB
CISCO-IPSEC-MIB
cipSecTunnelStart
cipSecTunnelStop
cipsCryptomapAdded
cipsCryptomapDeleted
cipsCryptomapSetAttached
cipsCryptomapSetDetached
cipsTooManySAs
.1.3.6.1.4.1.9.9.171.2.0.7
.1.3.6.1.4.1.9.9.171.2.0.8
.1.3.6.1.4.1.9.10.62.2.0.3
.1.3.6.1.4.1.9.10.62.2.0.4
.1.3.6.1.4.1.9.10.62.2.0.5
.1.3.6.1.4.1.9.10.62.2.0.6
.1.3.6.1.4.1.9.10.62.2.0.7
ipsla (rtr)CISCO-RTTMON-MIBrttMonConnectionChangeNotification
rttMonTimeoutNotification
rttMonThresholdNotification
rttMonVerifyErrorNotification
rttMonNotification
rttMonLpdDiscoveryNotification
rttMonLpdGrpStatusNotification
.1.3.6.1.4.1.9.9.42.2.0.1
.1.3.6.1.4.1.9.9.42.2.0.2
.1.3.6.1.4.1.9.9.42.2.0.3
.1.3.6.1.4.1.9.9.42.2.0.4
.1.3.6.1.4.1.9.9.42.2.0.5
.1.3.6.1.4.1.9.9.42.2.0.6
.1.3.6.1.4.1.9.9.42.2.0.7
isakmpCISCO-IPSEC-FLOW-MONITOR-MIB
CISCO-IPSEC-MIB
cikeTunnelStart
cikeTunnelStop
cipsIsakmpPolicyAdded
cipsIsakmpPolicyDeleted
.1.3.6.1.4.1.9.9.171.2.0.1
.1.3.6.1.4.1.9.9.171.2.0.2
.1.3.6.1.4.1.9.10.62.2.0.1
.1.3.6.1.4.1.9.10.62.2.0.2
isdnCISCO-ISDN-MIB
CISCO-ISDNU-IF-MIB
demandNbrCallInformation
demandNbrCallDetails
demandNbrLayer2Change
demandNbrCNANotification
ciuIfLoopStatusNotification
.1.3.6.1.4.1.9.9.26.2.0.1
.1.3.6.1.4.1.9.9.26.2.0.2
.1.3.6.1.4.1.9.9.26.2.0.3
.1.3.6.1.4.1.9.9.26.2.0.4
.1.3.6.1.4.1.9.9.18.2.0.1
isisCISCO-IETF-ISIS-MIBciiDatabaseOverload
ciiManualAddressDrops
ciiCorruptedLSPDetected
ciiAttemptToExceedMaxSequence
ciiIDLenMismatch
ciiMaxAreaAddressesMismatch
ciiOwnLSPPurge
ciiSequenceNumberSkip
ciiAuthenticationTypeFailure
ciiAuthenticationFailure
ciiVersionSkew
ciiAreaMismatch
ciiRejectedAdjacency
ciiLSPTooLargeToPropagate
ciiOrigLSPBuffSizeMismatch
ciiProtocolsSupportedMismatch
ciiAdjacencyChange
ciiLSPErrorDetected
.1.3.6.1.4.1.9.10.118.0.1
.1.3.6.1.4.1.9.10.118.0.2
.1.3.6.1.4.1.9.10.118.0.3
.1.3.6.1.4.1.9.10.118.0.4
.1.3.6.1.4.1.9.10.118.0.5
.1.3.6.1.4.1.9.10.118.0.6
.1.3.6.1.4.1.9.10.118.0.7
.1.3.6.1.4.1.9.10.118.0.8
.1.3.6.1.4.1.9.10.118.0.9
.1.3.6.1.4.1.9.10.118.0.10
.1.3.6.1.4.1.9.10.118.0.11
.1.3.6.1.4.1.9.10.118.0.12
.1.3.6.1.4.1.9.10.118.0.13
.1.3.6.1.4.1.9.10.118.0.14
.1.3.6.1.4.1.9.10.118.0.15
.1.3.6.1.4.1.9.10.118.0.16
.1.3.6.1.4.1.9.10.118.0.17
.1.3.6.1.4.1.9.10.118.0.18
l2tunCISCO-VPDN-MGMT-MIBcvpdnNotifSession
cvpdnTrapDeadcacheEvent
.1.3.6.1.4.1.9.10.24.0.3
.1.3.6.1.4.1.9.10.24.0.4
mpls fast-reroute protectedCISCO-IETF-FRR-MIBcmplsFrrProtected.1.3.6.1.4.1.9.10.98.0.1
mpls ldpMPLS-LDP-MIBmplsLdpInitSesThresholdExceeded
mplsLdpPVLMismatch
mplsLdpSessionUp
mplsLdpSessionDown
.1.3.6.1.4.1.9.10.65.2.0.1
.1.3.6.1.4.1.9.10.65.2.0.2
.1.3.6.1.4.1.9.10.65.2.0.3
.1.3.6.1.4.1.9.10.65.2.0.4
mpls rfc ldpMPLS-LDP-STD-MIBmplsLdpInitSessionThresholdExceeded
mplsLdpPathVectorLimitMismatch
mplsLdpSessionUp
mplsLdpSessionDown
.1.3.6.1.2.1.10.166.4.0.1
.1.3.6.1.2.1.10.166.4.0.2
.1.3.6.1.2.1.10.166.4.0.3
.1.3.6.1.2.1.10.166.4.0.4
mpls traffic-engMPLS-TE-MIBmplsTunnelUp
mplsTunnelDown
mplsTunnelRerouted
.1.3.6.1.3.95.3.0.1
.1.3.6.1.3.95.3.0.2
.1.3.6.1.3.95.3.0.3
mpls vpnMPLS-VPN-MIBmplsVrfIfUp
mplsVrfIfDown
mplsNumVrfRouteMidThreshExceeded
mplsNumVrfRouteMaxThreshExceeded
mplsNumVrfSecIllegalLabelThreshExceeded
.1.3.6.1.3.118.0.1
.1.3.6.1.3.118.0.2
.1.3.6.1.3.118.0.3
.1.3.6.1.3.118.0.4
.1.3.6.1.3.118.0.5
msdpDRAFT-MSDP-MIB
CISCO-IETF-MSDP-MIB
msdpEstablished
msdpBackwardTransition
cMsdpEstablished
cMsdpBackwardTransition
.1.3.6.1.3.92.1.1.7.0.1
.1.3.6.1.3.92.1.1.7.0.2
.1.3.6.1.4.1.9.10.130.1.1.0.1
.1.3.6.1.4.1.9.10.130.1.1.0.2
mvpnCISCO-MVPN-MIBciscoMvpnMvrfChange.1.3.6.1.4.1.9.10.113.0.2
nhrpCISCO-NHRP-EXT-MIBcneNotifNextHopRegServerUp
cneNotifNextHopRegServerDown
cneNotifNextHopRegClientUp
cneNotifNextHopRegClientDown
cneNotifNextHopPeerUp
cneNotifNextHopPeerDown
cneNotifRateLimitExceeded
.1.3.6.1.4.1.9.9.680.0.1
.1.3.6.1.4.1.9.9.680.0.2
.1.3.6.1.4.1.9.9.680.0.3
.1.3.6.1.4.1.9.9.680.0.4
.1.3.6.1.4.1.9.9.680.0.5
.1.3.6.1.4.1.9.9.680.0.6
.1.3.6.1.4.1.9.9.680.0.7
ospfOSPF-TRAP-MIBospfVirtIfStateChange
ospfNbrStateChange
ospfVirtNbrStateChange
ospfIfConfigError
ospfVirtIfConfigError
ospfIfAuthFailure
ospfVirtIfAuthFailure
ospfIfRxBadPacket
ospfVirtIfRxBadPacket
ospfTxRetransmit
ospfVirtIfTxRetransmit
ospfOriginateLsa
ospfMaxAgeLsa
ospfLsdbOverflow
ospfLsdbApproachingOverflow
ospfIfStateChange
ospfNssaTranslatorStatusChange
ospfRestartStatusChange
ospfNbrRestartHelperStatusChange
ospfVirtNbrRestartHelperStatusChange
.1.3.6.1.2.1.14.16.2.0.1
.1.3.6.1.2.1.14.16.2.0.2
.1.3.6.1.2.1.14.16.2.0.3
.1.3.6.1.2.1.14.16.2.0.4
.1.3.6.1.2.1.14.16.2.0.5
.1.3.6.1.2.1.14.16.2.0.6
.1.3.6.1.2.1.14.16.2.0.7
.1.3.6.1.2.1.14.16.2.0.8
.1.3.6.1.2.1.14.16.2.0.9
.1.3.6.1.2.1.14.16.2.0.10
.1.3.6.1.2.1.14.16.2.0.11
.1.3.6.1.2.1.14.16.2.0.12
.1.3.6.1.2.1.14.16.2.0.13
.1.3.6.1.2.1.14.16.2.0.14
.1.3.6.1.2.1.14.16.2.0.15
.1.3.6.1.2.1.14.16.2.0.16
.1.3.6.1.2.1.14.16.2.0.17
.1.3.6.1.2.1.14.16.2.0.18
.1.3.6.1.2.1.14.16.2.0.19
.1.3.6.1.2.1.14.16.2.0.20
ospf cisco-specificCISCO-OSPF-TRAP-MIBcospfIfConfigError
cospfVirtIfConfigError
cospfTxRetransmit
cospfVirtIfTxRetransmit
cospfOriginateLsa
cospfMaxAgeLsa
cospfNssaTranslatorStatusChange
cospfShamLinkStateChange
cospfShamLinkNbrStateChange
cospfShamLinkConfigError
cospfShamLinkAuthFailure
cospfShamLinkRxBadPacket
cospfShamLinkTxRetransmit
cospfShamLinksStateChange
.1.3.6.1.4.1.9.10.101.0.1
.1.3.6.1.4.1.9.10.101.0.2
.1.3.6.1.4.1.9.10.101.0.3
.1.3.6.1.4.1.9.10.101.0.4
.1.3.6.1.4.1.9.10.101.0.5
.1.3.6.1.4.1.9.10.101.0.6
.1.3.6.1.4.1.9.10.101.0.7
.1.3.6.1.4.1.9.10.101.0.8
.1.3.6.1.4.1.9.10.101.0.9
.1.3.6.1.4.1.9.10.101.0.10
.1.3.6.1.4.1.9.10.101.0.11
.1.3.6.1.4.1.9.10.101.0.12
.1.3.6.1.4.1.9.10.101.0.13
.1.3.6.1.4.1.9.10.101.0.14
pimPIM-MIB
CISCO-IETF-PIM-MIB
CISCO-PIM-MIB
pimNeighborLoss
cPimNbrLoss
ciscoPimInterfaceUp
ciscoPimInterfaceDown
ciscoPimRPMappingChange
ciscoPimInvalidRegister
ciscoPimInvalidJoinPrune
.1.3.6.1.3.61.1.0.1
.1.3.6.1.4.1.9.10.119.0.2
.1.3.6.1.4.1.9.9.184.2.0.1
.1.3.6.1.4.1.9.9.184.2.0.2
.1.3.6.1.4.1.9.9.184.2.0.3
.1.3.6.1.4.1.9.9.184.2.0.4
.1.3.6.1.4.1.9.9.184.2.0.5
pppoeCISCO-PPPOE-MIBcPppoeSystemSessionThresholdTrap
cPppoeVcSessionThresholdTrap
cPppoeSystemSessionPerMACLimitNotif
cPppoeSystemSessionPerMACThrottleNotif
cPppoeSystemSessionPerVLANLimitNotif
cPppoeSystemSessionPerVLANThrottleNotif
cPppoeSystemSessionPerVCLimitNotif
cPppoeSystemSessionPerVCThrottleNotif
cPppoeSystemSessionLossThresholdNotif
cPppoePerInterfaceSessionLossThresholdNotif
cPppoeSystemSessionLossPercentNotif
cPppoePerInterfaceSessionLossPercentNotif
.1.3.6.1.4.1.9.9.194.2.0.1
.1.3.6.1.4.1.9.9.194.2.0.2
.1.3.6.1.4.1.9.9.194.2.0.3
.1.3.6.1.4.1.9.9.194.2.0.4
.1.3.6.1.4.1.9.9.194.2.0.5
.1.3.6.1.4.1.9.9.194.2.0.6
.1.3.6.1.4.1.9.9.194.2.0.7
.1.3.6.1.4.1.9.9.194.2.0.8
.1.3.6.1.4.1.9.9.194.2.0.9
.1.3.6.1.4.1.9.9.194.2.0.10
.1.3.6.1.4.1.9.9.194.2.0.11
.1.3.6.1.4.1.9.9.194.2.0.12
pwCISCO-IETF-PW-MIBcpwVcDown
cpwVcUp
.1.3.6.1.4.1.9.10.106.2.0.1
.1.3.6.1.4.1.9.10.106.2.0.2
resource-policyCISCO-ERM-MIBciscoErmGlobalPolicyViolation
ciscoErmLocalPolicyViolation
.1.3.6.1.4.1.9.9.510.0.1
.1.3.6.1.4.1.9.9.510.0.2
rfCISCO-RF-MIBciscoRFSwactNotif
ciscoRFProgressionNotif
ciscoRFIssuStateNotif
ciscoRFIssuStateNotifRev1
.1.3.6.1.4.1.9.9.176.2.0.1
.1.3.6.1.4.1.9.9.176.2.0.2
.1.3.6.1.4.1.9.9.176.2.0.3
.1.3.6.1.4.1.9.9.176.2.0.4
rsvpRSVP-MIBnewFlow
lostFlow
.1.3.6.1.2.1.51.3.0.1
.1.3.6.1.2.1.51.3.0.2
snmpSNMPv2-MIB
IF-MIB
CISCOTRAP-MIB
coldStart
warmStart
linkDown
linkUp
authenticationFailure
.1.3.6.1.6.3.1.1.5.1
.1.3.6.1.6.3.1.1.5.2
.1.3.6.1.6.3.1.1.5.3
.1.3.6.1.6.3.1.1.5.4
.1.3.6.1.6.3.1.1.5.5
srpCISCO-SRP-MIBsrpTrapRingWrapped
srpTrapRingRestored
.1.3.6.1.4.1.9.10.60.5.0.1
.1.3.6.1.4.1.9.10.60.5.0.2
srstCISCO-SRST-MIBcsrstStateChange
csrstFailNotif
csrstSipPhoneUnRegThresholdExceed
csrstSipPhoneRegFailed
csrstConferenceFailed
.1.3.6.1.4.1.9.9.441.0.1
.1.3.6.1.4.1.9.9.441.0.2
.1.3.6.1.4.1.9.9.441.0.3
.1.3.6.1.4.1.9.9.441.0.4
.1.3.6.1.4.1.9.9.441.0.5
syslogCISCO-SYSLOG-MIBclogMessageGenerated.1.3.6.1.4.1.9.9.41.2.0.1
ttyCISCOTRAP-MIBtcpConnectionClose.1.3.6.1.4.1.9.0.1
voiceCISCO-VOICE-DIAL-CONTROL-MIBcvdcPoorQoVNotification
cvdcPoorQoVNotificationRev1
cvdcActiveDS0sHighNotification
cvdcActiveDS0sLowNotification
cvdcFallbackNotification
.1.3.6.1.4.1.9.9.63.2.0.1
.1.3.6.1.4.1.9.9.63.2.0.2
.1.3.6.1.4.1.9.9.63.2.0.3
.1.3.6.1.4.1.9.9.63.2.0.4
.1.3.6.1.4.1.9.9.63.2.0.5
vrfmibCISCO-VRF-MIBcvVrfIfUp
cvVrfIfDown
cvVnetTrunkUp
cvVnetTrunkDown
.1.3.6.1.4.1.9.9.711.0.1
.1.3.6.1.4.1.9.9.711.0.2
.1.3.6.1.4.1.9.9.711.0.3
.1.3.6.1.4.1.9.9.711.0.4
vrrpVRRP-MIB
CISCO-IETF-VRRP-MIB
vrrpTrapNewMaster
vrrpTrapAuthFailure
cVrrpNotificationNewMaster
cVrrpNotificationProtoError
.1.3.6.1.2.1.68.0.1
.1.3.6.1.2.1.68.0.2
.1.3.6.1.4.1.9.10.999.0.1
.1.3.6.1.4.1.9.10.999.0.3
xgcpXGCP-MIBxgcpUpDownNotification.1.3.6.1.3.90.2.0.1
今回は例として、上記の通知タイプの中から snmp と hsrp のトラップ定義を作成することにします。

2. MIB ファイルのダウンロード

snmpttconvertmib コマンドでトラップ定義ファイルを作成するためには、そのトラップを定義している MIB ファイルと、その関連ファイルが必要になります。

先程の表にも記載していますが、snmp という通知タイプに属する 5 種類のトラップのうち、coldStart / warmStart / authenticationFailure の 3 つは SNMPv2-MIB に、linkDown / linkUp の 2 つは IF-MIB に定義されており、さらに warmStart を除く 4 種のトラップが CISCOTRAP-MIB で再定義されています。従って、これらのトラップの定義ファイルを作成するためには、SNMPv2-MIB、IF-MIB、CISCOTRAP-MIB の 3 つのモジュールを定義するファイルと、その関連ファイルが必要です。

ここで「関連ファイルとは何か」を説明する前に、CISCOTRAP-MIB で IETF の標準トラップの再定義を行う意味について簡単に説明しておきます。

通常、Cisco が RFC ベースのトラップを拡張及び再定義する場合には、CISCO-<オリジナルの MIB モジュール名> というモジュールを作成し、その中で Cisco 独自の OID を使用することが多いのですが、上記一般トラップについては元の OID をそのまま置き換えています。従って、同じ linkDown トラップを発行するのでも、IETF 準拠の機器と Cisco のルータでは異なるフォーマットのトラップを投げることになります(Cisco のルータでも、設定で IETF 準拠のトラップを発行するよう設定することは可能ですが、デフォルトは Cisco 独自フォーマットです)。

それでは、IETF 準拠のトラップと、Cisco が再定義したトラップの違いを見てみましょう。以下は、IF-MIB と CISCOTRAP-MIB が linkDown を定義している部分を抜き出したものです。

IF-MIB
linkDown NOTIFICATION-TYPE
  OBJECTS { ifIndex, ifAdminStatus, ifOperStatus }
  STATUS current
  DESCRIPTION
      "A linkDown trap signifies that the SNMP entity, acting in
      an agent role, has detected that the ifOperStatus object for
      one of its communication links is about to enter the down
      state from some other state (but not from the notPresent
      state). This other state is indicated by the included value
      of ifOperStatus."
  ::= { snmpTraps 3 }
CISCOTRAP-MIB
linkDown TRAP-TYPE
  ENTERPRISE snmp
  VARIABLES  { ifIndex, ifDescr, ifType, locIfReason }
  DESCRIPTION
        "A linkDown trap signifies that the sending
        protocol entity recognizes a failure in one of
        the communication links represented in the
        agent's configuration."
  ::= 2
そもそも書式が違いますが、これは IF-MIB が SNMPv2 用の書式(SMIv2)で書かれている一方で、CISCOTRAP-MIB が SNMPv1 用の書式(SMIv1)で書かれているためです。通常、Cisco の MIB には SMIv2 で記述されたもの(例:CISCO-HSRP-MIB.my)とその SMIv1 版(例:CISCO-HSRP-MIB-V1SMI.my)が存在しますが、CISCOTRAP-MIB には SMIv1 版しか存在しないため、このように異なる書式のものを並べています。この点についてはここではあまり重要ではないので、気にしないで下さい。

重要なのは VARIABLES に続く変数バインディングの違いです。もともと linkDown トラップに含まれるインターフェースの識別情報は ifIndex のみでしたが、CISCOTRAP-MIB の定義ではこれに ifDescr が加わることで、FastEthernet0/0 といった分かりやすいインターフェース名を監視に利用することができるようになっています。また、ifAdminStatus と ifOperStatus というインターフェースの状態を表す変数バインディングが、locIfReason に置き換えられています。

実際にトラップの中身を見てみましょう。次の画像は標準状態の Cisco ルータが発行する v1 の linkDown トラップをキャプチャしたものです。

snmptt_2-1.png

次の画像は、Net-SNMP を使用して IETF 準拠のフォーマットで v1 の linkDown トラップを発行した際のキャプチャイメージです。

snmptt_2-3.png

これを見てわかるように、Cisco 独自フォーマットの場合、ダウンしたインターフェース名を特定するにはトラップに含まれる ifDescr の値を見ればよいのですが、IETF 準拠のフォーマットでは別途 interfaces テーブルの情報を取得し、ifIndex の値に対応する ifDescr の値を確認する必要があります。

また、IETF フォーマットの場合、トラップの発生原因がケーブルの抜けなのか管理者による shutdown なのかを特定するためには ifAdminStatus と ifOperStatus の値の組み合わせを解釈しなければなりません(ifAdminStatus=down & ifOperStatus=down → 管理者による shutdown、ifAdminStatus=up & ifOperStatus=down → ケーブル抜け、等)。それに対して、Cisco 独自フォーマットに含まれる locIfReason はインターフェースがなぜダウンしたかという理由をよりわかりやすい形("administratively down", "Keepalive OK" 等)で表示してくれます。

その他、coldStart / authenticationFailure トラップでも、それぞれ以下のような変数バインディングの拡張が行われています。

トラップ内容
coldStart変数バインディングに sysUpTime と whyReload が追加され、再起動してからの時間と再起動の理由が確認できるようになった。
authenticationFailure変数バインディングに authAddr が追加され、不正なコミュニティ名によるリクエストを実行しているノードのアドレスが確認できるようになった。
なお、先程も述べたように、Cisco のルータ・スイッチでも IETF 準拠のトラップを発行するよう設定することは可能です。次の画像は、snmp-server trap link ietf コマンドを設定して、IETF 準拠のトラップを発行するよう設定した Cisco ルータの linkDown トラップをキャプチャしたものです。

snmptt_2-2.png

この画像を見て、「IETF 準拠といいつつ、結局変数バインディングに ifDescr や locIfReason が入っているじゃないか」と思われるかもしれませんが、IF-MIB で定義された変数バインディングが、定義された順番の通りに並んでいる点に注目して下さい。これにより、Net-SNMP のトラップなどと同じメッセージフォーマットを利用して監視を行うことも、新規にフォーマットを定義して ifDescr や locIfReason を監視に利用することもできます。

とはいえ、新規にフォーマットを定義するのであれば、変数バインディングが増えてトラップのサイズが大きくなること、あるいは全ての Cisco 機器にコマンドを設定する手間を考えると、デフォルトの Cisco 独自フォーマットのままで利用するのが現実的でしょう。



さて、CISCOTRAP-MIB によるトラップの再定義の意味が理解できたところで、再び必要ファイルの洗い出しに戻ります。

先程、SNMPv2-MIB、IF-MIB、CISCOTRAP-MIB の 3 つのモジュールを定義したファイルと、その関連ファイルが必要という話をしました。SNMPv2-MIB、IF-MIB については、通常 Net-SNMP の MIB ディレクトリ(/usr/share/snmp/mibs)にそれぞれ SNMPv2-MIB.txt、IF-MIB.txt という名前のテキストが存在するので、そちらを利用すればよいでしょう。また、CISCOTRAP-MIB については Cisco の FTP サイトの v1 ディレクトリにある CISCO-GENERAL-TRAPS.my をダウンロードして下さい。

手間がかかるのが関連ファイルの調査です。MIB モジュールには依存関係があるため、例えば CISCOTRAPS-MIB を使用してトラップ定義を作成するには、CISCOTRAPS-MIB が依存している以下の MIB モジュールを予めロードしておく必要があります。

RFC1213-MIB
RFC-1215
CISCO-SMI
OLD-CISCO-SYSTEM-MIB
OLD-CISCO-INTERFACES-MIB
OLD-CISCO-TS-MIB
OLD-CISCO-TCP-MIB


また、当然ながらこれらの MIB モジュールにも依存関係があるため、さらに以下の MIB モジュールが必要となります。

SNMPv2-SMI
SNMPv2-TC
IANAifType-MIB
RFC1155-SMI
RFC-1212


MIB の依存関係については、MIB ファイルの先頭に記述されている IMPORTS ブロックを確認する方法が基本ですが、Cisco の MIB であれば SNMP Object Navigator を利用することもできます。



CISCOTRAP-MIB の IMPORTS ブロックを確認する場合(青字部分は追記)

    CISCOTRAP-MIB DEFINITIONS ::= BEGIN

          IMPORTS
              snmp
                   FROM SNMPv2-MIB
              sysUpTime, ifIndex, ifDescr, ifType, egpNeighAddr, 
              tcpConnState
                   FROM RFC1213-MIB
              cisco
                   FROM CISCO-SMI
              whyReload, authAddr
                   FROM OLD-CISCO-SYSTEM-MIB
              locIfReason
                   FROM OLD-CISCO-INTERFACES-MIB
              tslineSesType, tsLineUser
                   FROM OLD-CISCO-TS-MIB
              loctcpConnElapsed, loctcpConnInBytes, loctcpConnOutBytes
                   FROM OLD-CISCO-TCP-MIB
              TRAP-TYPE
                   FROM RFC-1215;
    ~以下省略~

ここでは「FROM ~」という記述のある SNMPv2-MIB、RFC1213-MIB、CISCO-SMI、OLD-CISCO-SYSTEM-MIB、OLD-CISCO-INTERFACES-MIB、OLD-CISCO-TS-MIB、OLD-CISCO-TCP-MIB、RFC-1215 が必要であることが分かります。


SNMP Object Navigator を利用する場合

① VIEW & DOWNLOAD MIBS タブを開き、リストから CISCO-GENERAL-TRAPS を選択、View MIB dependencies and download MIB をチェックして Submit ボタンをクリックします。

snmptt_2-5.png

② 依存関係のある MIB の一覧が表示されるので、必要に応じてダウンロードします。

snmptt_2-6.png

ここでは SNMPv2-SMI、SNMPv2-TC、IANAifType-MIB、RFC1155-SMI、RFC-1212、RFC1213-MIB、CISCO-SMI、OLD-CISCO-SYSTEM-MIB、OLD-CISCO-INTERFACES-MIB、OLD-CISCO-TS-MIB、OLD-CISCO-TCP-MIB、RFC-1215 が必要であることがわかります。

SNMP Object Navigator は関連する MIB の依存関係について一括で表示してくれるため、複雑な依存関係を持った MIB を読み込む際には非常に有用です。


これらの MIB モジュールの内、Cisco のエンタープライズ MIB 以外のものは Net-SNMP の MIB ディレクトリにデフォルトで存在するため、それをそのまま使用すればよいでしょう。Cisco の MIB に関しては、FTP サイトからダウンロードして、その他の MIB と同様に MIB ディレクトリに配置して下さい。

今回は HSRP の MIB も使用するため、最終的に MIB ディレクトリに配置されるファイルは以下のようになります(青字が今回必要なファイル)。

[root@centos6 ~]# ls -l /usr/share/snmp/mibs/
合計 1876
-rw-r--r--. 1 root root  17455  6月 25 12:01 2011 AGENTX-MIB.txt
-rw-r--r--. 1 root root  50948  6月 25 12:01 2011 BRIDGE-MIB.txt
-rw-r--r--. 1 root root  20731  1月  7 12:11 2006 CISCO-HSRP-MIB.my
-rw-r--r--. 1 root root   9195  7月  6 16:00 2000 CISCO-SMI.my
-rw-r--r--. 1 root root  68104  6月 25 12:01 2011 DISMAN-EVENT-MIB.txt
-rw-r--r--. 1 root root  24613  6月 25 12:01 2011 DISMAN-SCHEDULE-MIB.txt
-rw-r--r--. 1 root root  64311  6月 25 12:01 2011 DISMAN-SCRIPT-MIB.txt
-rw-r--r--. 1 root root  84492  6月 25 12:01 2011 EtherLike-MIB.txt
-rw-r--r--. 1 root root   4660  6月 25 12:01 2011 HCNUM-TC.txt
-rw-r--r--. 1 root root  52544  6月 25 12:01 2011 HOST-RESOURCES-MIB.txt
-rw-r--r--. 1 root root  10583  6月 25 12:01 2011 HOST-RESOURCES-TYPES.txt
-rw-r--r--. 1 root root   4819  6月 25 12:01 2011 IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt
-rw-r--r--. 1 root root   4299  6月 25 12:01 2011 IANA-LANGUAGE-MIB.txt
-rw-r--r--. 1 root root   3513  6月 25 12:01 2011 IANA-RTPROTO-MIB.txt
-rw-r--r--. 1 root root  29665  6月 25 12:01 2011 IANAifType-MIB.txt
-rw-r--r--. 1 root root   5066  6月 25 12:01 2011 IF-INVERTED-STACK-MIB.txt
-rw-r--r--. 1 root root  71691  6月 25 12:01 2011 IF-MIB.txt
-rw-r--r--. 1 root root  16782  6月 25 12:01 2011 INET-ADDRESS-MIB.txt
-rw-r--r--. 1 root root  46286  6月 25 12:01 2011 IP-FORWARD-MIB.txt
-rw-r--r--. 1 root root 185667  6月 25 12:01 2011 IP-MIB.txt
-rw-r--r--. 1 root root  15936  6月 25 12:01 2011 IPV6-ICMP-MIB.txt
-rw-r--r--. 1 root root  48703  6月 25 12:01 2011 IPV6-MIB.txt
-rw-r--r--. 1 root root   2367  6月 25 12:01 2011 IPV6-TC.txt
-rw-r--r--. 1 root root   7257  6月 25 12:01 2011 IPV6-TCP-MIB.txt
-rw-r--r--. 1 root root   4400  6月 25 12:01 2011 IPV6-UDP-MIB.txt
-rw-r--r--. 1 root root   5931  6月 25 12:01 2011 LM-SENSORS-MIB.txt
-rw-r--r--. 1 root root  42375  6月 25 12:01 2011 MTA-MIB.txt
-rw-r--r--. 1 root root  15732  6月 25 12:01 2011 NET-SNMP-AGENT-MIB.txt
-rw-r--r--. 1 root root   9160  6月 25 12:01 2011 NET-SNMP-EXAMPLES-MIB.txt
-rw-r--r--. 1 root root   9198  6月 25 12:01 2011 NET-SNMP-EXTEND-MIB.txt
-rw-r--r--. 1 root root   2036  6月 25 12:01 2011 NET-SNMP-MIB.txt
-rw-r--r--. 1 root root   3351  6月 25 12:01 2011 NET-SNMP-PASS-MIB.txt
-rw-r--r--. 1 root root   4686  6月 25 12:01 2011 NET-SNMP-TC.txt
-rw-r--r--. 1 root root   5039  6月 25 12:01 2011 NET-SNMP-VACM-MIB.txt
-rw-r--r--. 1 root root  21006  6月 25 12:01 2011 NETWORK-SERVICES-MIB.txt
-rw-r--r--. 1 root root  24694  6月 25 12:01 2011 NOTIFICATION-LOG-MIB.txt
-rw-r--r--. 1 root root  50604  6月 25 16:00 1999 OLD-CISCO-INTERFACES-MIB.my
-rw-r--r--. 1 root root   8311  6月 25 16:00 1999 OLD-CISCO-SYSTEM-MIB.my
-rw-r--r--. 1 root root   4129  6月 25 16:00 1999 OLD-CISCO-TCP-MIB.my
-rw-r--r--. 1 root root  18982  6月 25 16:00 1999 OLD-CISCO-TS-MIB.my
-rw-r--r--. 1 root root   1174  6月 25 12:01 2011 RFC-1215.txt
-rw-r--r--. 1 root root   3067  6月 25 12:01 2011 RFC1155-SMI.txt
-rw-r--r--. 1 root root  79667  6月 25 12:01 2011 RFC1213-MIB.txt
-rw-r--r--. 1 root root 147822  6月 25 12:01 2011 RMON-MIB.txt
-rw-r--r--. 1 root root  45323  6月 25 12:01 2011 SCTP-MIB.txt
-rw-r--r--. 1 root root   4595  6月 25 12:01 2011 SMUX-MIB.txt
-rw-r--r--. 1 root root  15490  6月 25 12:01 2011 SNMP-COMMUNITY-MIB.txt
-rw-r--r--. 1 root root  22342  6月 25 12:01 2011 SNMP-FRAMEWORK-MIB.txt
-rw-r--r--. 1 root root   5496  6月 25 12:01 2011 SNMP-MPD-MIB.txt
-rw-r--r--. 1 root root  20014  6月 25 12:01 2011 SNMP-NOTIFICATION-MIB.txt
-rw-r--r--. 1 root root   9106  6月 25 12:01 2011 SNMP-PROXY-MIB.txt
-rw-r--r--. 1 root root  22769  6月 25 12:01 2011 SNMP-TARGET-MIB.txt
-rw-r--r--. 1 root root  39201  6月 25 12:01 2011 SNMP-USER-BASED-SM-MIB.txt
-rw-r--r--. 1 root root   2205  6月 25 12:01 2011 SNMP-USM-AES-MIB.txt
-rw-r--r--. 1 root root  21101  6月 25 12:01 2011 SNMP-USM-DH-OBJECTS-MIB.txt
-rw-r--r--. 1 root root  34162  6月 25 12:01 2011 SNMP-VIEW-BASED-ACM-MIB.txt
-rw-r--r--. 1 root root   8263  6月 25 12:01 2011 SNMPv2-CONF.txt
-rw-r--r--. 1 root root  29305  6月 25 12:01 2011 SNMPv2-MIB.txt
-rw-r--r--. 1 root root   8924  6月 25 12:01 2011 SNMPv2-SMI.txt
-rw-r--r--. 1 root root  38034  6月 25 12:01 2011 SNMPv2-TC.txt
-rw-r--r--. 1 root root   5775  6月 25 12:01 2011 SNMPv2-TM.txt
-rw-r--r--. 1 root root  28564  6月 25 12:01 2011 TCP-MIB.txt
-rw-r--r--. 1 root root  16418  6月 25 12:01 2011 TRANSPORT-ADDRESS-MIB.txt
-rw-r--r--. 1 root root   2163  6月 25 12:01 2011 UCD-DEMO-MIB.txt
-rw-r--r--. 1 root root   4402  6月 25 12:01 2011 UCD-DISKIO-MIB.txt
-rw-r--r--. 1 root root   3010  6月 25 12:01 2011 UCD-DLMOD-MIB.txt
-rw-r--r--. 1 root root   8118  6月 25 12:01 2011 UCD-IPFWACC-MIB.txt
-rw-r--r--. 1 root root  46150  6月 25 12:01 2011 UCD-SNMP-MIB.txt
-rw-r--r--. 1 root root  20882  6月 25 12:01 2011 UDP-MIB.txt

3. トラップ定義ファイルの作成

MIBS 環境変数を export し、MIB ディレクトリ内の全ての MIB モジュールをロードするよう設定します。

[root@centos6 ~]# export MIBS=+ALL

snmpttconvertmib のコマンドラインオプションを確認しておきます。必須オプションは --in と --out、その他よく使うオプションとして、SDESC-EDESC ブロックに変数バインディングの詳細な説明を含むよう指定する --net_snmp_perl があります。

[root@centos6 ~]# snmpttconvertmib --h

SNMPTTCONVERTMIB v1.3
(c) 2002-2007 Alex Burger
http://snmptt.sourceforge.net

Usage:
  snmpttconvertmib --in= --out= []
Options:
  --debug=n              Set debug level (1 or 2)
  --help                 Display this message
  --version              Display author and version information
  --net_snmp_perl        Enable NET-SNMP Perl integration (see below)
  --in=filename          Input file
  --out=filename         Output file
  --nodes=name or file   If specified, will insert a NODES line after FORMAT or
                         EXEC.  The host name(s) separated by spaces, or the
                         name of the nodes file.  Use quotes for multiple
                         entries.  See NODES section in readme.html for examples
  --no_description       Do not save the description
  --no_variables         Do not save the variable list in the description
  --no_format_summary    Do not use the --#SUMMARY lines for FORMAT / EXEC
  --no_format_desc       Do not use the description line for FORMAT / EXEC
  --no_severity          Do not use the --#SEVERITY line for EVENT line.  Default
                         severity of "Normal" will be used, unless --severity= is
                         set
  --severity=s           Severity level for EVENT line.  Only used if there is no
                         --#SEVERITY line, or --no_severity is set.  Must NOT
                         contain any spaces.
                         Example:
                           Critical
  --format=n             FORMAT / EXEC order preference
                           0 = --#SUMMARY or description
                           1 = description or --#SUMMARY
                           2 = --#SUMMARY and description
                           3 = description and --#SUMMARY
  --format_desc=n        How to convert the description line for FORMAT / EXEC
                           0 = First line of description
                           n = n sentence(s) of description
  --no_desc_wildcard     To prevent $* from being appended to the end of
                         description text when used on the FORMAT / EXEC
                         lines.  A wildcard is only used if the description
                         line contained no variable definitions (%n).
  --exec=command         Command line to use for EXEC line.  Use SINGLE quotes
                         with Unix.  Example:
                           'qpage -f TRAP notifygroup1'

  Note:  The only benefit in using the --net_snmp_perl switch (which requires the
         Net-SNMP Perl module to be installed) is that the Variables: description section
         will include:
           -variable syntax
           -variable description
           -variable enums

           For example:
           2: globalStatus
              Syntax="INTEGER"
                2: ok
                4: failure
              Descr="Current status of the entire library system"

snmpttconvertmib コマンドを実行し、CISCOTRAP-MIB のトラップ定義を作成します。

[root@centos6 ~]# snmpttconvertmib --in=/usr/share/snmp/mibs/CISCO-GENERAL-TRAPS.my --out=/etc/snmp/snmptt-cisco.conf --net_snmp_perl


*****  UCD-SNMP / NET-SNMP Perl module enabled *****



*****  Processing MIB file *****

snmptranslate version: NET-SNMP version: 5.5
severity: Normal

File to load is:        /usr/share/snmp/mibs/CISCO-GENERAL-TRAPS.my
File to APPEND TO:      /etc/snmp/snmptt-cisco.conf

MIBS environment var:   /usr/share/snmp/mibs/CISCO-GENERAL-TRAPS.my
mib name: CISCOTRAP-MIB


*****  Using UCD-SNMP / NET-SNMP Perl module *****



Processing MIB:         CISCOTRAP-MIB
#
skipping a TRAP-TYPE / NOTIFICATION-TYPE line - probably an import line.
#
Line: 23
TRAP-TYPE: coldStart
Variables: sysUpTime whyReload
Looking up via snmptranslate: CISCOTRAP-MIB::coldStart
OID: .1.3.6.1.2.1.11.0.0
#
Line: 33
TRAP-TYPE: linkDown
Variables: ifIndex ifDescr ifType locIfReason
Looking up via snmptranslate: CISCOTRAP-MIB::linkDown
OID: .1.3.6.1.2.1.11.0.2
#
Line: 43
TRAP-TYPE: linkUp
Variables: ifIndex ifDescr ifType locIfReason
Looking up via snmptranslate: CISCOTRAP-MIB::linkUp
OID: .1.3.6.1.2.1.11.0.3
#
Line: 53
TRAP-TYPE: authenticationFailure
Variables: authAddr
Looking up via snmptranslate: CISCOTRAP-MIB::authenticationFailure
OID: .1.3.6.1.2.1.11.0.4
#
Line: 67
TRAP-TYPE: egpNeighborLoss
Variables: egpNeighAddr
Looking up via snmptranslate: CISCOTRAP-MIB::egpNeighborLoss
OID: .1.3.6.1.2.1.11.0.5
#
Line: 79
TRAP-TYPE: reload
Variables: sysUpTime whyReload
Looking up via snmptranslate: CISCOTRAP-MIB::reload
OID: .1.3.6.1.4.1.9.0.0
#
Line: 89
TRAP-TYPE: tcpConnectionClose
Variables: tslineSesType tcpConnState loctcpConnElapsed loctcpConnInBytes loctcpConnOutBytes tsLineUser
Looking up via snmptranslate: CISCOTRAP-MIB::tcpConnectionClose
OID: .1.3.6.1.4.1.9.0.1


Done

Total translations:        7
Successful translations:   7
Failed translations:       0

同様に、CISCO-HSRP-MIB のトラップ定義を作成します。出力ファイルに既存ファイルを指定した場合は、ファイルの末尾にトラップ定義が追記される動作となります。

[root@centos6 ~]# snmpttconvertmib --in=/usr/share/snmp/mibs/CISCO-HSRP-MIB.my --out=/etc/
snmp/snmptt-cisco.conf --net_snmp_perl


*****  UCD-SNMP / NET-SNMP Perl module enabled *****



*****  Processing MIB file *****

snmptranslate version: NET-SNMP version: 5.5
severity: Normal

File to load is:        /usr/share/snmp/mibs/CISCO-HSRP-MIB.my
File to APPEND TO:      /etc/snmp/snmptt-cisco.conf

MIBS environment var:   /usr/share/snmp/mibs/CISCO-HSRP-MIB.my
mib name: CISCO-HSRP-MIB


*****  Using UCD-SNMP / NET-SNMP Perl module *****



Processing MIB:         CISCO-HSRP-MIB
#
skipping a TRAP-TYPE / NOTIFICATION-TYPE line - probably an import line.
#
Line: 465
NOTIFICATION-TYPE: cHsrpStateChange
Variables: cHsrpGrpStandbyState
Enterprise: cHsrpMIBNotifications
Looking up via snmptranslate: CISCO-HSRP-MIB::cHsrpStateChange
OID: .1.3.6.1.4.1.9.9.106.2.0.1


Done

Total translations:        1
Successful translations:   1
Failed translations:       0

次に、一般トラップのトラップ定義を作成します。出力ファイルを RFC で定義される標準トラップ用のものに切り替えています。

[root@centos6 ~]# snmpttconvertmib --in=/usr/share/snmp/mibs/SNMPv2-MIB.txt --out=/etc/snm
p/snmptt-standard.conf --net_snmp_perl


*****  UCD-SNMP / NET-SNMP Perl module enabled *****



*****  Processing MIB file *****

snmptranslate version: NET-SNMP version: 5.5
severity: Normal

File to load is:        /usr/share/snmp/mibs/SNMPv2-MIB.txt
File to APPEND TO:      /etc/snmp/snmptt-standard.conf

MIBS environment var:   /usr/share/snmp/mibs/SNMPv2-MIB.txt
mib name: SNMPv2-MIB


*****  Using UCD-SNMP / NET-SNMP Perl module *****



Processing MIB:         SNMPv2-MIB
#
skipping a TRAP-TYPE / NOTIFICATION-TYPE line - probably an import line.
#
Line: 420
NOTIFICATION-TYPE: coldStart
Enterprise: snmpTraps
Looking up via snmptranslate: SNMPv2-MIB::coldStart
OID: .1.3.6.1.6.3.1.1.5.1
#
Line: 429
NOTIFICATION-TYPE: warmStart
Enterprise: snmpTraps
Looking up via snmptranslate: SNMPv2-MIB::warmStart
OID: .1.3.6.1.6.3.1.1.5.2
#
Line: 442
NOTIFICATION-TYPE: authenticationFailure
Enterprise: snmpTraps
Looking up via snmptranslate: SNMPv2-MIB::authenticationFailure
OID: .1.3.6.1.6.3.1.1.5.5


Done

Total translations:        3
Successful translations:   3
Failed translations:       0
[root@centos6 ~]# snmpttconvertmib --in=/usr/share/snmp/mibs/IF-MIB.txt --out=/etc/snmp/sn
mptt-standard.conf --net_snmp_perl


*****  UCD-SNMP / NET-SNMP Perl module enabled *****



*****  Processing MIB file *****

snmptranslate version: NET-SNMP version: 5.5
severity: Normal

File to load is:        /usr/share/snmp/mibs/IF-MIB.txt
File to APPEND TO:      /etc/snmp/snmptt-standard.conf

MIBS environment var:   /usr/share/snmp/mibs/IF-MIB.txt
mib name: IF-MIB


*****  Using UCD-SNMP / NET-SNMP Perl module *****



Processing MIB:         IF-MIB
#
skipping a TRAP-TYPE / NOTIFICATION-TYPE line - probably an import line.
#
Line: 1105
NOTIFICATION-TYPE: linkDown
Variables: ifIndex ifAdminStatus ifOperStatus
Enterprise: snmpTraps
Looking up via snmptranslate: IF-MIB::linkDown
OID: .1.3.6.1.6.3.1.1.5.3
#
Line: 1117
NOTIFICATION-TYPE: linkUp
Variables: ifIndex ifAdminStatus ifOperStatus
Enterprise: snmpTraps
Looking up via snmptranslate: IF-MIB::linkUp
OID: .1.3.6.1.6.3.1.1.5.4


Done

Total translations:        2
Successful translations:   2
Failed translations:       0

作成した定義ファイルの内容を確認します。

[root@centos6 ~]# cat /etc/snmp/snmptt-cisco.conf
#
#
#
#
MIB: CISCOTRAP-MIB (file:/usr/share/snmp/mibs/CISCO-GENERAL-TRAPS.my) converted on Thu Jul 21 18:20:05 2011 using snmpttconvertmib v1.3
#
#
#
EVENT coldStart .1.3.6.1.2.1.11.0.0 "Status Events" Normal
FORMAT A coldStart trap signifies that the sending $*
SDESC
A coldStart trap signifies that the sending
protocol entity is reinitializing itself such
that the agent's configuration or the protocol
entity implementation may be altered.
Variables:
  1: sysUpTime
     Syntax="TICKS"
     Descr="The time (in hundredths of a second) since the
            network management portion of the system was last
            re-initialized."
  2: whyReload
     Syntax="OCTETSTR"
     Descr="This variable contains a printable octet
                           string which contains the reason why the
                           system was last restarted."
EDESC
#
#
#
EVENT linkDown .1.3.6.1.2.1.11.0.2 "Status Events" Normal
FORMAT A linkDown trap signifies that the sending $*
SDESC
A linkDown trap signifies that the sending
protocol entity recognizes a failure in one of
the communication links represented in the
agent's configuration.
Variables:
  1: ifIndex
     Syntax="INTEGER"
     Descr="A unique value for each interface.  Its value
            ranges between 1 and the value of ifNumber.  The
            value for each interface must remain constant at
            least from one re-initialization of the entity's
            network management system to the next re-
            initialization."
  2: ifDescr
     Syntax="OCTETSTR"
     Descr="A textual string containing information about the
            interface.  This string should include the name of
            the manufacturer, the product name and the version
            of the hardware interface."
  3: ifType
     Syntax="INTEGER"
       1: other
       10: iso88026-man
       11: starLan
       12: proteon-10Mbit
       13: proteon-80Mbit
       14: hyperchannel
       15: fddi
       16: lapb
       17: sdlc
       18: ds1
       19: e1
       2: regular1822
       20: basicISDN
       21: primaryISDN
       22: propPointToPointSerial
       23: ppp
       24: softwareLoopback
       25: eon
       26: ethernet-3Mbit
       27: nsip
       28: slip
       29: ultra
       3: hdh1822
       30: ds3
       31: sip
       32: frame-relay
       4: ddn-x25
       5: rfc877-x25
       6: ethernet-csmacd
       7: iso88023-csmacd
       8: iso88024-tokenBus
       9: iso88025-tokenRing
     Descr="The type of interface, distinguished according to
            the physical/link protocol(s) immediately `below'
            the network layer in the protocol stack."
  4: locIfReason
     Syntax="OCTETSTR"
     Descr="Reason for interface last status change."
EDESC
#
#
#
EVENT linkUp .1.3.6.1.2.1.11.0.3 "Status Events" Normal
FORMAT A linkUp trap signifies that the sending $*
SDESC
A linkUp trap signifies that the sending
protocol entity recognizes that one of the
communication links represented in the agent's
configuration has come up.
Variables:
  1: ifIndex
     Syntax="INTEGER"
     Descr="A unique value for each interface.  Its value
            ranges between 1 and the value of ifNumber.  The
            value for each interface must remain constant at
            least from one re-initialization of the entity's
            network management system to the next re-
            initialization."
  2: ifDescr
     Syntax="OCTETSTR"
     Descr="A textual string containing information about the
            interface.  This string should include the name of
            the manufacturer, the product name and the version
            of the hardware interface."
  3: ifType
     Syntax="INTEGER"
       1: other
       10: iso88026-man
       11: starLan
       12: proteon-10Mbit
       13: proteon-80Mbit
       14: hyperchannel
       15: fddi
       16: lapb
       17: sdlc
       18: ds1
       19: e1
       2: regular1822
       20: basicISDN
       21: primaryISDN
       22: propPointToPointSerial
       23: ppp
       24: softwareLoopback
       25: eon
       26: ethernet-3Mbit
       27: nsip
       28: slip
       29: ultra
       3: hdh1822
       30: ds3
       31: sip
       32: frame-relay
       4: ddn-x25
       5: rfc877-x25
       6: ethernet-csmacd
       7: iso88023-csmacd
       8: iso88024-tokenBus
       9: iso88025-tokenRing
     Descr="The type of interface, distinguished according to
            the physical/link protocol(s) immediately `below'
            the network layer in the protocol stack."
  4: locIfReason
     Syntax="OCTETSTR"
     Descr="Reason for interface last status change."
EDESC
#
#
#
EVENT authenticationFailure .1.3.6.1.2.1.11.0.4 "Status Events" Normal
FORMAT An authenticationFailure trap signifies that $*
SDESC
An authenticationFailure trap signifies that
the sending protocol entity is the addressee
of a protocol message that is not properly
authenticated.  While implementations of the
SNMP must be capable of generating this trap,
they must also be capable of suppressing the
emission of such traps via an implementation-
specific mechanism.
Variables:
  1: authAddr
     Syntax="IPADDR"
     Descr="This variable contains the last SNMP
                           authorization failure IP address."
EDESC
#
#
#
EVENT egpNeighborLoss .1.3.6.1.2.1.11.0.5 "Status Events" Normal
FORMAT An egpNeighborLoss trap signifies that an EGP $*
SDESC
An egpNeighborLoss trap signifies that an EGP
neighbor for whom the sending protocol entity
was an EGP peer has been marked down and the
peer relationship no longer obtains.
Variables:
  1: egpNeighAddr
     Syntax="IPADDR"
     Descr="The IP address of this entry's EGP neighbor."
EDESC
#
#
#
EVENT reload .1.3.6.1.4.1.9.0.0 "Status Events" Normal
FORMAT A reload trap signifies that the sending $*
SDESC
A reload trap signifies that the sending
protocol entity is reinitializing itself such
that the agent's configuration or the protocol
entity implementation may be altered.
Variables:
  1: sysUpTime
     Syntax="TICKS"
     Descr="The time (in hundredths of a second) since the
            network management portion of the system was last
            re-initialized."
  2: whyReload
     Syntax="OCTETSTR"
     Descr="This variable contains a printable octet
                           string which contains the reason why the
                           system was last restarted."
EDESC
#
#
#
EVENT tcpConnectionClose .1.3.6.1.4.1.9.0.1 "Status Events" Normal
FORMAT A tty trap signifies that a TCP connection, $*
SDESC
A tty trap signifies that a TCP connection,
previously established with the sending
protocol entity for the purposes of a tty
session, has been terminated.
Variables:
  1: tslineSesType
     Syntax="INTEGER"
       1: unknown
       10: xremote
       11: rshell
       2: pad
       3: stream
       4: rlogin
       5: telnet
       6: tcp
       7: lat
       8: mop
       9: slip
     Descr="Type of session."
  2: tcpConnState
     Syntax="INTEGER"
       1: closed
       10: closing
       11: timeWait
       12: deleteTCB
       2: listen
       3: synSent
       4: synReceived
       5: established
       6: finWait1
       7: finWait2
       8: closeWait
       9: lastAck
     Descr="The state of this TCP connection.

            The only value which may be set by a management
            station is deleteTCB(12).  Accordingly, it is
            appropriate for an agent to return a `badValue'
            response if a management station attempts to set
            this object to any other value.

            If a management station sets this object to the
            value deleteTCB(12), then this has the effect of
            deleting the TCB (as defined in RFC 793) of the
            corresponding connection on the managed node,
            resulting in immediate termination of the
            connection.

            As an implementation-specific option, a RST

            segment may be sent from the managed node to the
            other TCP endpoint (note however that RST segments
            are not sent reliably)."
  3: loctcpConnElapsed
     Syntax="TICKS"
     Descr="How long this TCP connection has been
                           established."
  4: loctcpConnInBytes
     Syntax="INTEGER"
     Descr="Bytes input for this TCP connection."
  5: loctcpConnOutBytes
     Syntax="INTEGER"
     Descr="Bytes output for this TCP connection."
  6: tsLineUser
     Syntax="OCTETSTR"
     Descr="TACACS user name, if TACACS enabled, of user
                           on this line."
EDESC
#
#
#
#
MIB: CISCO-HSRP-MIB (file:/usr/share/snmp/mibs/CISCO-HSRP-MIB.my) converted on Thu Jul 21 18:20:28 2011 using snmpttconvertmib v1.3
#
#
#
EVENT cHsrpStateChange .1.3.6.1.4.1.9.9.106.2.0.1 "Status Events" Normal
FORMAT A cHsrpStateChange notification is sent when a $*
SDESC
A cHsrpStateChange notification is sent when a
cHsrpGrpStandbyState transitions to either active or
standby state, or leaves active or standby state. There
will be only one notification issued when the state change
is from standby to active and vice versa.
Variables:
  1: cHsrpGrpStandbyState
     Syntax="INTEGER"
       1: initial
       2: learn
       3: listen
       4: speak
       5: standby
       6: active
     Descr="The current HSRP state of this group on this interface."
EDESC

[root@centos6 ~]# cat /etc/snmp/snmptt-standard.conf
#
#
#
#
MIB: SNMPv2-MIB (file:/usr/share/snmp/mibs/SNMPv2-MIB.txt) converted on Thu Jul 21 18:44:23 2011 using snmpttconvertmib v1.3
#
#
#
EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
FORMAT A coldStart trap signifies that the SNMP entity, $*
SDESC
A coldStart trap signifies that the SNMP entity,
supporting a notification originator application, is
reinitializing itself and that its configuration may
have been altered.
EDESC
#
#
#
EVENT warmStart .1.3.6.1.6.3.1.1.5.2 "Status Events" Normal
FORMAT A warmStart trap signifies that the SNMP entity, $*
SDESC
A warmStart trap signifies that the SNMP entity,
supporting a notification originator application,
is reinitializing itself such that its configuration
is unaltered.
EDESC
#
#
#
EVENT authenticationFailure .1.3.6.1.6.3.1.1.5.5 "Status Events" Normal
FORMAT An authenticationFailure trap signifies that the SNMP $*
SDESC
An authenticationFailure trap signifies that the SNMP
entity has received a protocol message that is not
properly authenticated.  While all implementations
of SNMP entities MAY be capable of generating this
trap, the snmpEnableAuthenTraps object indicates
whether this trap will be generated.
EDESC
#
#
#
#
MIB: IF-MIB (file:/usr/share/snmp/mibs/IF-MIB.txt) converted on Thu Jul 21 18:44:33 2011 using snmpttconvertmib v1.3
#
#
#
EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Normal
FORMAT A linkDown trap signifies that the SNMP entity, acting in $*
SDESC
A linkDown trap signifies that the SNMP entity, acting in
an agent role, has detected that the ifOperStatus object for
one of its communication links is about to enter the down
state from some other state (but not from the notPresent
state).  This other state is indicated by the included value
of ifOperStatus.
Variables:
  1: ifIndex
     Syntax="INTEGER32"
     Descr="A unique value, greater than zero, for each interface.  It
            is recommended that values are assigned contiguously
            starting from 1.  The value for each interface sub-layer
            must remain constant at least from one re-initialization of
            the entity's network management system to the next re-
            initialization."
  2: ifAdminStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
     Descr="The desired state of the interface.  The testing(3) state
            indicates that no operational packets can be passed.  When a
            managed system initializes, all interfaces start with
            ifAdminStatus in the down(2) state.  As a result of either
            explicit management action or per configuration information
            retained by the managed system, ifAdminStatus is then
            changed to either the up(1) or testing(3) states (or remains
            in the down(2) state)."
  3: ifOperStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
       4: unknown
       5: dormant
       6: notPresent
       7: lowerLayerDown
     Descr="The current operational state of the interface.  The
            testing(3) state indicates that no operational packets can
            be passed.  If ifAdminStatus is down(2) then ifOperStatus
            should be down(2).  If ifAdminStatus is changed to up(1)
            then ifOperStatus should change to up(1) if the interface is
            ready to transmit and receive network traffic; it should
            change to dormant(5) if the interface is waiting for
            external actions (such as a serial line waiting for an
            incoming connection); it should remain in the down(2) state
            if and only if there is a fault that prevents it from going
            to the up(1) state; it should remain in the notPresent(6)
            state if the interface has missing (typically, hardware)
            components."
EDESC
#
#
#
EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal
FORMAT A linkUp trap signifies that the SNMP entity, acting in an $*
SDESC
A linkUp trap signifies that the SNMP entity, acting in an
agent role, has detected that the ifOperStatus object for
one of its communication links left the down state and
transitioned into some other state (but not into the
notPresent state).  This other state is indicated by the
included value of ifOperStatus.
Variables:
  1: ifIndex
     Syntax="INTEGER32"
     Descr="A unique value, greater than zero, for each interface.  It
            is recommended that values are assigned contiguously
            starting from 1.  The value for each interface sub-layer
            must remain constant at least from one re-initialization of
            the entity's network management system to the next re-
            initialization."
  2: ifAdminStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
     Descr="The desired state of the interface.  The testing(3) state
            indicates that no operational packets can be passed.  When a
            managed system initializes, all interfaces start with
            ifAdminStatus in the down(2) state.  As a result of either
            explicit management action or per configuration information
            retained by the managed system, ifAdminStatus is then
            changed to either the up(1) or testing(3) states (or remains
            in the down(2) state)."
  3: ifOperStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
       4: unknown
       5: dormant
       6: notPresent
       7: lowerLayerDown
     Descr="The current operational state of the interface.  The
            testing(3) state indicates that no operational packets can
            be passed.  If ifAdminStatus is down(2) then ifOperStatus
            should be down(2).  If ifAdminStatus is changed to up(1)
            then ifOperStatus should change to up(1) if the interface is
            ready to transmit and receive network traffic; it should
            change to dormant(5) if the interface is waiting for
            external actions (such as a serial line waiting for an
            incoming connection); it should remain in the down(2) state
            if and only if there is a fault that prevents it from going
            to the up(1) state; it should remain in the notPresent(6)
            state if the interface has missing (typically, hardware)
            components."
EDESC

これらのファイルはそのままでは使用できないため、修正を行います。修正のポイントは以下の点になります。

① EVENT 行のカテゴリ
② EVENT 行の重要度
③ FORMAT 行のメッセージフォーマット


また、一般トラップと重複した OID を使用している CISCOTRAP-MIB については、追加で以下の修正も必要となります。

④ EVENT 行のイベント OID
⑤ NODES 行の追加


各項目における修正のポイントは以下の通りです。

① カテゴリ

ダブルクォーテーション(")に囲まれた空白を含む任意の文字列を指定可能で、デフォルトの値は "Status Events" です。

カテゴリ分類の基本的な考え方としては、"障害"、"管理"、"リソース監視" など個別のトラップが示す事象の内容によって分類する、"Cisco"、"HP"、"F5" どトラップの発行元ベンダーによって分類する、あるいは両者を組み合わせるといったやり方が考えられます。

また、特別なカテゴリとして "IGNORE" と "LOGONLY" の 2 つがあり、それぞれ以下のような特徴があります。

カテゴリログ出力コマンド実行
IGNORE出力されない実行されない
LOGONLY出力される実行されない
その他出力される実行される
これらの 2 つのカテゴリはいずれも監視が不要であるにも関わらず送信元で発行を停止できないトラップに対して用いられますが、"IGNORE" は無条件で監視を停止したい場合に、"LOGONLY" は Nagios のような外部の監視ツールにコマンドでメッセージを通知している環境で、ログは残しておきたいが監視ツールへのメッセージ通知は停止したいといった場合に用いられます。

ちなみに、"LOGONLY" についてはそもそもトラップ定義で EXEC 行を追加しないか、EXEC 行をコメントアウトすることでも同等のことが実現できるので、こうした制御方法もあるということを参考程度に覚えておけばよいでしょう。

② 重要度

イベントの重要度を表す空白を含まない任意の文字列を指定可能で、デフォルトの値は Normal です。

NNM 7.x 以前の trapd.conf との互換性を重視する場合は、Normal, Warning, Minor, Major, Critical の 5 段階の重要度を指定すればよいでしょう。また、連携先の監視ツールのイベント重要度に合わせる、あるいは Syslog の Priority に合わせるという考え方もあります。

いずれにしても、トラップ定義ファイルを記述する上で最も判断に迷うところが、各トラップにどのレベルの重要度を指定すればよいか、という点です。HP の Insight Management MIB などのように、「--#SEVERITY」という特殊なコメント行の指定により、MIB モジュールの中にベンダーが適切と考える重要度を直接記述してくれているものもありますが、その他の殆どの MIB においては重要度は管理者が判断して定義しなければなりません。

管理者による判断の基準として、例えば下表のように緊急度等に応じた重要度の割り当て指針を設定しておくとよいでしょう。

重要度Syslog Priority緊急度
NormalInformational管理者による対処が不要なイベント。
WarningNotice
Warning
管理者による即時の対処は不要だが、何らかの対応が検討されなければならないイベント。
MinorError緊急性の高くない障害。所定の時間内に解消される必要がある。
MajorAlert緊急性の高い障害。可能な限り早期に解消される必要がある。
CriticalCritical緊急性の高い障害の内、特に現用システムに影響のあるもの。可能な限り早期に解消される必要がある。
また、トラップの発行と同時に Syslog メッセージが出力されるイベントについては、Syslog のプライオリティをトラップの重要度に当てはめる方法もあります。例えば Cisco のルータでリンクが切れた際には以下のようなメッセージが出力されますが、このメッセージのプライオリティである Error を linkDown トラップの重要度に割り当るといったやり方です。

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

ただ、どのようなポリシーを採用した場合でも、個別の調整は必要になってくるという点は忘れないで下さい。例えば上記の方針は主に障害管理の観点からのものですが、セキュリティの観点から見た場合に同じトラップの重要度の評価が全く異なるものになる場合があります。

③ メッセージフォーマット

空白を含む任意の文字列を指定可能で、デフォルトの値は MIB の Description の 1 行目の内容になります。

メッセージフォーマットの中では、以下の変数を使用可能です。

変数名説明注意事項
$Aagent-addr のホスト名1
$aAagent-addr の IP アドレス 
$BesecurityEngineID (snmpEngineID)7
$BusecurityName (snmpCommunitySecurityName)7
$BEcontextEngineID (snmpCommunityContextEngineID)7
$BncontextName (snmpCommunityContextName)7
$cカテゴリ 
$Cコミュニティ名 
$Dsnmptt.conf もしくは MIB ファイルの Description テキスト6
$Eシンボル名形式の Enterprise OID 
$e数値形式の Enterprise OID 
$Faアラーム (bell) (BEL) 
$Ff改ページ(FF) 
$Fn改行 (LF, NL) 
$Fr復帰 (CR) 
$Ftタブ (HT, TAB) 
$Fz変換済みの FORMAT 行(EXEC のみ) 
$Ggeneric-trap フィールドの値(企業固有トラップの場合は 0) 
$HSNMPTT が動作しているシステムのホスト名 
$Sspecific-trap フィールドの値(標準トラップの場合は 0) 
$Nsnmptt.conf ファイルで定義されたイベント名 
$isnmptt.conf ファイルで定義されたイベント OID(ワイルドカード OID も対象) 
$Oシンボル名形式のトラップ OID4
$o数値形式のトラップ OID4
$R, $rトラップホスト名1
$aR, $arIP アドレス 
$s重要度 
$TUptime(トラップ送信元が初期化されてからの時間) 
$Xデーモンモード時のスプール時刻、スタンドアロンモード時のトラップ受信時刻 
$xデーモンモード時のスプール日付、スタンドアロンモード時のトラップ受信日付 
$#変数バインディングの個数 
$$$ を文字として表示 
$@デーモンモード時のスプール時刻、スタンドアロンモード時のトラップ受信時刻のエポック秒表示 
$nn 番目の変数バインディングを展開する2,5
$+nn 番目の変数バインディングを「変数名:値」の形式で展開する2,3,5
$-nn 番目の変数バインディングを「変数名(変数型):値」の形式で展開する2,3,5
$vnn 番目の変数バインディングの変数名を展開する3
$*全ての変数バインディングを展開する5
$+*全ての変数バインディングを「変数名:値」の形式で展開する2,3,5
$-*全ての変数バインディングを「変数名(変数型):値」の形式で展開する2,3,5
注 1: 名前解決を有効にするためには、dns_enable オプションを有効化する必要があります。$A/$aA と $R/$aR の違いとして、前者は SNMPv1 トラップの送信元アドレスに agent-addr フィールドを使用し、後者は IP ヘッダーの送信元アドレスを使用します。

注 2: 列挙型オブジェクトの名前解決を有効にするためには、 Net-SNMP Perl モジュールをインストールし、snmptt.ini で translate_integers 及び net_snmp_perl_enable を有効化した上で、適切な MIB モジュールをロードするよう MIBS 環境変数を設定する必要があります。

注 3: 変数バインディングの変数名の名前解決及びデータ型のテキスト名変換を有効にするためには、Net-SNMP Perl モジュールをインストールし、snmptt.ini で net_snmp_perl_enable を有効化した上で、適切な MIB モジュールをロードするよう MIBS 環境変数を設定する必要があります。

注 4: トラップ OID の名前解決を有効にするためには、Net-SNMP Perl モジュールをインストールし、snmptt.ini で translate_trap_oid 及び net_snmp_perl_enable を有効化した上で、適切な MIB モジュールをロードするよう MIBS 環境変数を設定する必要があります。

注 5: 変数バインディングの値に含まれる OID の名前解決を有効にするためには、Net-SNMP Perl モジュールをインストールし、snmptt.ini で translate_oids 及び net_snmp_perl_enable を有効化した上で、適切な MIB モジュールをロードするよう MIBS 環境変数を設定する必要があります。

注 6: この変数を有効化するためには、snmptt.ini で description_mode に 1 もしくは 2 を設定する必要があります。1 を設定した場合、snmptt.conf の Description が使用され、2 を設定した場合、MIB ファイルの Description が使用されます。

注 7: これらの変数は Embedded trap handler(snmptthandler-embedded)でのみ使用可能です。

メッセージフォーマットの指定は、トラップ定義ファイルの作成において重要度の次に難しいポイントになります。

まずフォーマットを英語にするか日本語にするかを決め、英語にする場合は MIB の Description の内容を短くまとめ、日本語にする場合はさらにそれを日本語化する、というのが基本的な方針になります。その際、変数バインディングには発生している事象の理解に有用な情報が含まれることが多いため、極力メッセージに組み込むようにしましょう。

EVENT cHsrpStateChange .1.3.6.1.4.1.9.9.106.2.0.1 "Status Events" Major
FORMAT HSRP グループの状態が変化しました。状態:$1
SDESC
A cHsrpStateChange notification is sent when a
cHsrpGrpStandbyState transitions to either active or
standby state, or leaves active or standby state. There
will be only one notification issued when the state change
is from standby to active and vice versa.
Variables:
  1: cHsrpGrpStandbyState
     Syntax="INTEGER"
       1: initial
       2: learn
       3: listen
       4: speak
       5: standby
       6: active
     Descr="The current HSRP state of this group on this interface."
EDESC

なお、大量のトラップ定義があってメッセージフォーマットを個別に作成することが難しい場合には、「$N を受信しました。$+*」といった共通フォーマットを使用してもよいでしょう。

④ イベント OID

snmpttconvermib コマンドで SMIv1 形式の MIB からトラップ定義ファイルを作成した場合、イベント OID は <Enterprise OID>.0.<specific-trap 番号> になります。そのため、CISCOTRAP-MIB から作成される coldStart のイベント OID は .1.3.6.1.2.1.11.0.0 となり、SNMPv2-MIB に定義されている coldStart(OID は .1.3.6.1.6.3.1.1.5.1)とは異なるトラップとして扱われます。また、Cisco の FTP サイトからダウンロードできる SNMPv2-MIB-V1SMI.my から作成される coldStart の定義についても、同じ理由からイベント OID が .1.3.6.1.6.3.1.1.5.0.0 となってしまい、実際の coldStart トラップにマッチしません。

こうした動作について、以下のような内容のトラップ定義ファイルを作成して確認してみましょう。

EVENT coldStart .1.3.6.1.2.1.11.0.0 "Status Events" Normal
FORMAT CISCOTRAP-MIB coldStart OID=$o
#
EVENT coldStart .1.3.6.1.6.3.1.1.5.0.0 "Status Events" Normal
FORMAT SNMPv2-MIB-V1SMI OID=$o
#
EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
FORMAT SNMPv2-MIB OID=$o

以下のコマンドを実行して、テストトラップを発行します。

[root@centos6 ~]# snmptrap -v 1 -c public localhost snmp localhost 0 0 ''
[root@centos6 ~]# snmptrap -v 1 -c public localhost snmp localhost 6 0 ''
[root@centos6 ~]# snmptrap -v 1 -c public localhost snmpTraps localhost 0 0 ''
[root@centos6 ~]# snmptrap -v 1 -c public localhost snmpTraps localhost 6 0 ''

ログ出力はそれぞれ以下のようになります。

Fri Jul 22 11:13:18 2011 coldStart Normal "Status Events" localhost - SNMPv2-MIB OID=.1.3.6.1.6.3.1.1.5.1
Fri Jul 22 11:13:26 2011 coldStart Normal "Status Events" localhost - CISCOTRAP-MIB coldStart OID=.1.3.6.1.2.1.11.0.0
Fri Jul 22 11:13:31 2011 coldStart Normal "Status Events" localhost - SNMPv2-MIB OID=.1.3.6.1.6.3.1.1.5.1
Fri Jul 22 11:13:34 2011 snmpTraps.0.0 Normal "Status Events" localhost - SNMPv2-MIB-V1SMI OID=.1.3.6.1.6.3.1.1.5.0.0

この結果から、Generic Type が 0 の標準トラップの OID は、Enterprise の値に関わらず .1.3.6.1.6.3.1.1.5.1 として認識され、SNMPv2-MIB-V1SMI.my や CISCO-GENERAL-TRAPS.my から作成されたトラップ定義にはマッチしないことが分かります。また、この動作は linkDown トラップなどの他の標準トラップについても同様です。

SNMPv2-MIB や IF-MIB については本来の SMIv2 形式の MIB ファイルを使用すればよいだけなので問題はありませんが、CISCOTRAP-MIB については SMIv2 形式の MIB ファイルが存在しないため、snmpttconvertmib で作成されたトラップ定義を手で修正する必要があります。

以上の結果を踏まえ、snmptt-cisco.conf の該当箇所を以下のように修正します。

EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Cisco Status Events" Normal
:
EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Cisco Status Events" Critical
:
EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Cisco Status Events" Normal
:
EVENT authenticationFailure .1.3.6.1.6.3.1.1.5.5 "Cisco Management Events" Warning
:
EVENT egpNeighborLoss .1.3.6.1.6.3.1.1.5.6 "Cisco Status Events" Critical
:

⑤ NODES 行の追加

CISCOTRAP-MIB で作成される標準トラップの定義が Cisco 機器からのイベントにのみ適用されるよう、snmptt-cisco.conf を編集して NODES 行の指定を行います。

EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
FORMAT エージェントが再起動しました。種別:coldStart, 理由:$2
NODES /etc/snmp/snmptt-cisco.nodes
:
EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Critical
FORMAT インターフェース $2 が停止しました。状態:$4
NODES /etc/snmp/snmptt-cisco.nodes
:
EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal
FORMAT インターフェース $2 が動作を開始しました。状態:$4
NODES /etc/snmp/snmptt-cisco.nodes
:
EVENT authenticationFailure .1.3.6.1.6.3.1.1.5.5 "Device Management Events" Warning
FORMAT コミュニティ名が不正です。リクエスト送信元:$1
NODES /etc/snmp/snmptt-cisco.nodes
:
EVENT egpNeighborLoss .1.3.6.1.6.3.1.1.5.6 "Status Events" Critical
FORMAT EGP ネイバーとの接続が切断されました。ネイバー:$1
NODES /etc/snmp/snmptt-cisco.nodes
:


4. SNMPTT への組み込み

最終的に作成されたトラップ定義ファイルを確認します。

/etc/snmp/snmptt-standard.conf
##########################################################################################
#
# Unknown Trap
#
##########################################################################################
EVENT standardDefault .1.3.6.1.* "Management Events" Warning
FORMAT 不明なトラップを受信しました。$*
SDESC
snmptt-standard.conf に定義が存在しないトラップを受信した際に
使用されるイベントです。
EDESC
##########################################################################################
#
# SNMPv2-MIB
#
##########################################################################################
EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
FORMAT エージェントが再起動しました。種別:coldStart
SDESC
A coldStart trap signifies that the SNMPv2 entity, acting
in an agent role, is reinitializing itself and that its
configuration may have been altered.
EDESC
#
#
#
EVENT warmStart .1.3.6.1.6.3.1.1.5.2 "Status Events" Normal
FORMAT エージェントが再起動しました。種別:warmStart
SDESC
A warmStart trap signifies that the SNMPv2 entity, acting
in an agent role, is reinitializing itself such that its
configuration is unaltered.
EDESC
#
#
#
EVENT authenticationFailure .1.3.6.1.6.3.1.1.5.5 "Status Events" Warning
FORMAT コミュニティ名が不正です。
SDESC
An authenticationFailure trap signifies that the SNMP
entity has received a protocol message that is not
properly authenticated.  While all implementations
of SNMP entities MAY be capable of generating this
trap, the snmpEnableAuthenTraps object indicates
whether this trap will be generated.
EDESC
##########################################################################################
#
# IF-MIB
#
##########################################################################################
EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Critical
FORMAT インターフェース $1 が停止しました。状態:$2/$3
SDESC
A linkDown trap signifies that the SNMP entity, acting in
an agent role, has detected that the ifOperStatus object for
one of its communication links is about to enter the down
state from some other state (but not from the notPresent
state).  This other state is indicated by the included value
of ifOperStatus.
Variables:
  1: ifIndex
     Syntax="INTEGER32"
     Descr="A unique value, greater than zero, for each interface.  It
            is recommended that values are assigned contiguously
            starting from 1.  The value for each interface sub-layer
            must remain constant at least from one re-initialization of
            the entity's network management system to the next re-
            initialization."
  2: ifAdminStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
     Descr="The desired state of the interface.  The testing(3) state
            indicates that no operational packets can be passed.  When a
            managed system initializes, all interfaces start with
            ifAdminStatus in the down(2) state.  As a result of either
            explicit management action or per configuration information
            retained by the managed system, ifAdminStatus is then
            changed to either the up(1) or testing(3) states (or remains
            in the down(2) state)."
  3: ifOperStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
       4: unknown
       5: dormant
       6: notPresent
       7: lowerLayerDown
     Descr="The current operational state of the interface.  The
            testing(3) state indicates that no operational packets can
            be passed.  If ifAdminStatus is down(2) then ifOperStatus
            should be down(2).  If ifAdminStatus is changed to up(1)
            then ifOperStatus should change to up(1) if the interface is
            ready to transmit and receive network traffic; it should
            change to dormant(5) if the interface is waiting for
            external actions (such as a serial line waiting for an
            incoming connection); it should remain in the down(2) state
            if and only if there is a fault that prevents it from going
            to the up(1) state; it should remain in the notPresent(6)
            state if the interface has missing (typically, hardware)
            components."
EDESC
#
#
#
EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal
FORMAT インターフェース $1 が動作を開始しました。状態:$2/$3
SDESC
A linkUp trap signifies that the SNMP entity, acting in an
agent role, has detected that the ifOperStatus object for
one of its communication links left the down state and
transitioned into some other state (but not into the
notPresent state).  This other state is indicated by the
included value of ifOperStatus.
Variables:
  1: ifIndex
     Syntax="INTEGER"
     Descr="A unique value, greater than zero, for each interface.  It
        is recommended that values are assigned contiguously
        starting from 1.  The value for each interface sub-layer
        must remain constant at least from one re-initialization of
        the entity's network management system to the next re-
        initialization."
  2: ifAdminStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
     Descr="The desired state of the interface.  The testing(3) state
        indicates that no operational packets can be passed.  When a
        managed system initializes, all interfaces start with
        ifAdminStatus in the down(2) state.  As a result of either
        explicit management action or per configuration information
        retained by the managed system, ifAdminStatus is then
        changed to either the up(1) or testing(3) states (or remains
        in the down(2) state)."
  3: ifOperStatus
     Syntax="INTEGER"
       1: up
       2: down
       3: testing
       4: unknown
       5: dormant
       6: notPresent
       7: lowerLayerDown
     Descr="The current operational state of the interface.  The
        testing(3) state indicates that no operational packets can
        be passed.  If ifAdminStatus is down(2) then ifOperStatus
        should be down(2).  If ifAdminStatus is changed to up(1)
        then ifOperStatus should change to up(1) if the interface is
        ready to transmit and receive network traffic; it should
        change to dormant(5) if the interface is waiting for
        external actions (such as a serial line waiting for an
        incoming connection); it should remain in the down(2) state
        if and only if there is a fault that prevents it from going
        to the up(1) state; it should remain in the notPresent(6)
        state if the interface has missing (typically, hardware)
        components."
EDESC

/etc/snmpt/snmptt-cisco.conf
##########################################################################################
#
# Cisco Unknown Trap
#
##########################################################################################
EVENT ciscoDefault .1.3.6.1.4.1.9.* "Cisco Management Events" Warning
FORMAT 不明な Cisco トラップを受信しました。$*
SDESC
snmptt-cisco.conf に定義が存在しないトラップを Cisco 機器から
受信した際に使用されるイベントです。
EDESC
##########################################################################################
#
# CISCOTRAP-MIB
#
##########################################################################################
EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Cisco Status Events" Normal
FORMAT エージェントが再起動しました。種別:coldStart, 理由:$2
NODES /etc/snmp/snmptt-cisco.nodes
SDESC
A coldStart trap signifies that the sending
protocol entity is reinitializing itself such
that the agent's configuration or the protocol
entity implementation may be altered.
Variables:
  1: sysUpTime
     Syntax="TICKS"
     Descr="The time (in hundredths of a second) since the
                      network management portion of the system was last
                      re-initialized."
  2: whyReload
     Syntax=""
EDESC
#
#
#
EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Cisco Status Events" Critical
FORMAT インターフェース $2 が停止しました。状態:$4
NODES /etc/snmp/snmptt-cisco.nodes
SDESC
A linkDown trap signifies that the sending
protocol entity recognizes a failure in one of
the communication links represented in the
agent's configuration.
Variables:
  1: ifIndex
     Syntax="INTEGER"
     Descr="A unique value for each interface.  Its value
                      ranges between 1 and the value of ifNumber.  The
                      value for each interface must remain constant at
                      least from one re-initialization of the entity's
                      network management system to the next re-
                      initialization."
  2: ifDescr
     Syntax="OCTETSTR"
     Descr="A textual string containing information about the
                      interface.  This string should include the name of
                      the manufacturer, the product name and the version
                      of the hardware interface."
  3: ifType
     Syntax="INTEGER"
       1: other
       10: iso88026-man
       11: starLan
       12: proteon-10Mbit
       13: proteon-80Mbit
       14: hyperchannel
       15: fddi
       16: lapb
       17: sdlc
       18: ds1
       19: e1
       2: regular1822
       20: basicISDN
       21: primaryISDN
       22: propPointToPointSerial
       23: ppp
       24: softwareLoopback
       25: eon
       26: ethernet-3Mbit
       27: nsip
       28: slip
       29: ultra
       3: hdh1822
       30: ds3
       31: sip
       32: frame-relay
       4: ddn-x25
       5: rfc877-x25
       6: ethernet-csmacd
       7: iso88023-csmacd
       8: iso88024-tokenBus
       9: iso88025-tokenRing
     Descr="The type of interface, distinguished according to
                      the physical/link protocol(s) immediately `below'
                      the network layer in the protocol stack."
  4: locIfReason
     Syntax="OCTETSTR"
     Descr="Reason for interface last status change."
EDESC
#
#
#
EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Cisco Status Events" Normal
FORMAT インターフェース $2 が動作を開始しました。状態:$4
NODES /etc/snmp/snmptt-cisco.nodes
SDESC
A linkUp trap signifies that the sending
protocol entity recognizes that one of the
communication links represented in the agent's
configuration has come up.
Variables:
  1: ifIndex
     Syntax="INTEGER"
     Descr="A unique value for each interface.  Its value
                      ranges between 1 and the value of ifNumber.  The
                      value for each interface must remain constant at
                      least from one re-initialization of the entity's
                      network management system to the next re-
                      initialization."
  2: ifDescr
     Syntax="OCTETSTR"
     Descr="A textual string containing information about the
                      interface.  This string should include the name of
                      the manufacturer, the product name and the version
                      of the hardware interface."
  3: ifType
     Syntax="INTEGER"
       1: other
       10: iso88026-man
       11: starLan
       12: proteon-10Mbit
       13: proteon-80Mbit
       14: hyperchannel
       15: fddi
       16: lapb
       17: sdlc
       18: ds1
       19: e1
       2: regular1822
       20: basicISDN
       21: primaryISDN
       22: propPointToPointSerial
       23: ppp
       24: softwareLoopback
       25: eon
       26: ethernet-3Mbit
       27: nsip
       28: slip
       29: ultra
       3: hdh1822
       30: ds3
       31: sip
       32: frame-relay
       4: ddn-x25
       5: rfc877-x25
       6: ethernet-csmacd
       7: iso88023-csmacd
       8: iso88024-tokenBus
       9: iso88025-tokenRing
     Descr="The type of interface, distinguished according to
                      the physical/link protocol(s) immediately `below'
                      the network layer in the protocol stack."
  4: locIfReason
     Syntax="OCTETSTR"
     Descr="Reason for interface last status change."
EDESC
#
#
#
EVENT authenticationFailure .1.3.6.1.6.3.1.1.5.5 "Cisco Management Events" Warning
FORMAT コミュニティ名が不正です。リクエスト送信元:$1
NODES /etc/snmp/snmptt-cisco.nodes
SDESC
An authenticationFailure trap signifies that
the sending protocol entity is the addressee
of a protocol message that is not properly
authenticated.  While implementations of the
SNMP must be capable of generating this trap,
they must also be capable of suppressing the
emission of such traps via an implementation-
specific mechanism.
Variables:
  1: authAddr
     Syntax=""
EDESC
#
#
#
EVENT egpNeighborLoss .1.3.6.1.6.3.1.1.5.6 "Cisco Status Events" Critical
FORMAT EGP ネイバーとの接続が切断されました。ネイバー:$1
NODES /etc/snmp/snmptt-cisco.nodes
SDESC
An egpNeighborLoss trap signifies that an EGP
neighbor for whom the sending protocol entity
was an EGP peer has been marked down and the
peer relationship no longer obtains.
Variables:
  1: egpNeighAddr
     Syntax="IPADDR"
     Descr="The IP address of this entry's EGP neighbor."
EDESC
#
#
#
EVENT reload .1.3.6.1.4.1.9.0.0 "Status Events" Minor
FORMAT ノードの再起動を開始します。理由:$2
SDESC
A reload trap signifies that the sending
protocol entity is reinitializing itself such
that the agent's configuration or the protocol
entity implementation may be altered.
Variables:
  1: sysUpTime
     Syntax="TICKS"
     Descr="The time (in hundredths of a second) since the
                      network management portion of the system was last
                      re-initialized."
  2: whyReload
     Syntax=""
EDESC
#
#
#
EVENT tcpConnectionClose .1.3.6.1.4.1.9.0.1 "Cisco Management Events" Normal
FORMAT TTY セッションが終了しました。セッション種別:$1
SDESC
A tty trap signifies that a TCP connection,
previously established with the sending
protocol entity for the purposes of a tty
session, has been terminated.
Variables:
  1: tslineSesType
     Syntax="INTEGER"
       1: unknown
       10: xremote
       11: rshell
       12: ipc
       13: udptn
       2: pad
       3: stream
       4: rlogin
       5: telnet
       6: tcp
       7: lat
       8: mop
       9: slip
     Descr="Type of session."
  2: tcpConnState
     Syntax="INTEGER"
       1: closed
       10: closing
       11: timeWait
       12: deleteTCB
       2: listen
       3: synSent
       4: synReceived
       5: established
       6: finWait1
       7: finWait2
       8: closeWait
       9: lastAck
     Descr="The state of this TCP connection.

                      The only value which may be set by a management
                      station is deleteTCB(12).  Accordingly, it is
                      appropriate for an agent to return a `badValue'
                      response if a management station attempts to set
                      this object to any other value.

                      If a management station sets this object to the
                      value deleteTCB(12), then this has the effect of
                      deleting the TCB (as defined in RFC 793) of the
                      corresponding connection on the managed node,
                      resulting in immediate termination of the
                      connection.

                      As an implementation-specific option, a RST
                      segment may be sent from the managed node to the
                      other TCP endpoint (note however that RST segments
                      are not sent reliably)."
  3: loctcpConnElapsed
     Syntax="TICKS"
     Descr="How long this TCP connection has been
                           established."
  4: loctcpConnInBytes
     Syntax="INTEGER"
     Descr="Bytes input for this TCP connection."
  5: loctcpConnOutBytes
     Syntax="INTEGER"
     Descr="Bytes output for this TCP connection."
  6: tsLineUser
     Syntax="OCTETSTR"
     Descr="TACACS user name, if TACACS enabled, of user
                           on this line."
EDESC
##########################################################################################
#
# CISCO-HSRP-MIB
#
##########################################################################################
EVENT cHsrpStateChange .1.3.6.1.4.1.9.9.106.2.0.1 "Cisco Status Events" Critical
FORMAT HSRP グループの状態が変化しました。状態:$1
SDESC
A cHsrpStateChange notification is sent when a
cHsrpGrpStandbyState transitions to either active or
standby state, or leaves active or standby state. There
will be only one notification issued when the state change
is from standby to active and vice versa.
Variables:
  1: cHsrpGrpStandbyState
     Syntax="INTEGER"
       1: initial
       2: learn
       3: listen
       4: speak
       5: standby
       6: active
     Descr="The current HSRP state of this group on this interface."
EDESC

作成したファイルを snmptt.ini に組み込みます。マッチングは上から順に行われるため、必ず /etc/snmp/snmptt-standard.conf が一番下になるように記述してください。

[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file).  The COMPLETE path
# and filename.  Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt-cisco.conf
/etc/snmp/snmptt-standard.conf
END

スタンドアロンモードの場合は以上で完了です。デーモンモードの場合は、snmptt や snmptrapd の再起動を行いましょう。

テーマ : おすすめソフトウェア
ジャンル : コンピュータ

SNMPTT その3


今回は BIG-IP の MIB から SNMPTT のトラップ定義ファイルを作成します。

Step1. BIG-IP の MIB ファイルを取得する


BIG-IP の MIB ファイルは、Web GUI の Welcome 画面からダウンロードできます。

snmptt_3-1.png

上記画面からは F5 と NET-SNMP の 2 種類の MIB ファイルのアーカイブをダウンロードすることが出来ます。それぞれのアーカイブに含まれるファイルは OS のバージョンによって異なりますが、おおよそ以下のような区分けになっていると思います。

  mibs_f5.tar.gz に含まれる MIB ファイル

F5-BIGIP-APM-MIB.txt
F5-BIGIP-COMMON-MIB.txt
F5-BIGIP-GLOBAL-MIB.txt
F5-BIGIP-LOCAL-MIB.txt
F5-BIGIP-SYSTEM-MIB.txt
F5-BIGIP-WAM-MIB.txt
F5-EM-MIB.txt


  mibs_netsnmp.tar.gz に含まれる MIB ファイル

AGENTX-MIB.txt
DISMAN-EVENT-MIB.txt
DISMAN-SCHEDULE-MIB.txt
DISMAN-SCRIPT-MIB.txt
EtherLike-MIB.txt
HCNUM-TC.txt
HOST-RESOURCES-MIB.txt
HOST-RESOURCES-TYPES.txt
IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt
IANA-LANGUAGE-MIB.txt
IANA-RTPROTO-MIB.txt
IANAifType-MIB.txt
IF-INVERTED-STACK-MIB.txt
IF-MIB.txt
INET-ADDRESS-MIB.txt
IP-FORWARD-MIB.txt
IP-MIB.txt
IPV6-ICMP-MIB.txt
IPV6-MIB.txt
IPV6-TC.txt
IPV6-TCP-MIB.txt
IPV6-UDP-MIB.txt
NET-SNMP-AGENT-MIB.txt
NET-SNMP-EXAMPLES-MIB.txt
NET-SNMP-EXTEND-MIB.txt
NET-SNMP-MIB.txt
NET-SNMP-TC.txt
NOTIFICATION-LOG-MIB.txt
RFC-1215.txt
RFC1155-SMI.txt
RFC1213-MIB.txt
RMON-MIB.txt
SCTP-MIB.txt
SMUX-MIB.txt
SNMP-COMMUNITY-MIB.txt
SNMP-FRAMEWORK-MIB.txt
SNMP-MPD-MIB.txt
SNMP-NOTIFICATION-MIB.txt
SNMP-PROXY-MIB.txt
SNMP-TARGET-MIB.txt
SNMP-USER-BASED-SM-MIB.txt
SNMP-USM-AES-MIB.txt
SNMP-USM-DH-OBJECTS-MIB.txt
SNMP-VIEW-BASED-ACM-MIB.txt
SNMPv2-CONF.txt
SNMPv2-MIB.txt
SNMPv2-SMI.txt
SNMPv2-TC.txt
SNMPv2-TM.txt
TCP-MIB.txt
TRANSPORT-ADDRESS-MIB.txt
UCD-DEMO-MIB.txt
UCD-DISKIO-MIB.txt
UCD-DLMOD-MIB.txt
UCD-IPFWACC-MIB.txt
UCD-SNMP-MIB.txt
UDP-MIB.txt


これらの MIB の内、NET-SNMP の MIB については別途 Linux 監視用の回で説明することとして、今回は F5 の MIB に絞って解説します。

ちなみに、手元にアプライアンスが無い場合は、BIG-IP の OS イメージの rpm から直接取り出すことも出来ます。以下は、BIG-IP v11 の OS イメージからファイルを取り出す場合の手順になります。

[root@centos6 ~]# mkdir /tmp/f5mib
[root@centos6 ~]# mount /dev/cdrom /media
mount: ブロックデバイス /dev/sr0 は書き込み禁止です、読込み専用でマウントします
[root@centos6 ~]# cp /media/BIGIP1100/i686/mibs_pack-11.0.0-8037.0.i686.rpm /tmp/f5mib/
[root@centos6 ~]# cd /tmp/f5mib
[root@centos6 f5mib]# rpm2cpio ./mibs_pack-11.0.0-8037.0.i686.rpm | cpio -id
364 blocks
[root@centos6 f5mib]# cd usr/local/www/docs/mibs/
[root@centos6 mibs]# tar zxvf mibs_f5.tar.gz
mibs_f5/
mibs_f5/F5-BIGIP-APM-MIB.txt
mibs_f5/F5-BIGIP-LOCAL-MIB.txt
mibs_f5/F5-BIGIP-WAM-MIB.txt
mibs_f5/F5-BIGIP-GLOBAL-MIB.txt
mibs_f5/F5-EM-MIB.txt
mibs_f5/F5-BIGIP-COMMON-MIB.txt
mibs_f5/F5-BIGIP-SYSTEM-MIB.txt
[root@centos6 mibs]# umount /media

Step2. トラップ定義ファイルを作成する


展開した MIB ファイルから snmpconvertmib コマンドでトラップ定義ファイルを作成し、MIB ファイルを NET-SNMMP の MIB ディレクトリにコピーします。このあたりの手順の詳細については SNMPTT その 2 を参照してください。

トラップ定義ファイルを作成したら、category や severity、FORMAT の修正を行っていきます。

ちなみに、BIG-IP のほとんどのトラップは、ログファイルに特定のキーワードが出力されたことを契機に発行され、オリジナルのログメッセージを一番目の Var-Bind (bigipNotifyObjMsg や emAlertObjMsg) に保存しています。そのため、FORMAT に $1 を指定しておけば、Cisco の Syslog トラップを有効化した時のようなイメージで監視を行うことができます。

Pool メンバーダウン時のログ
[root@bigip01:Active] config # tail /var/log/ltm
:
Sep 19 10:00:51 local/bigip01 notice mcpd[2609]: 01070638:5: Pool member 10.0.0.1:80 monitor status node down.

bigipServiceDown キャプチャ画面
snmptt_3-2.png

SNMPTT のトラップ定義ファイルで「FORMAT $1」を指定した場合のログ
[root@centos6 ~]# tail /var/log/snmptt/snmptt.log
:
Mon Spe 19 10:00:55 2011 bigipServiceDown Critical "F5 Events" bigip01 - Pool member 10.0.0.1:80 monitor status node down.

基本的に、メッセージをどうしても日本語にしたいという要件が無い限りは、これらの Var-Bind を使用すればよいでしょう。

以下、サンプルのトラップ定義ファイルになります。実環境で使用する場合は事前検証を実施し、重要度等の設定を適宜見直しましょう。

##########################################################################################
#
# Unknown F5 Trap
#
##########################################################################################
EVENT f5Default .1.3.6.1.4.1.3375.* "F5 Events" Warning
FORMAT Unknown trap from F5 device : $*
SDESC
This is the trap used when no other F5 trap is configured.
EDESC
##########################################################################################
#
# F5-BIGIP-COMMON-MIB
#
##########################################################################################
EVENT bigipAgentStart .1.3.6.1.4.1.3375.2.4.0.1 "F5 Events" Normal
FORMAT SNMP agent on the BIG-IP system has been started.
SDESC
An indication that the agent has started running.
EDESC
#
#
#
EVENT bigipAgentShutdown .1.3.6.1.4.1.3375.2.4.0.2 "F5 Events" Warning
FORMAT SNMP agent on the BIG-IP system is in the process of being shut down.
SDESC
An indication that the agent is in the process of being shut down.
EDESC
#
#
#
EVENT bigipAgentRestart .1.3.6.1.4.1.3375.2.4.0.3 "F5 Events" Normal
FORMAT SNMP agent on the BIG-IP system has been restarted.
SDESC
An indication that the agent has been restarted.
(eg. It happens when a SIGHUP is received.)
This does not imply anything about whether the configuration has
changed (unlike the standard coldStart or warmStart traps)
EDESC
#
#
#
EVENT bigipCpuTempHigh .1.3.6.1.4.1.3375.2.4.0.4 "F5 Events" Critical
FORMAT $1
SDESC
CPU temperature is too high.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipCpuFanSpeedLow .1.3.6.1.4.1.3375.2.4.0.5 "F5 Events" Minor
FORMAT $1
SDESC
CPU fan speed is too low.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipCpuFanSpeedBad .1.3.6.1.4.1.3375.2.4.0.6 "F5 Events" Minor
FORMAT $1
SDESC
CPU fan speed signal not received.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipChassisTempHigh .1.3.6.1.4.1.3375.2.4.0.7 "F5 Events" Critical
FORMAT $1
SDESC
Chassis temperature is too high.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipChassisFanBad .1.3.6.1.4.1.3375.2.4.0.8 "F5 Events" Minor
FORMAT $1
SDESC
Chassis fan status is bad.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipChassisPowerSupplyBad .1.3.6.1.4.1.3375.2.4.0.9 "F5 Events" Critical
FORMAT $1
SDESC
Chassis power supply status is bad.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipServiceDown .1.3.6.1.4.1.3375.2.4.0.10 "F5 Events" Critical
FORMAT $1
SDESC
A service is detected DOWN.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
  2: bigipNotifyObjNode
     Syntax="OCTETSTR"
     Descr="The address or host name of the box."
  3: bigipNotifyObjPort
     Syntax="OCTETSTR"
     Descr="The port or service name."
EDESC
#
#
#
EVENT bigipServiceUp .1.3.6.1.4.1.3375.2.4.0.11 "F5 Events" Normal
FORMAT $1
SDESC
A service is detected UP.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
  2: bigipNotifyObjNode
     Syntax="OCTETSTR"
     Descr="The address or host name of the box."
  3: bigipNotifyObjPort
     Syntax="OCTETSTR"
     Descr="The port or service name."
EDESC
#
#
#
EVENT bigipNodeDown .1.3.6.1.4.1.3375.2.4.0.12 "F5 Events" Critical
FORMAT $1
SDESC
A node is detected DOWN.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
  2: bigipNotifyObjNode
     Syntax="OCTETSTR"
     Descr="The address or host name of the box."
EDESC
#
#
#
EVENT bigipNodeUp .1.3.6.1.4.1.3375.2.4.0.13 "F5 Events" Normal
FORMAT $1
SDESC
A node is detected UP.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
  2: bigipNotifyObjNode
     Syntax="OCTETSTR"
     Descr="The address or host name of the box."
EDESC
#
#
#
EVENT bigipStandby .1.3.6.1.4.1.3375.2.4.0.14 "F5 Events" Major
FORMAT $1
SDESC
The system is going into standby mode.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipActive .1.3.6.1.4.1.3375.2.4.0.15 "F5 Events" Normal
FORMAT $1
SDESC
The system is going into active mode.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipActiveActive .1.3.6.1.4.1.3375.2.4.0.16 "F5 Events" Normal
FORMAT $1
SDESC
The system is going into active-active mode.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipFeatureFailed .1.3.6.1.4.1.3375.2.4.0.17 "F5 Events" Critical
FORMAT $1
SDESC
A high availability feature triggered action failed.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipFeatureOnline .1.3.6.1.4.1.3375.2.4.0.18 "F5 Events" Normal
FORMAT $1
SDESC
A high availability feature is now responding.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLicenseFailed .1.3.6.1.4.1.3375.2.4.0.19 "F5 Events" Critical
FORMAT $1
SDESC
The license validation failed.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLicenseExpired .1.3.6.1.4.1.3375.2.4.0.20 "F5 Events" Critical
FORMAT $1
SDESC
The license has expired.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipTamdAlert .1.3.6.1.4.1.3375.2.4.0.21 "F5 Events" Minor
FORMAT $1
SDESC
Too many authentication failures (> 60) in 1 second to
TMM (Traffic Management Module).
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAggrReaperStateChange .1.3.6.1.4.1.3375.2.4.0.22 "F5 Events" Major
FORMAT $1
SDESC
The aggressive reaper state changed. Aggressive reaper 
state changes indicate the system is moving into distress-mode 
for DOS prevention.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipARPConflict .1.3.6.1.4.1.3375.2.4.0.23 "F5 Events" Critical
FORMAT $1
SDESC
There is an ARP conflict.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipNetLinkDown .1.3.6.1.4.1.3375.2.4.0.24 "F5 Events" Critical
FORMAT $1
SDESC
An internal interface link is down. This is for L1 and L2. 
These are internal links within the box connecting the CPU 
and Switch subsystems, which should never lose link. 
If they do, it indicates a serious problem.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipDiskPartitionWarn .1.3.6.1.4.1.3375.2.4.0.25 "F5 Events" Minor
FORMAT $1
SDESC
The disk partition free space is very limited, which is   
less than a specified limit. By default, the limit is set
to 30% of total disk space.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipDiskPartitionGrowth .1.3.6.1.4.1.3375.2.4.0.26 "F5 Events" Warning
FORMAT $1
SDESC
The disk partition exceeds the specified growth limit. 
By default, the limit is set to 5% of the total disk space.
The growth is difference of two consecutive monitoring data.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAuthFailed .1.3.6.1.4.1.3375.2.4.0.27 "F5 Events" Warning
FORMAT $1
SDESC
The login/sshd authentication has failed.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipConfigLoaded .1.3.6.1.4.1.3375.2.4.0.28 "F5 Events" Normal
FORMAT $1
SDESC
Deprecated! The compoent which created this event has been
deprecated.  The configuration was loaded.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLogEmerg .1.3.6.1.4.1.3375.2.4.0.29 "F5 Events" Critical
FORMAT $1
SDESC
The system is in an unusable situation.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLogAlert .1.3.6.1.4.1.3375.2.4.0.30 "F5 Events" Critical
FORMAT $1
SDESC
Action must be taken immediately for the system to work
properly.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLogCrit .1.3.6.1.4.1.3375.2.4.0.31 "F5 Events" Major
FORMAT $1
SDESC
The system is in a critical condition. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLogErr .1.3.6.1.4.1.3375.2.4.0.32 "F5 Events" Minor
FORMAT $1
SDESC
The system has some error conditions. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLogWarning .1.3.6.1.4.1.3375.2.4.0.33 "F5 Events" Warning
FORMAT $1
SDESC
The system is experiencing some warning conditions. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipPacketRejected .1.3.6.1.4.1.3375.2.4.0.34 "F5 Events" Warning
FORMAT $1
SDESC
The packets are rejected. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipCompLimitExceeded .1.3.6.1.4.1.3375.2.4.0.35 "F5 Events" Minor
FORMAT $1
SDESC
The compression license limit is exceeded. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipSslLimitExceeded .1.3.6.1.4.1.3375.2.4.0.36 "F5 Events" Critical
FORMAT $1
SDESC
The SSL license limits are exceeded, 
either for TPS (Transactions Per Second) or 
for MPS (Megabits Per Second). 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipExternalLinkChange .1.3.6.1.4.1.3375.2.4.0.37 "F5 Events" Critical
FORMAT $1
SDESC
An external interface link status changes.  
For a fixed port, this is an occurrence when network cables 
are connected  or removed, and the network is reconfigured; 
for a pluggable port (such as a SFP or XFP port), this happens 
when the pluggable unit is plugged in or unplugged, 
or when a cable is connected or removed from a plugged port.  
The possible values are UP, DOWN, DISABLED, or UNPOPULATED.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAsmRequestBlocked .1.3.6.1.4.1.3375.2.4.0.38 "F5 Events" Minor
FORMAT $1
SDESC
The HTTP request was blocked because it issued (at least one)
violation(s) which is marked as blocking at the current active 
policy in Application Security Module.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAsmRequestViolation .1.3.6.1.4.1.3375.2.4.0.39 "F5 Events" Warning
FORMAT $1
SDESC
The HTTP request issued a violation to the current active policy. 
This violation is marked as an alerting violation in that policy
in Application Security Module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmPoolAvail .1.3.6.1.4.1.3375.2.4.0.40 "F5 Events" Normal
FORMAT $1
SDESC
A pool is becoming available in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmPoolNotAvail .1.3.6.1.4.1.3375.2.4.0.41 "F5 Events" Critical
FORMAT $1
SDESC
A pool is becoming unavailable in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmPoolDisabled .1.3.6.1.4.1.3375.2.4.0.42 "F5 Events" Warning
FORMAT $1
SDESC
A pool is disabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmPoolEnabled .1.3.6.1.4.1.3375.2.4.0.43 "F5 Events" Normal
FORMAT $1
SDESC
A pool is enabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmLinkAvail .1.3.6.1.4.1.3375.2.4.0.44 "F5 Events" Normal
FORMAT $1
SDESC
A link is becoming available in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmLinkNotAvail .1.3.6.1.4.1.3375.2.4.0.45 "F5 Events" Critical
FORMAT $1
SDESC
A link is becoming unavailable in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmLinkDisabled .1.3.6.1.4.1.3375.2.4.0.46 "F5 Events" Warning
FORMAT $1
SDESC
A link is disabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmLinkEnabled .1.3.6.1.4.1.3375.2.4.0.47 "F5 Events" Normal
FORMAT $1
SDESC
A link is enabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmWideIpAvail .1.3.6.1.4.1.3375.2.4.0.48 "F5 Events" Normal
FORMAT $1
SDESC
A wide IP is becoming available in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmWideIpNotAvail .1.3.6.1.4.1.3375.2.4.0.49 "F5 Events" Critical
FORMAT $1
SDESC
A wide IP is becoming unavailable in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmWideIpDisabled .1.3.6.1.4.1.3375.2.4.0.50 "F5 Events" Warning
FORMAT $1
SDESC
A wide IP is disabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmWideIpEnabled .1.3.6.1.4.1.3375.2.4.0.51 "F5 Events" Normal
FORMAT $1
SDESC
A wide IP is enabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmPoolMbrAvail .1.3.6.1.4.1.3375.2.4.0.52 "F5 Events" Normal
FORMAT $1
SDESC
A pool member is becoming available in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmPoolMbrNotAvail .1.3.6.1.4.1.3375.2.4.0.53 "F5 Events" Critical
FORMAT $1
SDESC
A pool member is becoming unavailable in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmPoolMbrDisabled .1.3.6.1.4.1.3375.2.4.0.54 "F5 Events" Warning
FORMAT $1
SDESC
A pool member is disabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmPoolMbrEnabled .1.3.6.1.4.1.3375.2.4.0.55 "F5 Events" Normal
FORMAT $1
SDESC
A pool member is enabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmServerAvail .1.3.6.1.4.1.3375.2.4.0.56 "F5 Events" Normal
FORMAT $1
SDESC
A server is becoming available in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmServerNotAvail .1.3.6.1.4.1.3375.2.4.0.57 "F5 Events" Critical
FORMAT $1
SDESC
A server is becoming unavailable in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmServerDisabled .1.3.6.1.4.1.3375.2.4.0.58 "F5 Events" Warning
FORMAT $1
SDESC
A server is disabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmServerEnabled .1.3.6.1.4.1.3375.2.4.0.59 "F5 Events" Normal
FORMAT $1
SDESC
A server is enabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmVsAvail .1.3.6.1.4.1.3375.2.4.0.60 "F5 Events" Normal
FORMAT $1
SDESC
A virtual server is becoming available in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmVsNotAvail .1.3.6.1.4.1.3375.2.4.0.61 "F5 Events" Critical
FORMAT $1
SDESC
A virtual server is becoming unavailable in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmVsDisabled .1.3.6.1.4.1.3375.2.4.0.62 "F5 Events" Warning
FORMAT $1
SDESC
A virtual server is disabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmVsEnabled .1.3.6.1.4.1.3375.2.4.0.63 "F5 Events" Normal
FORMAT $1
SDESC
A virtual server is enabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmDcAvail .1.3.6.1.4.1.3375.2.4.0.64 "F5 Events" Normal
FORMAT $1
SDESC
A data center is becoming available in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmDcNotAvail .1.3.6.1.4.1.3375.2.4.0.65 "F5 Events" Critical
FORMAT $1
SDESC
A data center is becoming unavailable in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmDcDisabled .1.3.6.1.4.1.3375.2.4.0.66 "F5 Events" Warning
FORMAT $1
SDESC
A data center is disabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmDcEnabled .1.3.6.1.4.1.3375.2.4.0.67 "F5 Events" Normal
FORMAT $1
SDESC
A data center is enabled in global traffic management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipHardDiskFailure .1.3.6.1.4.1.3375.2.4.0.68 "F5 Events" Critical
FORMAT $1
SDESC
Deprecated!  This object has been eliminated.
The hard disk is failing. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmAppObjAvail .1.3.6.1.4.1.3375.2.4.0.69 "F5 Events" Normal
FORMAT $1
SDESC
An application object is becoming available in global management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmAppObjNotAvail .1.3.6.1.4.1.3375.2.4.0.70 "F5 Events" Critical
FORMAT $1
SDESC
An application object is becoming unavailable in global management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmAppAvail .1.3.6.1.4.1.3375.2.4.0.71 "F5 Events" Normal
FORMAT $1
SDESC
An application is becoming available in global management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmAppNotAvail .1.3.6.1.4.1.3375.2.4.0.72 "F5 Events" Critical
FORMAT $1
SDESC
An application is becoming unavailable in global management module. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmJoinedGroup .1.3.6.1.4.1.3375.2.4.0.73 "F5 Events" Normal
FORMAT $1
SDESC
BIG-IP GTM joined sync group. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmLeftGroup .1.3.6.1.4.1.3375.2.4.0.74 "F5 Events" Warning
FORMAT $1
SDESC
BIG-IP GTM left sync group. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipStandByFail .1.3.6.1.4.1.3375.2.4.0.75 "F5 Events" Minor
FORMAT $1
SDESC
In failover condition, this standby will not be able to go active. 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipInetPortExhaustion .1.3.6.1.4.1.3375.2.4.0.76 "F5 Events" Critical
FORMAT $1
SDESC
The TMM has run out of source ports and cannot open new communications channels with other machines.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmBoxAvail .1.3.6.1.4.1.3375.2.4.0.77 "F5 Events" Normal
FORMAT $1
SDESC
A gtm machine (which equates to an iquery connect to a gtm machine) has gone UP 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmBoxNotAvail .1.3.6.1.4.1.3375.2.4.0.78 "F5 Events" Critical
FORMAT $1
SDESC
A gtm machine (which equates to an iquery connect to a gtm machine) has gone DOWN 
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAsmFtpRequestBlocked .1.3.6.1.4.1.3375.2.4.0.79 "F5 Events" Minor
FORMAT $1
SDESC
The FTP request was blocked because it issued (at least one)
violation(s) which is marked as blocking at the current active
policy in Application Security Module.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAsmFtpRequestViolation .1.3.6.1.4.1.3375.2.4.0.80 "F5 Events" Warning
FORMAT $1
SDESC
The FTP request issued a violation to the current active
policy. This violation is marked as an alerting violation 
in that policy in Application Security Module.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmBig3dSslCertExpired .1.3.6.1.4.1.3375.2.4.0.81 "F5 Events" Critical
FORMAT $1
SDESC
BIG-IP GTM BIG3D SSL Cert has expired.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmBig3dSslCertWillExpire .1.3.6.1.4.1.3375.2.4.0.82 "F5 Events" Warning
FORMAT $1
SDESC
BIG-IP GTM BIG3D SSL Cert will expire.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmSslCertExpired .1.3.6.1.4.1.3375.2.4.0.83 "F5 Events" Critical
FORMAT $1
SDESC
BIG-IP GTM SSL Cert has expired.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmSslCertWillExpire .1.3.6.1.4.1.3375.2.4.0.84 "F5 Events" Warning
FORMAT $1
SDESC
BIG-IP GTM SSL Cert will expire.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAsmSmtpRequestBlocked .1.3.6.1.4.1.3375.2.4.0.85 "F5 Events" Minor
FORMAT $1
SDESC
The SMTP request was blocked because it issued (at least one)
violation(s) which is marked as blocking at the current active
policy in Application Security Module.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAsmSmtpRequestViolation .1.3.6.1.4.1.3375.2.4.0.86 "F5 Events" Warning
FORMAT $1
SDESC
The SMTP request issued a violation to the current active
policy. This violation is marked as an alerting violation 
in that policy in Application Security Module.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipBladeTempHigh .1.3.6.1.4.1.3375.2.4.0.87 "F5 Events" Critical
FORMAT $1
SDESC
Blade temperature is too high.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipBladeNoPower .1.3.6.1.4.1.3375.2.4.0.88 "F5 Events" Critical
FORMAT $1
SDESC
A blade lost power. The blade may be pulled out
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipClusterdNoResponse .1.3.6.1.4.1.3375.2.4.0.89 "F5 Events" Critical
FORMAT $1
SDESC
The cluster daemon failed to respond for 10 or more seconds.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipBladeOffline .1.3.6.1.4.1.3375.2.4.0.90 "F5 Events" Critical
FORMAT $1
SDESC
A blade has failed - offline.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAsmDosAttackDetected .1.3.6.1.4.1.3375.2.4.0.91 "F5 Events" Critical
FORMAT $1
SDESC
DoS attack detected by Application Security Module.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAsmBruteForceAttackDetected .1.3.6.1.4.1.3375.2.4.0.92 "F5 Events" Critical
FORMAT $1
SDESC
Brute force attack detected by Application Security Module.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAomCpuTempTooHigh .1.3.6.1.4.1.3375.2.4.0.93 "F5 Events" Critical
FORMAT $1
SDESC
AOM reports the air temperature near the host CPU too high.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmKeyGenerationRollover .1.3.6.1.4.1.3375.2.4.0.94 "F5 Events" Normal
FORMAT $1
SDESC
DNSSEC Key generation has rolled over.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmKeyGenerationExpiration .1.3.6.1.4.1.3375.2.4.0.95 "F5 Events" Critical
FORMAT $1
SDESC
DNSSEC Key generation has expired.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipRaidDiskFailure .1.3.6.1.4.1.3375.2.4.0.96 "F5 Events" Critical
FORMAT $1
SDESC
Disk failure in a RAID disk array.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmProberPoolStatusChange .1.3.6.1.4.1.3375.2.4.0.97 "F5 Events" Critical
FORMAT $1
SDESC
Prober Pool Status Change.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmProberPoolStatusChangeReason .1.3.6.1.4.1.3375.2.4.0.98 "F5 Events" Critical
FORMAT $1
SDESC
Prober Pool Status Change Reason.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmProberPoolDisabled .1.3.6.1.4.1.3375.2.4.0.99 "F5 Events" Warning
FORMAT $1
SDESC
Prober Pool Disabled.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmProberPoolEnabled .1.3.6.1.4.1.3375.2.4.0.100 "F5 Events" Normal
FORMAT $1
SDESC
Prober Pool Enabled.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmProberPoolMbrStatusChange .1.3.6.1.4.1.3375.2.4.0.101 "F5 Events" Critical
FORMAT $1
SDESC
Prober Pool Member Status Change.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmProberPoolMbrStatusChangeReason .1.3.6.1.4.1.3375.2.4.0.102 "F5 Events" Critical
FORMAT $1
SDESC
Prober Pool Member Status Change Reason.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmProberPoolMbrDisabled .1.3.6.1.4.1.3375.2.4.0.103 "F5 Events" Warning
FORMAT $1
SDESC
Prober Pool Member Disabled.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipGtmProberPoolMbrEnabled .1.3.6.1.4.1.3375.2.4.0.104 "F5 Events" Normal
FORMAT $1
SDESC
Prober Pool Member Enabled.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAvrAlertsMetricSnmp .1.3.6.1.4.1.3375.2.4.0.105 "F5 Events" Minor
FORMAT $1
SDESC
AVR alert metric state changed - notification for SNMP.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipAvrAlertsMetricSmtp .1.3.6.1.4.1.3375.2.4.0.106 "F5 Events" Minor
FORMAT $1
SDESC
AVR alert metric state changed - notification for SMTP (based on SNMP).
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipVcmpAlertsVcmpPowerOn .1.3.6.1.4.1.3375.2.4.0.107 "F5 Events" Normal
FORMAT $1
SDESC
A VCMP guest is powered on from a suspended or powered off state.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipVcmpAlertsVcmpPowerOff .1.3.6.1.4.1.3375.2.4.0.108 "F5 Events" Warning
FORMAT $1
SDESC
A VCMP guest is powered off.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipVcmpAlertsVcmpHBLost .1.3.6.1.4.1.3375.2.4.0.109 "F5 Events" Critical
FORMAT $1
SDESC
A VCMP guest heartbeat is lost.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipVcmpAlertsVcmpHBDetected .1.3.6.1.4.1.3375.2.4.0.110 "F5 Events" Normal
FORMAT $1
SDESC
A VCMP guest heartbeat is detected or regained.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipSsdMwiNearThreshold .1.3.6.1.4.1.3375.2.4.0.111 "F5 Events" Warning
FORMAT $1
SDESC
SSD disk wear-out indicator is near its threshold.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipSsdMwiReachedThreshold .1.3.6.1.4.1.3375.2.4.0.112 "F5 Events" Critical
FORMAT $1
SDESC
SSD disk wear-out indicator has reached its threshold.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipSystemCheckAlertTempHigh .1.3.6.1.4.1.3375.2.4.0.113 "F5 Events" Critical
FORMAT $1
SDESC
Temperature is too high.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipSystemCheckAlertVoltageHigh .1.3.6.1.4.1.3375.2.4.0.114 "F5 Events" Critical
FORMAT $1
SDESC
Voltage is too high.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipSystemCheckAlertFanSpeedLow .1.3.6.1.4.1.3375.2.4.0.115 "F5 Events" Minor
FORMAT $1
SDESC
Fan speed is too low.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLibhalSsdPhysicalDiskRemoved .1.3.6.1.4.1.3375.2.4.0.116 "F5 Events" Warning
FORMAT $1
SDESC
SSD physical disk was removed.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLibhalSsdLogicalDiskRemoved .1.3.6.1.4.1.3375.2.4.0.117 "F5 Events" Warning
FORMAT $1
SDESC
SSD logical disk was removed.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLibhalDiskBayRemoved .1.3.6.1.4.1.3375.2.4.0.118 "F5 Events" Warning
FORMAT $1
SDESC
Disk sled was removed from a bay.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLibhalBladePoweredOff .1.3.6.1.4.1.3375.2.4.0.119 "F5 Events" Warning
FORMAT $1
SDESC
Blade is about to be powered off.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
#
#
#
EVENT bigipLibhalSensorAlarmCritical .1.3.6.1.4.1.3375.2.4.0.120 "F5 Events" Critical
FORMAT $1
SDESC
Blade hardware sensor indicated critical alarm.
Variables:
  1: bigipNotifyObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related notification."
EDESC
##########################################################################################
#
# F5-EM-MIB
#
##########################################################################################
EVENT emDeviceUnreachable .1.3.6.1.4.1.3375.3.6.0.1 "F5 Events" Critical
FORMAT $1
SDESC
An managed device is unreachable.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emSoftwareInstallComplete .1.3.6.1.4.1.3375.3.6.0.2 "F5 Events" Normal
FORMAT $1
SDESC
Software installation has completed.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emSoftwareInstallFailed .1.3.6.1.4.1.3375.3.6.0.3 "F5 Events" Critical
FORMAT $1
SDESC
Software installation has failed.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emDeviceClockSkew .1.3.6.1.4.1.3375.3.6.0.4 "F5 Events" Minor
FORMAT $1
SDESC
A device clock is out of sync with EM.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emDiskUsage .1.3.6.1.4.1.3375.3.6.0.5 "F5 Events" Critical
FORMAT $1
SDESC
A disk partition is exceeding configured usage limits.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emMemoryUsage .1.3.6.1.4.1.3375.3.6.0.6 "F5 Events" Critical
FORMAT $1
SDESC
The system memory is exceeding configured usage limits.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emHotfixInstallComplete .1.3.6.1.4.1.3375.3.6.0.7 "F5 Events" Normal
FORMAT $1
SDESC
A hotfix has been installed on a managed device.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emHotfixInstallFailed .1.3.6.1.4.1.3375.3.6.0.8 "F5 Events" Critical
FORMAT $1
SDESC
A hotfix installation has failed.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emCpuUsage .1.3.6.1.4.1.3375.3.6.0.9 "F5 Events" Critical
FORMAT $1
SDESC
The cpu is exceeding configured usage limits.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emCertificateExpiration .1.3.6.1.4.1.3375.3.6.0.10 "F5 Events" Warning
FORMAT $1
SDESC
A device certificate will expire soon.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emScheduledArchiveFailed .1.3.6.1.4.1.3375.3.6.0.11 "F5 Events" Minor
FORMAT $1
SDESC
A scheduled configuration archive failed.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emDeviceActiveMode .1.3.6.1.4.1.3375.3.6.0.12 "F5 Events" Normal
FORMAT $1
SDESC
A device changed from non-ACTIVE to ACTIVE state.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emDeviceStandbyMode .1.3.6.1.4.1.3375.3.6.0.13 "F5 Events" Major
FORMAT $1
SDESC
A device changed from non-STANDBY to STANDBY state.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emDeviceConfigSync .1.3.6.1.4.1.3375.3.6.0.14 "F5 Events" Warning
FORMAT $1
SDESC
A device's configuration is out of sync with its peer.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emRaidDriveFailureDetected .1.3.6.1.4.1.3375.3.6.0.15 "F5 Events" Critical
FORMAT $1
SDESC
The system RAID drive failure has been detected.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emRaidDriveRebuildComplete .1.3.6.1.4.1.3375.3.6.0.16 "F5 Events" Normal
FORMAT $1
SDESC
The system RAID drive rebuild is complete.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emHaSyncFailed .1.3.6.1.4.1.3375.3.6.0.19 "F5 Events" Major
FORMAT $1
SDESC
EM HA Sync has failed.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emASMSigInstallComplete .1.3.6.1.4.1.3375.3.6.0.20 "F5 Events" Normal
FORMAT $1
SDESC
ASM signature has been installed on a managed device.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emASMSigInstallFailed .1.3.6.1.4.1.3375.3.6.0.21 "F5 Events" Major
FORMAT $1
SDESC
ASM signature installation has failed.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emASMSigUpdateAvailable .1.3.6.1.4.1.3375.3.6.0.22 "F5 Events" Normal
FORMAT $1
SDESC
ASM signature update is available.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emASMSigUpdateFailed .1.3.6.1.4.1.3375.3.6.0.23 "F5 Events" Major
FORMAT $1
SDESC
ASM signature update failed.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emPerformanceStorageDays .1.3.6.1.4.1.3375.3.6.0.25 "F5 Events" Major
FORMAT $1
SDESC
Performance storage capacity is about to fall below configured number of days.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emPerformanceStorageCap .1.3.6.1.4.1.3375.3.6.0.26 "F5 Events" Major
FORMAT $1
SDESC
Performance storage capacity is lower than the amount of space reserved.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emPerformanceThreshold .1.3.6.1.4.1.3375.3.6.0.27 "F5 Events" Critical
FORMAT $1
SDESC
Threshold has been violated for a performance-data object.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emSchedBackupFailed .1.3.6.1.4.1.3375.3.6.0.28 "F5 Events" Minor
FORMAT $1
SDESC
Scheduled performance data backup has failed.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emStatsCollectionRateCap .1.3.6.1.4.1.3375.3.6.0.29 "F5 Events" Minor
FORMAT $1
SDESC
Performance-monitoring data collection rate exceeds recommended limit
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emDeviceOfflineMode .1.3.6.1.4.1.3375.3.6.0.30 "F5 Events" Warning
FORMAT $1
SDESC
A device changed from non-OFFLINE to OFFLINE state.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emDeviceForcedOfflineMode .1.3.6.1.4.1.3375.3.6.0.31 "F5 Events" Warning
FORMAT $1
SDESC
A device changed from non-FORCED OFFLINE to FORCED OFFLINE state.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC
#
#
#
EVENT emDeviceConfigSettingChanged .1.3.6.1.4.1.3375.3.6.0.0.1 "F5 Events" Normal
FORMAT $1
SDESC
A configuration has been changed on a device.
Variables:
  1: emAlertObjMsg
     Syntax="OCTETSTR"
     Descr="The additional information about the related alert."
EDESC

参考情報


サンプルのトラップ定義ファイルを表形式に変換して、ついでに日本語形式のフォーマットを追加したものを載せておきます。訳は適当なので、あくまで参考ということで。

No. Name OID Category Severity FORMAT FORMAT (日本語) Description Variable Bindings
No. Name Syntax Description
1 bigipAgentStart .1.3.6.1.4.1.3375.2.4.0.1 F5 Events Normal SNMP agent on the BIG-IP system has been started. SNMP エージェントが起動しました。 An indication that the agent has started running. - N/A N/A N/A
2 bigipAgentShutdown .1.3.6.1.4.1.3375.2.4.0.2 F5 Events Warning SNMP agent on the BIG-IP system is in the process of being shut down. SNMP エージェントが停止します。 An indication that the agent is in the process of being shut down. - N/A N/A N/A
3 bigipAgentRestart .1.3.6.1.4.1.3375.2.4.0.3 F5 Events Normal SNMP agent on the BIG-IP system has been restarted. SNMP エージェントが再起動しました。 An indication that the agent has been restarted.
(eg. It happens when a SIGHUP is received.)
This does not imply anything about whether the configuration
has changed (unlike the standard coldStart or warmStart traps)
- N/A N/A N/A
4 bigipCpuTempHigh .1.3.6.1.4.1.3375.2.4.0.4 F5 Events Critical $1 CPU の温度が閾値を超えました :: $1 CPU temperature is too high. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
5 bigipCpuFanSpeedLow .1.3.6.1.4.1.3375.2.4.0.5 F5 Events Minor $1 CPU ファンの回転速度が低下しています :: $1 CPU fan speed is too low. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
6 bigipCpuFanSpeedBad .1.3.6.1.4.1.3375.2.4.0.6 F5 Events Minor $1 CPU ファンの回転速度が認識不能になりました :: $1 CPU fan speed signal not received. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
7 bigipChassisTempHigh .1.3.6.1.4.1.3375.2.4.0.7 F5 Events Critical $1 筐体の温度が閾値を超えました :: $1 Chassis temperature is too high. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
8 bigipChassisFanBad .1.3.6.1.4.1.3375.2.4.0.8 F5 Events Minor $1 筐体ファンの状態が異常です :: $1 Chassis fan status is bad. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
9 bigipChassisPowerSupplyBad .1.3.6.1.4.1.3375.2.4.0.9 F5 Events Critical $1 電源の状態が異常です :: $1 Chassis power supply status is bad. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
10 bigipServiceDown .1.3.6.1.4.1.3375.2.4.0.10 F5 Events Critical $1 Pool メンバー ($2:$3) の状態が停止中になりました :: $1 A service is detected DOWN. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
2 bigipNotifyObjNode OCTETSTR The address or host name of the box.
3 bigipNotifyObjPort OCTETSTR The port or service name.
11 bigipServiceUp .1.3.6.1.4.1.3375.2.4.0.11 F5 Events Normal $1 Pool メンバー ($2:$3) の状態が起動中になりました :: $1 A service is detected UP. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
2 bigipNotifyObjNode OCTETSTR The address or host name of the box.
3 bigipNotifyObjPort OCTETSTR The port or service name.
12 bigipNodeDown .1.3.6.1.4.1.3375.2.4.0.12 F5 Events Critical $1 Node ($2) の状態が停止中になりました :: $1 A node is detected DOWN. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
2 bigipNotifyObjNode OCTETSTR The address or host name of the box.
13 bigipNodeUp .1.3.6.1.4.1.3375.2.4.0.13 F5 Events Normal $1 Node ($2) の状態が起動中になりました :: $1 A node is detected UP. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
2 bigipNotifyObjNode OCTETSTR The address or host name of the box.
14 bigipStandby .1.3.6.1.4.1.3375.2.4.0.14 F5 Events Major $1 システムがスタンバイモードに移行します :: $1 The system is going into standby mode. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
15 bigipActive .1.3.6.1.4.1.3375.2.4.0.15 F5 Events Normal $1 システムがアクティブモードに移行します :: $1 The system is going into active mode. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
16 bigipActiveActive .1.3.6.1.4.1.3375.2.4.0.16 F5 Events Normal $1 システムがアクティブ・アクティブモードに移行します :: $1 The system is going into active-active mode. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
17 bigipFeatureFailed .1.3.6.1.4.1.3375.2.4.0.17 F5 Events Critical $1 High Availability 機能に異常が発生しました :: $1 A high availability feature triggered action failed. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
18 bigipFeatureOnline .1.3.6.1.4.1.3375.2.4.0.18 F5 Events Normal $1 High Availability 機能が正常状態に復旧しました :: $1 A high availability feature is now responding. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
19 bigipLicenseFailed .1.3.6.1.4.1.3375.2.4.0.19 F5 Events Critical $1 ライセンスの確認に失敗しました :: $1 The license validation failed. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
20 bigipLicenseExpired .1.3.6.1.4.1.3375.2.4.0.20 F5 Events Critical $1 ライセンスの有効期限が切れました :: $1 The license has expired. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
21 bigipTamdAlert .1.3.6.1.4.1.3375.2.4.0.21 F5 Events Minor $1 Virutal Server で多数の認証失敗イベントが発生しています :: $1 Too many authentication failures (> 60) in 1 second to TMM
(Traffic Management Module).
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
22 bigipAggrReaperStateChange .1.3.6.1.4.1.3375.2.4.0.22 F5 Events Major $1 アグレッシブ・リーパーの状態が変化しました :: $1 The aggressive reaper state changed. Aggressive reaper state changes
indicate the system is moving into distress-mode for DOS prevention.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
23 bigipARPConflict .1.3.6.1.4.1.3375.2.4.0.23 F5 Events Critical $1 APR の競合が発生しています :: $1 There is an ARP conflict. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
24 bigipNetLinkDown .1.3.6.1.4.1.3375.2.4.0.24 F5 Events Critical $1 内部インターフェースリンクが停止しました :: $1 An internal interface link is down. This is for L1 and L2.
These are internal links within the box connecting the CPU and Switch
subsystems, which should never lose link.
If they do, it indicates a serious problem.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
25 bigipDiskPartitionWarn .1.3.6.1.4.1.3375.2.4.0.25 F5 Events Minor $1 ディスク空き容量が閾値を下回りました :: $1 The disk partition free space is very limited, which is less than
a specified limit. By default, the limit is set to 30% of total disk space.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
26 bigipDiskPartitionGrowth .1.3.6.1.4.1.3375.2.4.0.26 F5 Events Warning $1 ディスク使用量の増加率が閾値を超過しました :: $1 The disk partition exceeds the specified growth limit.
By default, the limit is set to 5% of the total disk space.
The growth is difference of two consecutive monitoring data.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
27 bigipAuthFailed .1.3.6.1.4.1.3375.2.4.0.27 F5 Events Warning $1 ログイン / SSH 認証が失敗しました :: $1 The login/sshd authentication has failed. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
28 bigipConfigLoaded .1.3.6.1.4.1.3375.2.4.0.28 F5 Events Normal $1 コンフィグレーションの読み込みが完了しました :: $1 Deprecated! The compoent which created this event has been deprecated.
The configuration was loaded.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
29 bigipLogEmerg .1.3.6.1.4.1.3375.2.4.0.29 F5 Events Critical $1 emerg レベルのログが出力されました :: $1 The system is in an unusable situation. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
30 bigipLogAlert .1.3.6.1.4.1.3375.2.4.0.30 F5 Events Critical $1 alert レベルのログが出力されました :: $1 Action must be taken immediately for the system to work 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
31 bigipLogCrit .1.3.6.1.4.1.3375.2.4.0.31 F5 Events Major $1 crit レベルのログが出力されました :: $1 The system is in a critical condition. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
32 bigipLogErr .1.3.6.1.4.1.3375.2.4.0.32 F5 Events Minor $1 err レベルのログが出力されました :: $1 The system has some error conditions. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
33 bigipLogWarning .1.3.6.1.4.1.3375.2.4.0.33 F5 Events Warning $1 warn レベルのログが出力されました :: $1 The system is experiencing some warning conditions. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
34 bigipPacketRejected .1.3.6.1.4.1.3375.2.4.0.34 F5 Events Warning $1 パケットが拒否されました :: $1 The packets are rejected. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
35 bigipCompLimitExceeded .1.3.6.1.4.1.3375.2.4.0.35 F5 Events Minor $1 圧縮ライセンスの上限を超過しました :: $1 The compression license limit is exceeded. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
36 bigipSslLimitExceeded .1.3.6.1.4.1.3375.2.4.0.36 F5 Events Critical $1 SSL ライセンスの上限を超過しました :: $1 The SSL license limits are exceeded, either for TPS (Transactions
Per Second) or for MPS (Megabits Per Second).
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
37 bigipExternalLinkChange .1.3.6.1.4.1.3375.2.4.0.37 F5 Events Critical $1 外部インターフェースリンクの状態が変化しました :: $1 An external interface link status changes.
For a fixed port, this is an occurrence when network cables
are connected or removed, and the network is reconfigured;
for a pluggable port (such as a SFP or XFP port), this happens
when the pluggable unit is plugged in or unplugged, or when a cable
is connected or removed from a plugged port.
The possible values are UP, DOWN, DISABLED, or UNPOPULATED.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
38 bigipAsmRequestBlocked .1.3.6.1.4.1.3375.2.4.0.38 F5 Events Minor $1 HTTP リクエストが ASM により ブロックされました :: $1 The HTTP request was blocked because it issued (at least one)
violation(s) which is marked as blocking at the current active policy
in Application Security Module.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
39 bigipAsmRequestViolation .1.3.6.1.4.1.3375.2.4.0.39 F5 Events Warning $1 HTTP リクエストが ASM ポリシーに違反しました :: $1 The HTTP request issued a violation to the current active policy.
This violation is marked as an alerting violation in that policy
in Application Security Module.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
40 bigipGtmPoolAvail .1.3.6.1.4.1.3375.2.4.0.40 F5 Events Normal $1 Pool の状態が利用可能になりました :: $1 A pool is becoming available in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
41 bigipGtmPoolNotAvail .1.3.6.1.4.1.3375.2.4.0.41 F5 Events Critical $1 Pool の状態が利用不可になりました :: $1 A pool is becoming unavailable in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
42 bigipGtmPoolDisabled .1.3.6.1.4.1.3375.2.4.0.42 F5 Events Warning $1 Pool が無効化されました :: $1 A pool is disabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
43 bigipGtmPoolEnabled .1.3.6.1.4.1.3375.2.4.0.43 F5 Events Normal $1 Pool が有効化されました :: $1 A pool is enabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
44 bigipGtmLinkAvail .1.3.6.1.4.1.3375.2.4.0.44 F5 Events Normal $1 リンクの状態が利用可能になりました :: $1 A link is becoming available in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
45 bigipGtmLinkNotAvail .1.3.6.1.4.1.3375.2.4.0.45 F5 Events Critical $1 リンクの状態が利用不可になりました :: $1 A link is becoming unavailable in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
46 bigipGtmLinkDisabled .1.3.6.1.4.1.3375.2.4.0.46 F5 Events Warning $1 リンクが無効化されました :: $1 A link is disabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
47 bigipGtmLinkEnabled .1.3.6.1.4.1.3375.2.4.0.47 F5 Events Normal $1 リンクが有効化されました :: $1 A link is enabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
48 bigipGtmWideIpAvail .1.3.6.1.4.1.3375.2.4.0.48 F5 Events Normal $1 Wide IP が利用可能になりました :: $1 A wide IP is becoming available in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
49 bigipGtmWideIpNotAvail .1.3.6.1.4.1.3375.2.4.0.49 F5 Events Critical $1 Wide IP が利用不可になりました :: $1 A wide IP is becoming unavailable in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
50 bigipGtmWideIpDisabled .1.3.6.1.4.1.3375.2.4.0.50 F5 Events Warning $1 Wide IP が無効化されました :: $1 A wide IP is disabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
51 bigipGtmWideIpEnabled .1.3.6.1.4.1.3375.2.4.0.51 F5 Events Normal $1 Wide IP が有効化されました :: $1 A wide IP is enabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
52 bigipGtmPoolMbrAvail .1.3.6.1.4.1.3375.2.4.0.52 F5 Events Normal $1 Pool メンバーの状態が利用可能になりました :: $1 A pool member is becoming available in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
53 bigipGtmPoolMbrNotAvail .1.3.6.1.4.1.3375.2.4.0.53 F5 Events Critical $1 Pool メンバーの状態が利用不可になりました :: $1 A pool member is becoming unavailable in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
54 bigipGtmPoolMbrDisabled .1.3.6.1.4.1.3375.2.4.0.54 F5 Events Warning $1 Pool メンバーが無効化されました :: $1 A pool member is disabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
55 bigipGtmPoolMbrEnabled .1.3.6.1.4.1.3375.2.4.0.55 F5 Events Normal $1 Pool メンバーが有効化されました :: $1 A pool member is enabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
56 bigipGtmServerAvail .1.3.6.1.4.1.3375.2.4.0.56 F5 Events Normal $1 Server の状態が利用可能になりました :: $1 A server is becoming available in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
57 bigipGtmServerNotAvail .1.3.6.1.4.1.3375.2.4.0.57 F5 Events Critical $1 Server の状態が利用不可になりました :: $1 A server is becoming unavailable in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
58 bigipGtmServerDisabled .1.3.6.1.4.1.3375.2.4.0.58 F5 Events Warning $1 Server が無効化されました :: $1 A server is disabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
59 bigipGtmServerEnabled .1.3.6.1.4.1.3375.2.4.0.59 F5 Events Normal $1 Server が有効化されました :: $1 A server is enabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
60 bigipGtmVsAvail .1.3.6.1.4.1.3375.2.4.0.60 F5 Events Normal $1 Virtual Server の状態が利用可能になりました :: $1 A virtual server is becoming available in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
61 bigipGtmVsNotAvail .1.3.6.1.4.1.3375.2.4.0.61 F5 Events Critical $1 Virtual Server の状態が利用不可になりました :: $1 A virtual server is becoming unavailable in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
62 bigipGtmVsDisabled .1.3.6.1.4.1.3375.2.4.0.62 F5 Events Warning $1 Virtual Server が無効化されました :: $1 A virtual server is disabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
63 bigipGtmVsEnabled .1.3.6.1.4.1.3375.2.4.0.63 F5 Events Normal $1 Virtual Server が有効化されました :: $1 A virtual server is enabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
64 bigipGtmDcAvail .1.3.6.1.4.1.3375.2.4.0.64 F5 Events Normal $1 Data Center の状態が利用可能になりました :: $1 A data center is becoming available in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
65 bigipGtmDcNotAvail .1.3.6.1.4.1.3375.2.4.0.65 F5 Events Critical $1 Data Center の状態が利用不可になりました :: $1 A data center is becoming unavailable in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
66 bigipGtmDcDisabled .1.3.6.1.4.1.3375.2.4.0.66 F5 Events Warning $1 Data Center が無効化されました :: $1 A data center is disabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
67 bigipGtmDcEnabled .1.3.6.1.4.1.3375.2.4.0.67 F5 Events Normal $1 Data Center が有効化されました :: $1 A data center is enabled in global traffic management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
68 bigipHardDiskFailure .1.3.6.1.4.1.3375.2.4.0.68 F5 Events Critical $1 ハードディスクに障害が発生しました :: $1 Deprecated! This object has been eliminated.
The hard disk is failing.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
69 bigipGtmAppObjAvail .1.3.6.1.4.1.3375.2.4.0.69 F5 Events Normal $1 Application Object の状態が利用可能になりました :: $1 An application object is becoming available in global management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
70 bigipGtmAppObjNotAvail .1.3.6.1.4.1.3375.2.4.0.70 F5 Events Critical $1 Application Object の状態が利用不可になりました :: $1 An application object is becoming unavailable in global management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
71 bigipGtmAppAvail .1.3.6.1.4.1.3375.2.4.0.71 F5 Events Normal $1 Application の状態が利用可能になりました :: $1 An application is becoming available in global management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
72 bigipGtmAppNotAvail .1.3.6.1.4.1.3375.2.4.0.72 F5 Events Critical $1 Application の状態が利用不可になりました :: $1 An application is becoming unavailable in global management module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
73 bigipGtmJoinedGroup .1.3.6.1.4.1.3375.2.4.0.73 F5 Events Normal $1 GTM が同期グループに参加しました :: $1 BIG-IP GTM joined sync group. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
74 bigipGtmLeftGroup .1.3.6.1.4.1.3375.2.4.0.74 F5 Events Warning $1 GTM が同期グループから外れました :: $1 BIG-IP GTM left sync group. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
75 bigipStandByFail .1.3.6.1.4.1.3375.2.4.0.75 F5 Events Minor $1 スタンバイからアクティブに移行することが出来ません :: $1 In failover condition, this standby will not be able to go active. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
76 bigipInetPortExhaustion .1.3.6.1.4.1.3375.2.4.0.76 F5 Events Critical $1 利用可能な送信元ポートが枯渇したため、新規コネクションをオープンできません :: $1 The TMM has run out of source ports and cannot open new communications
channels with other machines.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
77 bigipGtmBoxAvail .1.3.6.1.4.1.3375.2.4.0.77 F5 Events Normal $1 GTM が起動しました :: $1 A gtm machine (which equates to an iquery connect to a gtm machine)
has gone UP
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
78 bigipGtmBoxNotAvail .1.3.6.1.4.1.3375.2.4.0.78 F5 Events Critical $1 GTM が停止しました :: $1 A gtm machine (which equates to an iquery connect to a gtm machine)
has gone DOWN
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
79 bigipAsmFtpRequestBlocked .1.3.6.1.4.1.3375.2.4.0.79 F5 Events Minor $1 FTP リクエストが ASM によりブロックされました :: $1 The FTP request was blocked because it issued (at least one)
violation(s) which is marked as blocking at the current active policy
in Application Security Module.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
80 bigipAsmFtpRequestViolation .1.3.6.1.4.1.3375.2.4.0.80 F5 Events Warning $1 FTP リクエストが ASM ポリシーに違反しました :: $1 The FTP request issued a violation to the current active policy.
This violation is marked as an alerting violation in that policy
in Application Security Module.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
81 bigipGtmBig3dSslCertExpired .1.3.6.1.4.1.3375.2.4.0.81 F5 Events Critical $1 GTM の BIG3D SSL 証明書の期限が切れました :: $1 BIG-IP GTM BIG3D SSL Cert has expired. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
82 bigipGtmBig3dSslCertWillExpire .1.3.6.1.4.1.3375.2.4.0.82 F5 Events Warning $1 GTM の BIG3D SSL 証明書の有効期限が近づいています :: $1 BIG-IP GTM BIG3D SSL Cert will expire. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
83 bigipGtmSslCertExpired .1.3.6.1.4.1.3375.2.4.0.83 F5 Events Critical $1 GTM の SSL 証明書の期限が切れました :: $1 BIG-IP GTM SSL Cert has expired. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
84 bigipGtmSslCertWillExpire .1.3.6.1.4.1.3375.2.4.0.84 F5 Events Warning $1 GTM の SSL 証明書の有効期限が近づいています :: $1 BIG-IP GTM SSL Cert will expire. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
85 bigipAsmSmtpRequestBlocked .1.3.6.1.4.1.3375.2.4.0.85 F5 Events Minor $1 SMTP リクエストが ASM によりブロックされました :: $1 The SMTP request was blocked because it issued (at least one)
violation(s) which is marked as blocking at the current active policy
in Application Security Module.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
86 bigipAsmSmtpRequestViolation .1.3.6.1.4.1.3375.2.4.0.86 F5 Events Warning $1 STMP リクエストが ASM ポリシーに違反しました :: $1 The SMTP request issued a violation to the current active policy.
This violation is marked as an alerting violation in that policy
in Application Security Module.
1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
87 bigipBladeTempHigh .1.3.6.1.4.1.3375.2.4.0.87 F5 Events Critical $1 ブレードの温度が閾値を超えました :: $1 Blade temperature is too high. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
88 bigipBladeNoPower .1.3.6.1.4.1.3375.2.4.0.88 F5 Events Critical $1 ブレードの電源が停止しました :: $1 A blade lost power. The blade may be pulled out 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
89 bigipClusterdNoResponse .1.3.6.1.4.1.3375.2.4.0.89 F5 Events Critical $1 クラスターデーモンが無応答になっています :: $1 The cluster daemon failed to respond for 10 or more seconds. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
90 bigipBladeOffline .1.3.6.1.4.1.3375.2.4.0.90 F5 Events Critical $1 ブレードに障害が発生したため、オフラインになりました :: $1 A blade has failed - offline. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
91 bigipAsmDosAttackDetected .1.3.6.1.4.1.3375.2.4.0.91 F5 Events Critical $1 ASM が DoS 攻撃を検知しました :: $1 DoS attack detected by Application Security Module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
92 bigipAsmBruteForceAttackDetected .1.3.6.1.4.1.3375.2.4.0.92 F5 Events Critical $1 ASM がブルートフォースアタックを検知しました :: $1 Brute force attack detected by Application Security Module. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
93 bigipAomCpuTempTooHigh .1.3.6.1.4.1.3375.2.4.0.93 F5 Events Critical $1 CPU の温度が閾値を超えました :: $1 AOM reports the air temperature near the host CPU too high. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
94 bigipGtmKeyGenerationRollover .1.3.6.1.4.1.3375.2.4.0.94 F5 Events Normal $1 DNSSEC の鍵が更新されました :: $1 DNSSEC Key generation has rolled over. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
95 bigipGtmKeyGenerationExpiration .1.3.6.1.4.1.3375.2.4.0.95 F5 Events Critical $1 DNSSEC の鍵の有効期限が切れました :: $1 DNSSEC Key generation has expired. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
96 bigipRaidDiskFailure .1.3.6.1.4.1.3375.2.4.0.96 F5 Events Critical $1 RAID ディスクアレイに障害が発生しました :: $1 Disk failure in a RAID disk array. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
97 bigipGtmProberPoolStatusChange .1.3.6.1.4.1.3375.2.4.0.97 F5 Events Critical $1 Prober Pool の状態が変化しました :: $1 Prober Pool Status Change. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
98 bigipGtmProberPoolStatusChangeReason .1.3.6.1.4.1.3375.2.4.0.98 F5 Events Critical $1 Prober Pool の状態変化の理由: $1 Prober Pool Status Change Reason. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
99 bigipGtmProberPoolDisabled .1.3.6.1.4.1.3375.2.4.0.99 F5 Events Warning $1 Prober Pool が無効化されました :: $1 Prober Pool Disabled. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
100 bigipGtmProberPoolEnabled .1.3.6.1.4.1.3375.2.4.0.100 F5 Events Normal $1 Prober Pool が有効化されました :: $1 Prober Pool Enabled. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
101 bigipGtmProberPoolMbrStatusChange .1.3.6.1.4.1.3375.2.4.0.101 F5 Events Critical $1 Prober Pool メンバーの状態が変化しました :: $1 Prober Pool Member Status Change. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
102 bigipGtmProberPoolMbrStatusChangeReason .1.3.6.1.4.1.3375.2.4.0.102 F5 Events Critical $1 Prober Pool メンバーの状態変化の理由: $1 Prober Pool Member Status Change Reason. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
103 bigipGtmProberPoolMbrDisabled .1.3.6.1.4.1.3375.2.4.0.103 F5 Events Warning $1 Prober Pool メンバーが無効化されました :: $1 Prober Pool Member Disabled. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
104 bigipGtmProberPoolMbrEnabled .1.3.6.1.4.1.3375.2.4.0.104 F5 Events Normal $1 Prober Pool メンバーが有効化されました :: $1 Prober Pool Member Enabled. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
105 bigipAvrAlertsMetricSnmp .1.3.6.1.4.1.3375.2.4.0.105 F5 Events Minor $1 AVR アラートメトリックの状態が変化しました :: $1 AVR alert metric state changed - notification for SNMP. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
106 bigipAvrAlertsMetricSmtp .1.3.6.1.4.1.3375.2.4.0.106 F5 Events Minor $1 AVR アラートメトリックの状態が変化しました :: $1 AVR alert metric state changed - notification for SMTP (based on SNMP). 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
107 bigipVcmpAlertsVcmpPowerOn .1.3.6.1.4.1.3375.2.4.0.107 F5 Events Normal $1 vCMP ゲストが起動しました :: $1 A VCMP guest is powered on from a suspended or powered off state. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
108 bigipVcmpAlertsVcmpPowerOff .1.3.6.1.4.1.3375.2.4.0.108 F5 Events Warning $1 vCMP ゲストが停止しました :: $1 A VCMP guest is powered off. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
109 bigipVcmpAlertsVcmpHBLost .1.3.6.1.4.1.3375.2.4.0.109 F5 Events Critical $1 vCMP ゲストのハートビートが消失しました :: $1 A VCMP guest heartbeat is lost. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
110 bigipVcmpAlertsVcmpHBDetected .1.3.6.1.4.1.3375.2.4.0.110 F5 Events Normal $1 vCMP ゲストのハートビートを検出しました :: $1 A VCMP guest heartbeat is detected or regained. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
111 bigipSsdMwiNearThreshold .1.3.6.1.4.1.3375.2.4.0.111 F5 Events Warning $1 SSD ディスクの消耗指数が閾値に近づいています :: $1 SSD disk wear-out indicator is near its threshold. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
112 bigipSsdMwiReachedThreshold .1.3.6.1.4.1.3375.2.4.0.112 F5 Events Minor $1 SSD ディスクの消耗指数が閾値を超過しました :: $1 SSD disk wear-out indicator has reached its threshold. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
113 bigipSystemCheckAlertTempHigh .1.3.6.1.4.1.3375.2.4.0.113 F5 Events Critical $1 温度が閾値を超過しました :: $1 Temperature is too high. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
114 bigipSystemCheckAlertVoltageHigh .1.3.6.1.4.1.3375.2.4.0.114 F5 Events Critical $1 電圧が閾値を超過しました :: $1 Voltage is too high. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
115 bigipSystemCheckAlertFanSpeedLow .1.3.6.1.4.1.3375.2.4.0.115 F5 Events Minor $1 ファンの回転速度が閾値を下回りました :: $1 Fan speed is too low. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
116 bigipLibhalSsdPhysicalDiskRemoved .1.3.6.1.4.1.3375.2.4.0.116 F5 Events Warning $1 SSD 物理ディスクが取り外されました :: $1 SSD physical disk was removed. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
117 bigipLibhalSsdLogicalDiskRemoved .1.3.6.1.4.1.3375.2.4.0.117 F5 Events Warning $1 SSD 論理ディスクが取り外されました :: $1 SSD logical disk was removed. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
118 bigipLibhalDiskBayRemoved .1.3.6.1.4.1.3375.2.4.0.118 F5 Events Warning $1 ディスクマウンタがベイから取り外されました :: $1 Disk sled was removed from a bay. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
119 bigipLibhalBladePoweredOff .1.3.6.1.4.1.3375.2.4.0.119 F5 Events Warning $1 ブレードが停止します :: $1 Blade is about to be powered off. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.
120 bigipLibhalSensorAlarmCritical .1.3.6.1.4.1.3375.2.4.0.120 F5 Events Critical $1 ブレードのハードウェアセンサーが危険域アラームを検出しました :: $1 Blade hardware sensor indicated critical alarm. 1 bigipNotifyObjMsg OCTETSTR The additional information about the related notification.

テーマ : おすすめソフトウェア
ジャンル : コンピュータ

プロフィール

米麹

筆者: 米麹
某社に勤務する SE です。
ここでは本職とは関係のない趣味的な検証情報などを書いていきます。

注意事項とお願い
記事の内容は掲載時点のもので、現在は異なる可能性があります。情報に誤りや不適切な事項があった場合には、コメントやメールフォームでご指摘下さい。
また、本サイトの情報を利用することによって生じたいかなる損害についても、筆者は責任を負いかねますのでご了承下さい。
カレンダー
07 | 2018/08 | 09
- - - 1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31 -
最新記事
月別アーカイブ
カテゴリ
全記事表示リンク

全ての記事を表示する

検索フォーム
メールフォーム

名前:
メール:
件名:
本文:

上記広告は1ヶ月以上更新のないブログに表示されています。新しい記事を書くことで広告を消せます。