Настройка SNMP v2 TRAP на Zabbix server на примере CISCO ro

Обсуждаем сайт и форум.

Модератор: f0s

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Настройка SNMP v2 TRAP на Zabbix server на примере CISCO ro

Непрочитанное сообщение vintovkin » 2014-01-16 12:55:44

Добрый день, хотелось бы написать статью по сабжу, ибо в инете данной информации практически нет. Я уверен , что все хорошо понимают этот процесс, но всё таки хотелось ещё раз рассмотреть как данные генерируются роутером, затем отправляются по IP в сеть и обрабатываются сервером на примере рисунка №1.При настройке на Zabbix , SNMP interfaces должны соответствовать trap source interface на роутере
Вложения
liss1.jpg
Junos OS kernel based on FreeBSD UNIX.

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2460 рублей (8 CPU, 8Gb RAM, 2x500Gb HDD, RAID 3ware 9750):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-16 16:40:51

Настройка:
0. Будем считать, что у нас нормально настроен zabbix server и cisco router , они доступны по IP и правильно настроен IP routing (должен быть доступен interface loopback 0 на cisco).Интерфейс Loopback 0 был выбран не случайно, потому что может быть топология сети в которой Cisco будет в другом вилане или сети (vlan/network)

Код: Выделить всё

gns3#uname -a
FreeBSD gns3 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243826: Tue Dec  4 06:55:39 UTC 2012     root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
gns3#pkg_info | grep zabbix
zabbix2-frontend-2.0.10 Enterprise-class open source distributed monitoring (fronte
zabbix2-server-2.0.10 Enterprise-class open source distributed monitoring (server
1. Установите два порта net-snmp (С поддержкой MYSQL) и snmptt

Код: Выделить всё

gns3#cd /usr/ports/net-mgmt/net-snmp/ && make config install clean  

                                          ?????????????????????????????? net-snmp-5.7.2_3 ????????????????????????????????
                                          ? ???????????????????????????????????????????????????????????????????????????? ?
                                          ? ? [ ] AX_SOCKONLY    Disable UDP/TCP transports for agentx                 ? ?
                                          ? ? [ ] DMALLOC        Enable dmalloc debug memory allocator                 ? ?
                                          ? ? [x] DUMMY          Enable dummy values as placeholders                   ? ?
                                          ? ? [x] IPV6           IPv6 protocol support                                 ? ?
                                          ? ? [ ] MFD_REWRITES   Build with 64-bit Interface Counters                  ? ?
                                          ? ? [x] MYSQL          MySQL database support                                ? ?
                                          ? ? [x] PERL           Perl scripting language support                       ? ?
                                          ? ? [x] PERL_EMBEDDED  Build embedded perl                                   ? ?
                                          ? ? [ ] PYTHON         Python bindings or support                            ? ?
                                          ? ? [x] SMUX           Build with SNMP multiplexing (SMUX) support           ? ?
                                          ? ? [ ] TKMIB          Install graphical MIB browser                         ? ?
                                          ? ? [ ] UNPRIVILEGED   Allow unprivileged users to execute net-snmp          ? ?
                                          ? ???????????????????????????????????????????????????????????????????????????? ?
                                          ????????????????????????????????????????????????????????????????????????????????
                                          ?                       <  OK  >            <Cancel>                           ?
                                          ????????????????????????????????????????????????????????????????????????????????

Код: Выделить всё

gns3#cd /usr/ports/net-mgmt/snmptt/ && make install clean
Небольшое пояснение по демонам, net-snmp имеет в себе несколько демонов, нам нужен только один – snmptrapd, он висит на udp/162 порту на freebsd и слушает входящие трапы которые посылает Cisco router (в картинке 1 (tcpdump) было показанно как он обрабатывает IP packets) потом, когда он получил данные (SNMP OID) он их передаёт другому демону SNMPTT (TT – значит trap translator, переводчик трапов из цифровых значений (SNMP OID MIB) в слова понятные человеку) на этом его работа заканчивается.SNMPTT переводит SNMP OID MIB в слова понятные человеку и уже переведённые данные пишет в файл /tmp/zabbix_traps.tmp откуда потом zabbix server забирает эти данные через свои механизмы и отображает на своём WEB interface.

3.Конфигурационные файлы и запуск демонов (укажите своё SNMP community)

Код: Выделить всё

gns3#cat /etc/rc.conf | grep snmp
snmptrapd_enable="YES"
snmptt_enable="YES"
gns3#cat /usr/local/etc/snmp/snmptrapd.conf
disableAuthorization yes
authCommunity log,execute,net zabbix
traphandle default /usr/local/sbin/snmptthandler
Создайте две папки:

Код: Выделить всё

gns3#mkdir /var/log/snmptt/
gns3#mkdir /var/spool/snmptt/
Создайте файл ( /usr/local/etc/snmp/cisco.conf ) с двумя строчками;

Код: Выделить всё

gns3#cat /usr/local/etc/snmp/cisco.conf
EVENT general .* "General event" Normal
FORMAT ZBXTRAP $aA $ar
Демон SNMPTT имеет большой конфиг ( /usr/local/etc/snmp/snmptt.ini )
разбит на блоки и имеет много комментариев , поэтому отищите и замените удобным вам редактором 7 строчек на следующие (последние три строчки в файле это блок в файле);

Код: Выделить всё

mode = daemon
net_snmp_perl_enable = 1
date_time_format = %H:%M:%S %Y/%m/%d
log_file = /tmp/zabbix_traps.tmp
snmptt_conf_files = <<END
/usr/local/etc/snmp/cisco.conf
END
Запустите демонов и проверте статус;

Код: Выделить всё

gns3# service snmptrapd start
Starting snmptrapd.
gns3# service snmptrapd status
snmptrapd is running as pid 69553.
gns3# service snmptt start
Starting snmptt.
gns3# service snmptt status
snmptt is running as pid 69568.
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-16 17:44:09

4. Настройка Zabbix server.Напишите в конфиг Zabbix server (/usr/local/etc/zabbix2/zabbix_server.conf ) две строчки.

Код: Выделить всё

SNMPTrapperFile=/tmp/zabbix_traps.tmp
StartSNMPTrapper=1
5.Создайте в Zabbix Template с именем snmp-v2-trap , который потом мы будем добавлять к хосту (Cisco router - R1), далее создайте Item (в этом Template: snmp-v2-trap) со следующими параметрами (см. рисунок №2) Log time format - hh:mm:ss yyyy/MM/dd
Вложения
рисунок2.jpg
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-16 17:46:12

6.Создайте хост R1 c SNMP interfaces 1.1.1.1 - это IP address который используется при создании\отправки на cisco SNMP trap (в нашем варианте это 1.1.1.1 , interface loopback 0) Добавте к этому хосту Template: snmp-v2-trap (см. Рисунок №3)
Вложения
рисунок3.jpg
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-16 18:16:56

7.Сгенерируйте на Cisco router snmp trap несколькими командами, например, если войти в режим global configuration (conf t) а потом выйти (end) и сохранить конфиг (wr), то будут высланы трапы, которые мы видели на рисунке №1(tcpdump).Если всё было правильно настроено, то мы должны их увидеть с небольшой задержкой (около 5 сек.) на WEB interface Zabbix в разделе Monitoring->Dashboard->Latest data->Host R1->snmp-trap (1 Item)нажать плюсик->History (см. рисунок №4)
Команды на Cisco router:

Код: Выделить всё

R1#show version | include IOS         !!!!!!!!!!!!!!!!!!Команды на Cisco router!!!!!!!!!!!!!!!!!!!!!!!!!!
Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.2(4)S4, RELEASE SOFTWARE (fc2)
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#end
R1#wr
Building configuration...
[OK]
R1#
Вложения
Рисунок4.jpg
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-16 19:06:47

8. Перевод числовых значений SNMP MIB OID в более понятные для человека слова на примере Link UD\DOWN , протоколов BGP , OSPF , VRRP , HSRP.
Скопируйте полученное значение OID в snmp trap , которое мы получили предидущем в пункте №7 - .1.3.6.1.4.1.9.9.43.2.0.1
Перейдите на сайт cisco в раздел SNMP Object Navigator http://tools.cisco.com/Support/SNMP/do/BrowseOID.do вставте OID , нажмите кнопку Translate,
Нажмите и перейдите по ссылке MIB CISCO-CONFIG-MAN-MIB , скачайте все текстовые файлы нужные для данной MIB , они маленькие, по несколько КБ (см рисунок №5 и №6)
Вложения
Рисунок5.png
рисунок5
рисунок6.jpg
рисунок6
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-17 11:34:01

9.Скопируйте скачанные файлы с сайта cisco на freebsd (zabbix server) , можно через samba, ftp, scp (ssh).
10.Скопируйте файлы в папку .snmp/mibs/ вашего пользователя , у меня пользователь ed , вот полный путь и сами файлы скачанные с cisco site;

Код: Выделить всё

gns3# pwd
/usr/home/ed/.snmp/mibs
gns3# ll
total 240
-rw-r--r--  1 root  wheel  36493 Jan 16 20:30 CISCO-CONFIG-MAN-MIB.my
-rw-r--r--  1 root  wheel  16468 Jan 16 20:28 CISCO-SMI.my
-rw-r--r--  1 root  wheel  94342 Jan 16 20:29 CISCO-TC.my
-rw-r--r--  1 root  wheel  17177 Jan 16 20:29 INET-ADDRESS-MIB.my
-rw-r--r--  1 root  wheel  22354 Jan 16 20:29 SNMP-FRAMEWORK-MIB.my
-rw-r--r--  1 root  wheel    528 Jan 16 20:28 SNMPv2-CONF.my
-rw-r--r--  1 root  wheel   1349 Jan 16 20:28 SNMPv2-SMI.my
-rw-r--r--  1 root  wheel  35185 Jan 16 20:28 SNMPv2-TC.my
gns3#
11. Сконвертируйте все файлы командой snmpttconvertmib (потребуется 8 команд (по кол-ву файлов), команды ниже, они отличаются только именами скачанных файлов с cisco) вывод этих команд показан не будет, но вы его должны увидеть, пути будут отличаться, т.к. у вас другой username.Подсказка – скопируйте в блокнот вывод команды ll (пункт 10), чтобы удобно и быстро можно было копипастить названия файлов.

Код: Выделить всё

gns3# h
  1108  20:35   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/CISCO-CONFIG-MAN-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1109  20:36   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/CISCO-SMI.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1110  20:36   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/CISCO-TC.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1111  20:36   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/INET-ADDRESS-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1112  20:36   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/SNMP-FRAMEWORK-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1113  20:37   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/SNMPv2-CONF.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1114  20:37   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/SNMPv2-SMI.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1115  20:37   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/SNMPv2-TC.my --out=/usr/local/etc/snmp/cisco.conf --debug
gns3#
Таким образом мы внесли изменения в файл /usr/local/etc/snmp/cisco.conf , в нём появились секции с описанием цифровых OID SNMP трапов. Отредактируйте этот файл, вставте ZBXTRAP $aA после слова FORMAT (сейчас вам надо вставить ZBXTRAP $aA всего в трёх строчках) например была строка

Код: Выделить всё

FORMAT Notification of a configuration management event as $*
Стала

Код: Выделить всё

FORMAT ZBXTRAP $aA Notification of a configuration management event as $*
Перезапустите демона snmptt.Примечание, без этих изменений zabbix server будет писать в логах ошибку … invalid trap found …
Зайдите на cisco router , повторите все действия из пункта 7.Чтобы полностью понять и расшифровать сообщение (Notification of a configuration management event as 1 3 4 (которое должно появится на zabbix)), нужно посмотреть в файл CISCO-CONFIG-MAN-MIB.my в котором полностью описаны все переменные и их значения, при настройке остальных трапов будет тоже самое, т.е. в конце сообщения, мы будем получать цифры – это переменные, в них информация по протоколу, например IP addr, состояние BGP (established будет 6 (последнее от 1 до 6)) , статус VRRP роутера (master/backup) для каждого протокола свой файл MIB с полным описанием.см рисунок №7.
Вложения
7.jpg
рисунок 7
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-17 12:46:27

12.Интерфейсы.Выключаем (shut) интерфейс на cisco router, cisco router нам отправляем OID snmp trap на zabbix сервер, который мы копируем (.1.3.6.1.4.1.9.9.138.2.0.2) и идём с ним на SNMP Object Navigator http://tools.cisco.com/Support/SNMP/do/ ... o?local=en и скачиваем его MIB, повторяем пункты 8 ->9->10->11, в этот раз не надо качать все файлы, потому что некоторые из них мы скачали в прошлый раз (просто сверте их по именам) в данный момент надо скачать два файла CISCO-ENTITY-ALARM-MIB.my , ENTITY-MIB.my см. рисунок №8

Код: Выделить всё

gns3# ll /usr/home/ed/.snmp/mibs/ | grep CISCO-ENTITY-ALARM-MIB.my
-rw-r--r--  1 root  wheel  32045 Jan 17 13:16 CISCO-ENTITY-ALARM-MIB.my
gns3# ll /usr/home/ed/.snmp/mibs/ | grep ENTITY-MIB.my
-rw-r--r--  1 root  wheel  59499 Jan 17 13:15 ENTITY-MIB.my
gns3# h
  1138  13:17   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/ENTITY-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1139  13:17   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/CISCO-ENTITY-ALARM-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
gns3#
Не забывайте каждый раз после конвертирования редактировать файл и рестарторать демона (пункт 11).
Вложения
8.jpg
Рисунок 8
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-17 13:24:15

Включение интерфейса (no shut) генерирует трап .1.3.6.1.6.3.1.1.5.4 (c cisco site качаем три файла SNMPv2-MIB.my , IANAifType-MIB.my , IF-MIB.my ), повторяем пункт 12 (конвертируем , редактируем файлы, ребутим демона).

Код: Выделить всё

gns3# h
  1151  13:58   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/SNMPv2-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1152  13:59   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/IANAifType-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1153  13:59   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/IF-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1155  14:00   vi /usr/local/etc/snmp/cisco.conf
  1156  14:02   service snmptt restart
gns3#
На cisco router делаем shutdown желательно в этот момент смотреть на трапы в Zabbix и после того как получим трап A linkDown trap signifies that the SNMP entity, acting in 3 FastEthernet1/0 ethernetCsmacd administratively down делаем no shut и получаем трап A linkUp trap signifies that the SNMP entity, acting in an 3 FastEthernet1/0 ethernetCsmacd Если выполнить быстро эти команды, трап не успеет сгенерироваться, поэтому не торопитесь при настройке.
Ниже ТРАПЫ в обычном тексте (в zabbix есть такая фича - As plain text) незнакомые трапы между нашими трапами это OSPF (.1.3.6.1.2.1.14.16.2.12) потому что при падении линка он тоже генерит свои трапы … его мы рассмотрим далее.
R1: General events
01/17/2014 02:10:51 PM 1389953451 14:10:46 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:46 PM 1389953446 14:10:41 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:41 PM 1389953441 14:10:36 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:41 PM 1389953441 14:10:35 2014/01/17 .1.3.6.1.2.1.14.16.2.10 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:36 PM 1389953436 14:10:30 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:36 PM 1389953436 14:10:30 2014/01/17 .1.3.6.1.2.1.14.16.2.2 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:31 PM 1389953431 14:10:29 2014/01/17 .1.3.6.1.4.1.9.9.138.2.0.2 Normal "Status Events" r1 - 26 1 4 79142658 Physical Port Administrative State Down
01/17/2014 02:10:31 PM 1389953431 14:10:29 2014/01/17 .1.3.6.1.4.1.9.9.41.2.0.1 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:31 PM 1389953431 14:10:27 2014/01/17 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events" r1 - A linkUp trap signifies that the SNMP entity, acting in an 3 FastEthernet1/0 ethernetCsmacd
01/17/2014 02:09:50 PM 1389953390 14:09:46 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:09:50 PM 1389953390 14:09:46 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:09:45 PM 1389953385 14:09:43 2014/01/17 .1.3.6.1.6.3.1.1.5.3 Normal "Status Events" r1 - A linkDown trap signifies that the SNMP entity, acting in 3 FastEthernet1/0 ethernetCsmacd administratively down
01/17/2014 02:09:45 PM 1389953385 14:09:42 2014/01/17 .1.3.6.1.4.1.9.9.138.2.0.1 Normal "Status Events" r1 - 26 1 4 79137926 Physical Port Administrative State Down
01/17/2014 02:09:45 PM 1389953385 14:09:41 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:09:45 PM 1389953385 14:09:40 2014/01/17 .1.3.6.1.2.1.14.16.2.16 Normal "General event" r1 - 1.1.1.1
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-17 18:40:01

13.OSPF. Повторяем весь процесс как для настройки интерфейсов – пункт 12, потом делаем shut/no shut и получаем трапы которые сообщают нам об этих событиях на zabbix, также в этих трапах есть информация с IP адресами роутеров (peers) и номера зон (area) .

Код: Выделить всё

gns3# h
  1161  16:02   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/OSPF-TRAP-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1162  16:02   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/OSPF-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1183  16:12   vi /usr/local/etc/snmp/cisco.conf
  1184  16:17   service snmptt restart
gns3#
R1: General events
01/17/2014 04:22:46 PM 1389961366 16:22:43 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "Status Events" r1 - An ospfOriginateLsa trap signifies that a new 1.1.1.1 0.0.0.1 3 192.168.3.0 1.1.1.1
01/17/2014 04:22:46 PM 1389961366 16:22:42 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "Status Events" r1 - An ospfOriginateLsa trap signifies that a new 1.1.1.1 0.0.0.1 3 3.3.3.3 1.1.1.1
01/17/2014 04:22:41 PM 1389961361 16:22:38 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "Status Events" r1 - An ospfOriginateLsa trap signifies that a new 1.1.1.1 0.0.0.0 1 1.1.1.1 1.1.1.1
01/17/2014 04:22:41 PM 1389961361 16:22:36 2014/01/17 .1.3.6.1.2.1.14.16.2.10 Normal "Status Events" r1 - An ospfTxRetransmit trap signifies than an 1.1.1.1 192.168.3.1 0 3.3.3.3 2 0 0.0.0.0 0.0.0.0
01/17/2014 04:22:36 PM 1389961356 16:22:32 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "Status Events" r1 - An ospfOriginateLsa trap signifies that a new 1.1.1.1 0.0.0.0 1 1.1.1.1 1.1.1.1
01/17/2014 04:22:36 PM 1389961356 16:22:32 2014/01/17 .1.3.6.1.2.1.14.16.2.2 Normal "Status Events" r1 - An ospfNbrStateChange trap signifies that 1.1.1.1 192.168.3.2 0 3.3.3.3 4
01/17/2014 04:22:36 PM 1389961356 16:22:31 2014/01/17 .1.3.6.1.4.1.9.9.138.2.0.2 Normal "Status Events" r1 - 26 1 4 79934830 Physical Port Administrative State Down
01/17/2014 04:22:36 PM 1389961356 16:22:31 2014/01/17 .1.3.6.1.4.1.9.9.41.2.0.1 Normal "General event" r1 - 1.1.1.1
01/17/2014 04:22:30 PM 1389961350 16:22:29 2014/01/17 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events" r1 - A linkUp trap signifies that the SNMP entity, acting in an 3 FastEthernet1/0 ethernetCsmacd
01/17/2014 04:22:01 PM 1389961321 16:21:59 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "Status Events" r1 - An ospfOriginateLsa trap signifies that a new 1.1.1.1 0.0.0.1 3 192.168.3.0 1.1.1.1
01/17/2014 04:22:01 PM 1389961321 16:21:59 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "Status Events" r1 - An ospfOriginateLsa trap signifies that a new 1.1.1.1 0.0.0.1 3 3.3.3.3 1.1.1.1
01/17/2014 04:21:56 PM 1389961316 16:21:55 2014/01/17 .1.3.6.1.4.1.9.9.138.2.0.1 Normal "Status Events" r1 - 26 1 4 79931233 Physical Port Administrative State Down
01/17/2014 04:21:56 PM 1389961316 16:21:54 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "Status Events" r1 - An ospfOriginateLsa trap signifies that a new 1.1.1.1 0.0.0.0 1 1.1.1.1 1.1.1.1
01/17/2014 04:21:56 PM 1389961316 16:21:53 2014/01/17 .1.3.6.1.2.1.14.16.2.16 Normal "Status Events" r1 - An ospfIfStateChange trap signifies that there 1.1.1.1 192.168.3.1 0 7
01/17/2014 04:21:56 PM 1389961316 16:21:53 2014/01/17 .1.3.6.1.2.1.14.16.2.16 Normal "Status Events" r1 - An ospfIfStateChange trap signifies that there 1.1.1.1 192.168.3.1 0 5
01/17/2014 02:10:51 PM 1389953451 14:10:46 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:46 PM 1389953446 14:10:41 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:41 PM 1389953441 14:10:36 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:41 PM 1389953441 14:10:35 2014/01/17 .1.3.6.1.2.1.14.16.2.10 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:36 PM 1389953436 14:10:30 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:36 PM 1389953436 14:10:30 2014/01/17 .1.3.6.1.2.1.14.16.2.2 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:31 PM 1389953431 14:10:29 2014/01/17 .1.3.6.1.4.1.9.9.138.2.0.2 Normal "Status Events" r1 - 26 1 4 79142658 Physical Port Administrative State Down
01/17/2014 02:10:31 PM 1389953431 14:10:29 2014/01/17 .1.3.6.1.4.1.9.9.41.2.0.1 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:10:31 PM 1389953431 14:10:27 2014/01/17 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events" r1 - A linkUp trap signifies that the SNMP entity, acting in an 3 FastEthernet1/0 ethernetCsmacd
01/17/2014 02:09:50 PM 1389953390 14:09:46 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:09:50 PM 1389953390 14:09:46 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:09:45 PM 1389953385 14:09:43 2014/01/17 .1.3.6.1.6.3.1.1.5.3 Normal "Status Events" r1 - A linkDown trap signifies that the SNMP entity, acting in 3 FastEthernet1/0 ethernetCsmacd administratively down
01/17/2014 02:09:45 PM 1389953385 14:09:42 2014/01/17 .1.3.6.1.4.1.9.9.138.2.0.1 Normal "Status Events" r1 - 26 1 4 79137926 Physical Port Administrative State Down
01/17/2014 02:09:45 PM 1389953385 14:09:41 2014/01/17 .1.3.6.1.2.1.14.16.2.12 Normal "General event" r1 - 1.1.1.1
01/17/2014 02:09:45 PM 1389953385 14:09:40 2014/01/17 .1.3.6.1.2.1.14.16.2.16 Normal "General event" r1 - 1.1.1.1
14.BGP. Такая же логика настройки как для интерфейсов и OSPF (пункты 12 и 13) т.е. увидели трап (числовое значение OID типа .1.3.6.1.2.1.14.16.2.12) скачали под него MIB на сайте cisco, сконвертировали командой snmpttconvertmib, отредактировали /usr/local/etc/snmp/cisco.conf , ребутнули демона SNMPTT сгенерили ещё раз такой же трап и проверили на веб морде zabbix … Команды на cisco

Код: Выделить всё

R1#sh ip bgp summ
BGP router identifier 1.1.1.1, local AS number 2000
BGP table version is 86, main routing table version 86
11 network entries using 1584 bytes of memory
11 path entries using 880 bytes of memory
5/5 BGP path/bestpath attribute entries using 680 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3168 total bytes of memory
BGP activity 69/58 prefixes, 103/92 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4         2000    7503    8310       86    0    0 5d04h           0
11.11.11.11     4         1000    5703    6306       86    0    0 3d23h           1
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router bgp 2000
R1(config-router)#neighbor 2.2.2.2 shutdown
Получили опять трапы типа .1.3.6.1.4.1.9.9.187.0.8
R1: General events
01/17/2014 06:54:52 PM 1389970492 18:54:51 2014/01/17 .1.3.6.1.4.1.9.9.187.0.1 Normal "General event" r1 - 1.1.1.1
01/17/2014 06:54:52 PM 1389970492 18:54:51 2014/01/17 .1.3.6.1.4.1.9.9.187.0.7 Normal "General event" r1 - 1.1.1.1
01/17/2014 06:54:52 PM 1389970492 18:54:50 2014/01/17 .1.3.6.1.4.1.9.9.187.0.2 Normal "General event" r1 - 1.1.1.1
01/17/2014 06:54:52 PM 1389970492 18:54:49 2014/01/17 .1.3.6.1.4.1.9.9.187.0.8 Normal "General event" r1 - 1.1.1.1
01/17/2014 06:54:52 PM 1389970492 18:54:49 2014/01/17 .1.3.6.1.2.1.15.7.2 Normal "General event" r1 - 1.1.1.1
01/17/2014 06:54:52 PM 1389970492 18:54:48 2014/01/17 .1.3.6.1.4.1.9.9.187.0.6 Normal "General event" r1 - 1.1.1.1
01/17/2014 06:54:21 PM 1389970461 18:54:19 2014/01/17 .1.3.6.1.4.1.9.9.43.2.0.1 Normal "Status Events" r1 - Notification of a configuration management event as 1 2 3
Идём на сайт cisco, качаем MIB … повторите настройку как в пунктах 8-11 только уже с OID .1.3.6.1.4.1.9.9.187.0.2 (см рисунок №9)

Код: Выделить всё

gns3# h
  1191  19:14   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/CISCO-BGP4-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1192  19:14   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/BGP4-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1193  19:15   snmpttconvertmib --in=/usr/home/ed/.snmp/mibs/RFC1213-MIB.my --out=/usr/local/etc/snmp/cisco.conf --debug
  1194  19:15   vi /usr/local/etc/snmp/cisco.conf
  1195  19:17   service snmptt restart
gns3#
подымаем BGP Peering и проверяем.

Код: Выделить всё

R1(config-router)#no neighbor 2.2.2.2 shutdown
Трапы на zabbix;
R1: General events
01/17/2014 07:20:01 PM 1389972001 19:19:56 2014/01/17 .1.3.6.1.2.1.15.7.1 Normal "Status Events" r1 - The BGP Established event is generated when 00 00 6
01/17/2014 07:20:01 PM 1389972001 19:19:56 2014/01/17 .1.3.6.1.4.1.9.9.187.0.5 Normal "Status Events" r1 - The cbgpPeer2EstablishedNotification notification 00 00 6
01/17/2014 07:19:56 PM 1389971996 19:19:55 2014/01/17 .1.3.6.1.4.1.9.9.187.0.1 Normal "Status Events" r1 - The BGP cbgpFsmStateChange notification is generated 00 00 6 5
01/17/2014 07:19:56 PM 1389971996 19:19:54 2014/01/17 .1.3.6.1.4.1.9.9.187.0.7 Normal "Status Events" r1 - The cbgpPeer2FsmStateChange notification is generated 00 00 6 5
01/17/2014 07:19:56 PM 1389971996 19:19:53 2014/01/17 .1.3.6.1.4.1.9.9.187.0.1 Normal "Status Events" r1 - The BGP cbgpFsmStateChange notification is generated 00 00 5 4
01/17/2014 07:19:56 PM 1389971996 19:19:52 2014/01/17 .1.3.6.1.4.1.9.9.187.0.1 Normal "Status Events" r1 - The BGP cbgpFsmStateChange notification is generated 00 00 4 3
01/17/2014 07:19:56 PM 1389971996 19:19:51 2014/01/17 .1.3.6.1.4.1.9.9.187.0.1 Normal "Status Events" r1 - The BGP cbgpFsmStateChange notification is generated 00 00 3 1
01/17/2014 07:19:51 PM 1389971991 19:19:50 2014/01/17 .1.3.6.1.4.1.9.9.187.0.7 Normal "Status Events" r1 - The cbgpPeer2FsmStateChange notification is generated 00 00 3 1
01/17/2014 06:54:52 PM 1389970492 18:54:51 2014/01/17 .1.3.6.1.4.1.9.9.187.0.1 Normal "General event" r1 - 1.1.1.1
01/17/2014 06:54:52 PM 1389970492 18:54:51 2014/01/17 .1.3.6.1.4.1.9.9.187.0.7 Normal "General event" r1 - 1.1.1.1
01/17/2014 06:54:52 PM 1389970492 18:54:50 2014/01/17 .1.3.6.1.4.1.9.9.187.0.2 Normal "General event" r1 - 1.1.1.1
Вложения
9.jpg
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-17 18:56:59

в итоге у нас должна нарисоваться вот такая симпатичная картина, пояснение по трапам, на циске ребутнул BGP , OSPF сохранился и вышел, последний трап в конце строки написал почти всю информацию по tcp/ssh сессии и даже username под которым работал на циске - ed (см. Рисунок №10)
Вложения
101.jpg
Рисунок 10
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-17 19:51:59

Пояснение по цифрам к конце трапов на примере HSRP, мы получили уже нормальный сконвертированный трап, есть имя протокола, но в конце ещё есть и цифры, как говорилось ранее это переменные, которые можно посмотреть в нашем файле MIB - файле скачанного с сайта CISCO (CISCO-HSRP-MIB.my) протокола HSRP. У нас флапает канал и вместе с ним протокол, циско соответственно генерит трап, но в нём нет статуса, только цифры в конце трапа.Логи с cisco router (sh logg);

Код: Выделить всё

Jan 17 2014 20:05:13.445 MSK: %HSRP-5-STATECHANGE: Vlan21 Grp 1 state Active -> Speak
Jan 17 2014 20:05:16.449 MSK: %HSRP-5-STATECHANGE: Vlan21 Grp 1 state Speak -> Standby
Jan 17 2014 20:20:37.782 MSK: %HSRP-5-STATECHANGE: Vlan21 Grp 1 state Standby -> Active
Конфиг роутера R1 и файл /usr/local/etc/snmp/cisco.conf в аттаче, обратите внимание на настройку SNMP V2, community name , source snmp trap int на Cisco router, внимательно редактируйте файл /usr/local/etc/snmp/cisco.conf после конвертации , чтобы у вас получалась строка типа
FORMAT ZBXTRAP $aA A linkDown trap signifies that the SNMP entity, acting in $*
На этом всё, спасибо что прочитали такую длинную простыню, надеюсь что вам она поможет!
Вложения
R1_config_cisco_conf.rar
(7.53 КБ) 141 скачивание
12.jpg
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-01-23 1:02:17

P.S.
Firewall Cisco ASA также можно настраивать и мониторить по этой статье.Настройка на Cisco ASA:

Код: Выделить всё

!
conf t
snmp-server enable traps syslog
snmp-server enable traps connection-limit-reached
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps ipsec start
snmp-server enable traps ipsec stop
snmp-server enable traps ikev2 start
snmp-server enable traps ikev2 stop
snmp-server enable traps entity config-change
snmp-server enable traps entity fru-insert
snmp-server enable traps entity fru-remove
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps nat packet-discard
snmp interface threshold 70
snmp-server enable traps cpu threshold rising
snmp-server community zabbix
snmp-server location GNS3_LAB
snmp-server contact Admin
snmp-server host outside 192.168.1.1 community zabbix version 2c
!
Включаем и выключаем интерфейсы - плучаем SNMP трапы.
ASA1: General events
01/23/2014 01:52:14 AM 1390427534 01:52:12 2014/01/23 .1.3.6.1.6.3.1.1.5.3 Normal "Status Events" asa1 - A linkDown trap signifies that the SNMP entity, acting in 7 down down
01/23/2014 01:52:04 AM 1390427524 01:52:02 2014/01/23 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events" asa1 - A linkUp trap signifies that the SNMP entity, acting in an 7 up up
01/23/2014 01:52:04 AM 1390427524 01:52:01 2014/01/23 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events" asa1 - A linkUp trap signifies that the SNMP entity, acting in an 7 up up
01/23/2014 01:49:30 AM 1390427370 01:49:27 2014/01/23 .1.3.6.1.6.3.1.1.5.3 Normal "Status Events" asa1 - A linkDown trap signifies that the SNMP entity, acting in 4 down down
01/23/2014 01:48:44 AM 1390427324 01:48:42 2014/01/23 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events" asa1 - A linkUp trap signifies that the SNMP entity, acting in an 4 up up
01/23/2014 01:48:39 AM 1390427319 01:48:36 2014/01/23 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events" asa1 - A linkUp trap signifies that the SNMP entity, acting in an 4 up up
01/23/2014 01:48:39 AM 1390427319 01:48:36 2014/01/23 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events" asa1 - A linkUp trap signifies that the SNMP entity, acting in an 4 up up
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-02-09 10:54:45

Наверное статья была бы не полная, если бы мы не упамянули в ней про RMON.
RMON позволяет нам cоздавать свои SNMP трапы, если нас не устраивают трапы от вендора или нам нужны более точные и гибкие значения.
RMON (Remote Monitoring) — протокол мониторинга компьютерных сетей, расширение SNMP v2, разработанное IETF.RMON описан в RFC 2819
http://tools.ietf.org/search/rfc2819. На тему RMON написана могучая теория из серии RFC, множества книг и статей в инете и на сайте Cisco.
RMON позволяет настроить пороговые значения для оповещения на основе SNMP объектов, так что вы можете контролировать производительность устройства и принять соответствующие меры для каких-либо отклонений от нормальных значений показаний производительности. Рассмотрим RMON
На двух примерах загрузка CPU и входящие IP пакеты на интерфейс. Представьте себе механика в автосервисе, который каждые 10 секунд проверяет масло в моторе щупом с отметками MIN и Мах и в случае отклонения порогов (MIN и Мах) сообщает вам об этом событии. Примерно тоже самое делает Cisco IOS при помощи RMON (rmon alarm 200) – мониторит (проверяет каждые 10 сек.) SNMP объект cpmCPUTotalTable.1.6.1 (CPU load 5 sec.) и в случае превышения (75% CPU load) или понижения (35% CPU load) порогов генерит SNMP трап и SYSLOG сообщение на Zabbix server. Ниже команды настройки на Cisco router и рисунок 13 с комментариями к трапам.

Код: Выделить всё

!
conf t
rmon event 30 log trap zabbix description "CPU load above 75% - check every 10 sec." owner config
rmon event 40 log trap zabbix description "CPU load less then 35% - check every 10 sec." owner config
rmon alarm 200 cpmCPUTotalTable.1.6.1 10 absolute rising-threshold 75 30 falling-threshold 35 40 owner config
!
Логи, надеюсь перевод не требуется.

Код: Выделить всё

gns3% tail -f /var/log/r1.log
Feb  9 11:44:42 <local7.notice> 1.1.1.1 1998: 001968: *Feb  9 2014 15:22:02.934 MSK: %RMON-5-RISINGTRAP: Rising threshold has been crossed because the value of cpmCPUTotalTable.1.6.1 exceeded the rising-threshold value 75
Feb  9 11:46:04 <local7.notice> 1.1.1.1 1999: 001969: *Feb  9 2014 15:23:12.662 MSK: %RMON-5-FALLINGTRAP: Falling threshold has been crossed because the value of cpmCPUTotalTable.1.6.1 has fallen below the falling-threshold value 35
Вложения
13.jpg
рисунок 13
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-02-09 13:50:02

При мониторинге входящих IP пакетов на интерфейс, в настройке RMON нужно использовать ДЕЛЬТУ – это величина, которая показывает, на сколько изменилось последнее число (счётчик входящих IP пакетов, увидеть это число и понять вашу норму вы можете при помощи snmpwalk -v 2c -c zabbix 1.1.1.1 ifInUcastPkts.1 – понабирайте несколько раз её и вы увидите разницу – на сколько меняется цифра)

Код: Выделить всё

gns3% snmpwalk -v 2c -c zabbix 1.1.1.1 ifInUcastPkts.1
IF-MIB::ifInUcastPkts.1 = Counter32: 2501386
gns3%
т.к. это число постоянно растёт, мы не знаем, какое оно будет через 10 сек. но мы примерно представляем структуру своего трафика на данном интерфейсе , ширину канала (например последняя миля 2Mb от провайдера) , его загрузку и примерное количество PPS. Т.к. у каждого эти значения будут разные, рассмотрим конкретный пример – если в период\интервал последних 10 сек. кол-во входящих IP пакетов на интерфейс выросло на 999 (т.е. число которое показывает snmpwalk -v 2c -c zabbix 1.1.1.1 ifInUcastPkts.1 увеличелось более чем на 999) то создать трап и сислог сообщение (в нашем варианте будем считать это аномалией трафика – полка на 1 Mb. канале) Когда, это число станет менее 333 – тоже создать трап, значит трафик нормализовался .Примечание, при мониторинге CPU мы использовали абсолютные значения порогов – выше или ниже какого-нибудь числа. Ниже команды настройки на Cisco router и рисунок 14 с комментариями к трапам. Для имитации полки загрузим канал icmp трафиком - bwping -b 1024 -r 1 -s 777 -v 1000000000 1.1.1.1

Код: Выделить всё

gns3% bwping -b 1024 -r 1 -s 777 -v 1000000000 1.1.1.1
Target: 1.1.1.1 (1.1.1.1), transfer speed: 1024 kbps, packet size: 777 bytes, traffic volume: 1000000000 bytes
Periodic: pkts sent/rcvd: 48/25, volume rcvd: 19425 bytes, time: 1 sec, speed: 155 kbps, rtt min/max/average: 37/139/51 ms
Periodic: pkts sent/rcvd: 204/119, volume rcvd: 92463 bytes, time: 2 sec, speed: 369 kbps, rtt min/max/average: 37/475/93 ms
Periodic: pkts sent/rcvd: 372/216, volume rcvd: 167832 bytes, time: 3 sec, speed: 447 kbps, rtt min/max/average: 37/931/144 ms
Periodic: pkts sent/rcvd: 540/317, volume rcvd: 246309 bytes, time: 4 sec, speed: 492 kbps, rtt min/max/average: 37/1239/183 ms
Periodic: pkts sent/rcvd: 702/415, volume rcvd: 322455 bytes, time: 5 sec, speed: 515 kbps, rtt min/max/average: 37/1239/199 ms
Periodic: pkts sent/rcvd: 864/507, volume rcvd: 393939 bytes, time: 6 sec, speed: 525 kbps, rtt min/max/average: 37/1324/221 ms
Periodic: pkts sent/rcvd: 1032/605, volume rcvd: 470085 bytes, time: 7 sec, speed: 537 kbps, rtt min/max/average: 37/1740/253 ms
Periodic: pkts sent/rcvd: 1194/694, volume rcvd: 539238 bytes, time: 8 sec, speed: 539 kbps, rtt min/max/average: 37/2088/279 ms
Важно; пороги 999 и 333 это НЕ значение в pps – это дельта – на сколько изменилась последняя цифра (счётчик ifInUcastPkts.1) за последние 10 сек.

Код: Выделить всё

R1#sh running-config | include rmon
rmon event 10 log trap zabbix description "Above 999 ifInUcastPkts.1(int fa0/0) - check every 10 sec." owner config
rmon event 20 log trap zabbix description "Below 333 ifInUcastPkts.1(int fa0/0) - check every 10 sec." owner config
rmon alarm 100 ifInUcastPkts.1 10 delta rising-threshold 999 10 falling-threshold 333 20 owner config
R1#
Логи:

Код: Выделить всё

gns3% tail -f /var/log/r1.log
Feb  9 14:16:36 <local7.notice> 1.1.1.1 2010: 001980: *Feb  9 2014 17:53:43.597 MSK: %RMON-5-RISINGTRAP: Rising threshold has been crossed because the value of ifInUcastPkts.1 exceeded the rising-threshold value 999
Feb  9 14:17:34 <local7.notice> 1.1.1.1 2012: 001982: *Feb  9 2014 17:54:43.205 MSK: %RMON-5-FALLINGTRAP: Falling threshold has been crossed because the value of ifInUcastPkts.1 has fallen below the falling-threshold value 333
P.S.
Если вы заметили, то , что всё это можно реализовать не только через Cisco IOS, а через сам Zabbix server через систему item&trigger&action – опрашивать этот же SNMP MIB что и RMON, но нам были интересны трапы в этой статье, поэтому мы так подробно их разобрали.Для правильного отображения RMON также надо качать с сайта циски файлик MIB-RMON , и повторять пункты 8-11 как при настройке выше упомянутых протоколов OSPF и BGP и редактировать /usr/local/etc/snmp/cisco.conf и передёрнуть демона SNMPTT. Обновлённый конфиг циски и /usr/local/etc/snmp/cisco.conf в аттач (открывайте их вордом как минимум, а то в нотепаде будет «каша»).
Вложения
R1_config_cisco_conf.rar
Обновлённые Конфиги
(7.53 КБ) 89 скачиваний
14.jpg
рисунок 14
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-05-21 19:16:01

я буду кидать потихонечку сюда информацию относящуюся к данной теме,
вот например циска хорошо объясняет почему генерится вот такой трап у нас на забиксе после команды conf t:
20:09:51 2014/05/21 .1.3.6.1.4.1.9.9.43.2.0.1 Normal "Status Events" r1 - Notification of a configuration management event as 1 2 3
обратите внимание на цифири в конце строки - 1 2 3

http://www.cisco.com/c/en/us/support/do ... -trap.html
Junos OS kernel based on FreeBSD UNIX.

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Re: Настройка SNMP v2 TRAP на Zabbix server на примере CISCO

Непрочитанное сообщение vintovkin » 2014-10-25 9:46:24

вот тут путёвое описание snmptt со схемой --- http://www.snmptt.org/about.shtml
Junos OS kernel based on FreeBSD UNIX.

Александр85
проходил мимо

Настройка SNMP v2 TRAP на Zabbix server на примере CISCO ro

Непрочитанное сообщение Александр85 » 2015-11-30 15:46:57

Добрый день!

Спасибо большое за вашу инструкцию.
Но появилась одна проблема - при установке snmptt не создался пользователь snmptt.
Из-за этого не стартует сервис.
С какими параметрами его создать ?

Аватара пользователя
vintovkin
ВДВ
Сообщения: 1284
Зарегистрирован: 2007-05-11 9:39:11
Откуда: CSKA

Настройка SNMP v2 TRAP на Zabbix server на примере CISCO ro

Непрочитанное сообщение vintovkin » 2016-01-24 15:05:55

Александр85 писал(а):Добрый день!

Спасибо большое за вашу инструкцию.
Но появилась одна проблема - при установке snmptt не создался пользователь snmptt.
Из-за этого не стартует сервис.
С какими параметрами его создать ?
Добрый день,
действительно, при обновлении с 1.3 -> 1.4 начались проблемы.
его нужно создать вручную. Далее snmptt не перезагружается стандартно как демон !?!
либо вручную убивать процессы, или рестарт ОС и не трогать его ...

сейчас всё нормально работает вот так:

Код: Выделить всё

bsd#
bsd#cat /etc/passwd | grep snmptt
snmptt:*:1004:1004:snmptt:/home/snmptt:/usr/sbin/nologin
bsd#
bsd#cat /etc/rc.conf | grep snmp
snmptrapd_enable="YES"
snmptt_enable="YES"
snmpd_enable="YES"
bsd#
bsd#
bsd#
bsd#cat /usr/local/etc/snmp/snmptrapd.conf
pidFile /var/run/snmptrapd.pid
[snmp] logoption f /var/log/snmptrapd.log
[snmp] logoption s 1
[snmp] printNumericOids yes
ignoreauthfailure no
disableAuthorization no
authCommunity log,execute,net zabbix
traphandle default /usr/local/sbin/snmptthandler
bsd#
bsd#ps -auxwwc | grep snmp
snmptt  600   0.0  0.2  93368  19880  -  Ss    2:21PM  0:00.01 perl
root    603   0.0  0.1  81980  11212  -  Ss    2:21PM  0:00.01 snmptrapd
root    607   0.0  0.1  66784  11260  -  S     2:21PM  0:00.15 snmpd
bsd#
сам конфиг:

Код: Выделить всё

bsd#
bsd#egrep -v '^($|#)' /etc/snmp/snmptt.ini
[General]
snmptt_system_name = bsd
mode = daemon
multiple_event = 0
dns_enable = 0
strip_domain = 0
strip_domain_list = <<END
domain.com
END
resolve_value_ip_addresses = 0
net_snmp_perl_enable = 1
net_snmp_perl_cache_enable = 1
net_snmp_perl_best_guess = 0
translate_log_trap_oid = 0
translate_value_oids = 1
translate_enterprise_oid_format = 1
translate_trap_oid_format = 1
translate_varname_oid_format = 1
translate_integers = 1
wildcard_expansion_separator = " "
allow_unsafe_regex = 0
remove_backslash_from_quotes = 0
dynamic_nodes = 0
description_mode = 1
description_clean = 1
threads_enable = 0
threads_max = 10
[DaemonMode]
daemon_fork = 1
daemon_uid = snmptt
pid_file = /var/run/snmptt.pid
spool_directory = /var/spool/snmptt/
sleep = 30
use_trap_time = 1
keep_unlogged_traps = 1
duplicate_trap_window = 0
[Logging]
stdout_enable = 0
log_enable = 1
log_file = /tmp/zabbix_traps.tmp
date_time_format = %H:%M:%S %Y/%m/%d
log_system_enable = 1
log_system_file = /var/log/snmptt/snmpttsystem.log
unknown_trap_log_enable = 0
unknown_trap_log_file = /var/log/snmptt/snmpttunknown.log
statistics_interval = 0
syslog_enable = 1
syslog_facility = local0
syslog_level_debug = <<END
END
syslog_level_info = <<END
END
syslog_level_notice = <<END
END
syslog_level_warning = <<END
END
syslog_level_err = <<END
END
syslog_level_crit = <<END
END
syslog_level_alert = <<END
END
syslog_level = warning
syslog_system_enable = 1
syslog_system_facility = local0
syslog_system_level = warning
[SQL]
db_translate_enterprise = 0
db_unknown_trap_format = '$-*'
sql_custom_columns = <<END
END
sql_custom_columns_unknown = <<END
END
mysql_dbi_enable = 0
mysql_dbi_host = localhost
mysql_dbi_port = 3306
mysql_dbi_database = snmptt
mysql_dbi_table = snmptt
mysql_dbi_table_unknown = snmptt_unknown
mysql_dbi_table_statistics =
mysql_dbi_username = snmpttuser
mysql_dbi_password = password
mysql_ping_on_insert = 1
mysql_ping_interval = 300
postgresql_dbi_enable = 0
postgresql_dbi_module = 0
postgresql_dbi_hostport_enable = 0
postgresql_dbi_host = localhost
postgresql_dbi_port = 5432
postgresql_dbi_database = snmptt
postgresql_dbi_table_unknown = snmptt_unknown
postgresql_dbi_table_statistics =
postgresql_dbi_table = snmptt
postgresql_dbi_username = snmpttuser
postgresql_dbi_password = password
postgresql_ping_on_insert = 1
postgresql_ping_interval = 300
dbd_odbc_enable = 0
dbd_odbc_dsn = snmptt
dbd_odbc_table = snmptt
dbd_odbc_table_unknown = snmptt_unknown
dbd_odbc_table_statistics =
dbd_odbc_username = snmptt
dbd_odbc_password = password
dbd_odbc_ping_on_insert = 1
dbd_odbc_ping_interval = 300
[Exec]
exec_enable = 1
pre_exec_enable = 1
unknown_trap_exec =
unknown_trap_exec_format =
exec_escape = 1
[Debugging]
DEBUGGING = 2
DEBUGGING_FILE = /var/log/snmptt/snmptt.debug
DEBUGGING_FILE_HANDLER = /var/log/snmptt/snmptthandler.debug
[TrapFiles]
snmptt_conf_files = <<END
/usr/local/etc/snmp/snmptt.conf
END
bsd#
Added in 16 minutes 44 seconds:

Код: Выделить всё

bsd#ps -aux | grep snmptt
root    599   0.0  0.2  93368  19840  -  Ss    2:21PM   0:00.02 /usr/local/bin/perl /usr/local/sbin/snmptt --daemon
snmptt  600   0.0  0.2  93368  19880  -  Ss    2:21PM   0:00.02 /usr/local/bin/perl /usr/local/sbin/snmptt --daemon
root   2505   0.0  0.0  12356   1872  0  S+    2:50PM   0:00.00 tail -f /var/log/snmptt/snmptt.debug
root   2770   0.0  0.0  18824   2216  1  S+    2:54PM   0:00.00 grep snmptt
bsd#
bsd#
bsd#
bsd#service snmptt status
snmptt is not running.
bsd#service snmptt start
Starting snmptt.
There seems to be another SNMPTT process (pid 600) running.
You may want to kill it and delete the .pid file (/var/run/snmptt.pid).  Aborting...
Exiting at /usr/local/sbin/snmptt line 671.
/usr/local/etc/rc.d/snmptt: WARNING: failed to start snmptt
bsd#
bsd#
bsd#
bsd#ps -aux | grep snmptt
root    599   0.0  0.2  93368  19840  -  Ss    2:21PM   0:00.02 /usr/local/bin/perl /usr/local/sbin/snmptt --daemon
snmptt  600   0.0  0.2  93368  19880  -  Ss    2:21PM   0:00.02 /usr/local/bin/perl /usr/local/sbin/snmptt --daemon
root   2505   0.0  0.0  12356   1872  0  S+    2:50PM   0:00.00 tail -f /var/log/snmptt/snmptt.debug
root   2792   0.0  0.0  18824   2216  1  S+    2:54PM   0:00.00 grep snmptt
bsd#
bsd#
bsd#kill -9 600
bsd#kill -9 599
599: No such process
bsd#
bsd#ps -aux | grep snmptt
root   2505   0.0  0.0  12356   1872  0  S+    2:50PM   0:00.00 tail -f /var/log/snmptt/snmptt.debug
root   2857   0.0  0.0  18824   2216  1  S+    2:55PM   0:00.00 grep snmptt
bsd#
bsd#
bsd#service snmptt start
Starting snmptt.
bsd#
bsd#
bsd#ps -aux | grep snmptt
root   2864   0.5  0.2  93368  20648  -  Ss    2:55PM   0:00.00 /usr/local/bin/perl /usr/local/sbin/snmptt --daemon
snmptt 2865   0.3  0.2  93368  20688  -  Ss    2:55PM   0:00.00 /usr/local/bin/perl /usr/local/sbin/snmptt --daemon
root   2505   0.0  0.0  12356   1872  0  S+    2:50PM   0:00.00 tail -f /var/log/snmptt/snmptt.debug
root   2867   0.0  0.0  18824   2216  1  S+    2:55PM   0:00.00 grep snmptt
bsd#
bsd#
bsd#service snmptt status
snmptt is not running.
bsd#
дебаг после рестарта:

Код: Выделить всё

bsd#
bsd#
bsd#tail -f /var/log/snmptt/snmptt.debug
Sleeping for 30 seconds

Sleeping for 30 seconds

Sleeping for 30 seconds

Sleeping for 30 seconds

Sleeping for 30 seconds

Sleeping for 30 seconds

Sleeping for 30 seconds

Sleeping for 30 seconds

Sleeping for 30 seconds

Sleeping for 30 seconds

Sleeping for 30 seconds

Sleeping for 30 seconds

********** SNMPTT v1.4 started: Sun Jan 24 14:54:05 2016 **********

********** Net-SNMP version 5.0703 Perl module enabled **********

Sleeping for 30 seconds

********** SNMPTT v1.4 started: Sun Jan 24 14:54:39 2016 **********

********** Net-SNMP version 5.0703 Perl module enabled **********

Sleeping for 30 seconds

********** SNMPTT v1.4 started: Sun Jan 24 14:55:28 2016 **********

********** Net-SNMP version 5.0703 Perl module enabled **********


        Loading /usr/local/etc/snmp/snmptt.conf
        Finished loading 1243 lines from /usr/local/etc/snmp/snmptt.conf

Finished loading configuration files

Processing memory copy of configuration files
DESC line: A coldStart trap signifies that the sending
DESC line: protocol entity is reinitializing itself such
DESC line: that the agent's configuration or the protocol
DESC line: entity implementation may be altered.
DESC line: Variables:
DESC line:   1: sysUpTime
DESC line:   2: whyReload
DESC line: A linkDown trap signifies that the sending
DESC line: protocol entity recognizes a failure in one of
DESC line: the communication links represented in the
DESC line: agent's configuration.
DESC line: Variables:
DESC line:   1: ifIndex
DESC line:   2: ifDescr
DESC line:   3: ifType
DESC line:   4: locIfReason
DESC line: A linkUp trap signifies that the sending
DESC line: protocol entity recognizes that one of the
DESC line: communication links represented in the agent's
DESC line: configuration has come up.
DESC line: Variables:
DESC line:   1: ifIndex
DESC line:   2: ifDescr
DESC line:   3: ifType
DESC line:   4: locIfReason
DESC line: An authenticationFailure trap signifies that
DESC line: the sending protocol entity is the addressee
DESC line: of a protocol message that is not properly
DESC line: authenticated.  While implementations of the
DESC line: SNMP must be capable of generating this trap,
DESC line: they must also be capable of suppressing the
DESC line: emission of such traps via an implementation-
DESC line: specific mechanism.
DESC line: Variables:
DESC line:   1: authAddr
DESC line: An egpNeighborLoss trap signifies that an EGP
DESC line: neighbor for whom the sending protocol entity
DESC line: was an EGP peer has been marked down and the
DESC line: peer relationship no longer obtains.
DESC line: Variables:
DESC line:   1: egpNeighAddr
DESC line: A reload trap signifies that the sending
DESC line: protocol entity is reinitializing itself such
DESC line: that the agent's configuration or the protocol
DESC line: entity implementation may be altered.
DESC line: Variables:
DESC line:   1: sysUpTime
DESC line:   2: whyReload
DESC line: A tty trap signifies that a TCP connection,
DESC line: previously established with the sending
DESC line: protocol entity for the purposes of a tty
DESC line: session, has been terminated.
DESC line: Variables:
DESC line:   1: tslineSesType
DESC line:   2: tcpConnState
DESC line:   3: loctcpConnElapsed
DESC line:   4: loctcpConnInBytes
DESC line:   5: loctcpConnOutBytes
DESC line:   6: tsLineUser
DESC line: Notification of a configuration management event as
DESC line: recorded in ccmHistoryEventTable.
DESC line: Variables:
DESC line:   1: ccmHistoryEventCommandSource
DESC line:   2: ccmHistoryEventConfigSource
DESC line:   3: ccmHistoryEventConfigDestination
DESC line: This notification indicates that the running
DESC line: configuration of the managed system has changed
DESC line: from the CLI.
DESC line: If the managed system supports a separate
DESC line: configuration mode(where the configuration commands
DESC line: are entered under a  configuration session which
DESC line: affects the running configuration of the system),
DESC line: then this notification is sent when the configuration
DESC line: mode is exited.
DESC line: During this configuration session there can be
DESC line: one or more running configuration changes.
DESC line: Variables:
DESC line:   1: ccmHistoryRunningLastChanged
DESC line:   2: ccmHistoryEventTerminalType
DESC line: This notification indicates that the Config Change Tracking
DESC line: ID has rolled over and will be reset.
DESC line: Variables:
DESC line: A linkDown trap signifies that the SNMP entity, acting in
DESC line: an agent role, has detected that the ifOperStatus object for
DESC line: one of its communication links is about to enter the down
DESC line: state from some other state (but not from the notPresent
DESC line: state).  This other state is indicated by the included value
DESC line: of ifOperStatus.
DESC line: Variables:
DESC line:   1: ifIndex
DESC line:   2: ifAdminStatus
DESC line:   3: ifOperStatus
DESC line: A linkUp trap signifies that the SNMP entity, acting in an
DESC line: agent role, has detected that the ifOperStatus object for
DESC line: one of its communication links left the down state and
DESC line: transitioned into some other state (but not into the
DESC line: notPresent state).  This other state is indicated by the
DESC line: included value of ifOperStatus.
DESC line: Variables:
DESC line:   1: ifIndex
DESC line:   2: ifAdminStatus
DESC line:   3: ifOperStatus
DESC line: An ospfVirtIfStateChange trap signifies that there
DESC line: has been a change in the state of an OSPF virtual
DESC line: interface.
DESC line: This trap should be generated when the interface
DESC line: state regresses (e.g., goes from Point-to-Point to Down)
DESC line: or progresses to a terminal state
DESC line: (i.e., Point-to-Point).
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfVirtIfAreaId
DESC line:   3: ospfVirtIfNeighbor
DESC line:   4: ospfVirtIfState
DESC line: An ospfNbrStateChange trap signifies that
DESC line: there has been a change in the state of a
DESC line: non-virtual OSPF neighbor.  This trap should be
DESC line: generated when the neighbor state regresses
DESC line: (e.g., goes from Attempt or Full to 1-Way or
DESC line: Down) or progresses to a terminal state (e.g.,
DESC line: 2-Way or Full).  When an neighbor transitions
DESC line: from or to Full on non-broadcast multi-access
DESC line: and broadcast networks, the trap should be
DESC line: generated by the designated router.  A designated
DESC line: router transitioning to Down will be noted by
DESC line: ospfIfStateChange.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfNbrIpAddr
DESC line:   3: ospfNbrAddressLessIndex
DESC line:   4: ospfNbrRtrId
DESC line:   5: ospfNbrState
DESC line: An ospfVirtNbrStateChange trap signifies that there
DESC line: has been a change in the state of an OSPF virtual
DESC line: neighbor.  This trap should be generated
DESC line: when the neighbor state regresses (e.g., goes
DESC line: from Attempt or Full to 1-Way or Down) or
DESC line: progresses to a terminal state (e.g., Full).
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfVirtNbrArea
DESC line:   3: ospfVirtNbrRtrId
DESC line:   4: ospfVirtNbrState
DESC line: An ospfIfConfigError trap signifies that a
DESC line: packet has been received on a non-virtual
DESC line: interface from a router whose configuration
DESC line: parameters conflict with this router's
DESC line: configuration parameters.  Note that the event
DESC line: optionMismatch should cause a trap only if it
DESC line: prevents an adjacency from forming.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfIfIpAddress
DESC line:   3: ospfAddressLessIf
DESC line:   4: ospfPacketSrc
DESC line:   5: ospfConfigErrorType
DESC line:   6: ospfPacketType
DESC line: An ospfVirtIfConfigError trap signifies that a
DESC line: packet has been received on a virtual interface
DESC line: from a router whose configuration parameters
DESC line: conflict with this router's configuration
DESC line: parameters.  Note that the event optionMismatch
DESC line: should cause a trap only if it prevents an
DESC line: adjacency from forming.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfVirtIfAreaId
DESC line:   3: ospfVirtIfNeighbor
DESC line:   4: ospfConfigErrorType
DESC line:   5: ospfPacketType
DESC line: An ospfIfAuthFailure trap signifies that a
DESC line: packet has been received on a non-virtual
DESC line: interface from a router whose authentication key
DESC line: or authentication type conflicts with this
DESC line: router's authentication key or authentication
DESC line: type.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfIfIpAddress
DESC line:   3: ospfAddressLessIf
DESC line:   4: ospfPacketSrc
DESC line:   5: ospfConfigErrorType
DESC line:   6: ospfPacketType
DESC line: An ospfVirtIfAuthFailure trap signifies that a
DESC line: packet has been received on a virtual interface
DESC line: from a router whose authentication key or
DESC line: authentication type conflicts with this router's
DESC line: authentication key or authentication type.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfVirtIfAreaId
DESC line:   3: ospfVirtIfNeighbor
DESC line:   4: ospfConfigErrorType
DESC line:   5: ospfPacketType
DESC line: An ospfIfRxBadPacket trap signifies that an
DESC line: OSPF packet has been received on a non-virtual
DESC line: interface that cannot be parsed.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfIfIpAddress
DESC line:   3: ospfAddressLessIf
DESC line:   4: ospfPacketSrc
DESC line:   5: ospfPacketType
DESC line: An ospfVirtIfRxBadPacket trap signifies that an OSPF
DESC line: packet has been received on a virtual interface
DESC line: that cannot be parsed.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfVirtIfAreaId
DESC line:   3: ospfVirtIfNeighbor
DESC line:   4: ospfPacketType
DESC line: An ospfTxRetransmit trap signifies than an
DESC line: OSPF packet has been retransmitted on a
DESC line: non-virtual interface.  All packets that may be
DESC line: retransmitted are associated with an LSDB entry.
DESC line: The LS type, LS ID, and Router ID are used to
DESC line: identify the LSDB entry.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfIfIpAddress
DESC line:   3: ospfAddressLessIf
DESC line:   4: ospfNbrRtrId
DESC line:   5: ospfPacketType
DESC line:   6: ospfLsdbType
DESC line:   7: ospfLsdbLsid
DESC line:   8: ospfLsdbRouterId
DESC line: An ospfVirtIfTxRetransmit trap signifies than an
DESC line: OSPF packet has been retransmitted on a virtual
DESC line: interface.  All packets that may be retransmitted
DESC line: are associated with an LSDB entry.  The LS
DESC line: type, LS ID, and Router ID are used to identify
DESC line: the LSDB entry.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfVirtIfAreaId
DESC line:   3: ospfVirtIfNeighbor
DESC line:   4: ospfPacketType
DESC line:   5: ospfLsdbType
DESC line:   6: ospfLsdbLsid
DESC line:   7: ospfLsdbRouterId
DESC line: An ospfOriginateLsa trap signifies that a new
DESC line: LSA has been originated by this router.  This
DESC line: trap should not be invoked for simple refreshes
DESC line: of LSAs (which happens every 30 minutes), but
DESC line: instead will only be invoked when an LSA is
DESC line: (re)originated due to a topology change.
DESC line: Additionally, this trap does not include LSAs that
DESC line: are being flushed because they have reached
DESC line: MaxAge.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfLsdbAreaId
DESC line:   3: ospfLsdbType
DESC line:   4: ospfLsdbLsid
DESC line:   5: ospfLsdbRouterId
DESC line: An ospfMaxAgeLsa trap signifies that one of
DESC line: the LSAs in the router's link state database has
DESC line: aged to MaxAge.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfLsdbAreaId
DESC line:   3: ospfLsdbType
DESC line:   4: ospfLsdbLsid
DESC line:   5: ospfLsdbRouterId
DESC line: An ospfLsdbOverflow trap signifies that the
DESC line: number of LSAs in the router's link state
DESC line: database has exceeded ospfExtLsdbLimit.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfExtLsdbLimit
DESC line: An ospfLsdbApproachingOverflow trap signifies
DESC line: that the number of LSAs in the router's
DESC line: link state database has exceeded ninety percent of
DESC line: ospfExtLsdbLimit.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfExtLsdbLimit
DESC line: An ospfIfStateChange trap signifies that there
DESC line: has been a change in the state of a non-virtual
DESC line: OSPF interface.  This trap should be generated
DESC line: when the interface state regresses (e.g., goes
DESC line: from Dr to Down) or progresses to a terminal
DESC line: state (i.e., Point-to-Point, DR Other, Dr, or
DESC line: Backup).
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfIfIpAddress
DESC line:   3: ospfAddressLessIf
DESC line:   4: ospfIfState
DESC line: An ospfNssaTranslatorStatusChange trap indicates that
DESC line: there has been a change in the router's ability to
DESC line: translate OSPF type-7 LSAs into OSPF type-5 LSAs.
DESC line: This trap should be generated when the translator
DESC line: status transitions from or to any defined status on
DESC line: a per-area basis.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfAreaId
DESC line:   3: ospfAreaNssaTranslatorState
DESC line: An ospfRestartStatusChange trap signifies that
DESC line: there has been a change in the graceful restart
DESC line: state for the router.  This trap should be
DESC line: generated when the router restart status
DESC line: changes.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfRestartStatus
DESC line:   3: ospfRestartInterval
DESC line:   4: ospfRestartExitReason
DESC line: An ospfNbrRestartHelperStatusChange trap signifies that
DESC line: there has been a change in the graceful restart
DESC line: helper state for the neighbor.  This trap should be
DESC line: generated when the neighbor restart helper status
DESC line: transitions for a neighbor.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfNbrIpAddr
DESC line:   3: ospfNbrAddressLessIndex
DESC line:   4: ospfNbrRtrId
DESC line:   5: ospfNbrRestartHelperStatus
DESC line:   6: ospfNbrRestartHelperAge
DESC line:   7: ospfNbrRestartHelperExitReason
DESC line: An ospfVirtNbrRestartHelperStatusChange trap signifies
DESC line: that there has been a change in the graceful restart
DESC line: helper state for the virtual neighbor.  This trap should
DESC line: be generated when the virtual neighbor restart helper
DESC line: status transitions for a virtual neighbor.
DESC line: Variables:
DESC line:   1: ospfRouterId
DESC line:   2: ospfVirtNbrArea
DESC line:   3: ospfVirtNbrRtrId
DESC line:   4: ospfVirtNbrRestartHelperStatus
DESC line:   5: ospfVirtNbrRestartHelperAge
DESC line:   6: ospfVirtNbrRestartHelperExitReason
DESC line: The BGP Established event is generated when
DESC line: the BGP FSM enters the ESTABLISHED state.
DESC line: Variables:
DESC line:   1: bgpPeerLastError
DESC line:   2: bgpPeerState
DESC line: The BGPBackwardTransition Event is generated
DESC line: when the BGP FSM moves from a higher numbered
DESC line: state to a lower numbered state.
DESC line: Variables:
DESC line:   1: bgpPeerLastError
DESC line:   2: bgpPeerState
DESC line: The BGP cbgpFsmStateChange notification is generated
DESC line: for every BGP FSM state change. The bgpPeerRemoteAddr
DESC line: value is attached to the notification object ID.
DESC line: Variables:
DESC line:   1: bgpPeerLastError
DESC line:   2: bgpPeerState
DESC line:   3: cbgpPeerLastErrorTxt
DESC line:   4: cbgpPeerPrevState
DESC line: The cbgpBackwardTransition Event is generated when the
DESC line: BGP FSM moves from a higher numbered state to a lower
DESC line: numbered state. The bgpPeerRemoteAddr value is attached
DESC line: to the notification object ID.
DESC line: Variables:
DESC line:   1: bgpPeerLastError
DESC line:   2: bgpPeerState
DESC line:   3: cbgpPeerLastErrorTxt
DESC line:   4: cbgpPeerPrevState
DESC line: The cbgpPrefixThresholdExceeded notification is
DESC line: generated when prefix count exceeds the configured
DESC line: warning threshold on a session for an address
DESC line: family. The bgpPeerRemoteAddr, cbgpPeerAddrFamilyAfi
DESC line: and cbgpPeerAddrFamilySafi values are attached to the
DESC line: notification object ID.
DESC line: Variables:
DESC line:   1: cbgpPeerPrefixAdminLimit
DESC line:   2: cbgpPeerPrefixThreshold
DESC line: The cbgpPrefixThresholdClear notification is
DESC line: generated when prefix count drops below the configured
DESC line: clear threshold on a session for an address family once
DESC line: cbgpPrefixThresholdExceeded is generated. This won't
DESC line: be generated if the peer session goes down after the
DESC line: generation of cbgpPrefixThresholdExceeded.
DESC line: The bgpPeerRemoteAddr, cbgpPeerAddrFamilyAfi and
DESC line: cbgpPeerAddrFamilySafi values are attached to the
DESC line: notification object ID.
DESC line: Variables:
DESC line:   1: cbgpPeerPrefixAdminLimit
DESC line:   2: cbgpPeerPrefixClearThreshold
DESC line: The cbgpPeer2EstablishedNotification notification
DESC line: is generated when the BGP FSM enters the established
DESC line: state.
DESC line: Variables:
DESC line:   1: cbgpPeer2LastError
DESC line:   2: cbgpPeer2State
DESC line: The cbgpPeer2BackwardTransNotification notification
DESC line: is generated when the BGP FSM moves from a higher
DESC line: numbered state to a lower numbered state.
DESC line: Variables:
DESC line:   1: cbgpPeer2LastError
DESC line:   2: cbgpPeer2State
DESC line: The cbgpPeer2FsmStateChange notification is generated
DESC line: for every BGP FSM state change.
DESC line: Variables:
DESC line:   1: cbgpPeer2LastError
DESC line:   2: cbgpPeer2State
DESC line:   3: cbgpPeer2LastErrorTxt
DESC line:   4: cbgpPeer2PrevState
DESC line: The cbgpPeer2BackwardTransition notification is
DESC line: generated when the BGP FSM moves from a higher numbered
DESC line: state to a lower numbered state.
DESC line: Variables:
DESC line:   1: cbgpPeer2LastError
DESC line:   2: cbgpPeer2State
DESC line:   3: cbgpPeer2LastErrorTxt
DESC line:   4: cbgpPeer2PrevState
DESC line: The cbgpPeer2PrefixThresholdExceeded notification is
DESC line: generated when prefix count exceeds the configured
DESC line: warning threshold on a session for an address
DESC line: family.
DESC line: Variables:
DESC line:   1: cbgpPeer2PrefixAdminLimit
DESC line:   2: cbgpPeer2PrefixThreshold
DESC line: The cbgpPeer2PrefixThresholdClear notification is
DESC line: generated when prefix count drops below the configured
DESC line: clear threshold on a session for an address family once
DESC line: cbgpPeer2PrefixThresholdExceeded is generated.
DESC line: This will not be generated if the peer session goes down
DESC line: after the generation of cbgpPrefixThresholdExceeded.
DESC line: Variables:
DESC line:   1: cbgpPeer2PrefixAdminLimit
DESC line:   2: cbgpPeer2PrefixClearThreshold
DESC line: When a syslog message is generated by the device a
DESC line: clogMessageGenerated notification is sent.  The
DESC line: sending of these notifications can be enabled/disabled
DESC line: via the clogNotificationsEnabled object.
DESC line: Variables:
DESC line:   1: clogHistFacility
DESC line:   2: clogHistSeverity
DESC line:   3: clogHistMsgName
DESC line:   4: clogHistMsgText
DESC line:   5: clogHistTimestamp
DESC line: A ccmeStatusChangeNotif is generated if there is a change
DESC line: in ccmeEnabled. This notification is generated only when
DESC line: value of the 'ccmeNotificationEnable' object is 'true'.
DESC line: Variables:
DESC line:   1: ccmeSysTrapSeverity
DESC line:   2: ccmeEnabled
DESC line:   3: ccmeSysNotificationReason
DESC line: This notification is generated every time the total
DESC line: number of Ephones registered is exceeded and then dropped
DESC line: below threshold specified by 'ccmeEphoneUnRegThreshold'
DESC line: object. This objects is generated only if
DESC line: 'ccmeNotificationEnable' object is 'true'.
DESC line: Variables:
DESC line:   1: ccmeEphoneUnRegThreshold
DESC line: This notification is generated every time registered Ephone
DESC line: changes state to 'Deceased', indicating that the connection
DESC line: to the Cisco IP phone was closed because of a keepalive
DESC line: timeout.  This objects is generated only if
DESC line: 'ccmeNotificationEnable' object is 'true'.
DESC line: Variables:
DESC line:   1: ccmeEphoneIpAddress
DESC line:   2: ccmeEphoneRegState
DESC line: This notification is generated every time an Ephone
DESC line: attempts to register but fails. This notification is
DESC line: only for those failures seen by the CCME or SRST
DESC line: gateway. This objects is generated only if
DESC line: 'ccmeNotificationEnable' object is 'true'.
DESC line: Variables:
DESC line:   1: ccmeEphoneIpAddress
DESC line:   2: ccmeEphoneTrapReason
DESC line: This notification is generated every time an Ephone user
DESC line: login is rejected/failed.
DESC line: This objects is generated only if 'ccmeNotificationEnable'
DESC line: object is 'true'.
DESC line: Variables:
DESC line:   1: ccmeEphoneIpAddress
DESC line:   2: ccmeEphoneTrapReason
DESC line: A ccmeNightServiceChangeNotif notification is generated
DESC line: if there is change in night service status on this
DESC line: device. This objects is generated only if
DESC line: 'ccmeNotificationEnable' object is 'true'.
DESC line: Variables:
DESC line:   1: ccmeEphoneTrapReason
DESC line: A ccmeLivefeedMohFailedNotif notification is generated
DESC line: when the Music-on-hold (Moh) live feed has failed. This
DESC line: objects is generated only if 'ccmeNotificationEnable'
DESC line: object is 'true'.
DESC line: Variables:
DESC line:   1: ccmeEphoneTrapReason
DESC line: A ccmeMaxConferenceNotif notification is generated
DESC line: if the maximum number of simultaneous three-party
DESC line: conferences supported by the Cisco CallManager
DESC line: Express is exceeded. This objects is generated only if
DESC line: 'ccmeNotificationEnable' object is 'true'.
DESC line: Variables:
DESC line:   1: ccmeEphoneTrapReason
DESC line: A ccmeKeyEphoneRegChangeNotif notification is generated
DESC line: if there is a change in the registration status of Key
DESC line: IP phone.  This objects is generated only if
DESC line: 'ccmeNotificationEnable' object is 'true'.
DESC line: Variables:
DESC line:   1: ccmeEphoneIpAddress
DESC line:   2: ccmeEphoneRegState
DESC line: This trap is generated when a new ISAKMP
DESC line: policy element is defined on the managed entity.
DESC line: The context of the event includes the updated
DESC line: number of ISAKMP policy elements currently available.
DESC line: Variables:
DESC line:   1: cipsNumIsakmpPolicies
DESC line: This trap is generated when an existing ISAKMP
DESC line: policy element is deleted on the managed entity.
DESC line: The context of the event includes the updated
DESC line: number of ISAKMP policy elements currently available.
DESC line: Variables:
DESC line:   1: cipsNumIsakmpPolicies
DESC line: This trap is generated when a new cryptomap is
DESC line: added to the specified cryptomap set.
DESC line: Variables:
DESC line:   1: cipsStaticCryptomapType
DESC line:   2: cipsStaticCryptomapSetSize
DESC line: This trap is generated when a cryptomap is
DESC line: removed from the specified cryptomap set.
DESC line: Variables:
DESC line:   1: cipsStaticCryptomapSetSize
DESC line: A cryptomap set must be attached to an interface
DESC line: of the device in order for it to be operational.
DESC line: This trap is generated when the cryptomap set
DESC line: attached to an active interface of the managed entity.
DESC line: The context of the notification includes:
DESC line: Size of the attached cryptomap set,
DESC line: Number of ISAKMP cryptomaps in the set and
DESC line: Number of Dynamic cryptomaps in the set.
DESC line: Variables:
DESC line:   1: cipsStaticCryptomapSetSize
DESC line:   2: cipsStaticCryptomapSetNumIsakmp
DESC line:   3: cipsStaticCryptomapSetNumDynamic
DESC line: This trap is generated when a cryptomap set is
DESC line: detached from an interafce to which it was
DESC line: bound earlier. The context of the event identifies the
DESC line: size of the cryptomap set.
DESC line: Variables:
DESC line:   1: cipsStaticCryptomapSetSize
DESC line: This trap is generated when a new SA is attempted
DESC line: to be setup while the number of currently active SAs
DESC line: equals the maximum configurable.  The variables are:
DESC line: cipsMaxSAs
DESC line: Variables:
DESC line:   1: cipsMaxSAs
DESC line: This notification is generated when an IPsec Phase-1
DESC line: IKE Tunnel becomes active.
DESC line: Variables:
DESC line:   1: cikePeerLocalAddr
DESC line:   2: cikePeerRemoteAddr
DESC line:   3: cikeTunLifeTime
DESC line: This notification is generated when an IPsec Phase-1
DESC line: IKE Tunnel becomes inactive.
DESC line: Variables:
DESC line:   1: cikePeerLocalAddr
DESC line:   2: cikePeerRemoteAddr
DESC line:   3: cikeTunActiveTime
DESC line: This notification is generated when the processing for
DESC line: an IPsec Phase-1 IKE Tunnel experiences an internal
DESC line: or system capacity error.
DESC line: Variables:
DESC line:   1: cikePeerLocalAddr
DESC line:   2: cikePeerRemoteAddr
DESC line: This notification is generated when the processing for
DESC line: an IPsec Phase-1 IKE Tunnel experiences a Certificate
DESC line: or a Certificate Revoke List (CRL) related error.
DESC line: Variables:
DESC line:   1: cikePeerLocalAddr
DESC line:   2: cikePeerRemoteAddr
DESC line: This notification is generated when the processing for
DESC line: an IPsec Phase-1 IKE Tunnel experiences a protocol
DESC line: related error.
DESC line: Variables:
DESC line:   1: cikePeerLocalAddr
DESC line:   2: cikePeerRemoteAddr
DESC line: This notification is generated when the processing for
DESC line: an IPsec Phase-1 IKE Tunnel experiences a non-existent
DESC line: security association error.
DESC line: Variables:
DESC line:   1: cikePeerLocalAddr
DESC line:   2: cikePeerRemoteAddr
DESC line: This notification is generated when an IPsec Phase-2
DESC line: Tunnel becomes active.
DESC line: Variables:
DESC line:   1: cipSecTunLifeTime
DESC line:   2: cipSecTunLifeSize
DESC line: This notification is generated when an IPsec Phase-2
DESC line: Tunnel becomes inactive.
DESC line: Variables:
DESC line:   1: cipSecTunActiveTime
DESC line: This notification is generated when the processing for
DESC line: an IPsec Phase-2 Tunnel experiences an internal
DESC line: or system capacity error.
DESC line: Variables:
DESC line:   1: cikePeerLocalAddr
DESC line:   2: cikePeerRemoteAddr
DESC line:   3: cipSecTunActiveTime
DESC line:   4: cipSecSpiProtocol
DESC line: This notification is generated when the setup for
DESC line: an IPsec Phase-2 Tunnel fails.
DESC line: Variables:
DESC line:   1: cikePeerLocalAddr
DESC line:   2: cikePeerRemoteAddr
DESC line: This notification is generated when an an IPsec Phase-2
DESC line: Tunnel is terminated earily or before expected.
DESC line: Variables:
DESC line:   1: cipSecTunActiveTime
DESC line:   2: cipSecSpiProtocol
DESC line: This notification is generated when the processing for
DESC line: an IPsec Phase-2 Tunnel experiences a protocol
DESC line: related error.
DESC line: Variables:
DESC line:   1: cipSecTunActiveTime
DESC line:   2: cipSecSpiProtocol
DESC line: This notification is generated when the processing for
DESC line: an IPsec Phase-2 Tunnel experiences a non-existent
DESC line: security association error.
DESC line: Variables:
DESC line: A coldStart trap signifies that the SNMP entity,
DESC line: supporting a notification originator application, is
DESC line: reinitializing itself and that its configuration may
DESC line: have been altered.
DESC line: Variables:
DESC line: A warmStart trap signifies that the SNMP entity,
DESC line: supporting a notification originator application,
DESC line: is reinitializing itself such that its configuration
DESC line: is unaltered.
DESC line: Variables:
DESC line: An authenticationFailure trap signifies that the SNMP
DESC line: entity has received a protocol message that is not
DESC line: properly authenticated.  While all implementations
DESC line: of SNMP entities MAY be capable of generating this
DESC line: trap, the snmpEnableAuthenTraps object indicates
DESC line: whether this trap will be generated.
DESC line: Variables:
78 EVENTs found
78 EVENTs found that contain at least the mandatory FORMAT line
Finished processing memory copy of configuration files

==========================================================
Printing out all the events in hash table:

Event: .* => general,General event,Normal,ZBXTRAP $aA $ar,
Event: .1.3.6.1.2.1.11.0.0 => coldStart,Status Events,Normal,ZBXTRAP $aA A coldStart trap signifies that the sending $*,
Event: .1.3.6.1.2.1.11.0.2 => linkDown,Status Events,Normal,ZBXTRAP $aA A linkDown trap signifies that the sending $*,
Event: .1.3.6.1.2.1.11.0.3 => linkUp,Status Events,Normal,ZBXTRAP $aA A linkUp trap signifies that the sending $*,
Event: .1.3.6.1.2.1.11.0.4 => authenticationFailure,Status Events,Normal,ZBXTRAP $aA An authenticationFailure trap signifies that $*,
Event: .1.3.6.1.2.1.11.0.5 => egpNeighborLoss,Status Events,Normal,ZBXTRAP $aA An egpNeighborLoss trap signifies that an EGP $*,
Event: .1.3.6.1.2.1.14.16.2.1 => ospfVirtIfStateChange,Status Events,Normal,ZBXTRAP $aA An ospfVirtIfStateChange trap signifies that there $*,
Event: .1.3.6.1.2.1.14.16.2.10 => ospfTxRetransmit,Status Events,Normal,ZBXTRAP $aA An ospfTxRetransmit trap signifies than an $*,
Event: .1.3.6.1.2.1.14.16.2.11 => ospfVirtIfTxRetransmit,Status Events,Normal,ZBXTRAP $aA An ospfVirtIfTxRetransmit trap signifies than an $*,
Event: .1.3.6.1.2.1.14.16.2.12 => ospfOriginateLsa,Status Events,Normal,ZBXTRAP $aA An ospfOriginateLsa trap signifies that a new $*,
Event: .1.3.6.1.2.1.14.16.2.13 => ospfMaxAgeLsa,Status Events,Normal,ZBXTRAP $aA An ospfMaxAgeLsa trap signifies that one of $*,
Event: .1.3.6.1.2.1.14.16.2.14 => ospfLsdbOverflow,Status Events,Normal,ZBXTRAP $aA An ospfLsdbOverflow trap signifies that the $*,
Event: .1.3.6.1.2.1.14.16.2.15 => ospfLsdbApproachingOverflow,Status Events,Normal,ZBXTRAP $aA An ospfLsdbApproachingOverflow trap signifies $*,
Event: .1.3.6.1.2.1.14.16.2.16 => ospfIfStateChange,Status Events,Normal,ZBXTRAP $aA An ospfIfStateChange trap signifies that there $*,
Event: .1.3.6.1.2.1.14.16.2.17 => ospfNssaTranslatorStatusChange,Status Events,Normal,ZBXTRAP $aA An ospfNssaTranslatorStatusChange trap indicates that $*,
Event: .1.3.6.1.2.1.14.16.2.18 => ospfRestartStatusChange,Status Events,Normal,ZBXTRAP $aA An ospfRestartStatusChange trap signifies that $*,
Event: .1.3.6.1.2.1.14.16.2.19 => ospfNbrRestartHelperStatusChange,Status Events,Normal,ZBXTRAP $aA An ospfNbrRestartHelperStatusChange trap signifies that $*,
Event: .1.3.6.1.2.1.14.16.2.2 => ospfNbrStateChange,Status Events,Normal,ZBXTRAP $aA An ospfNbrStateChange trap signifies that $*,
Event: .1.3.6.1.2.1.14.16.2.20 => ospfVirtNbrRestartHelperStatusChange,Status Events,Normal,ZBXTRAP $aA An ospfVirtNbrRestartHelperStatusChange trap signifies $*,
Event: .1.3.6.1.2.1.14.16.2.3 => ospfVirtNbrStateChange,Status Events,Normal,ZBXTRAP $aA An ospfVirtNbrStateChange trap signifies that there $*,
Event: .1.3.6.1.2.1.14.16.2.4 => ospfIfConfigError,Status Events,Normal,ZBXTRAP $aA An ospfIfConfigError trap signifies that a $*,
Event: .1.3.6.1.2.1.14.16.2.5 => ospfVirtIfConfigError,Status Events,Normal,ZBXTRAP $aA An ospfVirtIfConfigError trap signifies that a $*,
Event: .1.3.6.1.2.1.14.16.2.6 => ospfIfAuthFailure,Status Events,Normal,ZBXTRAP $aA An ospfIfAuthFailure trap signifies that a $*,
Event: .1.3.6.1.2.1.14.16.2.7 => ospfVirtIfAuthFailure,Status Events,Normal,ZBXTRAP $aA An ospfVirtIfAuthFailure trap signifies that a $*,
Event: .1.3.6.1.2.1.14.16.2.8 => ospfIfRxBadPacket,Status Events,Normal,ZBXTRAP $aA An ospfIfRxBadPacket trap signifies that an $*,
Event: .1.3.6.1.2.1.14.16.2.9 => ospfVirtIfRxBadPacket,Status Events,Normal,ZBXTRAP $aA An ospfVirtIfRxBadPacket trap signifies that an OSPF $*,
Event: .1.3.6.1.2.1.15.7.1 => bgpEstablished,Status Events,Normal,ZBXTRAP $aA The BGP Established event is generated when $*,
Event: .1.3.6.1.2.1.15.7.2 => bgpBackwardTransition,Status Events,Normal,ZBXTRAP $aA The BGPBackwardTransition Event is generated $*,
Event: .1.3.6.1.4.1.9.0.0 => reload,Status Events,Normal,ZBXTRAP $aA A reload trap signifies that the sending $*,
Event: .1.3.6.1.4.1.9.0.1 => tcpConnectionClose,Status Events,Normal,ZBXTRAP $aA A tty trap signifies that a TCP connection, $*,
Event: .1.3.6.1.4.1.9.10.62.2.0.1 => cipsIsakmpPolicyAdded,Status Events,Normal,ZBXTRAP $aA This trap is generated when a new ISAKMP $*,
Event: .1.3.6.1.4.1.9.10.62.2.0.2 => cipsIsakmpPolicyDeleted,Status Events,Normal,ZBXTRAP $aA This trap is generated when an existing ISAKMP $*,
Event: .1.3.6.1.4.1.9.10.62.2.0.3 => cipsCryptomapAdded,Status Events,Normal,ZBXTRAP $aA This trap is generated when a new cryptomap is $*,
Event: .1.3.6.1.4.1.9.10.62.2.0.4 => cipsCryptomapDeleted,Status Events,Normal,ZBXTRAP $aA This trap is generated when a cryptomap is $*,
Event: .1.3.6.1.4.1.9.10.62.2.0.5 => cipsCryptomapSetAttached,Status Events,Normal,ZBXTRAP $aA A cryptomap set must be attached to an interface $*,
Event: .1.3.6.1.4.1.9.10.62.2.0.6 => cipsCryptomapSetDetached,Status Events,Normal,ZBXTRAP $aA This trap is generated when a cryptomap set is $*,
Event: .1.3.6.1.4.1.9.10.62.2.0.7 => cipsTooManySAs,Status Events,Normal,ZBXTRAP $aA This trap is generated when a new SA is attempted  $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.1 => cikeTunnelStart,Status Events,Normal,ZBXTRAP $aA This notification is generated when an IPsec Phase-1 $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.10 => cipSecSetUpFailure,Status Events,Normal,ZBXTRAP $aA This notification is generated when the setup for $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.11 => cipSecEarlyTunTerm,Status Events,Normal,ZBXTRAP $aA This notification is generated when an an IPsec Phase-2 $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.12 => cipSecProtocolFailure,Status Events,Normal,ZBXTRAP $aA This notification is generated when the processing for $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.13 => cipSecNoSa,Status Events,Normal,ZBXTRAP $aA This notification is generated when the processing for $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.2 => cikeTunnelStop,Status Events,Normal,ZBXTRAP $aA This notification is generated when an IPsec Phase-1 $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.3 => cikeSysFailure,Status Events,Normal,ZBXTRAP $aA This notification is generated when the processing for $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.4 => cikeCertCrlFailure,Status Events,Normal,ZBXTRAP $aA This notification is generated when the processing for $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.5 => cikeProtocolFailure,Status Events,Normal,ZBXTRAP $aA This notification is generated when the processing for $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.6 => cikeNoSa,Status Events,Normal,ZBXTRAP $aA This notification is generated when the processing for $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.7 => cipSecTunnelStart,Status Events,Normal,ZBXTRAP $aA This notification is generated when an IPsec Phase-2 $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.8 => cipSecTunnelStop,Status Events,Normal,ZBXTRAP $aA This notification is generated when an IPsec Phase-2 $*,
Event: .1.3.6.1.4.1.9.9.171.2.0.9 => cipSecSysFailure,Status Events,Normal,ZBXTRAP $aA This notification is generated when the processing for $*,
Event: .1.3.6.1.4.1.9.9.187.0.1 => cbgpFsmStateChange,Status Events,Normal,ZBXTRAP $aA The BGP cbgpFsmStateChange notification is generated $*,
Event: .1.3.6.1.4.1.9.9.187.0.10 => cbgpPeer2PrefixThresholdClear,Status Events,Normal,ZBXTRAP $aA The cbgpPeer2PrefixThresholdClear notification is $*,
Event: .1.3.6.1.4.1.9.9.187.0.2 => cbgpBackwardTransition,Status Events,Normal,ZBXTRAP $aA The cbgpBackwardTransition Event is generated when the $*,
Event: .1.3.6.1.4.1.9.9.187.0.3 => cbgpPrefixThresholdExceeded,Status Events,Normal,ZBXTRAP $aA The cbgpPrefixThresholdExceeded notification is $*,
Event: .1.3.6.1.4.1.9.9.187.0.4 => cbgpPrefixThresholdClear,Status Events,Normal,ZBXTRAP $aA The cbgpPrefixThresholdClear notification is $*,
Event: .1.3.6.1.4.1.9.9.187.0.5 => cbgpPeer2EstablishedNotification,Status Events,Normal,ZBXTRAP $aA The cbgpPeer2EstablishedNotification notification $*,
Event: .1.3.6.1.4.1.9.9.187.0.6 => cbgpPeer2BackwardTransNotification,Status Events,Normal,ZBXTRAP $aA The cbgpPeer2BackwardTransNotification notification $*,
Event: .1.3.6.1.4.1.9.9.187.0.7 => cbgpPeer2FsmStateChange,Status Events,Normal,ZBXTRAP $aA The cbgpPeer2FsmStateChange notification is generated $*,
Event: .1.3.6.1.4.1.9.9.187.0.8 => cbgpPeer2BackwardTransition,Status Events,Normal,ZBXTRAP $aA The cbgpPeer2BackwardTransition notification is $*,
Event: .1.3.6.1.4.1.9.9.187.0.9 => cbgpPeer2PrefixThresholdExceeded,Status Events,Normal,ZBXTRAP $aA The cbgpPeer2PrefixThresholdExceeded notification is $*,
Event: .1.3.6.1.4.1.9.9.41.2.0.1 => clogMessageGenerated,Status Events,Normal,ZBXTRAP $aA When a syslog message is generated by the device a $*,
Event: .1.3.6.1.4.1.9.9.43.2.0.1 => ciscoConfigManEvent,Status Events,Normal,ZBXTRAP $aA Notification of a configuration management event as $*,
Event: .1.3.6.1.4.1.9.9.43.2.0.2 => ccmCLIRunningConfigChanged,Status Events,Normal,ZBXTRAP $aA This notification indicates that the running $*,
Event: .1.3.6.1.4.1.9.9.43.2.0.3 => ccmCTIDRolledOver,Status Events,Normal,ZBXTRAP $aA This notification indicates that the Config Change Tracking $*,
Event: .1.3.6.1.4.1.9.9.439.0.0.1 => ccmeStatusChangeNotif,Status Events,Normal,ZBXTRAP $aA A ccmeStatusChangeNotif is generated if there is a change $*,
Event: .1.3.6.1.4.1.9.9.439.0.0.2 => ccmeEphoneUnRegThresholdExceed,Status Events,Normal,ZBXTRAP $aA This notification is generated every time the total $*,
Event: .1.3.6.1.4.1.9.9.439.0.0.3 => ccmeEPhoneDeceased,Status Events,Normal,ZBXTRAP $aA This notification is generated every time registered Ephone $*,
Event: .1.3.6.1.4.1.9.9.439.0.0.4 => ccmeEPhoneRegFailed,Status Events,Normal,ZBXTRAP $aA This notification is generated every time an Ephone $*,
Event: .1.3.6.1.4.1.9.9.439.0.0.5 => ccmeEphoneLoginFailed,Status Events,Normal,ZBXTRAP $aA This notification is generated every time an Ephone user $*,
Event: .1.3.6.1.4.1.9.9.439.0.0.6 => ccmeNightServiceChangeNotif,Status Events,Normal,ZBXTRAP $aA A ccmeNightServiceChangeNotif notification is generated $*,
Event: .1.3.6.1.4.1.9.9.439.0.0.7 => ccmeLivefeedMohFailedNotif,Status Events,Normal,ZBXTRAP $aA A ccmeLivefeedMohFailedNotif notification is generated $*,
Event: .1.3.6.1.4.1.9.9.439.0.0.8 => ccmeMaxConferenceNotif,Status Events,Normal,ZBXTRAP $aA A ccmeMaxConferenceNotif notification is generated $*,
Event: .1.3.6.1.4.1.9.9.439.0.0.9 => ccmeKeyEphoneRegChangeNotif,Status Events,Normal,ZBXTRAP $aA A ccmeKeyEphoneRegChangeNotif notification is generated $*,
Event: .1.3.6.1.6.3.1.1.5.1 => coldStart,Status Events,Normal,ZBXTRAP $aA A coldStart trap signifies that the SNMP entity, $*,
Event: .1.3.6.1.6.3.1.1.5.2 => warmStart,Status Events,Normal,ZBXTRAP $aA A warmStart trap signifies that the SNMP entity, $*,
Event: .1.3.6.1.6.3.1.1.5.3 => linkDown,Status Events,Normal,ZBXTRAP $aA A linkDown trap signifies that the SNMP entity, acting in $*,
Event: .1.3.6.1.6.3.1.1.5.4 => linkUp,Status Events,Normal,ZBXTRAP $aA A linkUp trap signifies that the SNMP entity, acting in an $*,
Event: .1.3.6.1.6.3.1.1.5.5 => authenticationFailure,Status Events,Normal,ZBXTRAP $aA An authenticationFailure trap signifies that the SNMP $*,

Finished printing out all events in hash table
==========================================================
cwd: /
Changing to UID: snmptt (1004)
Closing debug file /var/log/snmptt/snmptt.debug
Debug file /var/log/snmptt/snmptt.debug re-opened under uid 1004
Sleeping for 30 seconds

Sleeping for 30 seconds

Sleeping for 30 seconds

^C
bsd#
bsd#
bsd#date
Sun Jan 24 14:57:03 MSK 2016
bsd#
bsd#
bsd#
Junos OS kernel based on FreeBSD UNIX.