| Hi Rich,
thanks for this information. I managed to get the traps look like I wanted them to look like ;-)
22/04 16:13:09: Message from InterMapper 5.6.7
Event: TRAP Name: swi-dz-1og-2 Document: 8.4-Vert-DZ Address: <CISCO-IP> Probe Type: SNMP Traffic (port 161 SNMPv2c) Condition: cisco (1) { OLD-CISCO-TS-MIB::tslineSesType.1.1 : "5", TCP-MIB::tcpConnState.<CISCO-IP>.23.<SOURCE-IP>.60280 : "4", OLD-CISCO-TCP-MIB::loctcpConnElapsed.<CISCO-IP>.23.<SOURCE-IP>.60280 : "3076", OLD-CISCO-TCP-MIB::loctcpConnInBytes.<CISCO-IP>.23.<SOURCE-IP>.60280 : "88", OLD-CISCO-TCP-MIB::loctcpConnOutBytes.<CISCO-IP>.23.<SOURCE-IP>.60280 : "172", OLD-CISCO-TS-MIB::tsLineUser.1 : "<TTYUSER>" }
Comment:
Time since last reported down: 9 days, 22 hours, 56 minutes, 50 seconds Device's up time: 434 days, 3 hours, 34 minutes, 40 seconds
I only needed to import the correct Cisco MIB files into Intermapper.
So your very first sentence was the clue. The rest was already clear.
But now one more question.
As you can see in the output under Condition:
Condition: cisco (1) { OLD-CISCO-TS-MIB::tslineSesType.1.1 : "5",
There is a "5" given for the "tslineSesType"
In the matching Cisco MIB I can find, that "5" stands for "telnet" Do you think that Intermapper will be also able to dissolve this?
| Object | tslineSesType | | OID | 1.3.6.1.4.1.9.2.9.3.1.1 | | Type | INTEGER | | Permission | read-only | | Status | mandatory | | Values | 1 : unknown
2 : pad
3 : stream
4 : rlogin
5 : telnet
6 : tcp
7 : lat
8 : mop
9 : slip
10 : xremote
11 : rshell
| | MIB | OLD-CISCO-TS-MIB ; - View Supporting Images  | | Description | Type of session. |
|
Thanks a lot for your help
Jürgen
Hi Jürgen,
Thanks for the note. In general, InterMapper will translate the contents/OIDs of a trap if you have imported the MIB.
In doing research for this answer, I happened upon the following article: https://supportforums.cisco.com/thread/145095
It says that the particular trap is caused by a telnet connection disconnecting from the particular device, and the final posting suggests a fix. I have not tried it to verify, though.
Please get back to me if you have further questions. Thanks!
Rich Brown
InterMapper
________________________________________
From: InterMapper-Talk@list.dartware.com [InterMapper-Talk@list.dartware.com] On Behalf Of Jürgen Brändle [n...@braendle-net.de]
Sent: Friday, April 19, 2013 8:53 AM
To: intermapper-talk@list.dartware.com
Subject: [IM-Talk] SNMP Trap Question
Hi there,
im using some cisco snap traps via inter mapper to get some information via mail.
e.g. One of my cisco routers sends traps when ISDN Backups connect and terminate.
I get something like this:
16/04 09:43:12: Message from InterMapper 5.6.7
Event: TRAP
Name: vpnbackup
Document: 4.3-VSS-TOTR-RZ1
Address: xxx.xxx.xxx.xxx
Probe Type: SNMP - Cisco - Process and Memory Pool (port 161 SNMPv2c)
Condition: CISCO-SMI::ciscoMgmt.26.2 (2) {
CISCO-SMI::ciscoMgmt.26.1.1.1.1.3.37.17 : "67",
CISCO-SMI::ciscoMgmt.26.1.1.1.1.4.37.17 : "PPP USERNAME",
CISCO-SMI::ciscoMgmt.26.1.1.1.1.5.37.17 : "PHONENUMBER",
CISCO-SMI::ciscoMgmt.26.1.1.1.1.8.37.17 : "CONNECTION TIME IN SECONDS",
CISCO-SMI::ciscoMgmt.26.1.1.1.1.9.37.17 : "Normal call clearing",
CISCO-SMI::ciscoMgmt.26.1.1.1.1.10.37.17 : "0x10",
CISCO-SMI::ciscoMgmt.26.1.1.1.1.17.37.17 : "1" }
Comment:
Time since last reported down: 3 days, 16 hours, 31 minutes, 0 seconds
Device's up time: 303 days, 0 hours, 20 minutes, 2 seconds
This mail body is quite easy to understand because I know, that this must have something to do with the ISDN Backups.
But this week I tried to use this feature on some cisco switches to get some more Information via trap.
So one of the messages I got was:
16/04 07:46:42: Message from InterMapper 5.6.7
Event: TRAP
Name: swi-dz-1og-2
Document: 8.4-Vert-DZ
Address: xxx.xxx.xxx.xxx
Probe Type: SNMP Traffic (port 161 SNMPv2c)
Condition: CISCO-SMI::cisco (1) { CISCO-SMI::local.9.3.1.1.1.1 : "5",
TCP-MIB::tcpConnState.172.16.4.180.23.172.16.203.40.63257 : "7",
CISCO-SMI::local.6.1.1.5.172.16.4.180.23.172.16.203.40.63257 : "28",
CISCO-SMI::local.6.1.1.1.172.16.4.180.23.172.16.203.40.63257 : "86",
CISCO-SMI::local.6.1.1.2.172.16.4.180.23.172.16.203.40.63257 : "18137",
CISCO-SMI::local.9.2.1.18.1 : "TTY USERNAME" }
Comment:
Time since last reported down: 3 days, 14 hours, 30 minutes, 23 seconds
Device's up time: 427 days, 19 hours, 8 minutes, 14 seconds
Here I can only try to guess what the single trap values mean or have to go to
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=local.6.1.1.5&translate=Translate&submitValue=SUBMIT&submitClicked=true
to translate the OIDs to human readable values.
OK somebody can tell me now, that I should know what my switches send via TRAP, but the mail schooled also be readable by non cisco freaks.
Has anybody an idea to let intermapper read out the OIDs in the trap packet and translate it automatically to human readable values?
The needed cisco MIB files are available.
Any help welcome
Jürgen____________________________________________________________________
List archives:
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: intermapper-talk-...@list.dartware.com
_______________
Confidentiality Notice: This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.
________________
____________________________________________________________________
List archives:
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: intermapper-talk-...@list.dartware.com
|
