(Whoops, resending from the right address)
Hello,
I'm trying to figure out how to do better monitoring of my incoming
snmp traps. Currently I have mon running happily but I have snmptrapd
running on the same host. The snmp traps received by snmptrapd get
written to syslog where I have a process (syslog-ng / swatch) running to
do primitive decoding of the messages and sending alerts under some
conditions. This is hacky and suboptimal.
I am no snmp guru but it seems that it should be possible and
desireable for there to be many snmp trap receivers on the same host,
each handling one or more subsets of the mib tree. For example, I might
want to have one handler watching mac change notification messages from
my cisco switches, while another looks at sysUptime values, and while a
third receives link quality messages from my oc3 microwave links. Some
of these messages do require immediate alerting from mon and others
require alerting only after some other events also occur (like if I'm
watching for flip-flop on mac addresses on my switches for example. I
have to keep a local database of mac addresses and compare each mac
notification trap against this database before I know if it's a flip-flop).
My question simply is how might anyone suggest to handle multiple traps
from different devices or is there something obvious in the net-snmp
package that I've missed or perhaps a mon feature I could use for this
purpose?
Mike-
_______________________________________________
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon
