-
Notifications
You must be signed in to change notification settings - Fork 2
TUT:snmpd_notification_filtering
Note: This page still under construction!
By default snmpd will send all traps to all configured trapsinks/informsinks. While there is not yet a way to configure notification filtering via snmpd.conf, it can be configured via sets to the notification filtering MIB. See SNMP_notification_processing for an overview of notification processing.
First lets take a quick refresher on configuring notification destinations.
You can send SNMPv1 traps using the trapsink token. A non-standard port can be specified by adding the port after the host name or IP address.
trapsink 127.0.0.1:1127 trapComm
You can send SNMPv2 traps using the trapsink token. A non-standard port can be specified by adding the port after the host name or IP address.
trap2sink 192.168.1.99:1199 trapComm
You can send SNMPv2 informs, which the remote side should confirm, using the informsink token. A non-standard port can be specified by adding the port after the host name or IP address.
informsink 192.1.68.88:1188 trapComm
You can send SNMPv3 informs with full SNMPv3 security using the trapsess token.
trapsess -r 0 -Ci -v 3 -u myuser -n "" -l authPriv -a MD5 -A myauthpass -x DES -X myencrpass 192.168.1.77:1177
Give the 4 configuration lines above, lets take a peek at the snmpNotifyTable:
$ snmptable -Cb -Ci -v2C -c public localhost snmpNotifyTable
index Tag Type
'internal0' internal0 trap
'internal0' internal1 trap
'internal0' internal2 inform
'internal0' internal3 inform
Each configured destination has a unique tag associated with it. This tag is used as an index into the snmpTargetAddrTable, which specifies the destination for the associated tag, along with a few other parameters.
The snmpTargetAddrTable contains a column for a parameter tag. This tag is used to index into the snmpTargetParamsTable for additional parameters.
$ snmptable -Cb -Ci -v2C -c public localhost snmpTargetAddrTable
index TDomain TAddress Timeout RetryCount TagList Params
'internal0' SnmpUDPAddress "7F 00 00 01 04 67 " 0 0 internal0 internal0
'internal1' SnmpUDPAddress "C0 A8 01 63 04 AF " 0 0 internal1 internal1
'internal2' SnmpUDPAddress "C0 A8 01 4D 04 99 " 1000 0 internal2 internal2
'internal3' SnmpUDPAddress "C0 01 44 58 04 A4 " 1000 5 internal3 internal3
$ snmptable -Cb -Ci -v2c -c public localhost snmpTargetParamsTable
index MPModel SecurityModel SecurityName SecurityLevel
'internal0' 0 1 trapComm noAuthNoPriv
'internal1' 1 2 trapComm noAuthNoPriv
'internal2' 3 3 myuser authPriv
'internal3' 1 2 trapComm noAuthNoPriv
So, lets say we want to filter the coldStart trap.
$ snmpset -v2c -c private localhost \
snmpNotifyFilterRowStatus.\"noColdStart\".1 i createAndGo \
snmpNotifyFilterType.\"noColdStart\".1 i included
snmpNotifyFilterRowStatus.\"noColdStart\".1.3.6.1.6.3.1.1.5.1 i createAndGo \
snmpNotifyFilterType.\"noColdStart\".1.3.6.1.6.3.1.1.5.1 i excluded
SNMP-NOTIFICATION-MIB::snmpNotifyFilterRowStatus."noColdStart".1 = INTEGER: createAndGo(4)
SNMP-NOTIFICATION-MIB::snmpNotifyFilterType."noColdStart".1 = INTEGER: included(1)
SNMP-NOTIFICATION-MIB::snmpNotifyFilterRowStatus."noColdStart".1.3.6.1.6.3.1.1.5.1 = INTEGER: createAndGo(4)
SNMP-NOTIFICATION-MIB::snmpNotifyFilterType."noColdStart".1.3.6.1.6.3.1.1.5.1 = INTEGER: excluded(2)
$ snmptable -r0 -t1 -Cb -Ci localhost:1161 snmpNotifyFilterTable
index Mask Type
"noColdStart".1 "" included
"noColdStart".1.3.6.1.6.3.1.1.5.1 "" excluded
Now we need to associate that filter with the parameters for a target.
$ snmpset -v2c -c priv localhost \
snmpNotifyFilterProfileName.\'internal1\' s noColdStart \
snmpNotifyFilterProfileRowStatus.\'internal1\' i createAndGo
SNMP-NOTIFICATION-MIB::snmpNotifyFilterProfileName.'internal1' = STRING: noColdStart
SNMP-NOTIFICATION-MIB::snmpNotifyFilterProfileRowStatus.'internal1' = INTEGER: createAndGo(4)
$ snmptable -r0 -t1 -Cb -Ci localhost snmpNotifyFilterProfileTable
index Name
'internal1' noColdStart