TUT:snmpd notification filtering
Note: This page still under construction!
By default snmpd will send all traps to all configured trapsinks/informsinks. While there is not yet a way to configure notification filtering via snmpd.conf, it can be configured via sets to the notification filtering MIB. See SNMP_notification_processing for an overview of notification processing.
Contents
notification destinations
configuring notification destinations
First lets take a quick refresher on configuring notification destinations.
trapsink
You can send SNMPv1 traps using the trapsink token. A non-standard port can be specified by adding the port after the host name or IP address.
trapsink 127.0.0.1:1127 trapComm
trap2sink
You can send SNMPv2 traps using the trapsink token. A non-standard port can be specified by adding the port after the host name or IP address.
trap2sink 192.168.1.99:1199 trapComm
informsink
You can send SNMPv2 informs, which the remote side should confirm, using the informsink token. A non-standard port can be specified by adding the port after the host name or IP address.
informsink 192.1.68.88:1188 trapComm
trapsess
You can send SNMPv3 informs with full SNMPv3 security using the trapsess token.
trapsess -r 0 -Ci -v 3 -u myuser -n "" -l authPriv -a MD5 -A myauthpass -x DES -X myencrpass 192.168.1.77:1177
snmpNotifyTable
Give the 4 configuration lines above, lets take a peek at the snmpNotifyTable:
$ snmptable -Cb -Ci -v2C -c public localhost snmpNotifyTable index Tag Type 'internal0' internal0 trap 'internal0' internal1 trap 'internal0' internal2 inform 'internal0' internal3 inform
Each configured destination has a unique tag associated with it. This tag is used as an index into the snmpTargetAddrTable, which specifies the destination for the associated tag, along with a few other parameters.
snmpTargetAddrTable
The snmpTargetAddrTable contains a column for a parameter tag. This tag is used to index into the snmpTargetParamsTable for additional parameters.
$ snmptable -Cb -Ci -v2C -c public localhost snmpTargetAddrTable index TDomain TAddress Timeout RetryCount TagList Params 'internal0' SnmpUDPAddress "7F 00 00 01 04 67 " 0 0 internal0 internal0 'internal1' SnmpUDPAddress "C0 A8 01 63 04 AF " 0 0 internal1 internal1 'internal2' SnmpUDPAddress "C0 A8 01 4D 04 99 " 1000 0 internal2 internal2 'internal3' SnmpUDPAddress "C0 01 44 58 04 A4 " 1000 5 internal3 internal3
snmpTargetParamsTable
$ snmptable -Cb -Ci -v2c -c public localhost snmpTargetParamsTable index MPModel SecurityModel SecurityName SecurityLevel 'internal0' 0 1 trapComm noAuthNoPriv 'internal1' 1 2 trapComm noAuthNoPriv 'internal2' 3 3 myuser authPriv 'internal3' 1 2 trapComm noAuthNoPriv
notification filtering
snmpNotifyFilterTable
So, lets say we want to filter the coldStart trap.
$ snmpset -v2c -c private localhost \ snmpNotifyFilterRowStatus.\"noColdStart\".1 i createAndGo \ snmpNotifyFilterType.\"noColdStart\".1 i included snmpNotifyFilterRowStatus.\"noColdStart\".1.3.6.1.6.3.1.1.5.1 i createAndGo \ snmpNotifyFilterType.\"noColdStart\".1.3.6.1.6.3.1.1.5.1 i excluded SNMP-NOTIFICATION-MIB::snmpNotifyFilterRowStatus."noColdStart".1 = INTEGER: createAndGo(4) SNMP-NOTIFICATION-MIB::snmpNotifyFilterType."noColdStart".1 = INTEGER: included(1) SNMP-NOTIFICATION-MIB::snmpNotifyFilterRowStatus."noColdStart".1.3.6.1.6.3.1.1.5.1 = INTEGER: createAndGo(4) SNMP-NOTIFICATION-MIB::snmpNotifyFilterType."noColdStart".1.3.6.1.6.3.1.1.5.1 = INTEGER: excluded(2)
$ snmptable -r0 -t1 -Cb -Ci localhost:1161 snmpNotifyFilterTable index Mask Type "noColdStart".1 "" included "noColdStart".1.3.6.1.6.3.1.1.5.1 "" excluded
Now we need to associate that filter with the parameters for a target.
snmpNotifyFilterProfileTable
$ snmpset -v2c -c priv localhost \ snmpNotifyFilterProfileName.\'internal1\' s noColdStart \ snmpNotifyFilterProfileRowStatus.\'internal1\' i createAndGo SNMP-NOTIFICATION-MIB::snmpNotifyFilterProfileName.'internal1' = STRING: noColdStart SNMP-NOTIFICATION-MIB::snmpNotifyFilterProfileRowStatus.'internal1' = INTEGER: createAndGo(4) $ snmptable -r0 -t1 -Cb -Ci localhost snmpNotifyFilterProfileTable index Name 'internal1' noColdStart