Assure1 Event SNMP Trap Aggregator¶
Overview¶
The Assure1 Event SNMP Trap Aggregator is a generic SNMP Trap message listener that receives messages from devices, parses the results with customizable rules and creates de-duplicated events within Assure1.
A default installation includes a set of rules files for processing a variety of traps from numerous different vendors. The following documentation has information regarding supported devices and other useful information:
Please contact Federos if there are devices that are not polled by the out-of-the-box Foundation rules.
SNMP Trap Aggregator Setup¶
-
Review the logic in the rules files referenced in the configuration to see the processing that will be done when traps are received:
-
LoadRules will be executed during application startup to load data that might be needed during processing.
-
IncludeRules will be read during application startup to load additional files that might be called during processing.
-
BaseRules will be executed for each device that is selected based on the configuration.
Update the logic as needed.
-
-
Enable the default Service, unless a specific configuration option is needed.
-
Configure devices to send SNMP Trap messages to the server where the SNMP Trap Aggregator has been started.
SNMPv3 Setup¶
A SNMP Access Profile must be created with the same credentials configured on the sending devices. Multiple SNMP Access Profiles can be setup to match different credential sets.
-
Go to the SNMP Access UI:
-
For each profile needed:
-
Security Level is always required
-
Username is always required
-
Authentication Protocol and Authentication Password are required if Security Level set to authNoPriv or authPriv
-
Privacy Protocol and Privacy Password are required if Security Level set to authPriv
-
Default Service¶
| Field | Value |
|---|---|
| Package Name | coreCollection-app |
| Service Name | Event Trap Aggregator |
| Service Program | bin/core/collection/Trapd |
| Service Arguments | |
| Service Description | Trapd Aggregator that runs on port 162/udp |
| Failover Type | Standalone (Supported: Standalone, Primary/Backup) |
| Status | Disabled |
| Privileged | (Checked) |
Default Configuration¶
| Name | Value | Possible Values | Notes |
|---|---|---|---|
| BaseRules | collection/event/trap/base.rules | Text, 255 characters | Relative path to Base Rules |
| BranchDir | core/default | Text, 255 characters | relative path to Rules dir |
| BulkInsert | Disabled | Enabled/Disabled | Optional - If enabled, events are sent in bulk with multi-row database upserts. See BulkTime and Limit. |
| BulkTime | 2 | Integer | Optional - If BulkInsert is enabled, defines the maximum number of seconds to wait for Limit events. |
| IncludeRules | collection/event/trap/base.includes | Text, 255 characters | Relative path to Include Rules |
| Limit | 100 | Integer | Optional - If BulkInsert is enabled, defines the maximum number of rows sent in each multi-row database upsert. |
| LoadRules | collection/event/trap/base.load | Text, 255 characters | Relative path to Load Rules |
| LogFile | logs/EventTrapd.log | Text, 255 characters | Relative path to Log File. |
| LogLevel | ERROR | OFF, FATAL, ERROR, WARN, INFO, DEBUG | Logging level used by application. |
| ShardID | 1 | Integer | Database shard to be used. |
| Threads | 3 | Integer | Number of process threads created. The aggregator takes a third of this value (rounded up) for database threads unless overridden by the "DBThreads" application configuration. |
| Capture | Disabled | Enabled/Disabled | Optional - If enabled, saves the raw message in the Log. |
| DBThreads | Integer | Optional - Number of database threads to be created. If not specified, defaults to a third (rounded up) of "Threads" application configuration. | |
| DisableDNS | Disabled | Enabled/Disabled | Optional - If enabled, uses IP address instead of hostname for the event Node. |
| FailoverBufferLimit | 0 | Integer | Optional - Enables Failover Standby buffer that keeps N-seconds worth of syslogs and replays this buffer when becoming Failover Active. (0=off N=seconds to keep) See Tokens: $buffer and $received |
| FieldSetFile | Text, 255 characters | Optional - Path to csv file containing custom list of fields that will be used when inserting data. (Requires InsertSQLFile.) | |
| Host | Text, 255 characters | Optional - DNS name or IP Address to receive traps on. If not specified, defaults to 0.0.0.0. - NO RELOAD CONFIG SUPPORT | |
| InsertSQLFile | Text, 255 characters | Optional - Path to file containing custom SQL Insert statement for handling of event inserts. (Requires FieldSetFile.) | |
| Port | 162 | Text, 255 characters | Optional - Port to receive traps on. If not specified, defaults to 162. - NO RELOAD CONFIG SUPPORT |
Best Practices¶
The following list shows the best practices for working with this application:
-
Depending on the server specifications and loads, the number of the Threads that the aggregator uses may need to be increased, however, too many threads has been seen to have negative effects.
-
By default, devices send SNMP Trap Messages on UDP port 162. If messages are not reaching the Assure1 system, check firewall settings in the network.
-
SNMPv3 traps require an SNMP Access Profile to exist with matching credentials. These errors will be seen in the log (as DEBUG), if mis-configured:
-
Missing profile with matching username: Error finding username in local configuration datastore [unknownSecurityName]: ...
-
Mismatch with authentication protocol and/or password: Error authenticating message [authenticationFailure]: ...
-
Mismatch with privacy protocol and/or password: Error decrypting PDU [decryptionError]: ...
-
-
Reloading Configuration from the Services UI will update SNMP Access Profiles.
Rules¶
This aggregator uses the Assure1 standard rules architecture, which are 100% Perl syntax. Refer to the following articles to assist in rules creation:
Tokens¶
The aggregator exposes the following tokens for rules processing.
| Token | Description |
|---|---|
| $AppConfig | Hash reference to the application configuration name-value pairs that were configured. (i.e. use $AppConfig->{'Host'} to retrieve the set value for 'Host'.) |
| $Event | Reference to the hash that is used to create and insert the Event data into the database. Keys map to the fields within the table used and values assigned are inserted in the database to that field. (e.g. $Event->{'IPAddress'} = '192.0.2.1' to assign the event IP address to '192.0.2.1') At least the 'Node' and 'Summary' fields must be set, or no event is inserted. |
| $count | Message Counter. |
| $timestamp | Human readable time of Trap. |
| $received | Epoch time SNMP trap was received by the aggregator. |
| $buffer | Flag for if was buffered during standby and was replayed (0 = No, 1 = Yes) |
| $ip | Sender IP Address |
| $node | Sender DNS Resolved Name |
| $cstring | Community String |
| $enterprise | Enterprise Identifier |
| $agent | SNMP Agent IP Address |
| $generic | Generic Trap ID |
| $specific | Specific Trap ID |
| $trapoid | Trap OID |
| $vars | Varbind Hash reference i.e. $value = $vars->{'1.3.6.3.4.5.3.3.3.1'}; |
| @varbinds | Varbind array containing the varbind OIDs parsed from the SNMP Trap in the order in which they were received by the aggregator i.e. $first_oid = $varbinds[0];. The value for this oid can be retrieved from the $vars hash as normal i.e. $first_oid_value = $vars->{$first_oid};. |
| $discard_flag | Flag for discard (0=No, 1=Yes) |
| $CustomHash | Custom key, value cache available across all rules. Contents commonly defined in Load Rules then used in Base or other rules. NOTE: This variable is a shared object and any additional sub hashes or arrays must be shared before use or it will cause the error: "Invalid value for shared scalar". Instantiate the sub hash/array using '&share({})' e.g. $CustomHash->{SubObject} = &share({}); |
| $StorageHash | Internal cache used as the StorageHash option when calling rules functions such as FindDeviceID(). NOTE: The structure of this cache is subject to change! Not recommended for custom global storage or manual manipulation; use $CustomHash. |
Example Integrations¶
Creating custom rules files¶
Custom SNMP rules files can be created and used to poll devices using the following basic procedure, but more advanced coding knowledge will likely be needed.
Please contact Federos if you have devices that are not polled by the Foundation rules.
Administration Details¶
The following list shows the technical details need for advanced administration of the application:
-
Package - coreCollection-app
-
Synopsis -
./Trapd [OPTIONS] -
Options:
-c, --AppConfigID N Application Config ID (Service, Job, or Request ID) -?, -h, --Help Print usage and exit -
Threaded - Multi-Threaded