Creating SNMP trap-to-IBM Director event mapping

This IBM Director extension enables you to generate an IBM Director event for an incoming SNMP trap with a mapped set of event type and qualifiers. As a matter of choice, a regular SNMP trap event can also be generated forcibly.

Subtopics

Writing .map files

You can extend IBM Director's SNMP listener function by writing a new .map file. This file should be present in data\snmp directory. The following are the valid keys in a map file.

The following are global keys specified once in a .map file.

Key Value Description
ibm.snmplistener.output your.csv This optional key specifies a output file to be generated while loading this .map file.
ibm.snmplistener.testfile your.bat This optional key specifies a runtime script file name. This file will contain snmptrap command with appropriate parameters.
event.bundle com.tivoli.twg.mybundle NLS bundle to be consulted for various information related to this filter.

The following keys can be specified for each filter specified in this map file. index is a running serial number of the filter.

Key Value Description
event.index.family SNMP Top level qualifier. The family name of event.
event.index.keyword.0 event.qualifier.sample1 This is the top level qualifier. This value can be translated from NLS bundle specified by event.bundle key.
event.index.keyword.1 event.qualifier.sample2 This is the next level qualifier. You can create as many keywords. These values will form even type hierarchy within family.
event.index.severity 0,1,2,3,4,5 0 - Fatal, 1 - Critical, 2 - Minor, 3 - Warning (default), 4 - Harmless, 5 - Unknown
event.index.category 0 or 1 0 - alert (default), 1 - resolution
event.index.text text1 This value can be translated from NLS bundle specified by event.bundle key.
event.index.version version number Version number of this event definition (defaults to 1)
event.index.oid 1.3.6.1.4.1.343.2.8.1.1.0.1 (example) OID of incoming trap to be matched. Wildcard character * is also allowed to support fallback rule.
event.index.eventvar.0 Event variable This value can be used as a variable in event.index.text
event.index.eventvar.1 Event variable if there are two variables needed, here is second one, and so on...
event.index.eventvar.index.0 Position-based event variable. Example: this value can be 7 Use this instead of above mentioned one, if you want a specific varbind (by position) value to be used as an event variable. First occurring word index is actually a number and second occurring word index is actual word. In the example given, value of 7th varbind will be used as event variable
event.index.eventvar.index.1 Position-based event variable. Example: this value can be 4 If there are two event variables required, here is the second one, and so on.. In this case, the value of 4th varbind will be used as the second event variable.
event.index.srcname 1.3.6.1.4.1.343.2.8.1.1.1 (example) Refer below
event.index.srcuuid 1.3.6.1.4.1.343.2.8.1.1.2 (example) Refer below
event.index.srcipaddr 1.3.6.1.4.1.343.2.8.1.1.5 (example) Refer below
event.index.varbind.0 1.1.3.6.1.4.1.343.2.8.1.1.1==MySystem Varbind condition of incoming trap to be matched.
event.index.varbind.1 1.1.3.6.1.4.1.343.2.8.1.1.2==MyName As many valid varbind conditions can be specified to match against incoming trap.
event.index.eventvarbind.index.0 3==MySystem Position-based varbind condition of incoming trap to be matched. In the example, this rule will be matched only if 3rd varbind has a value MySystem
event.index.eventvarbind.index.1 7==879 Another position-based varbind condition of incoming trap to be matched. In the example, this rule will be matched only if 3rd varbind has a value MySystem and 7th varbind value as a value 879.
event.index.proceedwithnormaltrap true/false True value will force normal SNMP trap event to also be generated.

event.index.srcname and event.index.srcuuid and event.index.srcipaddr :

The value of these variable bindings are used to correlate to the native managed object. You can correlate a trap by either the hostname, uuid, or IP address. If no srcxxxx is in this file, the trap is correlated by the IP address of the system that sent the trap.

Below is a sample map file, you can also find it in the file TrapFilter.map.sample. This file is located under data\snmp directory of your IBM Director product installation.

# Mappings from specific SNMP traps to the corresponding IBM Director Native Events
# Warning! This file is case-sensitive

#ibm.snmplistener.output=sridhar.csv
#ibm.snmplistener.testfile=sridhar.bat
# ----------------------

# Specify keywords for event type
# Keywords are looked up in event.bundle key value below

event.0.family=SNMP
event.0.keyword.0=event.qualifier.sample1
event.0.keyword.1=event.qualifier.sample2
event.0.keyword.2=event.qualifier.sample3
# Severities:
#   FATAL        0
#   CRITICAL     1
#   MINOR        2
#   WARNING      3
#   HARMLESS     4
#   UNKNOWN      5 
# (defaults to 3=warning)
event.0.severity=4
# 1=alert, 0=resolution (defaults to 1=alert)
event.0.category=1
event.0.text=Ready
#event.11003.oid=1.3.6.1.4.1.2.6.146.200.1.3.1.0.1
event.0.oid=1.3.6.1.4.1.2.6.146.200.1.3.*
event.0.eventvar.0=1.3.6.1.4.1.2.6.71.2.0
event.0.eventvar.1=1.3.6.1.4.1.2.6.71.1.0
event.0.proceedwithnormaltrap=true
#event.0.varbind.0=1.3.6.1.4.1.2.6.146.4==SRI3

event.bundle=com.tivoli.twg.snmp.TWGSNMPResources