Brandon Valued Contributor.
Valued Contributor.
255 views

SNMP Flex Not Seeing Events?

I have built a SNMP Flex. Prior to creating the properties file, I saw traps coming in as "undefined" in the logs. After creating the config file, I no longer see this and assume that the connector is properly configured and accepting the config. I see no errors in the logs and the connector is running properly and sending raw event stats back to the ESM...but It is not sending any actual events. No idea what I'm missing here, this is my first SNMP Flex. After removing the properties file, I see the unconfigured traps back in the agent log, so I know that traps are still coming in.....Any help would be great!

  

  

  

  sdksnmp.properties:

  

  

  

token.count=29

     token[0].name=VarBind0

     token[0].type=MacAddress

     token[1].name=VarBind1

     token[1].type=String

     token[2].name=VarBind2

     token[2].type=String

     token[3].name=VarBind3

     token[3].type=String

     token[4].name=VarBind4

     token[4].type=String

     token[5].name=VarBind5

     token[5].type=String

     token[6].name=VarBind6

     token[6].type=String

     token[7].name=VarBind7

     token[7].type=Integer

     token[8].name=VarBind8

     token[8].type=Integer

     token[9].name=VarBind9

     token[9].type=String

     token[10].name=VarBind10

     token[10].type=String

     token[11].name=VarBind11

     token[11].type=String

     token[12].name=VarBind12

     token[12].type=Integer

     token[13].name=VarBind13

     token[13].type=Integer

     token[14].name=VarBind14

     token[14].type=Integer

     token[15].name=VarBind15

     token[15].type=Integer

     token[16].name=VarBind16

     token[16].type=String

     token[17].name=VarBind17

     token[17].type=String

     token[18].name=VarBind18

     token[18].type=String

     token[19].name=VarBind19

     token[19].type=String

     token[20].name=VarBind20

     token[20].type=String

     token[21].name=VarBind21

     token[21].type=IPAddress

     token[22].name=VarBind22

     token[22].type=Integer

     token[23].name=VarBind23

     token[23].type=Integer

     token[24].name=VarBind24

     token[24].type=Integer

     token[25].name=VarBind25

     token[25].type=String

     token[26].name=VarBind26

     token[26].type=String

     token[27].name=VarBind27

     token[27].type=Integer

     token[28].name=VarBind28

     token[28].type=String

  

  

  event.sourceMacAddress=VarBind0

  event.sourceHostName=VarBind2

  event.name=VarBind9

  event.sourceUserId=VarBind10

  event.deviceReceiptTime=__createLocalTimeStampFromSecondsSinceEpoch(VarBind12)

  event.deviceAddress=VarBind21


Labels (3)
Tags (3)
0 Likes
Reply
4 Replies
danayash@we-can Absent Member.
Absent Member.

Re: SNMP Flex Not Seeing Events?

Hi,

can you send a sample of trap?

-Dan

0 Likes
Reply
Highlighted
Brandon Valued Contributor.
Valued Contributor.

Re: SNMP Flex Not Seeing Events?

     Port : 162

     Generating Agent : 10.78.222.70

     Sending Agent : 10.78.222.70

     Time Stamp : 159369386

     Enterprise OID : 1.3.6.1.4.1.14296.1.100.0

     Trap Type : 1

     Var Binds:29

VarBind #0

     1.3.6.1.4.1.14296.1.100.1.0

     StringValue: 005056b4-027d-9812-11e2-

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 005056b4-027d-9812-11e2-

VarBind #1

     1.3.6.1.4.1.14296.1.100.2.0

     StringValue: c1www799.allianceqa.lan|

t ID: 6013

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: c1www799.allianceqa.lan|

t ID: 6013

VarBind #2

     1.3.6.1.4.1.14296.1.100.3.0

     StringValue: c1www799.allianceqa.lan

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: c1www799.allianceqa.lan

VarBind #3

     1.3.6.1.4.1.14296.1.100.4.0

     StringValue: Eventlog

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: Eventlog

VarBind #4

     1.3.6.1.4.1.14296.1.100.5.0

     StringValue: /Unknown

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: /Unknown

VarBind #5

     1.3.6.1.4.1.14296.1.100.6.0

     StringValue:

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value:

VarBind #6

     1.3.6.1.4.1.14296.1.100.7.0

     StringValue: Source: EventLog Event ID:

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: Source: EventLog Event ID: 6013

VarBind #7

     1.3.6.1.4.1.14296.1.100.9.0

     StringValue: 2

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 2

VarBind #8

     1.3.6.1.4.1.14296.1.100.10.0

     StringValue: 0

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 0

VarBind #9

     1.3.6.1.4.1.14296.1.100.11.0

     StringValue: EventLog_6013

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: EventLog_6013

VarBind #10

     1.3.6.1.4.1.14296.1.100.12.0

     StringValue: System

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: System

VarBind #11

     1.3.6.1.4.1.14296.1.100.13.0

     StringValue:

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value:

VarBind #12

     1.3.6.1.4.1.14296.1.100.14.0

     StringValue: 1356035992115

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 1356035992115

VarBind #13

     1.3.6.1.4.1.14296.1.100.15.0

     StringValue: 1356631593119

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 1356631593119

VarBind #14

     1.3.6.1.4.1.14296.1.100.16.0

     StringValue: 8

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 8

VarBind #15

     1.3.6.1.4.1.14296.1.100.17.0

     StringValue: 400

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 400

VarBind #16

     1.3.6.1.4.1.14296.1.100.20.0

     StringValue: zeneventlog

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: zeneventlog

VarBind #17

     1.3.6.1.4.1.14296.1.100.21.0

     StringValue: /Server/Windows/WMI/Audit

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: /Server/Windows/WMI/Audit

VarBind #18

     1.3.6.1.4.1.14296.1.100.22.0

     StringValue:

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value:

VarBind #19

     1.3.6.1.4.1.14296.1.100.23.0

     StringValue:

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value:

VarBind #20

     1.3.6.1.4.1.14296.1.100.24.0

     StringValue:

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value:

VarBind #21

     1.3.6.1.4.1.14296.1.100.25.0

     StringValue: 10.79.208.36

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 10.79.208.36

VarBind #22

     1.3.6.1.4.1.14296.1.100.26.0

     StringValue: 0

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 0

VarBind #23

     1.3.6.1.4.1.14296.1.100.27.0

     StringValue: 0

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 0

VarBind #24

     1.3.6.1.4.1.14296.1.100.28.0

     StringValue: 6013

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 6013

VarBind #25

     1.3.6.1.4.1.14296.1.100.29.0

     StringValue: admin

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: admin

VarBind #26

     1.3.6.1.4.1.14296.1.100.31.0

     StringValue:

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value:

VarBind #27

     1.3.6.1.4.1.14296.1.100.32.0

     StringValue: 3

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value: 3

VarBind #28

     1.3.6.1.4.1.14296.1.100.33.0

     StringValue:

     TimeStamp: 0

     Type: ASN_OCTSTR

     Value:


0 Likes
Reply
danayash@we-can Absent Member.
Absent Member.

Re: SNMP Flex Not Seeing Events?

Hi Brendon,

what is your full config file name? is it "sdksnmp.1.snmptrap.properties"?!

and notice that your OID should be: 1.3.6.1.4.1.14296.1.100.0

your VarBind12 should be token[12].type=Long

when mapping it, you should do (Epoch time can be only 10 digits): event.endTime=__createLocalTimeStampFromSecondsSinceEpoch(__regexToken(VarBind12,"^(..........)")

-Dan

0 Likes
Reply
Brandon Valued Contributor.
Valued Contributor.

Re: SNMP Flex Not Seeing Events?

That helped. Thanks, Dan! although, the original event time from epoch did work as hoped.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.