Ciscoworks lms 2.6 snmp trap notification

Hi
Can anyone help with a problem I'm having, how do you go about setting up an alert email notification for a logging event coming from a firewall? The logging event is an alert.

Is this alert in the form of a syslog message? If so, then you can configure an RME Automated Action under RME > Tools > Syslog > Automated Actions. Fill in the desired facility, severity, and mnemonic, then set the type of Action to be email.

Similar Messages

LMS 4.0 SNMP Traps Forwarding

Hello,
I have installed a new version of CiscoWorks LMS 4.0.
I would like to forward certain SNMP traps to another server. Not all traps but only the traps of devices which are down.
Is it possible to filter the traps and then forward the traps who match the filter to a server?
Thanks,
Best Regards,
Joris

If you enable trap forwarding in LMS, all traps received by LMS will be forwarded to the external NMS.
You can, however, look at NMSROOT/objects/smarts/conf/trapd/trapd.conf. You can modify this file to specify exactly what traps to forward. The comments in the file should help you figure out the syntax. However, direct modification of this file is not supported by TAC, so be sure to save a backup just in case.

LMS 3.2 snmp trap forwardig to HP-open view

Hi,
I want to forward snmp traps from cisco LMS to HP-open view. Both applications are installed on different servers.
From previous post in this forum, I found a similar post that recommand using snmp forwording in DFM.
What I want to know is do I need any integration or packages to install on both platforms to do this? Also, will DFM forward all traps that it receives from installed devices or it will forward some of them.
Thank you
BR,
ZS

Chris;
current version of Java is 1.6.0 Update 20
Additional information to the issue: a WS-C3750 has been discovered (connected to another 6509 that is running hybrid) and added to the topology map as it one would expect.
craig

LMS 3.2 not forwarding SNMP Traps

I am using LMS 3.2 and under DFM... Notification Services... SNMP Trap Notification, I have a Subscription set up to forward Traps to Unicenter 11.1. I have tried a combination of sending Alerts and Events, Critical and Informational, Active and Cleared messages.
At this time I have it set to send:
Alerts Informational and Cleared
Events Critical and Informational, Active and Cleared.
Every Trap that is forwarded from LMS I get in the Unicenter console Twice. Also, I occasionally get a clear in Unicenter, but normally clears are not being forwaded.
Any ideas on this issue?
Thanks
-Scott

You should first install the consolidated DFM 3.2 patch from http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=3.2.0&mdfid=282640771&sftType=CiscoWorks+Device+Fault+Manager+Patches&optPlat=Windows&nodecount=2&edesignator=null&modelName=CiscoWorks+Device+Fault+Manager+3.2&treeMdfId=268439477&treeName=Network+Management&modifmdfid=&imname=&hybrid=Y&imst=N&lr=Y (patch for CSCta56151). If the problem persists after that, post the NMSROOT/log/dfmLogs/NOS/nos.log after reproducing the problem with a new event/alert.

Ciscoworks LMS 4.0 DFM Custom Traps

Hello,
We want to use Ciscoworks LMS 4.0 for Access Control List Monitoring. i.e. if we end the ACLs with "log" entry, we may send the ACL deny logs to the Ciscoworks as Syslog or Snmp Trap format.
With "debug snmp packets" command we may observe the packets are sent to the LMS, but the traps don't show up as alarms. Is it possible to observe any trap entry with LMS DFM Fault Manager by customizing the module, because we think the engine of the DFM analyzes the traps and shows some of the traps, not all of the traps are observable.
The command output is as below:
Thanks in Advance,
Best Regards,
Mar 2 10:28:30.028: SNMP: Queuing packet to 10.10.10.1
.Mar 2 10:28:30.028: SNMP: V1 Trap, ent ciscoSyslogMIB.2, addr 10.10.20.1, gen trap 6, spectrap 1
clogHistoryEntry.2.742 = SEC
clogHistoryEntry.3.742 = 7
clogHistoryEntry.4.742 = IPACCESSLOGDP
clogHistoryEntry.5.742 = list 191 denied icmp 10.10.10.1 -> 10.10.20.1 (0/0), 10 packets
clogHistoryEntry.6.742 = 69082382

DFM consumes the traps and decides based on its built-in code-book what to do - rise one of the predefined Events or just silently ignore it. The best DFM can do is forward the trap as-is to another trap receiver.
Perhaps the LMS Syslog-Server can do what you want and lauch automated actions (like scripts or e-mail) based on certain criteria.
But you should take care of the underlying syslog file and keep its size under control with logrot.pl utility.
The online help of LMS should give you more details on the syslog capabilities or this link to the LMS 4.0 Administration Guide:
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/user/guide/admin/useNotif.html#wp1075603

Generate SNMP Traps report from LMS database

Hi Experts,
Just wondering how LMS handle all SNMP traps received by LMS? Are the traps keep into a database on the server? Is there a way to extract them out as a report?
Regards,
Yi Shyuan

Hello,
Thank you for your answer, unfortunately this isn't what I was looking for.
My idea was to generate fake-positives traps to test efficiently our NMS station.
Traps that I would like to tests would be Temperature, Fan, Board.
I found that chaning the yellow level of the temp sensor to the lower threshold can provide some start point, but I would like to ensure when a real event arrives that my NMS will react accordingly.
Thanks

LMS 4.2 forward traps to Netcool

We want to forward LMS 4.2 traps to a remote NMS (Netcool).
In order to translate the traps into an event, we need the MIB's which LMS 4.2.3 is using.
Does anyone know the location of the directory on the LMS server of these MIB's?

Hi,
you can forward the traps directly from here : Monitor > Fault Settings > SNMP Traps > Notification
check this location on the server:
NMSROOT\CSCOpx\hum\mibmanager\mibcompiler\mibs
If you want to add a new MIB to LMS , you can LOAD the MIB to the server from here :
Admin > Network > Monitor / Troubleshoot > Load MIB
Thanks-
Afroz
[Do rate the useful post]

SNMP Trap Translation Wrong For Hebrew Language

SR 3-4956842281
sev 2
Cus ISRAEL CREDIT CARDS LTD
=====================
Customer is using OMS 10.2.0.5 on linux server.
They have created an user defined metric on DB cluster instance with alert message written in hebrew.
The OMS console showed the alert in hebrew as expected.
However when they send this alert with snmp trap notification to a second system (HP openview for windows) then the message appeared not cleared (with question marks). This second system get messages in hebrew from other systems without any problems.
+Does setting LANG variable at OMS level will impact this
+Any tracing which can help to find the cause of the issue

Closing as issue found at HP openview parameter settings

Send snmp trap

Hi all
i am using Oracle Weblogic Server ,Please help me to send user authentication log traps through snmp ,like Successful authentication ,authentication failure ,etc
i have configured the followings
1.I have configured DefaultAuditor for my Realm and log are written to DefaultAuditRecorder.log.
2.Configured SNMP Log Filter for the SUCCES and FAILURE severities. but no lucks
Thanks in Advance

Hi,
Could you please follow the below Doc id:-
SNMP How To Get WLS Server Health State On SNMP Trap (Doc ID 1559331.1)
Sample Code to Verify That SNMP Trap Notifications are Being Created (Doc ID 1278408.1)
Regards,
Prakash.

CiscoWorks LMS: not receveing certain SNMP traps

CiscoWorks LMS 4.0.1 (I know it's old and unsupported).
Problem: not receiving certain SNMP traps.
For example: I receive trap like "STP new root" but not like "port put to err-disabled" or my custom traps (produced by EEM scripts).
I've investigated my situation and found out that switch sends traps and they reach* LMS but somehow LMS ignores them (there's no trace of them in GUI). I've read that some traps just pass through LMS but my traps are very important and I need to know about them.
* I did Wireshark capture on LMS machine.
I'd like to know how to debug receiving of SNMP traps in LMS:
which specific debugs need to be enabled,
which specific log files need to be examined.

LMS uses DFM to process certain traps.
All traps it deems unimportant are dropped.
If you want to use the LMS GUI you can have you device send a SYSLOG message rather than a trap.
use logging source command to make the management interface send the message.
Then there is a GUI that allows you to launch an action on a message
Cheers,
Michel

LMS 3.2.1 integration with Clarity NMS for snmp trap forwarding

Our client have integrated Clarity NMS to Ciscoworks LMS 3.2.1. So far they are receiving raw alarms/snmp traps but it lacks information/inventory of the originating device. Kindly see sample raw alarms below:
2420: 2011-11-25 12:10:46 Received trap ==> Received SNMPv1 Trap
Community=ciscoworks
Enterprise=1.3.6.1.6.3.1.1.5
Generip trap type=2
Specific Trap Type=0
Trap From=10.220.10.1
Trap ID=1.3.6.1.6.3.1.1.5.2
Trap Time=-1436283373
1.3.6.1.2.1.2.2.1.1.83=83
1.3.6.1.2.1.2.2.1.2.83=GigabitEthernet1/40
1.3.6.1.2.1.2.2.1.3.83=6
1.3.6.1.4.1.9.2.2.1.1.20.83=Lost Carrier
EndTrap
10933: 2011-11-24 11:57:53 Received trap ==> Received SNMPv1 Trap
Community=ciscoworks
Enterprise=1.3.6.1.4.1.9.1.291
Generip trap type=2
Specific Trap Type=0
Trap From=10.220.10.1
Trap ID=1.3.6.1.4.1.9.1.291.2
Trap Time=1628056965
1.3.6.1.2.1.2.2.1.1.8=8
1.3.6.1.2.1.2.2.1.2.8=E1 0/0/0
1.3.6.1.2.1.2.2.1.3.8=18
EndTrap
As you can see, those raw alarms doesn’t contain any information about the originating equipment or the physical card, port related information where those alarms were generated. Instead those alarms received are just NMS level alarms.
How do we resolve this so that the inventory of the equipment would be part of the trap to be received by Clarity from Ciscoworks.

Hi,
Is the issue you have the source IP address of the forwarded trap? Per RFC it is the IP of the actual device sending the trap. The originating IP should be contained within the packet. I have included some additional information you may find helpful.
Q. What is the difference between SNMP Raw Trap Forwarding and SNMP Trap alert/event Trap Forwarding? Does DFM support both?
A. You can configure raw trap forwarding at DFM > Other configuration > SNMP Trap forwarding, and processed event/alert trap forwarding at DFM > Notification Services > SNMP Trap Forwarding. Processed trap is "when DFM receives certain SNMP traps, it analyzes the data found in fields (Enterprise/Generic trap identifier/Specific Trap identifier/variable−bindings) of each SNMP trap message, and changes the property value of the object property (if required)". Raw trap is the trap that the device forwards to DFM and DFM has yet to process it. For more information, refer to the DFM User Guide. Yes, DFM supports both ways of trap forwarding.
http://www.cisco.com/en/US/products/sw/cscowork/ps2421/products_qanda_item09186a0080a9b35b.shtml
DFM will only forward SNMP traps from devices in the DFM inventory. It will not change the trap format—it will forward the raw trap in the format in which the trap was received from the device. However, you must enable SNMP on your devices and you must do one of the following:
Configure SNMP to send traps directly to DFM
Integrate SNMP trap receiving with an NMS or a trap daemon
The versions of SNMP traps supported by DFM are described in SNMP and ICMP Polling. For information on forwarding processed and pass-through traps, see Processed and Pass-Through Traps, and Unidentified Traps and Events.
Pass-through traps are traps that DFM receives from devices that are not in the DFM inventory, and DFM has not processed. Forwarding these traps is controlled using Configuration > Other Configurations > SNMP Trap Forwarding. These traps are shown in the Alerts and Activities display because of their relevance to fault monitoring. Pass-through traps are displayed as follows:
As one of the following events:
> InformAlarm
> MinorAlarm
> MajorAlarm
With the device type and the device name from which it was generated.
If DFM does not know which device generated the trap, it ignores the trap. Pass-through traps will be cleared after a default interval of 10 minutes to one hour
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_device_fault_manager/3.2/user/guide/dfm32ug_Book.html

Ciscoworks LMS 4.0 – Email Notifications Issue

We currently use Ciscoworks LMS 4.0 with over 1000 devices in the database. I'm a LMS novice. And have been assigned the task of minimising the amount of email notification’s we receive, as if one device goes Operationally Down all devices off that switch also send alerts to the email notification group, which in turn overwhelms the mailbox.
The ports are configured not to log or send snmp traps.
no logging event link-status
no snmp trap link-status
So any advice on how we can limit these alerts being generated would be much appreciated.
Thanks in advance.

Hi Nessie,
Go to Monitor > Fault Settings > Setup > Fault Device Details
select the device and click on view then Click on the hyperlink or the device name\ip address
that will bring a new window from there click on Interface and chanaged the Managed state from ture to FLASE for those interfaces for which you do not want ALERTS.
Thanks-
Afroz
[Do rate the useful post]

NAC SNMP MAC notification traps not being sent

I have the switch set up for mac notification, and the switch has the below config. But no mac notification traps get sent to the CAM.
interface GigabitEthernet1/0/24 switchport access vlan 800 switchport mode access snmp trap mac-notification added spanning-tree portfast!snmp-server community **** ROsnmp-server community **** RWsnmp-server enable traps snmp linkdown linkupsnmp-server enable traps MAC-Notificationsnmp-server enable traps stpx root-inconsistency loop-inconsistencysnmp-server host 10.101.90.20 version 2c **** snmp-server host 10.101.90.20 **** MAC-Notification snmp
Below is a debug of snmp packets when a host it connected to the switch on port 1/0/24
1y29w: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/24, changed state to up1y29w: SNMP: Queuing packet to 10.101.90.201y29w: SNMP: V2 Trap, reqid 62, errstat 0, erridx 0 sysUpTime.0 = 648642685 snmpTrapOID.0 = snmpTraps.4 ifIndex.10124 = 10124 ifDescr.10124 = GigabitEthernet1/0/24 ifType.10124 = 6 lifEntry.20.10124 = up1y29w: SNMP: Queuing packet to 10.101.90.201y29w: SNMP: V1 Trap, ent products.516, addr 10.202.1.2, gentrap 3, spectrap 0 ifIndex.10124 = 10124 ifDescr.10124 = GigabitEthernet1/0/24 ifType.10124 = 6 lifEntry.20.10124 = up1y29w: SNMP: Packet sent via UDP to 10.101.90.201y29w: SNMP: Packet sent via UDP to 10.101.90.201y29w: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/24, changed state to up
Am I missing something in the config or something?

Hello,
Please post your SNMP receiver config on the CAM. Also, can you do a capture on the CAM to see if you're seeing the packets getting there?
To do the capture, in a SSH session, use this command: tcpdump -ieth0 'host ' -s0 -wcapture.pcap
Once you've captured the success/failure, hit Ctrl-C to kill the capture. You can then use WINSCP or any other SCP program to get that file off of the CAM for further analysis.
HTH,
Faisal

ACE 4710 SNMP false linkup/down trap notification?

We have two ACE4710 in a failover configuration with Software version A4(2.0). SNMP is setup and the receiver is able to receive SNMP traps.
The issue is we are receiving a linkDown trap notification at least once every other day, followed shortly by a linkUp notification a minute later. We have checked all layer 2 devices connected to the ACE and cannot see any evidence that any link actually disconnected. We experienced no traffic lost, but this could be because a couple of the ACE links are bundled. The trap notification does not actually indicate which interface changed status. All links are Gigabits, and there are no packet drops either on the ACE or the layer 2 switch. What could be causing this?
Thanks in advance.

Hi Matthew, apologies for the late reply, and thanks for getting back to me. Please find below the output on our SNMP receiver today. As you will see from the log timestamp the linkdown and linkup occurred within a minute which is typical. We get this issue at least once every other day!
Notification Type: PROBLEM
Service: Link
Host: ldmzbmh001
Address: x.x.x.x
State: CRITICAL
Date/Time: Thu Feb 21 11:18:35 GMT 2013
Additional Info:
A linkDown trap signifies that the SNMP entity, acting in 16777312 up down
Notification Type: PROBLEM
Service: Link
Host: ldmzbmh001
Address: x.x.x.x
State: CRITICAL
Date/Time: Thu Feb 21 11:18:35 GMT 2013
Additional Info:
A linkDown trap signifies that the SNMP entity, acting in 65540 up down
Notification Type: RECOVERY
Service: Link
Host: ldmzbmh001
Address: x.x.x.x
State: OK
Date/Time: Thu Feb 21 11:19:05 GMT 2013
Additional Info:
A linkUp trap signifies that the SNMP entity, acting in an 16777312 up up
Regards,
Sam

Syslog & SNMP Traps:- Does LMS 3.1 need to receive both?

Do my switches need to send both syslog and SNMP traps to LMS 3.1 or should I configure for either syslog or SNMP Traps, but not both?
Thanks
James

Well "needs to", no
Syslog
RME configuration management works better if it can detect config changes via syslog.
The syslog reports depend on it, so do the "automated actions" since they are based on syslog messages
Traps
Fault management can interpret a few traps but does most of its detecting via snmp get.
LMS will work without it but I think it is worthwhile to configure the devices to send traps and syslog.
Cheers,
Michel

Ciscoworks lms 2.6 snmp trap notification

Similar Messages

Maybe you are looking for