Configuring SNMP Trap receiver on AIP-SSM sensor

Similar Messages

• Manually configure WCS as an SNMP Trap Receiver?

  If I discover a WLC through the WCS, do I still need to manually configure the WCS as an SNMP trap receiver on the WLC?

  The WCS machine must be configured as an SNMP trap receiver to have full management functionality through the WCS.

• SNMP Traps Received are Incorrect

  Hello,
  I am running SCOM 2012 R2 and I have setup SNMP to receive traps from my HP Procurve switches.  All my switches were bought at different times so they have different revisions.  I opened a thread about this before, but it was not answered and has
  died off so I figured I'd open a new one.  If I connect to a switch and view the logs, they come out correctly.  The entries would read "Port #19 is now off-line".  That same entry in SCOM would read "19".  I configured
  the same switch to send traps to my PC and I used a simple SNMP trap receiver and the alerts were correct.  I was told to update the firmware so I did.  But even the switches with the latest firmware show up incorrect in SCOM.  Does anyone know
  how to fix this issue?  HP said to update the MIB's on my management server, but you cannot do that with SCOM.  The picture shows a PUTTY session and the logs are displayed correctly.  The second picture is the app on my PC and the one on the
  bottom is from SCOM:

  Hello,
  I did some more research and I found out that if I configure my switches to send all traps instead of critical, Not-info, or informs, then the traps are sent correctly.  EXCEPT for any "Warning" labeled traps.  Any trap that is "Port
  #19 is now on-Line" will come through fine, because it's an informational alert.  However, the alert "Excessive broadcasts on port #19" that is labeled as a warning comes in as only "19".  So it looks like SCOM cannot decipher
  a warning alert, but has no problem reading informational alerts.  Please respond.

• Is it possible to configure AIP-SSM sensor to forward events to a syslog server

  I have found documentation that describes how to configure SNMP and e-mail notifications using IME, but can't seem to find anything pertaining to syslog.  Any suggestions would be greatly appreciated.  Thanks.

  The sensor OS does not support sending syslog messages.
  You are limited to sending events via SDEE, SNMP and Email (as you have already discovered in your reading).
  - Bob

• Configure SNMP Traps

  Hello,
  I am running SCOM 2012 R2 and I am trying to set up the server to receive SNMP traps from my HP Procurve switches.  I setup 1 switch to send all traps to my SCOM server.  The SNMP Feature is installed and the SNMP Trap service is disabled. 
  The SNMP Service is configured to the correct community and is setup to accept from all hosts.  I setup a rule that targets Nodes and I setup an Event View that uses this rule.  I trigger an alert on my switch and I see nothing in the Event
  View.  What am I doing wrong? 

  Hi,
  Im glad you got the SNMP working.
  You can either right-click an event, press Notification subscription and Create...
  You can also go to Administration and create it from there. The setup is pretty straight forward, but there are some guides here:
  http://blogs.technet.com/b/kevinholman/archive/2012/04/28/opsmgr-2012-configure-notifications.aspx
  http://technet.microsoft.com/en-us/library/hh212805.aspx
  www.coretech.dk - blog.coretech.dk

• Simple Free SNMP Trap receiving software.

     I just need a simple trap receiver (Windows XP compatible) for my home network. I have downloaded at least 15 different free products or trials and none of them have worked for me. I'm looking for something that is v3 compatible. Could someone look at my config as well to make sure it looks alright?
  I filtered that traps out of the output, but traps have been enabled with snmp-server enable traps:
  snmp-server group dmckibbin v3 priv match exact
  snmp-server ifindex persist
  snmp-server trap-source Loopback0
  snmp-server source-interface informs Loopback0
  snmp-server location ******************
  snmp-server contact *******************
  snmp-server host 172.16.1.66 inform version 3 priv dmckibbin
  groupname: dmckibbin                        security model:v3 priv
  readview : v1default                        writeview: <no writeview specified>
  notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
  row status: active
  User name: dmckibbin
  Engine ID: 800000090300000D28E2C681
  storage-type: nonvolatile        active access-list: SNMP_Access
  Authentication Protocol: MD5
  Privacy Protocol: DES
  Group-name: dmckibbin
  Standard IP access list SNMP_Access
      10 permit 172.16.1.66 (65238 matches)
  Thanks,
  Daniel

  Well, free and simple, I like net-snmp's snmptrapd (http://net-snmp.sf.net).  I have never used it with Windows, though.  MG-SOFT offers a nice Windows trap receiver, but it isn't free (see http://www.mg-soft.si/tringer.html).  You can download and eval, however.
  The config looks okay.  You don't need the "match exact" at the end of the group config, though.  Note, if you're going to use informs, you need to configure the SNMP manager's engineID as a remote engineID on your device.  With informs, the manager's engine is authoritative.

• Anyone have succes configuring SNMP traps?

  anyone have succes testing SNMP with snmptrap command?
  Hello,
  I am new to Ironport and the setup configuration of these devices. I am in the process of testing the snmp feature of these servers. As such I have configured the SNMP via snmpconfig command. From customer support I tried to enter the process for alerts and have not been able to get anything. https://ironport.custhelp.com/cgi-bin/ironport.cfg/php/enduser/std_adp.php?p_faqid=949&p_li=cF91c2VyaWQ9MXJvblAwcnQmcF9wYXNzd2Q9Zm8wQmE1
  Is the link to process. I suspect that the traps are not being sent from the appliance. I have gone over the Doc for the configuration and can't see any errors. I have AsyncOS 6.4 for IronPort M660. This is the Admin server for a C150 and C350. Of which I can get no snmp traps either. The snmp manager is CA if that helps. Is there a log file on Ironport to verify taht traps have been sent? I see my command in the CLI log file.

  The main issue is not being able to send a snmp trap to a CA NSM agent. Anyone been down this road before????

• Configuring SNMP Traps UCS 6.1.3

  Hi, I have some confusion on configuring SNMP and Trap notifications to a network monitoring box we have. When I enter Unified Serviceability and go to SNMP Notification Destination Configuration and try to set up the trap notification, it asks for a community name and does not pick up the one I have already configured called public. If I then create a new community name from that screen called public it says it has created it on nodes that have not had it configured before, this sounds right but it still does not show up in the drop list for me to pick to finish the configuration of the trap.
  I am not sure if it is working or not. Can someone help me and maybe show me a way to send it a test trap to verify it is working?
  Thanks

  Okay I found where the community field will not show up unless it is set to minimum notify privileges. I did that and it appears fine now.
  Does anyone know how to send it a sample trap to make sure it works?

• Configure SNMP Trap destinatio​n

  Hi,
  How can I configure the SNMP Trap destination in my printer?
  Do I have to send a SNMP Set command to a especific OID? Telnet?
  Thank you.

  The SNMP reference manual has been removed from the 10g and 11g doc set.
  You could consult the manual in the 9i doc set and check whether the files for your unmentioned platform still get delivered.
  Sybrand Bakker
  Senior Oracle DBA

• Remove SNMP trap receiver in CatOS

  I've done the Cisco search and came up empty. I used to know this. Isn't there a hidden remove command? Version is CatOs 8.4.1. Hopefully one of you can save the day. TIA!

  How about:
  clear snmp trap all
  or
  clear snmp trap

• Added a Northbound SNMP Trap Receiver in Cisco PI 1.3, but not getting traps

  Hi;
  I tried going into the Administration, System Settings, Notification Receivers menu and adding a receiver. The receiver was our  Zenoss 4.2.3 Resource Manager system. Zenoss has no problems  receiving traps from  IOS devices such as switches; that is routine for us. For example, we  see snmpTrap_Linkdown events from 2960s,etc.
  However, even with all the possible events and severities checked in the PI GUI for the receiver, we did not get anything.
  As a quick test I added my desktop computer as a receiver and ran Wireshark. Nothing comes through from Cisco PI. 
  This is supposed to be UDP 162 stuff, so there ought not be a need for a handshake or need  to permit anything on the receiver side. I would expect to  see a total  fire-hose of traps after the receiver is added. But that reasoning conflicts with the need to set the SNMP Community string for the Notification Receiver...
  I downloaded the logs from Cisco PI and grepped through all of them for the IPs & names of the test receivers, but found no messages.
  Any idea what might be wrong? Do I need to restart something after adding the receiver?
  I did notice that even if I supply a ficticious IP and name for the receiver, after it is added the "Operational Status" still says "Up" ...
  I sure wish NCS came with a better help system - I can't find anything in the Cisco config guides that explains what a "Northbound" receiver is.
  So confused,
  Steve

  Hi Matt, thanks for taking the time to reply.
  >> Not sure why you are trying to do this with PI, this is really more of an ISE function
  We don't have ISE and won't be getting it ... still trying to afford the > $100K for PI licenses. Our Content Filter vendor suggested using PI.
  >>Is PI set to forward traps for client authentication?
  I have all traps and severities checked. Not sure last week nothing showed up in Wireshark. Today I am seeing some UDP info from PI hitting my test workstation. However, when I associate and dissassociate my laptop, nothing comes through. Most of what I see are rogue notifications.
  >> Are the controllers that PI is managing also set to forward the same traps?
  In Configure,Controllers, , Management, TrapControl, all possible boxes are checked.
  >> Is PI configured correctly to forward the traps you want?
  Please see answer above.
  >> Does your content filter have the right MIBs to decipher the traps correctly?
  The content filter vendor says they will customize their software as needed, but the first step is to see traps getting forwarded, and right now, it appeards that PI is not forwarding what I would expect from the GUI settings. Let's worry about MIB stuff after we are getting the raw trap data.
  Thanks,
  Steve
  Message was edited by: Stephen Crye, elaborated & provided latest info.

• Can a WLC have multiple SNMP Trap Receivers with the same cummunity string?

  My Monitoring team want me to send traps to three different trap collectors with the same SNMP Community string.
  I have 2106's, 2504, 4400's, 5500's, 7510 all running either version 6 or 7.
  Is this possible on a Wireless controller? If so, how?

  Read this from my friends blog ..
  http://mrncciew.com/2013/02/14/configuring-snmp-on-wlc/
  "Also you can configure SNMP trap receiver where WLC can send its snmp trap messages.  Community Name means SNMP trap receiver name & that does not have any significance like snmp community value."
  It doesnt appear to have the same significants .. But I havent tested it
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• SNMP traps configuration doesn't work in CUSTOMER-CONTEXT

  Hi evryone;
  I'm having some issues configurin SNMP traps on a ASA5520 USER-CONTEXT  (Cisco Adaptive Security Appliance Software Version 8.2(4)):
  I had already configured SNMP traps on ADMIN-CONTEXT and traps were getting the correspondig NETCOOL SERVERS (10.105.27.115 and 10.105.27.118) as you can see in point 2).
  Cuold you please give me any clue of why I get this output for a non ADMIN-CONTEXT and why I do not even see SNMP packets output
  1) CUST-09-CONTEXT
  name 10.105.27.115 Netcool1_TESTBED description Netcool1_TESTBED SNMP server.
  name 10.105.27.118 Netcool2_TESTBED description Netcool2_TESTBED SNMP server.
  snmp-server community sjnemdhqksptabld
  snmp-server host CUST-09-HCS-MNGT-TRANSIT Netcool1_TESTBED community sjnemdhqksptabld version 2c
  snmp-server host CUST-09-HCS-MNGT-TRANSIT Netcool2_TESTBED community sjnemdhqksptabld version 2c
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  snmp-server enable traps syslog
  route CUST-09-HCS-MNGT-TRANSIT 10.105.27.0 255.255.255.0 192.168.228.1 1
  CAPTURES
  Lab-asa1-p/CUST-09-CONTEXT/act# capture TEST1 interface CUST-09-HCS-MNGT-TRANSIT match ip host 10.105.27.115 any
  Lab-asa1-p/CUST-09-CONTEXT/act# show capture TEST1 trace detail
  23 packets captured
     1: 15:17:16.373927 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 9815)
     2: 15:17:18.370433 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 10598)
     3: 15:17:20.370433 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 27648)
     4: 15:17:22.370433 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 3518)
     5: 15:17:24.370433 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 18995)
     6: 15:17:43.015258 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 2110)
     7: 15:17:45.010436 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 11567)
     8: 15:17:47.010436 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 25551)
     9: 15:17:49.010436 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 3716)
    10: 15:17:51.010436 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 20820)
    11: 15:48:16.998483 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 25423)
    12: 15:48:18.990366 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 30357)
    13: 15:48:20.990366 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 31174)
    14: 15:48:22.990366 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 10878)
    15: 15:48:39.735527 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 8146)
    16: 15:48:41.730354 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 1803)
    17: 15:49:01.881134 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33434:  [udp sum ok] udp 0 [ttl 1] (id 15279)
    18: 15:49:01.881744 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33435:  [udp sum ok] udp 0 [ttl 1] (id 20090)
    19: 15:49:01.884201 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33436:  [udp sum ok] udp 0 [ttl 1] (id 24847)
    20: 15:49:01.886672 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33437:  [udp sum ok] udp 0 (ttl 2, id 8822)
    21: 15:49:04.880356 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33438:  [udp sum ok] udp 0 (ttl 2, id 20949)
    22: 15:49:07.880371 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33439:  [udp sum ok] udp 0 (ttl 2, id 9126)
    23: 15:49:10.880340 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33440:  [udp sum ok] udp 0 (ttl 3, id 24404)
  23 packets shown
  I had already configured SNMP traps on ADMIN-CONTEXT and traps were getting the correspondig NETCOOL SERVERS:
  2) CONFIGURATION ADMIN-CONTEXT
  IP Management  ASA-FW -->10.105.89.38
  interface GigabitEthernet0/3.710
  nameif management
  security-level 100
  ip address 10.105.89.38 255.255.255.192 standby 10.105.89.39
  management-only
  name 10.105.27.115 Netcool1_TESTBED description Netcool1_TESTBED SNMP server.
  name 10.105.27.118 Netcool2_TESTBED description Netcool2_TESTBED SNMP server.
  snmp-server community sjnemdhqksptabld
  snmp-server host management Netcool1_TESTBED community sjnemdhqksptabld version 2c
  snmp-server host management Netcool2_TESTBED community sjnemdhqksptabld version 2c
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  snmp-server enable traps syslog
  ip route 0.0.0.0 0.0.0.0 10.105.89.1
  CAPTURES : I could see 206 SNMP packets output and traffic towards the NETCOOL SERVERS (10.105.27.115 AND 10.105.27.118)
  Lab-asa1-p/ADMIN-CONTEXT/act# sh snmp statistics
  0 SNMP packets input
      0 Bad SNMP version errors
      0 Unknown community name
      0 Illegal operation for community name supplied
      0 Encoding errors
      0 Number of requested variables
      0 Number of altered variables
      0 Get-request PDUs
      0 Get-next PDUs
      0 Get-bulk PDUs
      0 Set-request PDUs (Not supported)
  206 SNMP packets output
      0 Too big errors (Maximum packet size 512)
      0 No such name errors
      0 Bad values errors
      0 General errors
      0 Response PDUs
      206 Trap PDUs
  Lab-asa1-p/ADMIN-CONTEXT/act#
  Lab-asa1-p/ADMIN-CONTEXT/act# capture TEST1 interface management match ip host 10.105.27.115 any
  Lab-asa1-p/ADMIN-CONTEXT/act# show capture TEST1
  5 packets captured
     1: 18:36:17.631070 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.115.162:  udp 356
     2: 18:36:18.491261 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.115.162:  udp 355
     3: 18:36:22.389338 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.115.162:  udp 266
     4: 18:36:29.491231 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.115.162:  udp 355
     5: 18:36:40.491246 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.115.162:  udp 355
  5 packets shown
  Lab-asa1-p/ADMIN-CONTEXT/act# capture TEST2 interface management match ip host 10.105.27.118 any
  Lab-asa1-p/ADMIN-CONTEXT/act# show capture TEST2
  13 packets captured
     1: 18:37:16.198094 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 356
     2: 18:37:24.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
     3: 18:37:35.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
     4: 18:37:46.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
     5: 18:37:57.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
     6: 18:38:08.491322 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
     7: 18:38:19.491292 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
     8: 18:38:30.491338 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
     9: 18:38:41.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
    10: 18:38:52.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
    11: 18:39:03.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
    12: 18:39:14.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
    13: 18:39:25.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355
  13 packets shown
  thanks
  Ana

  Hi guys coould you please help me out ??
  BR
  ANA

• LMS 3.2.1 integration with Clarity NMS for snmp trap forwarding

  Our client have integrated Clarity NMS to Ciscoworks LMS 3.2.1. So far they are receiving raw alarms/snmp traps but it lacks information/inventory of the originating device. Kindly see sample raw alarms below:
  2420: 2011-11-25 12:10:46 Received trap ==> Received SNMPv1 Trap
  Community=ciscoworks
  Enterprise=1.3.6.1.6.3.1.1.5
  Generip trap type=2
  Specific Trap Type=0
  Trap From=10.220.10.1
  Trap ID=1.3.6.1.6.3.1.1.5.2
  Trap Time=-1436283373
  1.3.6.1.2.1.2.2.1.1.83=83
  1.3.6.1.2.1.2.2.1.2.83=GigabitEthernet1/40
  1.3.6.1.2.1.2.2.1.3.83=6
  1.3.6.1.4.1.9.2.2.1.1.20.83=Lost Carrier
  EndTrap
  10933: 2011-11-24 11:57:53 Received trap ==> Received SNMPv1 Trap
  Community=ciscoworks
  Enterprise=1.3.6.1.4.1.9.1.291
  Generip trap type=2
  Specific Trap Type=0
  Trap From=10.220.10.1
  Trap ID=1.3.6.1.4.1.9.1.291.2
  Trap Time=1628056965
  1.3.6.1.2.1.2.2.1.1.8=8
  1.3.6.1.2.1.2.2.1.2.8=E1 0/0/0
  1.3.6.1.2.1.2.2.1.3.8=18
  EndTrap
  As you can see, those raw alarms doesn’t contain any information about the originating equipment or the physical card, port related information where those alarms were generated. Instead those alarms received are just NMS level alarms.
  How do we resolve this so that the inventory of the equipment would be part of the trap to be received by Clarity from Ciscoworks.

  Hi,
  Is the issue you have the source IP address of the forwarded trap?  Per RFC it is the IP of the actual device sending the trap.  The originating IP should be contained within the packet. I have included some additional information you may find helpful.
  Q. What is the difference between SNMP Raw Trap Forwarding and SNMP Trap alert/event Trap Forwarding? Does DFM support both?
  A. You can configure raw trap forwarding at DFM > Other configuration > SNMP Trap forwarding, and processed event/alert trap forwarding at DFM > Notification Services > SNMP Trap Forwarding. Processed trap is "when DFM receives certain SNMP traps, it analyzes the data found in fields (Enterprise/Generic trap identifier/Specific Trap identifier/variable−bindings) of each SNMP trap message, and changes the property value of the object property (if required)". Raw trap is the trap that the device forwards to DFM and DFM has yet to process it. For more information, refer to the DFM User Guide. Yes, DFM supports both ways of trap forwarding.
  http://www.cisco.com/en/US/products/sw/cscowork/ps2421/products_qanda_item09186a0080a9b35b.shtml
  DFM will only forward SNMP traps from devices in the DFM inventory. It will not change the trap format—it will forward the raw trap in the format in which the trap was received from the device. However, you must enable SNMP on your devices and you must do one of the following:
  Configure SNMP to send traps directly to DFM
  Integrate SNMP trap receiving with an NMS or a trap daemon
  The versions of SNMP traps supported by DFM are described in SNMP and ICMP Polling. For information on forwarding processed and pass-through traps, see Processed and Pass-Through Traps, and Unidentified Traps and Events.
  Pass-through traps are traps that DFM receives from devices that are not in the DFM inventory, and DFM has not processed. Forwarding these traps is controlled using Configuration > Other Configurations > SNMP Trap Forwarding. These traps are shown in the Alerts and Activities display because of their relevance to fault monitoring. Pass-through traps are displayed as follows:
  As one of the following events:
  > InformAlarm
  > MinorAlarm
  > MajorAlarm
  With the device type and the device name from which it was generated.
  If DFM does not know which device generated the trap, it ignores the trap. Pass-through traps will be cleared after a default interval of 10 minutes to one hour
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_device_fault_manager/3.2/user/guide/dfm32ug_Book.html

• Re-routing of SNMP traps from port 162 to port greater than 1024

  Hello,
  I have to re-route SNMP traps received at port 162 to some other port greater that 1024 (say 2041). There is an application which sends SNMP traps to port 162 and our application running on Windows listens for SNMP traps on port 2041, so we want
  to route/forward the traps internally from port 162 to 2041.
  I have been looking at the rules defined in 'Windows Firewall with advanced security' but not able to succeed. I noticed that there is a predefined rule for SNMP traps but it does not give me an option to forward the trap to another port. I tried
  creating a new rule but that also does not give me an option to change the port.
  Please help.

  Hi,
  According to Technet Library:
  SNMP uses the default UDP port 161 for general SNMP messages and UDP port 162 for SNMP trap messages. If these ports are being used by another protocol or service, you can change the settings by modifying the local Services file on the agent. The Services
  file is located in \ % SystemRoot %\System32\Drivers\Etc
  There is no file name extension. You can use any text - based editor to modify the file. The management system must also be configured to listen and send on the new ports.
  Caution:
  If you have previously configured IP security to encrypt SNMP messages on the default ports, you must also update the IP security policy with the new port settings. Otherwise, communication can be erroneously blocked or SNMP communications might not be secured.
  You can access to the link below for this article:
  http://technet.microsoft.com/en-us/library/cc959643.aspx
  Roger Lu
  TechNet Community Support