转载:Catching SNMP Traps in MOM 2000/2005
该贴转自合作社区——[url=http://www.systemcenter.com.cn/bbs/]SC中文社区[/url],请大家支持国内最专业的SystemCenter中文社区!The process to catch SNMP Traps is the same from MOM 2000 as it is for MOM 2005.
First, you have to enable SNMP services on the DCAM(MOM 2000) or Management server(MOM 2005). If the SNMP Services are not installed, then:
To install the SNMP services(Windows 2000)
1. Run the Add/Remove Programs application in Control Panel.
2. Click Add/Remove Windows Components.
Click Management and Monitoring Tools on the Windows Components window.
Ensure that the Management and Monitoring Tools check box is selected.
3. Click Details.
4. Select the Simple Network Management Protocol check box.
5. Click OK on the Management and Monitoring Tools window.
6. Click Next on the Windows Components window.
7. Click Next on the Terminal Services Setup window.
8. Click Next on the Configuring Components window.
9. Insert the Windows 2000 installation CD and click OK on the Insert Disk window.
10. Browse to the location of the I386 folder on the Windows 2000 installation disk.
10. Click Open on the Locate File window.
11. Click OK on the File Needed window.
12. Click Finish on the Completing the Windows Components Wizard window.
13. Click Close on the Add/Remove Components window.
Now that the SNMP services are installed, we can configure the SNMP services. This service catches SNMP traps sent by other devices. Go into the Computer Management MMC, and open the Services node under the Services and Applications icon. Double Click on the SNMP Service. Set the Startup Type to Automatic. Click on the Security tab to configure accepting traps.
[img]http://myitforum.com/img/arts/9853snmp-1.jpg[/img]
You should make sure the service is set to accept SNMP packets from all hosts so you can get these traps into MOM. Start the service.
Next, double click on the SNMP Trap Service
[img]http://myitforum.com/img/arts/9854snmp-2.jpg[/img]
First off, set the Startup Type to Automatic, then start the service.
The server is now set to accept SNMP traps. Now we have to provide the method for MOM to receive the traps. You have to install the SNMP WMI provider. On the Windows CD, or a service pack I386 directory, there is the file WBEMSNMP.EX_. Use the EXPAND command to expand this file (EXPAND WBEMSNMP.EX_ WBEMSNMP.EXE). Then run the WBEMSNMP.EXE to install the WMI SNMP Provider.
You can then compile the MIBs for the SNMP traps you get from other vendors using the SMI2SMIR command:
================================================================================
COMMAND-LINE SYNTAX FOR smi2smir, the MIB compiler
================================================================================
Usage:
smi2smir [] [] []
[]
smi2smir [] []
smi2smir
smi2smir
DiagnosticArgs:
---------------
/m - Specifies the kind of diagnostics to display:
0 (silent), 1 (fatal), 2 (fatal and warning), or 3 (fatal,
warning, and information messages).
/c - Specifies the maximum number of fatal and warning
messages to display.
VersionArgs:
------------
/v1 - Specifies strict conformance to the SNMPv1 SMI.
/v2c - Specifies strict conformance to the SNMPv2 SMI.
CommandArgs:
------------
/d - Deletes the specified module from the SMIR.
/p - Deletes all modules in the SMIR.
/l - Lists all modules in the SMIR.
/lc - Performs a local syntax check on the module.
/ec [] - Performs local and external checks on the
module.
/a [] - Performs local and external checks and
loads the module into the SMIR.
/sa [] - Same as /a, but works silently.
/g [] - Generates a SMIR MOF file that can be
loaded later into CIMOM (using the MOF compiler). Used by
the SNMP class provider to dynamically provide classes to
one or more namespaces
/gc [] - Generates a static MOF file that can be
loaded later into CIMOM as static classes for a particular
namespace.
CommandModifiers:
------------------
/ch - Generates context information (date, time, host, user, etc.)
in the MOF file header.
Use with /g and /gc.
/t - Also generates SnmpNotification classes.
Use with /a, /sa and /g.
/ext - Also generates SnmpExtendedNotification classes.
Use with /a, /sa and /g.
/t /o - Generates only SnmpNotification classes.
Use with /a, /sa and /g.
/ext /o - Generates only SnmpExtendedNotification classes.
Use with /a, /sa and /g.
/s - Does not map the text of the DESCRIPTION clause.
Use with /a, /sa, /g, and /gc.
/auto - Rebuilds the MIB lookup table before completing
switch.
Use with /ec, /a, /g, and /gc.
IncludeDirs:
-------------
/i - Specifies a directory to be searched for dependent
MIB modules.
Use with /ec, /a, /sa, /g, and /gc.
RegistryArgs:
-------------
/pa - Adds the specified directory to the registry.
(Default is current directory.)
/pd - Deletes the specified directory from the registry.
(Default is current directory.)
/pl - Lists the MIB lookup directories in the registry.
/r - Rebuilds the entire MIB lookup table.
ModuleInfoArgs:
---------------
/n - Returns the ASN.1 name of the specified module.
/ni - Returns the ASN.1 names of all imports modules
referenced by the input module.
HelpArgs:
---------
/h - Displays this usage information.
/? - Displays this usage information.
For auto-detection of dependent MIBs, the following values of type REG_MULTI_SZ
must be set under the root key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Provid
ers\SNMP\Compiler:
"File Path" : An ordered list of directory names where MIBs are located.
"File Suffixes" : An ordered list of file extensions for MIB files.
This will load the MIB information into the WMI \\.\root\snmp\smir namespace.
Now we can set the collection rules to get the SNMP traps as events in MOM. In MOM 2000, the rule will need to be assigned to the Consolidator that you have installed the SNMP Service, MOM 2005, the appropriate Management server needs to be the target. We create a new Collect Specific Events Rule. Scroll down in the Provider name, and select the “SNMP Trap Catcher”.
[img]http://myitforum.com/img/arts/9855snmp-3.jpg[/img]
Press Next, and leave the defaults for the Criteria page and press Next.
[img]http://myitforum.com/img/arts/9856snmp-4.jpg[/img]
I like to collect the parameters for SNMP traps, because this makes it easy to alert on specific information in the traps, so click the Store all event parameters radio button, and press Next.
Leave the defaults on the schedule page, and enter any information you want on the Knowledge page. I name this as Collect SNMP Traps and press Finish on the General page. You need to Commit the Configuration Change to make this change take effect. You can also add the Extended SNMP Trap Catcher as another collection rule for SNMP Traps. I have found that if you have both of these enabled, you get two events for each trap.
MOM has been configured to accept traps and make events out of the traps. Lets see what the events look like. I have some UPSs that have NICs and trap information to my MOM server. I will use them as an example.
__CLASS=SnmpV1Notification
__DERIVATION=SnmpNotification,__ExtrinsicEvent,__Event,__IndicationRelated,__SystemClass
__DYNASTY=__SystemClass
__GENUS=2 (0x2)
__NAMESPACE=
__PATH=
__PROPERTY_COUNT=7 (0x7)
__RELPATH=
__SERVER=
__SUPERCLASS=SnmpNotification
AgentAddress=1.1.1.2
AgentTransportAddress=1.1.1.2
AgentTransportProtocol=IP
Community=public
Identification=1.3.6.1.4.1.318.0.47
TimeStamp=2660305 (0x2897D1)
VarBindList={
instance of SnmpVarBind {
1.3.6.1.4.1.318.2.3.3.0 = UPS: Batteries discharged.;
},
instance of SnmpVarBind {
1.3.6.1.6.3.1.1.4.3.0 = 1 (0x1),0 (0x0),0 (0x0),0 (0x0),3 (0x3),0 (0x0),0 (0x0),0 (0x0),6 (0x6),0 (0x0),0 (0x0),0 (0x0),1 (0x1),0 (0x0),0 (0x0),0 (0x0),4 (0x4),0 (0x0),0 (0x0),0 (0x0),1 (0x1),0 (0x0),0 (0x0),0 (0x0),'>' 62 (0x3E),1 (0x1),0 (0x0),0 (0x0);
This is an example of the description from an SNMP trap event. As you can see….not to readable, so we have to create a translation event.
Create a new Alert or Respond to an event. Use the SNMP Trap Catcher as your Provider.
[img]http://myitforum.com/img/arts/9857snmp-5.jpg[/img]
Press Next and then press the Advanced button on the Criteria page to set the items we are looking for.
[img]http://myitforum.com/img/arts/9858snmp-6.jpg[/img]
Since we are capturing the event parameters, we can use it as the criteria. Parameter 17 has the text for the SNMP trap, and we only want those traps that have UPS in the text. Press Add to List to select this criteria. Then Close on the Advanced page and press Next. You can press Next on the Schedule page, and you can set an Alert for this event such as this.
[img]http://myitforum.com/img/arts/9859snmp-7.jpg[/img]
Parameter 17 is the text of the trap and Parameter 11 is the IP address of the Agent.
I prefer to use a script to create a more readable event. In the script I created, I take the IP address of the agent and look up the subnet in the Active Directory. The description of the subnet in the AD gives the location name and this is placed in the event so you can see what location’s UPS is having an issue. The script assumes that the subnet mask for the locations will be 255.255.255.0.
The Script:
[font=Arial]Dim objAgentEvent
Dim objEvent
Set objEvent = ScriptContext.Event
InIPAddr = objEvent.EventParameter(11)
Desc = objEvent.EventParameter(17)
c = split(InIPAddr,".")
subnet = c(0) & "." & c(1) &"." & c(2) & ".0/24"
Set MySubnets = GetObject("LDAP://cn=subnets,cn=sites,cn=configuration,DC=my,DC=domain,DC=com")
For Each member In MySubnets
If member.cn = subnet Then
location = member.description
Exit For
End If
Next
Set objAgentEvent = ScriptContext.CreateEvent() 'Populate the event
objAgentEvent.Message = Desc & " at " & location & "(" & InIPAddr & ")"
objAgentEvent.EventSource = " UPS SNMP Trap"
objAgentEvent.EventNumber = 91001
objAgentEvent.SourceComputer = "MOMSRV1"
objAgentEvent.EventType = 1
Call ScriptContext.Submit(objAgentEvent)
Set objAgentEvent = Nothing
Set objEvent = Nothing
[/font]
Now you will have an alert for the SNMP trap or from this script, a readable event that can be viewed. Example of the description from the script created event:
UPS: Batteries discharged. At Dallas TX Main Office(1.1.1.2)
页:
[1]