CA eHealth TrapEXPLODER User Guide · PDF fileCA eHealth TrapEXPLODER CA eHealth TrapEXPLODER...

CA eHealth® TrapEXPLODER

User Guide r1.6

This documentation and any related computer software help programs (hereinafter referred to as the “Documentation”) is for the end user’s informational purposes only and is subject to change or withdrawal by CA at any time.

This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. This Documentation is confidential and proprietary information of CA and protected by the copyright laws of the United States and international treaties.

Notwithstanding the foregoing, licensed users may print a reasonable number of copies of the documentation for their own internal use, and may make one copy of the related software as reasonably required for back-up and disaster recovery purposes, provided that all CA copyright notices and legends are affixed to each reproduced copy. Only authorized employees, consultants, or agents of the user who are bound by the provisions of the license for the product are permitted to have access to such copies.

The right to print copies of the documentation and to make a copy of the related software is limited to the period during which the applicable license for the Product remains in full force and effect. Should the license terminate for any reason, it shall be the user’s responsibility to certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed.

EXCEPT AS OTHERWISE STATED IN THE APPLICABLE LICENSE AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED OF SUCH LOSS OR DAMAGE.

The use of any product referenced in the Documentation is governed by the end user’s applicable license agreement.

The manufacturer of this Documentation is CA.

Provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, or their successors.

All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Copyright © 2008 CA. All rights reserved.

CA Product References ■ This document set references the following CA brands and products:

■ CA eHealth®

■ CA eHealth® AdvantEDGE View

■ CA eHealth® Live Health® Application

■ CA eHealth® SystemEDGE

Contact Technical Support For online technical assistance and a complete list of locations, primary service hours, and telephone numbers, contact Technical Support at http://ca.com/support.

http://www.ca.com/support

http://www.ca.com/support

Contents

Chapter 1: Introduction 7 About this Guide............................................................................... 7 CA eHealth TrapEXPLODER ..................................................................... 7

Filter Traps ................................................................................ 8 Forward Traps to Other Trap Receivers ...................................................... 9 Forward Traps to Element Managers ....................................................... 10 Extend Fault Tolerance for Management Software........................................... 10 Forward Traps through TCP Connections.................................................... 10

CA eHealth TrapEXPLODER and CA eHealth..................................................... 11

Chapter 2: Installing CA eHealth TrapEXPLODER 13 Installation Instructions ....................................................................... 13

Install CA eHealth TrapEXPLODER on Windows Systems ..................................... 14 Install CA eHealth TrapEXPLODER on Solaris SPARC Systems ................................ 15 Install CA eHealth TrapEXPLODER on HP-UX Systems ....................................... 18 Install CA eHealth TrapEXPLODER on Linux Systems ........................................ 22

Uninstallation Instructions..................................................................... 24 Uninstall CA eHealth TrapEXPLODER on Windows Systems................................... 24 Uninstall CA eHealth TrapEXPLODER on UNIX Systems ...................................... 25

Chapter 3: Configuring CA eHealth TrapEXPLODER 27 Configuration Prerequisites.................................................................... 27 Edit the CA eHealth TrapEXPLODER Configuration File........................................... 27 Configure Debug Mode........................................................................ 28 Configure Receive Buffers ..................................................................... 28

Listen for Traps on UDP/TCP............................................................... 29 Set a Log File Size Limit ................................................................... 29 Configure Receive Buffer Size for CA eHealth ............................................... 29 Minimize Delay During Restart of CA eHealth TrapEXPLODER ................................ 29 Enable Translation of SNMPv2c Traps to SNMPv1 Traps...................................... 30 SNMPv3 Traps ............................................................................ 30

Configure Filters.............................................................................. 30 Format Filter Entries in the Configuration File ............................................... 31

Filtering Examples ............................................................................ 37 Forward Traps through TCP Connections.................................................... 39 Forward Traps Through UDP Connections................................................... 40

Contents 5

6 User Guide

Blind Forwarding of Traps ................................................................. 40 Error Codes (Windows Only) .................................................................. 41

Chapter 4: Starting and Stopping CA eHealth TrapEXPLODER 43 Start CA eHealth TrapEXPLODER on UNIX Systems ............................................. 43 Stop CA eHealth TrapEXPLODER on UNIX Systems.............................................. 45 Start CA eHealth TrapEXPLODER for Windows Systems.......................................... 45 Stop CA eHealth TrapEXPLODER on Windows Systems .......................................... 45

Chapter 5: Command Line Utilities 47 email.exe Utility--Send an Email............................................................... 47 sendtrap Utility--Generate and Send SNMP Trap Messages ...................................... 49

Specify Variable Bindings for sendtrap...................................................... 56 xtrapmon Utility--Receive and Log Trap Messages .............................................. 57

xtrapmon on UNIX Systems ............................................................... 59 xtrapmon on Windows Systems............................................................ 60 Authentication in xtrapmon................................................................ 60 Trap Report Data ......................................................................... 60 xtrapmon SNMPv3 Configuration........................................................... 61

Index 65

Chapter 1: Introduction

This section contains the following topics:

About this Guide (see page 7) CA eHealth TrapEXPLODER (see page 7) CA eHealth TrapEXPLODER and CA eHealth (see page 11)

About this Guide This guide describes how to install and configure CA eHealth TrapEXPLODER. This guide is intended for the person who is installing and configuring CA eHealth TrapEXPLODER. To use CA eHealth TrapEXPLODER, you should have a basic understanding of the Simple Network Management Protocol (SNMP), traps, and your host's operating system environment.

CA eHealth TrapEXPLODER CA eHealth TrapEXPLODER is a Simple Network Management Protocol (SNMP) management application that receives and filters SNMP trap messages and forwards them to other management applications on other hosts and ports. With CA eHealth TrapEXPLODER, you can configure all devices to send traps to a central machine that can “explode” (forward) the traps to other management stations. The following illustration shows how CA eHealth TrapEXPLODER can filter and forward traps to various devices.

Chapter 1: Introduction 7

CA eHealth TrapEXPLODER

CA eHealth TrapEXPLODER simplifies trap configuration and management and lets you to focus your Information Technology (IT) resources on more strategic activities. CA eHealth TrapEXPLODER is especially useful in environments where multiple management applications must receive trap messages from a diverse set of SNMP-capable devices that can issue messages to only a limited number of SNMP managers.

You can use CA eHealth TrapEXPLODER for the following purposes:

■ Filtering traps

■ Forwarding traps to other trap receivers

■ Forwarding traps to element managers, including CA eHealth AdvantEDGE View

■ Forwarding traps through TCP connections

■ Extending fault tolerance for management software

■ Using Network Address Translation (NAT) to change the IP address from which the trap was sent

Note: NAT translates an IPv4 address used within one network to a different IPv4 address known within another network. This option is not supported on IPv6 networks.

CA eHealth TrapEXPLODER accepts and forwards SNMPv1, SNMPv2c, and SNMPv3 traps, and it works in both IPv4 and IPv6 environments.

Note: CA eHealth TrapEXPLODER uses User Datagram Protocol (UDP) port 162 by default. If you are using CA eHealth TrapEXPLODER with other SNMP managers, you must configure the managers to use separate UDP ports.

Filter Traps

You can edit the CA eHealth TrapEXPLODER configuration file to filter traps based on the following criteria:

■ Date and time that the trap was received by CA eHealth TrapEXPLODER

■ IP address of the system from which the trap was received

■ IP address of the agent that originated the trap

■ Trap type (such as Cold Start, Link Down, Link Up, Enterprise, and so on)

■ Specific trap type

■ Enterprise object identifier (OID)

8 User Guide


Match Traps to Filters

When CA eHealth TrapEXPLODER matches a trap to one or more of these filters, it can do any of the following:

■ Log the trap to a file for later analysis.

■ Forward traps over both TCP and UDP, to both the standard SNMP trap port and user-defined ports.

■ Forward the trap to other network management systems (NMSs) listening on the standard SNMP trap port (UDP/162) or a user-defined port (for example, UDP/1162).

■ Forward the trap to another CA eHealth TrapEXPLODER running on another system.

■ Invoke a local program or script to process the SNMP trap, such as a program or script that an operator can use to perform a diagnostic operation.

■ Drop a trap to prevent future processing and forwarding.

■ Use NAT to change the IP address from which the trap was sent.

Trap Message Fields

Trap messages include the following fields (an asterisk (*) indicates a field on which CA eHealth TrapEXPLODER can filter):

Trap PDU

Date/Time Stamp

IP Header

UDP Header

Enterprise* Agent Address*

Generic Trap Type*

Specific Trap Type

Agent Uptime

Variable Bindings

The IP header contains 14 fields, with information such as source address, destination address, type of service, total length, and so on. The UDP header contains four fields: source port, destination port, length, and checksum.

Note: For more information about these headers, see a general networking reference guide.

Forward Traps to Other Trap Receivers

You can use CA eHealth TrapEXPLODER to forward traps to other trap receivers so that you do not have to reconfigure destinations for every agent in your enterprise. When you configure CA eHealth TrapEXPLODER as the trap destination for all of your systems, you can update trap destinations in the CA eHealth TrapEXPLODER configuration file only-not on every agent.



Forward Traps to Element Managers

In an environment that includes several hundred systems that can be managed by a Network Operations Center (NOC), CA eHealth TrapEXPLODER can receive and forward traps to element managers, including CA eHealth AdvantEDGE View. The managed devices can send SNMP traps for the elements they monitor (including Uninterrupted Power Supplies (UPS), routers, switches, or Asynchronous Transfer Mode (ATM) services) to CA eHealth TrapEXPLODER, which then filters and forwards those traps to their appropriate element managers.

Extend Fault Tolerance for Management Software

CA eHealth TrapEXPLODER is ideal for bringing fault tolerance to your management environment. CA eHealth TrapEXPLODER can receive SNMP traps and forward them to management station software, which is often deployed in fault-tolerant pairs. This deployment helps ensure that your traps will reach their destination, even if one management station fails.

Forward Traps through TCP Connections

CA eHealth TrapEXPLODER can forward traps through TCP connections when you specify the host name (or IP address), port, and a connection timeout value. When CA eHealth TrapEXPLODER matches a trap, it establishes a connection with the remote end and keeps the connection alive until no traps have been forwarded for the amount of time specified in the timeout value. When the connection has been inactive for the number of seconds specified in the timeout value, CA eHealth TrapEXPLODER closes the connection.

CA eHealth TrapEXPLODER provides two actions for forwarding traps through TCP: tcp and tcpbuff. When you specify the tcp action for trap filtering in the trapexploder.cf file, CA eHealth TrapEXPLODER does not buffer the traps. In that case, if the trap receiver is unavailable, CA eHealth TrapEXPLODER drops the traps.

When you specify the tcpbuff action, CA eHealth TrapEXPLODER can queue the traps and then send them when the trap receiver restarts, providing better management of TCP connections than the tcp action provides. For more information, see Filtering Examples in the chapter “Configuring CA eHealth TrapEXPLODER.”

Note: Forwarding traps through TCP does not provide security, privacy, or authentication. It simply enhances the reliability of the trap reception.

10 User Guide

CA eHealth TrapEXPLODER and CA eHealth


Receive Traps through TCP

For versions 1.5.3 and later, CA eHealth TrapEXPLODER binds to UDP/162 (by default) to listen for incoming connection requests. To receive traps over TCP, you must edit the trapexploder.cf file and set the listen_for_tcp_traps option to ON.

The port number applies to both the UDP and TCP ports to use. CA eHealth TrapEXPLODER does not support reception of traps on different UDP and TCP ports.

While sending SNMP traps through TCP, CA eHealth TrapEXPLODER sets the TCP_NODELAY option (as it opens the network socket) so that the traps are sent immediately, with no buffering by TCP. The trap receiver can decode the Trap protocol description unit (PDU) as if it were received through UDP.

Note: If the TCP connection is down or the trap receiver does not support TCP, you can forward traps through UDP.

More information:

Forward Traps Through UDP Connections (see page 40)

CA eHealth TrapEXPLODER and CA eHealth CA eHealth TrapEXPLODER is an integrated part of CA eHealth Live Health - Fault Manager and of CA eHealth AdvantEDGE View. You can also use it with other trap receivers. If you have a Fault Manager license, you can use all features of CA eHealth TrapEXPLODER with Fault Manager for forwarding and managing traps. If you have the CA eHealth AdvantEDGE View license and not a Fault Manager license, you can view the traps that CA eHealth TrapEXPLODER forwards to CA eHealth AdvantEDGE View by clicking the Events icon from the AView tab of the CA eHealth Web interface.

Note: If you have installed and licensed Fault Manager, the Events icon in CA eHealth AdvantEDGE View is disabled.

You must configure CA eHealth TrapEXPLODER to send traps to CA eHealth AdvantEDGE View. You must also configure a receive buffer size of 256 KB when you are using CA eHealth TrapEXPLODER with CA eHealth. A receive buffer is the amount of space in the kernel devoted to receiving packets for a particular socket.

More information:

Configuring CA eHealth TrapEXPLODER (see page 27)

Chapter 2: Installing CA eHealth TrapEXPLODER


Installation Instructions (see page 13) Uninstallation Instructions (see page 24)

Installation Instructions Use the following list to find the installation instructions for your operating system.

Windows

See Install CA eHealth TrapEXPLODER on Windows Systems.

Solaris

See Install CA eHealth TrapEXPLODER on Solaris SPARC Systems.

HP-UX

See Install CA eHealth TrapEXPLODER on HP-UX Systems.

Linux

See Install CA eHealth TrapEXPLODER on Linux Systems.

Notes:

You must configure the environment before you run CA eHealth TrapEXPLODER on Windows or UNIX.

Before running CA eHealth TrapEXPLODER on Windows, you must disable the Microsoft system service Trap Server. The two products cannot run at the same time.

More information:


Chapter 2: Installing CA eHealth TrapEXPLODER 13

Installation Instructions

Install CA eHealth TrapEXPLODER on Windows Systems

This section explains how to install CA eHealth TrapEXPLODER on Windows systems. The Windows installation uses the setup utility.

To install CA eHealth TrapEXPLODER on Windows systems

1. Log in as an administrator to the system where you want to install CA eHealth TrapEXPLODER.

2. Save the installation file as trapx.exe.

3. Enter the following command at the command prompt, where c: is the directory where you want to install CA eHealth TrapEXPLODER:

trapx.exe -dir c:\

The installation program extracts the distribution to the c:\trapx directory.

4. Change to the c:\trapx directory:

cd c:\trapx

5. To install the software, enter the following at the command prompt:

setup -i

This setup copies the trapexploder.cf and trapexploder.lic files to %SystemRoot%\system32. It also sets the TrapPort registry key in the Windows registry to a default value of 162 to enable the forwarding of traps through the standard UDP port.

6. Edit the %SystemRoot%\system32\trapexploder.cf configuration file for your configuration.

7. Start CA eHealth TrapEXPLODER by entering the following:

net start trapexploder

CA eHealth TrapEXPLODER is installed.

More information:


14 User Guide


Install CA eHealth TrapEXPLODER on Solaris SPARC Systems

This section explains how to install the CA eHealth TrapEXPLODER on Solaris SPARC systems.

To install CA eHealth TrapEXPLODER on Solaris SPARC systems into the default installation directory

1. Log in as root to the system where you want to install CA eHealth TrapEXPLODER.

2. Save the installation file as trapx.pkg.

3. Install the software with the pkgadd utility by entering the following:

pkgadd -d ./trapx.pkg

This command installs CA eHealth TrapEXPLODER at /opt/trapx, which is the default installation directory.

A prompt appears for changing the port number.

4. Enter the port number that you want CA eHealth TrapEXPLODER to use at the following prompt. The default port number is 162:

Enter the CA eHealth TrapEXPLODER port number (default: 162) [?]

A prompt appears for changing the user name.

5. Enter a user name that will run CA eHealth TrapEXPLODER at the following prompt. The user should exist prior to the installation; otherwise, the installation will prompt you for the user name again. The default user is 'root':

Enter a user name that will run CA eHealth TrapEXPLODER (default: root) [?]

The installation copies the configuration file to /etc/trapexploder.cf.

Note: Edit the /etc/trapexploder.cf file for your environment.

CA eHealth TrapEXPLODER automatically starts when the installation finishes.

Note: You must be logged in as root to start the software.

More information:

Install CA eHealth TrapEXPLODER in a Non-Default Directory for Solaris (see page 16) Perform a Silent Installation on Solaris SPARC Systems (see page 17) Configuring CA eHealth TrapEXPLODER (see page 27)



Install CA eHealth TrapEXPLODER in a Non-Default Directory for Solaris

By default, CA eHealth TrapEXPLODER for Solaris SPARC systems is installed in the /opt/trapx directory. You can install CA eHealth TrapEXPLODER in a different directory other than /opt/trapx.

To install CA eHealth TrapEXPLODER on Solaris SPARC systems into a non-default installation directory



3. Create an administration text file (myadmin.file in this example) that specifies the new installation directory (/usr/CA in this example), as follows:

basedir=/usr/CA

mail=

instance=unique

partial=ask

runlevel=ask

idepend=ask

rdepend=ask

space=ask

setuid=ask

conflict=ask

action=ask

4. Enter the following from a command prompt to instruct the pkgadd utility to use the text file you created (myadmin.file in this example) to install the agent to the directory you specified:

pkgadd -a ./myadmin.file -d ./trapx.pkg

This example installs the agent in the 'trapx' sub-directory of the chosen installation directory, (/usr/CA/trapx in this example).

A prompt appears for changing the port number.


Enter the CA eHealth TrapEXPLODER port number (default: 162) [?]



Enter a user name that will run CA eHealth TrapEXPLODER (default: root) [?]


16 User Guide





Perform a Silent Installation on Solaris SPARC Systems

You can perform a silent installation of CA eHealth TrapEXPLODER on Solaris SPARC systems by creating a response file and running a silent installation using the created response file.

To perform a silent installation on Solaris SPARC systems



3. Create a response file using the following command:

pkgask -d ./trapx.pkg -r /tmp/trapx respfile.txt

Follow the prompts to create a response file.

4. Create the base directory where you want to install CA eHealth TrapEXPLODER.

For example, to install CA eHealth TrapEXPLODER under /usr/CA, enter the following:

mkdir -p /usr/CA

5. Enter the following command to install CA eHealth TrapEXPLODER silently:

echo y | pkgadd -a ./myadmin.file -d ./trapx.pkg -r /tmp/trapx_respfile.txt

trapx






Install CA eHealth TrapEXPLODER on HP-UX Systems

This section explains how to install the CA eHealth TrapEXPLODER software distribution on HP-UX systems.

To install CA eHealth TrapEXPLODER on HP-UX systems into the default installation directory


2. Save the installation file at /tmp/trapx.depot.

3. Use the HP-UX swinstall utility to install the software by entering the following:

swinstall -x reinstall=true -s /tmp/trapx.depot trapx


Note: Edit the /etc/trapexploder.cf configuration file to suit your environment.

CA eHealth TrapEXPLODER is installed at /opt/trapx, which is the default installation directory.

4. (Optional) Change to the /opt/trapx directory if you need to change the default user name (root) or port number (162):

cd /opt/trapx

Note: Steps 5-8 are also only required if you want to change the default user name or port number.

5. Run the Install script to set an alternate user name and port number:

./Install

A prompt appears asking if you want to stop CA eHealth TrapEXPLODER.

6. Enter y if you want to stop CA eHealth TrapEXPLODER at the following prompt:

CA eHealth TrapEXPLODER will be stopped. Do you want to continue (y/n)

[default: y]?

A prompt for changing the port number appears.


Enter the CA eHealth TrapEXPLODER port number (default: 162) :

A prompt for changing the user name appears.

18 User Guide



Enter a user name that will run CA eHealth TrapEXPLODER (default: root) :



More information:

Install CA eHealth TrapEXPLODER on HP-UX Systems in a Non-Default Directory (see page 19) Perform a Silent Installation on HP-UX Systems (see page 21) Configuring CA eHealth TrapEXPLODER (see page 27)

Install CA eHealth TrapEXPLODER on HP-UX Systems in a Non-Default Directory

By default, CA eHealth TrapEXPLODER for HP-UX systems is installed in the /opt/trapx directory. You can install CA eHealth TrapEXPLODER in a different directory other than /opt/trapx.

To install CA eHealth TrapEXPLODER on HP-UX systems into a non-default installation directory


2. Save the installation file at /tmp/trapx.depot.

3. Use the HP-UX swinstall utility to install the software into a non-default directory (/usr/CA/trapx in the example below) by entering the following:

swinstall .x allow_incompatible=true -x reinstall=true -s /tmp/trapx.depot

trapx,l=/usr/CA/trapx



CA eHealth TrapEXPLODER is installed at in the directory you specified.

4. (Optional) Change to the specified installation directory if you need to change the default user name (root) or port number (162):

cd /usr/CA/trapx

Note: Steps 5-8 are also only required if you want to change the default user name or port number.



5. Run the Install script to set an alternate user name and port number:

./Install




[default: y]?




A prompt for changing the user name appears.





20 User Guide


Perform a Silent Installation on HP-UX Systems

You can perform a silent installation of CA eHealth TrapEXPLODER on HP-UX systems to install the product without requiring user action.

To perform a silent installation on HP-UX systems


2. Install CA eHealth TrapEXPLODER in the default (see page 18) or a non-default (see page 19) installation directory.



CA eHealth TrapEXPLODER is installed in the directory you specified.

3. (Optional) Change to the CA eHealth TrapEXPLODER installation directory (/opt/trapx in the example below) if you want to change the default user name (root) or port number (162):

cd /opt/trapx

4. Run the silent installation of the Install script (without any user intervention) using the following command:

echo "y\n<port-number>\n<user-name>\n" | ./Install [in K-shell (ksh) or

Bourne shell (sh)]

echo -e "y\n<port-number>\n<user-name>\n" | ./Install [in BASH shell (bash)]

port-number

Specifies the port number that you want CA eHealth TrapEXPLODER to use.

user-name

Specifies an existing user name on the operating system to run CA eHealth TrapEXPLODER.




Install CA eHealth TrapEXPLODER on Linux Systems

This section explains how to install the CA eHealth TrapEXPLODER on Linux systems.

To install CA eHealth TrapEXPLODER on Linux systems


2. Save the installation file as trapx.tar.

3. Create the directory where you want to install CA eHealth TrapEXPLODER (/opt/trapx in the example below):

mkdir /opt/trapx

4. Move the trapx.tar file to this new directory:

mv trapx.tar /opt/trapx

5. Change to the CA eHealth TrapEXPLODER installation directory (/opt/trapx in the example below):

cd /opt/trapx

6. Untar the file by entering the following:

tar xvf trapx.tar

7. Run the installation script by entering the following:

./Install




[default: y]?





10. Enter a user name to run CA eHealth TrapEXPLODER at the following prompt. The user should exist prior to the installation; otherwise, the installation will prompt you for the user name again. The default user is 'root':



22 User Guide





More information:

Perform a Silent Installation on Linux Systems (see page 23) Configuring CA eHealth TrapEXPLODER (see page 27)

Perform a Silent Installation on Linux Systems

You can perform a silent installation of CA eHealth TrapEXPLODER on Linux systems to install the product without requiring user action.

To perform a silent installation on Linux systems


2. Save the installation file as trapx.tar.

3. Create the directory where you want to install CA eHealth TrapEXPLODER (/opt/trapx in the example below):

mkdir /opt/trapx

4. Move the trapx.tar file to this new directory:

mv trapx.tar /opt/trapx

5. Change to the CA eHealth TrapEXPLODER installation directory (/opt/trapx in the example below):

cd /opt/trapx

6. Untar the file by entering the following:

tar xvf trapx.tar

7. Run the silent installation of the Install script (without any user intervention) using the following command:

echo "y\n<port-number>\n<user-name>\n" | ./Install [in K-shell (ksh) or

Bourne shell (sh)]

echo -e"y\n<port-number>\n<user-name>\n" | ./Install [in BASH shell (bash)]

port-number

Specifies the port number that you want CA eHealth TrapEXPLODER to use.


Uninstallation Instructions

user-name

Specifies an existing user name on the operating system to run CA eHealth TrapEXPLODER.


Uninstallation Instructions The following sections describe how to uninstall CA eHealth TrapEXPLODER for Windows and UNIX systems.

Uninstall CA eHealth TrapEXPLODER on Windows Systems

You remove CA eHealth TrapEXPLODER by using the setup -x or the setup -r command. The setup -x command removes the service, registry keys, and all installed files, while the setup -r command removes only the service and registry keys.

To uninstall CA eHealth TrapEXPLODER on Windows systems

1. Log in as an administrator to the system where you want to uninstall CA eHealth TrapEXPLODER.

2. Open a command prompt window and change to the c:\trapx directory (where c: is the directory where you originally installed CA eHealth TrapEXPLODER).

3. Run one of the following commands:

setup -r

The TrapEXPLODER service and the registry keys are removed.

setup -x

The TrapEXPLODER service, registry keys, and all installed files are removed from the TrapEXPLODER installation directory.

4. Remove the directory where you installed CA eHealth TrapEXPLODER.

CA eHealth TrapEXPLODER is removed from your system.

24 User Guide

Uninstallation Instructions


Uninstall CA eHealth TrapEXPLODER on UNIX Systems

Use the Remove script to remove CA eHealth TrapEXPLODER from UNIX systems.

To uninstall CA eHealth TrapEXPLODER on UNIX systems

1. Log in as root to the system where you want to uninstall CA eHealth TrapEXPLODER.

2. Change to the directory where you installed CA eHealth TrapEXPLODER (/opt/trapx in the example below):

cd /opt/trapx

3. Use the Remove script and follow the prompts to remove CA eHealth TrapEXPLODER:

./Remove


Perform a Silent Uninstallation on UNIX Systems

You can perform a silent uninstallation on UNIX systems to remove CA eHealth TrapEXPLODER from your system without requiring user action.

To perform a silent uninstallation on UNIX systems

1. Log in as root to the system where you want to uninstall CA eHealth TrapEXPLODER.

2. Change to the directory where you installed CA eHealth TrapEXPLODER (/opt/trapx in the example below):

cd /opt/trapx

3. Use the following command to remove CA eHealth TrapEXPLODER:

echo "y\ny\ny\ny\n" | ./Remove [in K-shell (ksh) or Bourne shell (sh)]

echo -e "y\ny\ny\ny\n" | ./Remove [in BASH shell (bash)]


Chapter 3: Configuring CA eHealth TrapEXPLODER


Configuration Prerequisites (see page 27) Edit the CA eHealth TrapEXPLODER Configuration File (see page 27) Configure Debug Mode (see page 28) Configure Receive Buffers (see page 28) Configure Filters (see page 30) Filtering Examples (see page 37) Error Codes (Windows Only) (see page 41)

Configuration Prerequisites CA eHealth TrapEXPLODER listens on the standard SNMP trap port (UDP/162 by default and optionally on TCP). You must therefore run the CA eHealth TrapEXPLODER software with root or administrator permissions.

Edit the CA eHealth TrapEXPLODER Configuration File You can configure CA eHealth TrapEXPLODER for your environment by editing the CA eHealth TrapEXPLODER configuration file, trapexploder.cf. This configuration file specifies the destinations to which CA eHealth TrapEXPLODER forwards traps, the filters to apply, and the actions to run when it matches traps. The syntax of the configuration file consists of comments and filters. Lines that begin with a pound sign (#) are comments.

CA eHealth TrapEXPLODER uses regular expressions for filter matching.

Avoid trap loops when you are configuring CA eHealth TrapEXPLODER. That is, make sure that you configure CA eHealth TrapEXPLODER to forward trap messages to other management applications-not to itself on the same port.

More information:

Configure Filters (see page 30)

Chapter 3: Configuring CA eHealth TrapEXPLODER 27

Configure Debug Mode

Configure Debug Mode For both Windows and UNIX systems, uncomment the following line in the trapexploder.cf file to enable debug mode:

# debug

For UNIX systems, you can also toggle CA eHealth TrapEXPLODER in and out of debug mode with the following signal:

kill -USR1 <TrapEXPLODER PID>

You can also instruct CA eHealth TrapEXPLODER to reread the trapexploder.cf file with the following signal:

kill -HUP <TrapEXPLODER PID>

Configure Receive Buffers You can set the size of the receiving socket buffer in the trapexploder.cf configuration file with the so_rcvbuf command. This command uses the following format:

so_rcvbuf size-in-bytes

The size-in-bytes value is the size in bytes of the receiving socket's receive buffer.

A receive buffer is the amount of space in the kernel devoted to receiving packets for a particular socket.

Use this command to set a buffer large enough to prevent overloading of the main trap-receiving socket buffer for CA eHealth TrapEXPLODER. (If this buffer is overloaded, CA eHealth TrapEXPLODER can lose some traps.)

On Solaris and Windows, the default for the receive buffer size is 8192 bytes (8 KB). For larger networks, you can set this buffer to a much higher number. The maximum receive buffer for Solaris is 256 KB. Though Windows does not publish its maximum receive buffer size, use 256 KB as your upper limit for both Windows and Solaris.

Note: If you have enabled debugging as in the section Configure Debug Mode, CA eHealth TrapEXPLODER returns the receive buffer size. Verify that the information CA eHealth TrapEXPLODER returns matches the buffer size that you have configured and that the size is valid.

28 User Guide

Configure Receive Buffers

Listen for Traps on UDP/TCP

By default, CA eHealth TrapEXPLODER listens for traps on the SNMP UDP port. The SNMP TCP port is turned off (closed) by default. To modify these settings and turn the UDP and/or the TCP port on or off, edit the following settings in the trapexploder.cf file to specify either on or off:

listen_for_udp_traps <on|off>

listen_for_tcp_traps <on|off>

The typical case is to set the UDP port to on and to have the TCP port set to off. It is valid, however, to have both ports on. Turning both ports off produces errors, however.

Set a Log File Size Limit

The log-file option to the file action is the name of the file to write traps (in ASCII text).

The max-file-size option specifies the maximum length, in kilobytes, for the log file. This file has no default limit.

To limit the log file size, edit following entry in the trapexploder.cf file:

file log-file [max-file-size]

Configure Receive Buffer Size for CA eHealth

If you are using CA eHealth TrapEXPLODER with CA eHealth, you can configure a receive buffer of size 256 KB.

To configure receive buffer size, add the following line to the trapexploder.cf file:

so_rcvbuf 262144

Minimize Delay During Restart of CA eHealth TrapEXPLODER

You can minimize delay in restarting CA eHealth TrapEXPLODER by setting the reuse_address option. Setting this option prevents a delay if CA eHealth TrapEXPLODER stops and needs to be restarted immediately.

To set the option, add the following to the trapexploder.cf file:

reuse_address


Configure Filters

Enable Translation of SNMPv2c Traps to SNMPv1 Traps

You can globally enable translation of SNMP v2c traps to SNMPv1 traps by setting the translate_v2c_traps option.

To enable translation of SNMPv2c traps to SNMPv1 traps

1. Uncomment the following line:

translate_v2c_traps

2. If the device sends v2c traps without the snmpTrapAddress, enable the following option:

v2c_agentaddr_is_srcaddr

This option makes the v2c trap agent address the same as the source address, in those cases where section 3.2 of RFC3584 states that the agent address will be 0.0.0.0 when the v2c to v1 conversion occurs.

SNMPv3 Traps

When SNMPv3 Traps are received by CA eHealth TrapEXPLODER, it forwards them to the configured trap destinations without performing any SNMPv3 user authentication. Therefore, SNMPv3 user configuration is not required for CA eHealth TrapEXPLODER.

Configure Filters You can set filters in the trapexploder.cf configuration file. Filter expressions for CA eHealth TrapEXPLODER use the following format:

filter DateTime SrcIP Agent TrapType SpecificType Enterprise Action [Option]

Use an asterisk (*) as a placeholder in any field for which you do not want to filter on a specific value.

30 User Guide

Configure Filters

Format Filter Entries in the Configuration File

You can base filters on any combination of the following Trap PDU fields:

■ Date and time that the trap was received by CA eHealth TrapEXPLODER

Note: This field is different from the agent uptime in the Trap PDU.

■ Source IP address

■ Agent IP address

■ Trap type

■ Specific type

■ Enterprise Object Identifier (OID)

■ Action

Enter one filter per line in the configuration file.

More information:

Filtering Examples (see page 37)

SNMP Trap Format

The following illustration shows the structure of an SNMPv1 Trap PDU. Fields marked with an asterisk (*) are fields on which CA eHealth TrapEXPLODER can filter.


Configure Filters

There is no practical limit to the number of filters that you can apply to each Trap PDU, but you should organize the filters in the configuration file in a manner that promotes best overall performance. Filter optimization is beyond the scope of CA eHealth TrapEXPLODER; you must do it yourself.

If the Trap PDU contains variable bindings, they are given to the script as standard input, with each variable OID and value on its own input line.

Note: For more information, see Sendtrap Examples in this chapter and the example script, trapScript.pl, which is located in the scripts subdirectory.

CA eHealth TrapEXPLODER does not filter trap messages based on variable bindings. For this type of filtering, you can match particular trap messages and then invoke a shell script or program to examine the Trap PDU's variable bindings.

Use Action Commands with Filters

When you include an action command in your filter, you must also set an option in the filter expression. The option depends on the type of action you have specified.

Action commands take the following format:

command[args]

When executing an action script or program, CA eHealth TrapEXPLODER writes the following temporary files so that it can pass stdin into the executed action script or program:

■ /tmp/trapscript.input for UNIX systems

■ \temp\script.inp for Windows systems

Note: These filter fields are not backward-compatible with versions of TrapEXPLODER earlier than 1.3. They are valid only for TrapEXPLODER 1.3 and later.

The following are filter command fields:

DateTime

(Optional) A regular expression indicating the date and time that the trap was received by CA eHealth TrapEXPLODER. For example, Fri May 11 09:23:34 EDT 2001.

Note: This value does not necessarily indicate the time that the trap was sent by the device.

32 User Guide

Configure Filters

SrcIP

(Optional) An IP address-based regular expression that CA eHealth TrapEXPLODER uses to match the source IP, as in the IP packet header. The IP address from which the trap was received is not always equivalent to the agent IP address in the Trap PDU. The regular expression * indicates that any IP address will cause a match. You can specify a host name instead of an IP address for this field.

Note: IPv6 address formats do not use regular expressions. For the usage for IPv6 address formats, see Using IPv6 Address Formats in SrcIP and AgentIP Address Filters.

AgentIP

(Optional) An IP address-based regular expression that CA eHealth TrapEXPLODER uses to match the IP address of the managed object that generated the trap (as in the Agent IP Address field in the Trap PDU). The IP address from which the trap was received is not always equivalent to the agent IP address in the Trap PDU. The regular expression * indicates that any IP address will cause a match. You can specify a host name instead of an IP address for this field.

Note: Be sure to add a backslash character (\) before any period (.) components that appear within the IP address. The period (.) is a special character in regular expression syntax.

Note: IPv6 address formats do not use regular expressions. For the usage for IPv6 address formats, see Using IPv6 Address Formats in SrcIP and AgentIP Address Filters.

TrapType

(Optional) An integer-based regular expression that CA eHealth TrapEXPLODER compares to the Trap PDU's TrapType field.

Valid SNMP TrapType values are the following:

■ coldStart(0)

■ warmStart(1)

■ linkDown(2)

■ linkUp(3)

■ authenticationFailure(4)

■ egpNeighborloss(5)

■ enterpriseSpecific(6)

SpecificType

(Optional) An integer-based regular expression that CA eHealth TrapEXPLODER compares to the Trap PDU's SpecificType field. Any integer is a valid value for this field.


Configure Filters

Enterprise

(Optional) An OID-based regular expression that CA eHealth TrapEXPLODER compares to the Trap PDU's enterprise field.

Note: Be sure to add a backslash character (\) before any period (.) components that appear within the OID. The period (.) is a special character in regular expression syntax.

Action

(Optional) A keyword that indicates the action that CA eHealth TrapEXPLODER will perform:

file

Logs the Trap PDU to a file specified by the Option field. CA eHealth TrapEXPLODER will create the file if it does not exist.

This option is applicable only for SNMPv1 traps and when performing SNMPv2c to SNMPv1 trap translation. For other trap types, the log file will not log detailed information.

forward

Forwards the Trap PDU through UDP to a host specified by the Option field. Use this option if the trap receiver does not support TCP or if the TCP connection is broken.

exec

Runs the program or script specified by the Option field with the Trap PDU as input.

break

Performs no further processing on the current Trap PDU, and do not evaluate any remaining filters for the current Trap.

eh

Forwards traps to the specified CA eHealth system specified by the Option field. (Valid for eHealth Releases 5.0 and 5.5 only.)

nat

Changes the agent IP address in the SNMP Trap PDU to the IP address specified in the Option field. This action changes only the agent IP address.

Note: This option is not supported on IPv6 networks.

tcp

Forwards traps through a TCP connection without buffering the traps. This action drops the traps if CA eHealth TrapEXPLODER cannot connect to the remote trap receiver.

34 User Guide

Configure Filters

tcpbuff

Forwards traps through a TCP connection. This action saves traps until TrapEXPLODER is able to connect to the remote trap receiver (or until the timeout limit is reached).

Note: If you are using the tcp or tcpbuff actions and you receive the error message, “trapexploder: tcp forw detected a broken socket to <IP>:[port],” the TCP connection is broken or invalid. Use the forward action (which forwards traps through UDP) instead.

aview

Writes traps (one per file) in the format required by CA eHealth AdvantEDGE View.

blind

Forwards traps without parsing or decoding them first. This feature is useful for forwarding malformed traps or unsupported SNMP versions. It enables filtering only on the source IP address.

Note: These values are case-sensitive.

Option

An optional, case-sensitive field that works with the Action field as follows:

■ If Action is set to file, set Option to a valid file name to which CA eHealth TrapEXPLODER can log the Trap PDU. To set the maximum size for the log file, use the max-file-size argument to the log-file option.

■ If action is set to forward, set Option to a valid IP address and (optionally) port number.

■ If Action is set to host, set Option to a valid host to which CA eHealth TrapEXPLODER can forward the trap. A host can be an IP address or valid hostname. A host can also specify a UDP port to which to send the trap if you want to use a port other than the default, 162.

Use the following format for IPv4 addresses in the configuration file:

IPv4Address:port

Use the following format for IPv6 addresses in the configuration file:

[IPv6Address]:port

■ If Action is set to break, CA eHealth TrapEXPLODER performs no further processing on the Trap PDU and evaluates no further filters for that trap.

■ If Action is set to eh, set Option to a valid IP address for a CA eHealth system. You specify ports by appending a colon and the port number to the name or IP address. (This action is valid for eHealth Releases 5.0 and 5.5 only.)


Configure Filters

■ If Action is set to exec, set Option to a valid file name of an executable script or binary that can process the Trap PDU. The script is run synchronously by CA eHealth TrapEXPLODER because it is single-threaded.

■ If Action is set to nat, set Option to the IP address with which you want to replace the agent IP address that was sent in the SNMP Trap PDU.

■ If Action is set to tcp, set Option to the IP address (or hostname) and port for the trap receiver, and the timeout value for the TCP connection as follows:

host:port timeout

■ If Action is set to tcpbuff, set Option to the IP address (or hostname) and port for the trap receiver, the buffer size (in KB), and the timeout value for the TCP connection as follows:

host:port bufferSize timeout

Note: The timeout value indicates how long CA eHealth TrapEXPLODER keeps traps in the buffer. Adjust your buffer size and timeout values to match your environment. For example, if you have a high volume of traps, set a large buffer size; if your link typically goes down for several minutes, set a large timeout value.

■ If Action is set to aview, set Option to the CA eHealth AdvantEDGE View traps directory.

■ If Action is set to blind, set Option to the hostname or IP address and optionally the port for the trap receiver.

More information:

SNMP Trap Format (see page 31)

36 User Guide

Filtering Examples

Use IPv6 Address Formats in SrcIP and AgentIP Address Filters

Use the following guidelines when using IPv6 addresses in the SrcIP and AgentIP address filters:

■ Specify hexa-decimal notation for IPv6 addresses. Specify characters in lower or uppercase.

■ You can use a range of addresses, such as the following:

e000-efff:f000-f0ff:bef0-beff:*

■ You can use wild card characters (*) in any field, such as the following:

2002:11da:*:*:2d1:1134:dfdf:1101

■ If you specify a wild card character (*), it should be the only character in that IP field. IP fields are the characters between colons ":". For example, 2002:1110:a*:*:2D1:1134:df0:01f is not valid because a* is not valid.

■ Not all of the fields of an address are required. For example, afbd:* would be same as afbd:*:*:*:*:*:*:*.

■ Incomplete mask elements will default to wild card (*). For example, 2002:11da:fe0 would be the same as 2002:11da:fe0:*:*:*:*:*.

■ :: (colon followed by a colon) is not allowed and will be treated as *:*:*.

■ You can specify a host name instead of the IPv6 address format, such as the following:

box1.domain.com

Filtering Examples This section includes sample filters that you can add to the CA eHealth TrapEXPLODER configuration file, trapexploder.cf. You can use these examples to help design filters suitable for your environment.

In these examples, asterisks (*) indicate placeholders for fields for which you do not want to filter on a specific value.

Example: Match Trap PDUs from a Local Host

These examples match all Trap PDUs from the local host, and effectively drop and suspend filter processing for them.

filter * * 127\.0\.0\.1 * * * break

filter * * ::1 * * * break


Filtering Examples

Example: Match Authentication Failure Traps

This example matches all authenticationFailure(4) traps and forwards them to the system named concord at UDP port 162 (the default).

filter * * * 4 * * forward concord

Example: Match Private-Enterprise Traps

This example matches all private-enterprise traps of SpecificType 3 through 8 and forwards them to the system named concord at UDP port 191.

filter * * * 6 [3-8] * forward concord:191

Example: Match Traps by Enterprise OID

This example matches all traps that contain the enterprise OID 1.3.6.1.4.1.546.1.1 and forwards them to the system named ottoman at UDP port 162 (the default).

filter * * * * * 1\.3\.6\.1\.4\.1\.546\.1\.1 forward ottoman

Note: A backslash character (\) appears before each period character (.) so that the period character is read correctly as part of the enterprise ID and not as a regular expression wildcard operation.

Example: Match Traps by Enterprise OID and Execute a Script

This example matches all traps that contain the enterprise OID 1.3.6.1.4.1.546.1.1 and runs the trapScript.pl script (located in the scripts subdirectory) with the trap as input.

filter * * * * * 1\.3\.6\.1\.4\.1\.546\.1\.1 exec

/opt/trapx/scripts/trapScript.pl

Note: You must specify the full pathname to the script.

Example: Match Traps by Date

This example matches all traps that CA eHealth TrapEXPLODER received on Friday and forwards them to the system named ottoman.

filter "Fri" * * * * * forward ottoman

38 User Guide

Filtering Examples

Example: Match Traps by Source IP Address

These examples match all traps that originated from the source IPv4 address 199.250.183.215 and from the IPv6 address fe80::a00:20ff:fe8c:af7e and forward them to the system named ottoman.

filter * 199\.250\.183\.215 * * * * forward ottoman

filter * fe80::a00:20ff:fe8c:af7e * * * * forward ottoman

Example: Match Traps by Agent IP Address

These examples match all traps that were sent by a managed object with an IPv4 address of 199.250.183.215 and an IPv6 address of fe80::a00:20ff:fe8c:af7e and forward them to the system named ottoman.

filter * * 199\.250\.183\.215 * * * forward ottoman

filter * * fe80::a00:20ff:fe8c:af7e * * * forward ottoman

Example: Filter Traps to the CA eHealth AdvantEDGE View Traps Directory

This example filters traps to the CA eHealth AdvantEDGE View traps directory (for example, /ehealth/web/aview/var/traps).

filter * * * * * * aview /ehealth/web/aview/var/traps

Note: The ehealth variable represents the CA eHealth home directory. If you are using the standalone version of CA eHealth AdvantEDGE View, the CA eHealth AdvantEDGE View traps directory is /opt/aview/var/traps.

Forward Traps through TCP Connections

You can forward traps through TCP with or without buffering. To buffer the traps (save them if the trap receiver is unavailable), use the tcpbuff action. To filter traps without buffering them, use the tcp action.

Example: Filter Traps Through TCP with Buffering

This example forwards traps through a TCP connection to a system with a hostname of violet on port 5058 with a buffer of 60 KB and a timeout value of 300 seconds.

filter * * * * * * tcpbuff violet:5058 60 300

CA eHealth TrapEXPLODER will filter traps of up to 60 KB for 300 seconds before dropping them.


Filtering Examples

Example: Filter Traps Through TCP without Buffering

This example forwards traps without buffering through a TCP connection to a system with a hostname of electrode on port 162 with a timeout value of 30 seconds.

filter * * * * * * tcp electrode:162 30

When CA eHealth TrapEXPLODER is forwarding traps through TCP, it maintains a TCP connection with the trap receiver. Before CA eHealth TrapEXPLODER forwards a trap that it has received, it checks to see if the TCP connection is still valid. If the connection is broken, the following error message appears:

Error: "trapexploder: tcp forw detected a broken socket to <IP>:[port]"

The same error appears if the trap receiver does not support TCP. If the trap receiver does not support TCP but does support UDP, you can use the forward action, as described in the section Forward Traps through UDP Connections.

Forward Traps Through UDP Connections

You can forward traps through UDP when the trap receiver does not support TCP.

Example: Forward Traps through UDP Connections

This example forwards traps through a UDP connection to a system with a hostname of orange on port 5058.

filter * * * * * * forward orange:5058

Blind Forwarding of Traps

You can blindly forward traps without parsing or decoding.

Example: Forward Traps Blindly

This example forwards traps to a system with a hostname of lemon on port 5058 without parsing or decoding.

filter * * * * * * blind lemon:5058

40 User Guide

Error Codes (Windows Only)


Error Codes (Windows Only) The CA eHealth TrapEXPLODER service can return the following error codes to the Windows Service Control Manager:

■ 1 - WinSock failed to initialize

■ 2 - Error creating trap sockets

■ 3 - Out of memory

■ 4 - Fatal error in processing configuration file

Note: For more information about the errors, see the trapexploder.log file and your Windows documentation.

Chapter 4: Starting and Stopping CA eHealth TrapEXPLODER


Start CA eHealth TrapEXPLODER on UNIX Systems (see page 43) Stop CA eHealth TrapEXPLODER on UNIX Systems (see page 45) Start CA eHealth TrapEXPLODER for Windows Systems (see page 45) Stop CA eHealth TrapEXPLODER on Windows Systems (see page 45)

Start CA eHealth TrapEXPLODER on UNIX Systems For UNIX systems, trapexploder is the UNIX systems application for CA eHealth TrapEXPLODER. This program is intended to be a non-interactive daemon that works silently in the background. When CA eHealth TrapEXPLODER receives a signal that the system has started, it re-reads its configuration file.

Note: For information about the CA eHealth TrapEXPLODER configuration file, see Edit the CA eHealth TrapEXPLODER Configuration File in the chapter “Configuring CA eHealth TrapEXPLODER.”

After you install CA eHealth TrapEXPLODER for UNIX systems, confirm that the installation has copied the trapexploder.cf file to the /etc directory.

You can start CA eHealth TrapEXPLODER on UNIX using an automated startup script or manually.

To start CA eHealth TrapEXPLODER using an automated startup script, enter the following command:

Linux and Solaris

/etc/init.d/trapexploder start

HP-UX

/sbin/init.d/trapexploder start

CA eHealth TrapEXPLODER starts on the default port 162 unless a different port is configured during the installation.

Chapter 4: Starting and Stopping CA eHealth TrapEXPLODER 43

Start CA eHealth TrapEXPLODER on UNIX Systems

To start CA eHealth TrapEXPLODER manually, enter the following command:

$INSTALLDIR/bin/trapexploder [-f configfile] [-p port] [-d debug level (0-5)] [-

h] [-v]

$INSTALLDIR

Specifies the CA eHealth TrapEXPLODER installation directory.

-f configfile

Specifies the name of a configuration file to read. By default, CA eHealth TrapEXPLODER looks in the /etc/trapexploder.cf file. For more information, see Edit the CA eHealth TrapEXPLODER Configuration File in the chapter “Configuring CA eHealth TrapEXPLODER”.

-p port

Specifies the port number that CA eHealth TrapEXPLODER listens for traps. The default port number is 162.

-d debug level

Specifies the log level of the SNMP messages to be logged in the trapexploder.log file. Accepted values are 0 to 5:

0

Logs fatal messages.

1

Logs critical messages.

2

Logs warning messages.

3

Logs informational messages.

4

Logs all of the messages.

5

Logs all of the messages, including debugging messages.

Default: 3

-v

Puts CA eHealth TrapEXPLODER in verbose mode. This mode causes the program to print various debugging statements as it receives and filters trap messages. By default, verbose output is not enabled.

-h

Causes CA eHealth TrapEXPLODER to print out allowable options and then exit.

44 User Guide

Stop CA eHealth TrapEXPLODER on UNIX Systems

Chapter 4: Starting and Stopping CA eHealth TrapEXPLODER 45

Stop CA eHealth TrapEXPLODER on UNIX Systems To stop CA eHealth TrapEXPLODER on UNIX systems, enter the following command:

Linux and Solaris

/etc/init.d/trapexploder stop

HP-UX

/sbin/init.d/trapexploder stop

Start CA eHealth TrapEXPLODER for Windows Systems CA eHealth TrapEXPLODER reads a configuration file to obtain a list of filters and associated actions. Use the Services Control Panel to start and stop the trapexploder service. You can also set options through this Control Panel.

When you install CA eHealth TrapEXPLODER for Windows, the setup utility automatically copies the trapexploder.cf file to your system root directory.

To start CA eHealth TrapEXPLODER for Windows systems, enter the following at the command prompt:

net start trapexploder

Stop CA eHealth TrapEXPLODER on Windows Systems To stop CA eHealth TrapEXPLODER for Windows systems, enter the following at the command prompt:

net stop trapexploder

Chapter 5: Command Line Utilities

This chapter describes the usage and syntax of the command line utilities provided in CA eHealth TrapEXPLODER.


email.exe Utility--Send an Email (see page 47) sendtrap Utility--Generate and Send SNMP Trap Messages (see page 49) xtrapmon Utility--Receive and Log Trap Messages (see page 57)

email.exe Utility--Send an Email email.exe sends an email. Use this utility as an action to send an email based on SystemEDGE monitoring or CA eHealth TrapEXPLODER activity. email.exe can work in both IPV4 and IPv6 environments.

This utility has the following format:

email.exe

[-v]

[-s]

[-a]

[-r smtp-server]

[-xhdrf filename ]

source-addr

dest-addr

[subject]

[message]

-v

Enables verbose mode, and prints useful information to the screen.

-s

Lets you add more text to the message body by typing it on the terminal (stdin). Use ^D (CTRL+D) on UNIX to finish the message and ^Z (CTRL+Z) on Windows. Note that you still need to specify subject or message arguments when this option is specified.

-a

Removes the requirement to specify a subject or a message body. This option is most useful when used with a SystemEDGE action.

Chapter 5: Command Line Utilities 47

email.exe Utility--Send an Email

-r smtp_server

Lets you specify the mail server name to use when sending the email. By default, the program looks up the MX record of the host in the 'To' address, and tries to send the email that way. However, if the program is unable to connect to the destination mail exchanger (due to a firewall), you can send the message through the local mail server, specified by the -r option.

-xhdrf filename

Adds user defined information from a file to the email header. You can use this option to specify ISO character set information.

source-addr

Specifies the source email address in the format user@domain.

dest-addr

Specifies the destination email address in the format user@domain.

subject

Specifies the subject text of the email. Enclose the subject text in single quotes if the text contains more than one word.

message

Specifies the message body of the email. Enclose the message text in single quotes if the text contains more than one word.

Examples

email.exe -r mail.foo.com [email protected] [email protected] 'email subject' 'email

message'

email.exe -v -r mail.foo.com [email protected] [email protected] 'email subject' 'email

message'

email.exe -v -s -r mail.foo.com [email protected] [email protected] 'email subject'

'email message'

48 User Guide

sendtrap Utility--Generate and Send SNMP Trap Messages

sendtrap Utility--Generate and Send SNMP Trap Messages sendtrap sends a SNMP trap PDU from the node you are on to any node on your network. By default, SNMP trap PDUs are sent to the SNMP Trap port (UDP/162) on the specified host. The sendtrap utility can send SNMPv1, SNMPv2c, and SNMPv3 UDP traps, and can work in IPv4 and IPv6 environments. The Enterprise field for all Trap PDUs that sendtrap sends is empire(546).9.6.


sendtrap

[-f from_addr | from_host]

[-h dest_addr | dest_host]

[-i] [-r retries]

[-p port]

[-c community]

[-v 1 | 2c | 3]

[-u secName]

[-s secLevel]

[-n contextName]

[-a authPassword] [-A MD5 | SHA]

[ -x privPassword] [-X DES | AES | 3DES]

[-m FIPS_mode]

[-t timeout]

[-d logLevel]

[enterprise-oid] [trap-type] [subtype] [data-oid] [oid-type] [oid-value]

-f from_addr | from_host

Changes the source address in the SNMP Trap PDU. The default value is an IP address of the host that is executing sendtrap.

-h dest_addr | dest_host

Specifies the destination host name or IP address to which the trap is being sent.

-i

Sends inform requests (INFORM REQUEST) and waits for acknowledgement. These are also known as confirmed traps. Specify -i only if the -v (trap version) argument is 2c (SNMPv2c) or 3 (SNMPv3).

-r retries

Specifies the number of retries to deliver an inform request until it is acknowledged.

-p port

Specifies the UDP port that the agent is running on (for example, 1691).

Default: 161



-c community

Specifies a community string that the agent uses. Valid for SNMPv1 and SNMPv2c only.

Note: A read-write community string has to be specified for snmpset.

Default: public

-v 1 | 2c | 3

Indicates the version of SNMP that the agent is running. Specify 1 for SNMPv1, 2c for SNMPv2c, or 3 for SNMPv3.

Default: 1

-u secName

Specifies the name of the SNMPv3 secure user.

Default: none

-s secLevel

Specifies one of the following security levels for SNMPv3 communication:

■ 1 - noAuthNoPriv

■ 2 - AuthNoPriv

■ 3 - AuthPriv (SNMPv3 only)

Default: none

-n contextName

Specifies the context name used by the agent if it is configured as SNMPv3.

Note: This option is not required for SNMPv3 communication.

Default: none

-a authPassword

Specifies the authentication password if the agent is configured for SNMPv3 with secLevel 2 (AuthNoPriv) or 3 (AuthPriv).

Default: none

-A MD5 | SHA

Specifies the authentication protocol to be used by SNMPv3. This is required if the SNMPv3 user is configured with secLevel 2 (AuthNoPriv) or 3 (AuthPriv). Currently only MD5 (Message Digest Algorithm) and SHA (Secure Hash Algorithm, if the agent is configured for SNMPv3 with secLevel 2 (AuthNoPriv) or 3 (AuthPriv)) are used.

Default: MD5

50 User Guide


-x privPassword

Specifies the privacy (encryption) password if the agent is configured for SNMPv3 with secLevel 3 (AuthPriv).

Default: none

-X DES | AES | 3DES

Specifies the privacy protocol if the SNMPv3 user is configured with secLevel 3 (AuthPriv). Specify DES for Data Encryption Standard, AES for Advanced Encryption Standard using cryptographic keys of 128 bits (AES128), and 3DES for Triple Data Encryption Standard.

Default: none

-m FIPS_mode

Controls the FIPS mode of operation. Accepted values are 0, 1, and 2.

0

Indicates Non-FIPS mode.

1

Indicates FIPS co-existence mode.

2

Indicates FIPS only mode.

-t timeout

Specifies the duration before the SNMP receiver considers the request as timed out.

Default: 10 seconds



-d logLevel

Specifies the log level of the SNMP messages. Accepted values are 0 to 5.

0


1


2


3

Logs informational messages.

4


5

Logs all of the messages including debugging messages.

Default: 0

enterprise-oid

Specifies the top level enterprise object identifier that represents this trap.

trap-type

Specifies the generic trap type in the SNMP Trap PDU. Defined in RFC 1157, this field can accept one of the following values (integers 0 - 6):

■ 0 - cold start

■ 1 - warm start

■ 2 - link down

■ 3 - link up

■ 4 - authentication failure

■ 5 - EGP Neighbor Loss

■ 6 - enterprise specific

Values less than 0 (zero) cause sendtrap to print an error message and exit. Values greater than 6 cause sendtrap to issue a warning message.

subtype

Specifies an enterprise-specific trap subtype. An accepted value for this field is an integer. You should only specify this if the trap type is 6 (Enterprise specific trap).

52 User Guide


data-oid

Specifies the Object Identifier (OID) that is included in the SNMP Trap PDU.

oid-type

Specifies the type of the OID value to be set. OID type can be one of the following:

-i

integer

-o

octet string. Valid on character strings, binary and string IPv4 and IPv6 addresses, and string host names.

-s

string

-d

object identifier

-a

IPv4 address only

-c

counter value

-C

64 bit counter value

-g

gauge

-t

time ticks

oid-value

Specifies the value of the OID to be set. The type of the OID value should match OID-type.

Notes:

■ The default port number for sendtrap is 162.

■ The enterprise OID, trap type and data OID pair should be the last in the argument list.

■ You can specify multiple data OID pairs (commonly referred as varbinds) separated by a blank space. All of the varbinds are then associated with the same enterprise oid, trap type, and trap sub-type.



■ If sendtrap is sending a SNMPv3 trap, the information passed by sendtrap should match the information stored in the agent's SNMPv3 configuration file of the receiver. You do not need any configuration files to run sendtrap.

sendtrap Examples

./sendtrap -h box1.domain.com -f from.domain.com -v 2c -c admin -p 1692 1.2.3.4 6

1023 1.3.6.1.2.1.2.2.1.1.1 -i 3 1.3.7.8.9.10.11 -s “Trap value”

box1.domain.com

Sends the trap to this host name.

from.domain.com

Sends the trap with from.domain.com in the from address in the trap PDU.

1692

Specifies the port number to send the trap.

1.2.3.4

Specifies the enterprise OID.

6

Specifies the trap type (enterprise specific trap).

1023

Specifies the enterprise specific trap sub-type.

1.3.6.1.2.1.2.2.1.1.1 and 1.3.7.8.9.10.11

Specify the data OIDs.

-i and -s

Specify the oid types.

3 and “Trap value”

Specify the OID values of the respective OIDs.

The following example sends an authentication failure (trap_type: 4) SNMPv1 trap with varbinds 1.3.6.1.2.1.2.2.1.1.1 and 1.3.7.8.9.10.11 to port 162 on the host with IP address Ea2f:fe90:abcd:0000:230:a2f:200:ad01:

./sendtrap -h Ea2f:fe90:abcd:0000:230:a2f:200:ad01 -v 1 -c admin 1.2.3.4 4

1.3.6.1.2.1.2.2.1.1.1 -i 3 1.3.7.8.9.10.11 -s “Trap value”

54 User Guide


The following example sends an authentication failure (trap_type: 4) SNMPv3 Inform request with varbinds 1.3.6.1.2.1.2.2.1.1.1 and 1.3.7.8.9.10.11 to port 162 on the host with IP address 130.10.100.101. It waits for acknowledgement with a timeout of 30 seconds and retries 2 times.

./sendtrap -h 130.10.100.101 -p 2009 -i -r 2 -t 30 -u user1v3 -A SHA -a osa -X

AES -x osp -v 3 -s 3 -t 30 -h 130.10.100.101 1.2.3.4 4 1.3.6.1.2.1.2.2.1.1.1 -i 3

1.3.7.8.9.10.11 -s “Trap value”

Old Usage

Important! The following old usage is deprecated. The use of the above argument format is strongly encouraged, as the old argument format will not be supported in the future.

sendtrap host TrapType SpecificType {EnterpriseOid} [varbinds]

Old Usage Examples

The following old usage examples include sample filters that you can add to a file. Add these filters to the CA eHealth TrapEXPLODER configuration file to perform the actions that they describe.

Example: Send an Enterprise-Specific Trap 4 PDU

This example sends an enterprise-specific Trap 4 PDU (without variable bindings) to the local host.

sendtrap 127.0.0.1 6 4 < /dev/null

Example: Send a MIB-II linkup(3) Trap

This example sends a MIB-II linkUp(3) Trap PDU to the local host with a single variable binding that contains the integer 1 for a Windows system.

sendtrap 127.0.0.1 3 0

1.3.6.1.2.1.2.2.1.1.1 integer 1

^Z

Note: For a UNIX system, use the ^d end-of-file character instead of ^Z.

Example: Redirect Variable Bindings from stdin into sendtrap

This example redirects variable bindings from stdin into sendtrap.

sendtrap 127.0.0.1 6 321 <<!

1.3.6.1.2.1.4.20.1.1.5.5.5.5 ipaddr 5.5.5.5

1.3.6.1.2.1.4.20.1.1.6.6.6.6 ipaddr 6.6.6.6

1.3.6.1.2.1.4.20.1.1.127.0.0.1 ipaddr 127.0.0.1!



Note: Invoke this command in the UNIX shell /bin/sh. Input/output redirection is specific to each shell. For information about redirecting variable bindings with other shells, consult the man pages for those shells.

If you want to invoke sendtrap from within another C program, see the call-sendtrap.c (UNIX), or callsend.c (Windows) sample file included in the scripts subdirectory. These scripts show how to correctly invoke sendtrap and pass the requested variable bindings.

Specify Variable Bindings for sendtrap

You can specify optional variable bindings as standard input to sendtrap. Variable bindings are data fields in the SNMPv1 Trap PDU. Each variable binding associates a particular object instance with its current value and contains an object-identifier, an object type, and a value. Variable bindings are passed as input to sendtrap as ASCII character strings. The sendtrap utility converts them to SNMPv1 format.

You must enter each variable binding on a separate input line. The variable-bindings list is terminated by an end-of-file (EOF) character (^Z for Windows systems, or ^d for UNIX systems). If you do not want to provide variable bindings to sendtrap, redirect input from /dev/null or a zero-length file.

The OIDs are specified in dotted-notation format (for example, 1.3.6), and types are indicated from a set of constant, case-insensitive strings. The type may be one of the following:

■ ipaddr

■ cntr

■ gauge

■ timeticks

■ integer

■ string

■ objid

Values are dependent on the type and are converted appropriately to internal format. If sendtrap encounters conversion errors, it skips the current variable binding, rather than abandoning trap generation.

You can script this utility to redirect variable bindings from standard input (stdin) to sendtrap.

56 User Guide

xtrapmon Utility--Receive and Log Trap Messages

Notes:

■ If you are not using input from a file, you must provide the end-of-file character for each sendtrap command. Use ^Z for Windows systems or ^d for UNIX systems.

■ The maximum number of varbinds that you can specify in a single trap is 100.

SpecificType

Specifies the integer to use in the enterprise-specific trap type field in the Trap PDU. SpecificType values less than 0 cause sendtrap to print an error message and exit.

Note: The sendtrap utility reports 0 for the Trap PDU's time-stamp field because it cannot know the real value. Due to internal limits, sendtrap can send a maximum of 32 variable bindings in a single Trap PDU. You must be able to represent object values as an ASCII character string to enable sendtrap to read, convert, and send them within Trap PDUs. sendtrap does not recognize or convert ASCII strings for the TrapType or SpecificType arguments. You can specify only integers for these fields.

xtrapmon Utility--Receive and Log Trap Messages xtrapmon captures SNMP traps sent to a given UDP port on a system and displays the information contained in those traps. It can accept SNMPv1, SNMPv2c, and SNMPv3 traps and can function in IPv4 or IPv6 networks.


xtrapmon

[-T]

[-p port]

[-e SNMPV3_config_file]

[-m FIPS_mode] [-l traps-log-file]

[-k debug_level] [h]

-T

(UNIX only) Runs xtrapmon in text mode. This option displays any trap messages to the screen (stderr) and will suppress launching X windows popup dialogs.

-p port

Specifies the port number that xtrapmon listens for traps.

Default: 162



-e SNMPV3_config_file

Specifies the absolute path of the SNMPv3 configuration file. xtrapmon uses the default sysedgeV3.cf from the config sub-directory of the CA eHealth TrapEXPLODER installation directory.

-m FIPS_mode

Specifies the xtrapmon FIPS mode of operation. Accepted values are 0, 1, and 2.

0

Indicates non-FIPS mode.

1

Indicates FIPS co-existence mode.

2

Indicates FIPS only mode.

Note: FIPS mode requires installation of the CA eHealth Advanced Encryption package.

-l traps-log-file

Specifies the absolute path of the log file name to log the received traps.

-k debug_level

Specifies the log level of the SNMP messages to be logged in the xtrapmon.log file. Note that the usage of -k in xtrapmon differs from the other utilities, which use -d for the SNMP messages log level. Accepted values are 0 to 5.

0


1


2


3

Logs information messages.

4


5

Logs all of the messages including debugging messages.

Default: 1

58 User Guide


-h

Displays the usage message for xtrapmon.

/?

Displays the usage message for xtrapmon (Windows only).

Examples

The following example starts xtrapmon on the default port 162 and the default SNMPv3 configuration file sysedgeV3.cf on UNIX and Windows:

xtrapmon

The following example starts xtrapmon on the non-default port 2091 using the SNMPv3 configuration file usersnmpv3.cf in FIPS only mode and logs the traps to the file usertraplog.txt:

UNIX

./xtrapmon -p 2091 -e /usr/temp/usersnmpv3.cf -m 2 -l /usr/temp/usertraplog.txt

Windows

xtrapmon -p 2091 -e \usr\temp\usersnmpv3.cf -m 2 -l \usr\temp\usertraplog.txt

The following example starts xtrapmon in text mode (UNIX only):

./xtrapmon -T -p 2091

The following example starts xtrapmon in text mode and suppresses the trap messages to the screen but logs them to a file (UNIX only):

./xtrapmon -T -p 2091 -l /usr/temp/usertraplog.txt 2>/dev/null

xtrapmon on UNIX Systems

On UNIX systems, xtrapmon can run as an X window application that uses Motif 2.1 or later libraries, or as a text-based console application.

■ xtrapmon starts as an X window application by default using X windows dialogs. xtrapmon has a static window with the total number of received traps and a copyright text. It additionally opens alert dialogs every time a trap is received with the trap information. You can discard (close) these additional trap dialogs once the trap information is reviewed.

■ You can start xtrapmon in text mode using the -T option. This mode logs trap messages to the user terminal (stderr) where xtrapmon is started.

You must install Motif 2.1 (or later) libraries to run xtrapmon on UNIX systems.



xtrapmon on Windows Systems

On Windows systems, xtrapmon is a text based console application. If a trap is received, it displays the trap information on the console.

Authentication in xtrapmon

xtrapmon does not validate SNMPv1/v2c community strings. It displays any SNMPv1/v2c trap that is received on the xtrapmon UDP port (default 162).

You can start xtrapmon with SNMPv3 user information using the default sysedgeV3.cf in the config sub-directory of the CA eHealth TrapEXPLODER installation. To configure SNMPv3 user information, see xtrapmon SNMPv3 Configuration in this chapter.

xtrapmon only accepts SNMPv3 traps that match the SNMPv3 user information that xtrapmon starts with.

Trap Report Data

xtrapmon displays the following data about traps that it captures in a report:

Time

Specifies the local time of the host that receives the trap (the host that is running xtrapmon) for SNMPv1 traps. Specifies the time specified in the packet from the host that is sending the traps for SNMPv2/v3 traps.

Agent address

Specifies the address of the host sending the trap.

Agent Type

Specifies the agent Object Identifier (OID) that identifies the agent.

Specific Trap

Specifies the specific trap type (Trap sub-type) when the trap is an enterprise specific (6) trap. If the trap is not an enterprise specific trap, a value of 0 (zero) displays.

60 User Guide


Trap Type

Specifies the trap type of the received trap. Displayed values are 0 to 6.

0

Cold Start

1

Warm Start

2

Link Failure

3

Link Up

4

Authentication Failure

5

EGP Neighbor Lost

6

Vendor Specific (also known as Enterprise)

xtrapmon SNMPv3 Configuration

You can configure xtrapmon to use SNMPv3 based communication. CA eHealth TrapEXPLODER provides a configuration file, sysedgeV3.cf, for configuring SNMPv3 user and key information to be used by xtrapmon.

Modifying the SNMPv3 Configuration File

The sysedgeV3.cf file contains policy defining how the SNMP administrator handles responsibilities and specifies the level of security expected when accessing a host. The sysedgeV3.cf file is located in the config subdirectory of the CA eHealth TrapEXPLODER installation directory.

The sysedgeV3.cf configuration file lets you specify the following:

■ SNMP engine ID prefix

■ SNMPv3 security users

■ The level of security

■ Authentication protocol and its associated password

■ Encryption (privacy) protocol and its associated password



SNMPv3 User Configuration

The user configuration section of the SNMPv3 configuration file expects two types of keywords, SNMP_V3_ENGINE_ID or SNMP_V3_USER_INFO. These are the only keywords that the xtrapmon utility recognizes. Other keywords, such as SNMP_V2_TRAP_INFO, SNMP_V2_NOTIFICATION_INFO, SNMP_V3_TRAP_INFO, and SNMP_V3_NOTIFICATION_INFO, are ignored by xtrapmon.

SNMP_V3_ENGINE_ID Keyword

The SNMP_V3_ENGINE_ID keyword specifies a textual SNMP engine ID prefix, which will be concatenated with a process ID and IP address by the agent's SNMP library. The default value is SystemEDGEAdmin. Do not use spaces in the configured string.

For example, the following line in the SNMPv3 configuration file specifies the string CompanySNMPV3ADMIN as a prefix for SNMP engine ID:

SNMP_V3_ENGINE_ID CompanySNMPV3ADMIN

Note: This value should not contain any spaces.

SNMP_V3_USER_INFO Keyword

The SNMP_V3_USER_INFO keyword specifies the SNMPv3 USM user's information and security information. The SNMP_V3_USER_INFO keyword has the following syntax. All of the configuration fields for a SNMPv3 user must be on one line and in the specified order separated by blank spaces:

SNMP_V3_USER_INFO contextName userName securityModel securityLevel authProtocol

authPassword privProtocol privPassword

contextName

Specifies the context name used by the agent in the following format (no blank spaces are allowed; blank spaces are provided in this usage for reading clarity only):

mibName<:InstanceName><|access|ip_filter>

mibName<:InstanceName>

Specifies access to a mibName and an instance name. * (asterisk) is the only supported value in this field. This value is mandatory.

access

Specifies read or write access. "Read" or "write" are accepted values.

*|read

Specifies that the SNMPv3 user will have read-only access to the agent.

62 User Guide


*|write

Specifies that the SNMPv3 user will have read and write access to the agent.

Note: Because xtrapmon does not write anything to the MIB, specifying read or write causes the same results.

ip-filter

Specifies an IP filter to filter the requests originated from a specified IP address or a subnet. This field has no effect for xtrapmon and is not required.

userName

Specifies the name of the SNMPv3 secure user.

securityModel

Specifies the SNMPv3 security model in use. The CA Health TrapEXPLODER agent currently only supports the User-based Security Model (USM), which is designated a value of 3. Only a value of 3 is supported.

securityLevel

The following values are supported for the supported levels of security:

noAuthNoPriv

Indicates that no authentication and no privacy (encryption) protocols are configured for use for this SNMPv3 user.

AuthNoPriv

Indicates that an authentication protocol is configured and no privacy protocol is configured for this SNMPv3 user.

AuthPriv

Indicates that an authentication and a privacy protocol is configured for use with this SNMPv3 user.

authProtocol

Specifies the authentication protocol to be used. Currently MD5 and SHA protocols are only used. Specify MD5 or SHA to indicate the type of authentication protocol to use.

You should only specify this option if AuthPriv or AuthNoPriv security level is set.

authPassword

Specifies the SNMPv3 user's authentication password (key) used by the authentication protocol. Specifying authPassword is required if authProtocol (MD5 or SHA) is set.

You should only specify this option if AuthPriv or AuthNoPriv security level is set.



64 User Guide

privProtocol

Specifies the encryption (privacy) protocol used by the SNMPv3 user. DES, 3DES, and AES-128 are the only protocols supported. Specify the value DES, 3DES, or AES (for AES-128).

If you specify an encryption protocol, you must specify authProtocol and authPassword also. If you specify privProtocol, AuthPriv is the only supported securityLevel.

privPassword

Specifies the SNMPv3 user's encryption password (key) used by the encryption protocol. privPassword is required if you set privProtocol.

The installed configuration file, sysedgeV3.cf, has examples documented to provide easy and clear access to the information for the system administrators managing xtrapmon's SNMPv3 user information.

Examples

Examples of valid SNMPv3 user definitions follow:

SNMP_V3_USER_INFO * joedoe1 3 AuthPriv MD5 apass AES ppass

SNMP_V3_USER_INFO *|read joedoe2 3 AuthPriv SHA apass DES ppass

SNMP_V3_USER_INFO *|read joedoe3 3 AuthNoPriv SHA apass

SNMP_V3_USER_INFO *|write joedoe4 3 noAuthNoPriv

Index

configuring • 32 A extending fault tolerance • 10

aview action F configuring • 32

features • 7 B file action configuring • 32 blind action

filtering • 8 configuring • 32 configuring • 30 blind trap forwarding • 40 examples • 37 break action fields • 32 configuring • 32 formatting filters • 31

C IPv6 addresses • 37 traps • 8

configuration file forward action

editing • 27 configuring • 32

specifying • 43 forwarding traps

configuring • 32 blindly • 40

address reuse • 29 through TCP

aview action • 32 description • 10

blind action • 32 example • 37

break action • 32 through UDP • 40

debug mode • 28 to element managers • 10

eh action • 32 to other trap receivers • 9

exec action • 32

I file action • 32 forward action • 32

installing TrapEXPLODER nat action • 32 HP-UX systems • 18, 19, 21 prerequisites • 27 Linux systems • 22, 23 receive buffer • 28 Solaris SPARC systems • 15, 16, 17 tcp action • 32 Windows systems • 45 tcpbuff action • 32

integrating with eHealth • 11 translation of trap version • 30 IPv6 addresses, filtering • 37 TrapEXPLODER • 27

xtrapmon • 57 L E log file size limit, setting • 29

eh action M configuring • 32

eHealth • 11 match trap to filters • 9 email, sending • 47 minimizing delay during restarts • 29 email.exe utility • 47 N error codes • 41 examples nat action

filtering • 37 configuring • 32 exec action

Index 65

R receive buffer • 28, 29 receiving socket • 28 restarts

minimizing delay • 29 reuse_address option • 29

S sendtrap

command format • 49 options • 56 overview • 49

silent installation on HP-UX • 21 on Linux • 23 on Solaris SPARC • 17

silent uninstallation, on UNIX • 25 SNMP_V3_ENGINE_ID keyword • 62 SNMP_V3_USER_INFO keyword • 62 SNMPv1 traps • 30 SNMPv2c traps • 30 SNMPv3 configuration

configuring users • 62 keywords • 62 modifying the configuration file • 61

SNMPv3 traps • 30 so_rcvbuf option • 28 socket buffer • 28 specifying • 43

configuration file to read • 43 variable bindings • 56

start TrapEXPLODER UNIX systems • 43 Windows systems • 14

stopping on UNIX • 45 on Windows • 45

T tcp action

configuring • 32 TCP forwarding of traps • 39 tcpbuff action

configuring • 32 technical support • iii translate_v2c_traps option • 30 translating SNMPv2c traps to SNMPv1 traps •

30

trap filtering • 8 format • 31 forwarding to element managers • 10 listening for on UDP/TCP • 29 loops • 27 message fields • 9 pre-server • 11 SNMP format • 31 translating v2c to v1 • 30

trapexploder service • 45 utility • 43

trapexploder.cf file editing • 27

TrapEXPPLODER configure • 27 installation on HP-UX systems • 18, 19, 21 installation on Linux systems • 22, 23 installation on Solaris SPARC systems • 15,

16, 17 installing on Windows systems • 14 starting on UNIX systems • 43 starting on Windows systems • 45 with CA eHealth • 11

U UDP forwarding of traps • 40 uninstalling

on UNIX • 25 on Windows • 24

utilities email.exe • 47 sendtrap • 49 xtrapmon • 57

V variable bindings • 56

X xtrapmon utility

authentication in • 60 configuring to use SNMPv3 • 61, 62 data displayed • 60 syntax • 57 UNIX • 59 Windows • 60

66 User Guide

CA eHealth TrapEXPLODER User Guide · PDF fileCA eHealth TrapEXPLODER CA eHealth TrapEXPLODER...

Documents

Transcript of CA eHealth TrapEXPLODER User Guide · PDF fileCA eHealth TrapEXPLODER CA eHealth TrapEXPLODER...