|
[-]
[+]
|
Changed |
snmptt.spec
|
|
|
|
[-]
[+]
|
Changed |
snmptrapd.init-suse
^
|
| @@ -10,7 +10,7 @@
#
### BEGIN INIT INFO
# Provides: snmptrapd
-# Required-Start: $remote_fs $syslog $network $snmp
+# Required-Start: $remote_fs $syslog $network snmpd
# Required-Stop: $remote_fs $syslog
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
|
|
[-]
[+]
|
Changed |
snmptt.init-suse
^
|
| @@ -12,7 +12,7 @@
#
### BEGIN INIT INFO
# Provides: snmptt
-# Required-Start: $remote_fs $syslog $network $snmptrapd
+# Required-Start: $remote_fs $syslog $network snmptrapd
# Required-Stop: $remote_fs $syslog
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
|
|
[-]
[+]
|
Changed |
snmptt_1.2.tar.bz2/ChangeLog
^
|
| @@ -1,3 +1,133 @@
+June 16th, 2007: Alex Burger <alex_b@users.sourceforge.net>
+- Changed version to snmptt_1.2 for release.
+
+June 9th, 2007: Alex Burger <alex_b@users.sourceforge.net>
+- Change REGEX to use Text::Balanced instead of split to fix bug with
+ REGEX statements that contain captures.
+
+Apr 6th, 2007: Alex Burger <alex_b@users.sourceforge.net>
+- Release snmptt_1.2beta3
+
+Apr 6th, 2007: Alex Burger <alex_b@users.sourceforge.net>
+- Add workaround to Net-SNMP 5.4 bug 1638225 where the host name passed
+ in the traphandle is <UNKNOWN>.
+
+Mar 4th, 2007: Alex Burger <alex_b@users.sourceforge.net>
+- Fixed bug where snmptt tried to log to syslog when
+ changing UIDs even if syslog_system_enable was set to 0.
+ Thanks to Alex Peeters for reporting the bug.
+- The snmptt.pid file is now deleted when SNMPTT exits gracefully.
+- When running in daemon mode with a daemon_uid user defined, a
+ second (child) process will be started as the daemon_uid user so
+ there will be two snmptt processes running.
+ The first process will continue to run as the user that ran
+ snmptt (usually root), waiting for the child to quit. After the
+ child quits, the parent process will remove the snmptt.pid file
+ and exit. The snmptt.pid file will contain the pid of the parent
+ process. Sending a TERM signal to either process will cause
+ SNMPTT to terminate gracefully.
+ If you are not starting snmptt using root, then you should not
+ be defining daemon_uid.
+- Now aborts startup if an existing snmptt.pid file is found.
+- Verifies that it is able to write to the pid_file folder before
+ starting up. If it can not, it aborts. Only does this if
+ pid_file has been defined. Otherwise it attempts to create the
+ pid file and if it fails, it just continues as in previous versions.
+
+Mar 3rd, 2007: Alex Burger <alex_b@users.sourceforge.net>
+- Added a text system log in addition to the existing syslog and Event
+ Log logs. Added log_system and log_system_file snmptt.ini options.
+ Thanks to Alex Peeters for reporting the bug.
+- Added snmptt.ini option pid_file to allow for custom pid file locations
+ when running in daemon mode. Thanks to Alex Peeters for the suggestion.
+- Fixed bug where pid file did not contain the current pid of snmptt.
+ Thanks to Alex Peeters for reporting the bug.
+
+Feb 10th, 2007: Alex Burger <alex_b@users.sourceforge.net>
+- Added information to Nagios section of documentation for
+ using freshness checks to automatically clear trap alerts.
+- Added information to Nagios section of documentation for
+ using SNMP traps as heartbeats by using freshness checks.
+ Thanks to Martin Fuerstenau. See bug 1629565.
+
+Jan 27th, 2007: Alex Burger <alex_b@users.sourceforge.net>
+- Fixed bug in threads support. EXEC'd commands were all passed
+ the same $command variable. Threads are now detached after
+ being created.
+- Changed version to snmptt_1.2beta3
+
+Dec 21st, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Fixed bug in snmpttconvertmib where a --#SEVERITYMAP line
+ would be used instead of --#SEVERITY.
+
+Dec 18th, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Added unknown_trap_exec_format option
+
+Dec 7th, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Added exec_escape option
+- Changed version to snmptt_1.2beta2
+
+Nov 18th, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Changed version to snmptt_1.2beta1
+
+Sept 23rd, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Added a simple check to see if the trap file being processed is a
+ valid file. If it is not, the file is skipped and not deleted.
+
+Sept 15th, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Added snmptt.ini options date_format, time_format, date_time_format,
+ date_time_format_sql and stat_time_format_sql to allow the output format
+ for $x and $X substitution variables, and the format of the date/time for
+ text logs and SQL to be changed using strftime() variables. This allows
+ for proper date/time data types to be used in SQL databases.
+
+June 18th, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Prevent logging to syslog and event log when running SNMPTT with
+ the --time option. Thanks to Stefan Mohr.
+- Fixed a bug under Windows where SNMPTT was trying to log to syslog instead of
+ the event log. Thanks to Roger Lindholm.
+- Add threads (ithreads) support for EXEC. When enabled, EXEC commands will
+ launch in a thread to allow SNMPTT to continue processing other traps.
+ Added snmptt.ini options threads_enable and threads_max.
+
+May 13th, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Moved unknown_trap_exec to Exec section in snmptt.ini. Patch
+ 1476071. Thanks to George Kourvoulis.
+
+Mar 23rd, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Added MATCH support for bitwise AND
+
+Mar 13th, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Fix a bug where snmpttconvertmib does not handle ARGUMENTS lines
+ that have $1, $2 etc instead of %0, %1. Thanks to Todd A. Green.
+ Bug 1438394.
+
+Mar 12th, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Move all SQL update code to subroutines (mysql_update etc).
+- Added logging of trap statistics to SQL table. Added *table_statistics
+ snmptt.ini variable to define the table to be used.
+- Added ability to add custom columns to *_table and *_table_unknown
+ tables. Added sql_custom_columns and sql_custom_columns_unknown
+ snmptt.ini options.
+- Added variable substitution $H. This variable will default to the
+ host name of the computer that is running SNMPTT, unless the
+ snmptt_system_name snmptt.ini option is defined.
+- Sys::Hostname is now required.
+
+Mar 4th, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Fix a bug where snmpttconvertmib would not translate a TRAP-TYPE /
+ NOTIFICATION-TYPE line if it was split across two lines. Thanks
+ to Todd A. Green. Bug 1438794.
+
+Jan 20th, 2006: Alex Burger <alex_b@users.sourceforge.net>
+- Changed version to snmptt_1.2beta
+- Fix bug in process trap for $match_temp 'remove any white space from before
+ and after i modifier'
+- Added 'use strict' to snmptt
+- Added 'use strict' to snmpttconvertmib
+- Added 'use strict' to snmpttconvert
+- Added 'use strict' to snmptthandler and improved debugging
+
Jan 17th, 2006: Alex Burger <alex_b@users.sourceforge.net>
- Changed version to snmptt_1.1
|
|
[-]
[+]
|
Changed |
snmptt_1.2.tar.bz2/docs/faqs.html
^
|
| @@ -9,7 +9,7 @@
<meta content="Mozilla/4.78 [en] (Windows NT 5.0; U) [Netscape]" name=
"GENERATOR" />
<link rel="StyleSheet" type="text/css" href="layout1.css" />
-<title>SNMP Trap Translator v1.1</title>
+<title>SNMP Trap Translator v1.2</title>
</head>
<body>
<h1>SNMPTT FAQ / Troubleshooting</h1>
|
|
[-]
[+]
|
Changed |
snmptt_1.2.tar.bz2/docs/snmptt.html
^
|
| @@ -1,11 +1,10 @@
-<!DOCTYPE doctype PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content=
-"HTML Tidy for Linux/x86 (vers 1st October 2003), see www.w3.org" name=
-"generator" />
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
+"HTML Tidy for Linux/x86 (vers 1 September 2005), see www.w3.org"
+name="generator" />
+<meta http-equiv="Content-Type" content=
+"text/html; charset=us-ascii" />
<meta name="Author" content="Alex Burger" />
<meta name="GENERATOR" content=
"Mozilla/4.78 [en] (Windows NT 5.0; U) [Netscape]" />
@@ -13,11 +12,9 @@
<title>SNMP Trap Translator</title>
</head>
<body>
-
- <h1>SNMP Trap Translator v1.1</h1>
-
+<h1>SNMP Trap Translator v1.2</h1>
<b>(<a href="http://www.snmptt.org">SNMPTT</a>)</b><br />
-This file was last updated on: January 17th, 2006
+This file was last updated on: June 16th, 2007
<p><a href="#License">License</a></p>
<p><a href="#What-is-it">SNMPTT</a></p>
<blockquote><a href="#What-is-it">What is it?</a><br />
@@ -26,29 +23,36 @@
<a href="#Whats-New">What's New</a><br />
<a href="#Upgrading">Upgrading</a><br />
<a href="#Installation-Overview">Installation</a><br />
-<b> </b> <a href="#Installation-Overview">Overview</a><br />
+<b> </b> <a href=
+"#Installation-Overview">Overview</a><br />
<b> </b> <a href="#Installation-Unix">Unix</a><br />
-<b> </b> <a href="#Installation-Windows">Windows</a><br />
-<b> </b> <a href="#SecuringSNMPTT">Securing SNMPTT</a><br />
-<a href="#Configuration-Options">Configuration Options - snmptt.ini</a><br />
+<b> </b> <a href=
+"#Installation-Windows">Windows</a><br />
+<b> </b> <a href="#SecuringSNMPTT">Securing
+SNMPTT</a><br />
+<a href="#Configuration-Options">Configuration Options -
+snmptt.ini</a><br />
<a href="#LoggingStandard">Logging</a><br />
<b> </b> <a href="#LoggingStandard">Standard</a><br />
-<b> </b> <a href="#LoggingUnknown">Unknown Traps</a><br />
+<b> </b> <a href="#LoggingUnknown">Unknown
+Traps</a><br />
<b> </b> <a href="#LoggingSyslog">Syslog</a><br />
<b> </b> <a href="#LoggingEventLog">EventLog</a><br />
<b> </b> <a href="#LoggingDatabase">Database</a><br />
-<b> </b> <a href="#LoggingDatabase-MySQL">MySQL</a><br />
+<b> </b> <a href=
+"#LoggingDatabase-MySQL">MySQL</a><br />
<b> </b> <a href=
"#LoggingDatabase-PostgreSQL">PostgreSQL</a><br />
-<b> </b> <a href="#LoggingDatabase-ODBC">ODBC</a><br />
-<b> </b> <a href="#LoggingDatabase-Windows_ODBC">Windows
-ODBC</a><br />
+<b> </b> <a href=
+"#LoggingDatabase-ODBC">ODBC</a><br />
+<b> </b> <a href=
+"#LoggingDatabase-Windows_ODBC">Windows ODBC</a><br />
<a href="#Executing-an-external-program">Executing an external
program</a><br />
<a href="#Modes-of-Operation">Modes of Operation</a><br />
<a href="#Command-line-arguments">Command line arguments</a><br />
-<a href="#SNMPTT.CONF-Configuration-file-format">SNMPTT.CONF Configuration
-file format</a><br />
+<a href="#SNMPTT.CONF-Configuration-file-format">SNMPTT.CONF
+Configuration file format</a><br />
<a href="#SNMPTT.CONF-EVENT">EVENT</a><br />
<a href="#SNMPTT.CONF-FORMAT">FORMAT</a><br />
<a href=
@@ -60,103 +64,124 @@
<a href="#SNMPTT.CONF-REGEX">REGEX</a><br />
<a href="#SNMPTT.CONF-SDESC">SDESC</a><br />
<a href="#SNMPTT.CONF-EDESC">EDESC</a><br />
-<a href="#SNMPTT.CONF-Configuration-file-Notes">SNMPTT.CONF Configuration file
-Notes</a><br />
+<a href="#SNMPTT.CONF-Configuration-file-Notes">SNMPTT.CONF
+Configuration file Notes</a><br />
<a href="#DNS">Name resolution / DNS</a><br />
-<a href="#Sample1-SNMPTT.CONF-file">Sample1 SNMPTT.CONF file</a><br />
-<a href="#Sample2-SNMPTT.CONF-file">Sample2 SNMPTT.CONF file</a><br />
+<a href="#Sample1-SNMPTT.CONF-file">Sample1 SNMPTT.CONF
+file</a><br />
+<a href="#Sample2-SNMPTT.CONF-file">Sample2 SNMPTT.CONF
+file</a><br />
<a href="#Notes">Notes</a><br />
<a href="#Limitations">Limitations</a><br />
<a href="#Feedback">Feedback & Bugs</a><br />
<a href="#Integration-with-other-software">Integration with other
software</a><br />
-<b> </b> <a href="#Nagios-Netsaint">Nagios / Netsaint</a><br />
-<b> </b> <a href="#SEC">Simple Event Correlator (SEC)</a><br />
-<b> </b> <a href="#EventWin">Windows Event Log forwarding</a><br />
+<b> </b> <a href="#Nagios-Netsaint">Nagios /
+Netsaint</a><br />
+<b> </b> <a href="#SEC">Simple Event Correlator
+(SEC)</a><br />
+<b> </b> <a href="#EventWin">Windows Event Log
+forwarding</a><br />
<b> </b> <a href="#Hobbit">Hobbit</a></blockquote>
<br />
<h2><a id="License" name="License"></a>License</h2>
-<p>Copyright 2002-2006 Alex Burger<br />
+<p>Copyright 2002-2007 Alex Burger<br />
alex_b@users.sourceforge.net<br />
4/3/2002</p>
-<p>This program is free software; you can redistribute it and/or modify<br />
-it under the terms of the GNU General Public License as published by<br />
-the Free Software Foundation; either version 2 of the License, or<br />
+<p>This program is free software; you can redistribute it and/or
+modify<br />
+it under the terms of the GNU General Public License as published
+by<br />
+the Free Software Foundation; either version 2 of the License,
+or<br />
(at your option) any later version.</p>
-<p>This program is distributed in the hope that it will be useful,<br />
-but WITHOUT ANY WARRANTY; without even the implied warranty of<br />
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the<br />
+<p>This program is distributed in the hope that it will be
+useful,<br />
+but WITHOUT ANY WARRANTY; without even the implied warranty
+of<br />
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
+the<br />
GNU General Public License for more details.</p>
-<p>You should have received a copy of the GNU General Public License<br />
+<p>You should have received a copy of the GNU General Public
+License<br />
along with this program; if not, write to the Free Software<br />
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA<br />
</p>
<h2><a id="What-is-it" name="What-is-it"></a>What is it?</h2>
-<p>SNMPTT (SNMP Trap Translator) is an SNMP trap handler written in Perl for
-use with the Net-SNMP / UCD-SNMP <a href=
-"http://www.net-snmp.org/man/snmptrapd.html" target="net-snmp">snmptrapd</a>
-program (<a href="http://www.net-snmp.org" target=
-"net-snmp">www.net-snmp.org</a>). SNMPTT supports Linux, Unix and Windows.</p>
-<p>Many network devices including but not limited to network switches,
-routers, remote access servers, UPSs, printers and operating systems such as
-Unix and Windows NT have the ability to send notifications to an SNMP manager
-running on a network management station. The notifications can be either SNMP
-Traps, or SNMP Inform messages.</p>
-<p>The notification can contain a wide array of information such as port
-failures, link failures, access violations, power outages, paper jams, hard
-drive failures etc. The MIB (Management Information Base) available from the
-vendor determines the notifications supported by each device.</p>
-<p>The MIB file contains TRAP-TYPE (SMIv1) or NOTIFICATION-TYPE (SMIv2)
-definitions, which define the variables that are passed to the management
-station when a particular event occurs.</p>
-<p>The Net-SNMP program <b>snmptrapd</b> is an application that receives and
-logs SNMP trap and inform messages via TCP/IP. Following is a sample syslog
-entry for a Compaq cpqDa3LogDrvStatusChange trap that notifies that the drive
-array is rebuilding:</p>
-<p style="margin-left: 30px;">Feb 12 13:37:10 server11 snmptrapd[25409]:
-192.168.110.192: Enterprise Specific Trap (3008) Uptime: 306 days,
-23:13:24.29, .1.3.6.1.2.1.1.5.0 = SERVER08, .1.3.6.1.4.1.232.11.2.11.1.0 = 0,
-.1.3.6.1.4.1.232.3.2.3.1.1.4.8.1 = rebuilding(7)</p>
-<p style="margin-left: 30px;">or</p>
-<p style="margin-left: 30px;">Feb 12 13:37:10 server11 snmptrapd[25409]:
-192.168.110.192: Enterprise Specific Trap (3008) Uptime: 306 days,
-23:13:24.29, sysName.0 = SERVER08, cpqHoTrapFlags.0 = 0, cpqDaLogDrvStatus.8.1
+<p>SNMPTT (SNMP Trap Translator) is an SNMP trap handler written in
+Perl for use with the Net-SNMP / UCD-SNMP <a href=
+"http://www.net-snmp.org/man/snmptrapd.html" target=
+"net-snmp">snmptrapd</a> program (<a href="http://www.net-snmp.org"
+target="net-snmp">www.net-snmp.org</a>). SNMPTT supports Linux,
+Unix and Windows.</p>
+<p>Many network devices including but not limited to network
+switches, routers, remote access servers, UPSs, printers and
+operating systems such as Unix and Windows NT have the ability to
+send notifications to an SNMP manager running on a network
+management station. The notifications can be either SNMP Traps, or
+SNMP Inform messages.</p>
+<p>The notification can contain a wide array of information such as
+port failures, link failures, access violations, power outages,
+paper jams, hard drive failures etc. The MIB (Management
+Information Base) available from the vendor determines the
+notifications supported by each device.</p>
+<p>The MIB file contains TRAP-TYPE (SMIv1) or NOTIFICATION-TYPE
+(SMIv2) definitions, which define the variables that are passed to
+the management station when a particular event occurs.</p>
+<p>The Net-SNMP program <b>snmptrapd</b> is an application that
+receives and logs SNMP trap and inform messages via TCP/IP.
+Following is a sample syslog entry for a Compaq
+cpqDa3LogDrvStatusChange trap that notifies that the drive array is
+rebuilding:</p>
+<p style="margin-left: 30px;">Feb 12 13:37:10 server11
+snmptrapd[25409]: 192.168.110.192: Enterprise Specific Trap (3008)
+Uptime: 306 days, 23:13:24.29, .1.3.6.1.2.1.1.5.0 = SERVER08,
+.1.3.6.1.4.1.232.11.2.11.1.0 = 0, .1.3.6.1.4.1.232.3.2.3.1.1.4.8.1
= rebuilding(7)</p>
-<p>The output from snmptrapd can be changed via the -O option to display
-numeric or symbolic OIDs and other display options, but it generally follows
-the format of variable name = value, variable name = value etc.</p>
-<p>A more descriptive / friendly trap message can be created using SNMPTT's
-variable substitution. Following is the same trap, logged with SNMPTT:</p>
+<p style="margin-left: 30px;">or</p>
+<p style="margin-left: 30px;">Feb 12 13:37:10 server11
+snmptrapd[25409]: 192.168.110.192: Enterprise Specific Trap (3008)
+Uptime: 306 days, 23:13:24.29, sysName.0 = SERVER08,
+cpqHoTrapFlags.0 = 0, cpqDaLogDrvStatus.8.1 = rebuilding(7)</p>
+<p>The output from snmptrapd can be changed via the -O option to
+display numeric or symbolic OIDs and other display options, but it
+generally follows the format of variable name = value, variable
+name = value etc.</p>
+<p>A more descriptive / friendly trap message can be created using
+SNMPTT's variable substitution. Following is the same trap, logged
+with SNMPTT:</p>
<p style="margin-left: 30px;">Feb 12 13:37:13 server11 TRAPD:
-.1.3.6.1.4.1.232.0.3008 Normal "XLOGONLY" server08 - Logical Drive Status
-Change: Status is now rebuilding</p>
-<p>The definition for the cpqDa3LogDrvStatusChange trap in the SNMPTT
-configuration file would be defined as follows:</p>
-<p style="margin-left: 30px;">FORMAT Logical Drive Status Change: Status is
-now $3.</p>
-<p>The $3 represents the third variable as defined in the MIB file, which for
-this particular trap, is the cpqDaLogDrvStatus variable.</p>
+.1.3.6.1.4.1.232.0.3008 Normal "XLOGONLY" server08 - Logical Drive
+Status Change: Status is now rebuilding</p>
+<p>The definition for the cpqDa3LogDrvStatusChange trap in the
+SNMPTT configuration file would be defined as follows:</p>
+<p style="margin-left: 30px;">FORMAT Logical Drive Status Change:
+Status is now $3.</p>
+<p>The $3 represents the third variable as defined in the MIB file,
+which for this particular trap, is the cpqDaLogDrvStatus
+variable.</p>
<p>Another example of an SNMPTT configuration entry is:</p>
-<p style="margin-left: 30px;">FORMAT Compaq Drive Array Spare Drive on
-controller $4, bus $5, bay $6 status is $3.</p>
+<p style="margin-left: 30px;">FORMAT Compaq Drive Array Spare Drive
+on controller $4, bus $5, bay $6 status is $3.</p>
<p>Which could result in the following output:</p>
-<p style="margin-left: 30px;">"Compaq Drive Array Spare Drive on controller 3,
-bus 0, bay 3 status is Failed."</p>
-<p>Snmptt can log to any of the following destinations: text log, syslog, NT
-Event log or a SQL database. External programs can also be run to pass the
-translated trap to an email client, paging software, Nagios etc.</p>
-<p>In addition to variable substitution, SNMPTT allows complex configurations
-allowing:</p>
+<p style="margin-left: 30px;">"Compaq Drive Array Spare Drive on
+controller 3, bus 0, bay 3 status is Failed."</p>
+<p>Snmptt can log to any of the following destinations: text log,
+syslog, NT Event log or a SQL database. External programs can also
+be run to pass the translated trap to an email client, paging
+software, Nagios etc.</p>
+<p>In addition to variable substitution, SNMPTT allows complex
+configurations allowing:</p>
<ul class="SectionBody">
-<li class="SectionBody">the ability to accept or reject a trap based on the
-host name, ip address, network range, or variable values inside of the trap
-enterprise variables</li>
-<li class="SectionBody">execute external programs to send pages, emails
-etc</li>
-<li class="SectionBody">perform regular expression search and replace on the
-translated message such as translating the variable value "Building alarm 4"
-to "Moisture detection alarm"</li>
+<li class="SectionBody">the ability to accept or reject a trap
+based on the host name, ip address, network range, or variable
+values inside of the trap enterprise variables</li>
+<li class="SectionBody">execute external programs to send pages,
+emails etc</li>
+<li class="SectionBody">perform regular expression search and
+replace on the translated message such as translating the variable
+value "Building alarm 4" to "Moisture detection alarm"</li>
</ul>
<br />
<h2><a id="Downloading" name="Downloading"></a>Downloading</h2>
@@ -164,175 +189,305 @@
"http://www.sourceforge.net/projects/snmptt">http://www.sourceforge.net/projects/snmptt</a></p>
<h2><a id="Requirements" name="Requirements"></a>Requirements</h2>
<ul>
-<li>Perl 5.6.1 or higher. SNMPTT is developed with 5.6.1 and 5.8.0, but
-other versions may also work.<br /></li>
-<li>Required: <a href="http://www.net-snmp.org">Net-SNMP</a> (formerly known
-as UCD-SNMP). Specifically <b>snmptrapd.</b><br /></li>
+<li>Perl 5.6.1 or higher. SNMPTT is developed with 5.6.1 and
+5.8.0, but other versions may also work.<br /></li>
+<li>Required: <a href="http://www.net-snmp.org">Net-SNMP</a>
+(formerly known as UCD-SNMP). Specifically
+<b>snmptrapd.</b><br /></li>
<li>Required: <a href=
"http://search.cpan.org/search?module=Text::ParseWords">Text::ParseWords</a>
module (included with most distributions including ActivePerl)</li>
<li>Required: <a href=
-"http://search.cpan.org/search?module=Getopt::Long">Getopt::Long</a> module
-(included with most distributions including ActivePerl)</li>
-<li>Required: <a href="http://search.cpan.org/search?module=POSIX">Posix</a>
-module (included with most if not all distributions including ActivePerl)</li>
+"http://search.cpan.org/search?module=Getopt::Long">Getopt::Long</a>
+module (included with most distributions including ActivePerl)</li>
+<li>Required: <a href=
+"http://search.cpan.org/search?module=POSIX">Posix</a> module
+(included with most if not all distributions including
+ActivePerl)</li>
<li>Required: <a href=
"http://search.cpan.org/search?module=Config::IniFiles">Config::IniFiles</a>
module</li>
<li>Required: <a href=
-"http://search.cpan.org/search?module=Time::HiRes">Time::HiRes</a> module
-(only required when using SNMPTT in daemon mode - required by
-<b>snmptthandler</b>)</li>
-<li>Optional: <a href="http://search.cpan.org/search?module=Socket">Socket</a>
-module (included with most if not all distributions including ActivePerl).
+"http://search.cpan.org/search?module=Time::HiRes">Time::HiRes</a>
+module (only required when using SNMPTT in daemon mode - required
+by <b>snmptthandler</b>)</li>
+<li>Required: <a href=
+"http://search.cpan.org/search?module=Sys::Hostname">Sys::Hostname</a>
+module (included with most if not all distributions including
+ActivePerl).</li>
+<li>Required: <a href=
+"http://search.cpan.org/search?module=File::Basename">File::Basename</a>
+module (included with most if not all distributions including
+ActivePerl).</li>
+<li>Required: <a href=
+"http://search.cpan.org/search?module=Text::Balanced">Text::Balanced</a>
+module (included with most if not all distributions including
+ActivePerl).</li>
+<li>Optional: <a href=
+"http://search.cpan.org/search?module=Socket">Socket</a> module
+(included with most if not all distributions including ActivePerl).
Required for DNS translations.</li>
<li>Optional: <a href=
-"http://search.cpan.org/search?module=Sys::Syslog">Sys::Syslog</a> module
-(included with most Unix distributions). Required for Syslog support.</li>
-<li>Optional: <a href="http://search.cpan.org/search?module=DBI">DBI</a>
-module. Required for DBD::MySQL, DBD::PgPP and DBD::ODBC
+"http://search.cpan.org/search?module=Sys::Syslog">Sys::Syslog</a>
+module (included with most Unix distributions). Required for Syslog
+support.</li>
+<li>Optional: <a href=
+"http://search.cpan.org/search?module=DBI">DBI</a> module.
+Required for DBD::MySQL, DBD::PgPP and DBD::ODBC
support.<br /></li>
<li>Optional: <a href=
-"http://search.cpan.org/search?module=DBD::mysql">DBD::mysql</a> module.
-Required for MySQL support.<br /></li>
+"http://search.cpan.org/search?module=DBD::mysql">DBD::mysql</a>
+module. Required for MySQL support.<br /></li>
<li>Optional: <a href=
-"http://search.cpan.org/search?module=DBD::PgPP">DBD::PgPP</a> or <a href=
-"http://search.cpan.org/search?dist=DBD-Pg">DBD:Pg</a> module. Required
-for PostgreSQL support.<br /></li>
+"http://search.cpan.org/search?module=DBD::PgPP">DBD::PgPP</a> or
+<a href="http://search.cpan.org/search?dist=DBD-Pg">DBD:Pg</a>
+module. Required for PostgreSQL support.<br /></li>
<li>Optional: <a href=
-"http://search.cpan.org/search?module=DBD::ODBC">DBD::ODBC</a> module.
-Required for ODBC (SQL etc) access on Linux / Windows (Win32::ODBC not
-required if using DBD::ODBC)</li>
+"http://search.cpan.org/search?module=DBD::ODBC">DBD::ODBC</a>
+module. Required for ODBC (SQL etc) access on Linux / Windows
+(Win32::ODBC not required if using DBD::ODBC)</li>
<li>Optional: <a href=
"http://search.cpan.org/search?module=Win32::ODBC">Win32::ODBC</a>
-module. Required for ODBC (SQL etc) access on Windows (DBD::ODBC not
-required if using Win32::ODBC)</li>
+module. Required for ODBC (SQL etc) access on Windows
+(DBD::ODBC not required if using Win32::ODBC)</li>
<li>Optional: <a href=
-"http://www.net-snmp.org/FAQ.html#Where_can_I_get_the_perl_SNMP_package_">Net-SNMP
-Perl module</a>. Only required for features that perform conversions
-between symbolic and numeric OIDs. Net-SNMP 5.0.8+ with <a href=
+"http://www.net-snmp.org/FAQ.html#Where_can_I_get_the_perl_SNMP_package_">
+Net-SNMP Perl module</a>. Only required for features that
+perform conversions between symbolic and numeric OIDs.
+Net-SNMP 5.0.8+ with <a href=
"http://sourceforge.net/tracker/index.php?func=detail&aid=722075&group_id=12694&atid=312694">
-patch 722075</a>, or Net-SNMP 5.1.1 or higher is recommended. This
-is NOT the same as the Net::SNMP module availabe from CPAN.<br /></li>
-</ul>
-<p>All development and testing was done with Linux, Windows 2000 and various
-versions of Net-SNMP from UCD SNMP v4.2.1 to the current Net-SNMP 5.1.x
-release. The Windows version has been tested with both native mode and under
-Cygwin.</p>
+patch 722075</a>, or Net-SNMP 5.1.1 or higher is
+recommended. This is NOT the same as the Net::SNMP
+module availabe from CPAN.</li>
+<li>Optional: <a href=
+"http://search.cpan.org/search?module=threads">threads</a> and
+<a href=
+"http://search.cpan.org/search?query=thread&mode=all">Thread</a>
+module (included with most if not all distributions including
+ActivePerl). Required when enabling threads for EXEC
+statements.</li>
+</ul>
+<p>All development and testing was done with Linux, Windows 2000 or
+higher and various versions of Net-SNMP from UCD SNMP v4.2.1 to the
+current Net-SNMP 5.4.x release. The Windows version has been tested
+with both native mode and under Cygwin.</p>
<p>Both SNMP V1 and V2 traps have been tested.</p>
<p>Net-SNMP 5.1.1 or higher is recommended.</p>
-<p>UCD-SNMP v4.2.3 appears to have a bug that prevents it from working
-correctly with SNMPTT. UCD-SNMP v4.2.1, v4.2.4 and v4.2.5 appear to work
-fine. If you need to use UCD-SNMP v4.2.3 (for example you are using the
-Compaq supplied UCD-SNMP package) then you should at the very least use the
-<b>snmptrapd</b> program from v4.2.5. Net-SNMP does not have this
-problem.</p>
+<p>UCD-SNMP v4.2.3 appears to have a bug that prevents it from
+working correctly with SNMPTT. UCD-SNMP v4.2.1, v4.2.4 and
+v4.2.5 appear to work fine. If you need to use UCD-SNMP
+v4.2.3 (for example you are using the Compaq supplied UCD-SNMP
+package) then you should at the very least use the <b>snmptrapd</b>
+program from v4.2.5. Net-SNMP does not have this problem.</p>
<p>Note:</p>
-<blockquote>SNMPTT only requires the Net-SNMP Perl module if you want to have
-variable names translated into symbolic form, want to be able to have
-<b>snmptrapd</b> pass traps using symbolic form, or you enable the options
-<b>translate_integers</b>, <b>translate_trap_oid</b> or <b>translate_oids</b>.
-Although not required, using the Perl module is recommended.</blockquote>
+<blockquote>SNMPTT only requires the Net-SNMP Perl module if you
+want to have variable names translated into symbolic form, want to
+be able to have <b>snmptrapd</b> pass traps using symbolic form, or
+you enable the options <b>translate_integers</b>,
+<b>translate_trap_oid</b> or <b>translate_oids</b>. Although not
+required, using the Perl module is recommended.</blockquote>
<h2><a id="Whats-New" name="Whats-New"></a>What's New</h2>
-
+<h3><b>v1.2</b> <b>- June 16th, 2007</b></h3>
+<ul>
+<li>When <b>daemon_uid</b> is used, two processes will now be
+spawned. The first process will be run as the same user that
+started SNMPTT (which should be root). The second will run as the
+<b>daemon_uid</b> user. This was changed so that SNMPTT could
+properly clean up the pid file on exit.</li>
+<li>Added <span style="font-weight: bold;">snmptt.ini</span> option
+<b>pid_file</b> to allow for custom pid file locations when running
+in daemon mode.</li>
+<li>Fixed bug where pid file did not contain the current pid of
+snmptt.</li>
+<li>Added <b>snmptt.ini</b> options <b>date_format</b>,
+<b>time_format</b>, <b>date_time_format</b>,
+<b>date_time_format_sql</b> and <b>stat_time_format_sql</b> to
+allow the output format for <b>$x</b> and <b>$X</b> substitution
+variables, and the format of the date/time for text logs and SQL to
+be changed using <b>strftime()</b> variables. This allows for
+proper date/time data types to be used in SQL databases.</li>
+<li>Added logging of trap statistics to a SQL table. Added
+<b>*table_statistics</b> <b>snmptt.ini</b> variable to define the
+table to be used.</li>
+<li>Added ability to add custom columns to <b>*_table</b> and
+<b>*_table_unknown</b> tables. Added <b>sql_custom_columns</b> and
+<b>sql_custom_columns_unknown</b> <b>snmptt.ini</b> options.</li>
+<li>Added <b>snmptt.ini</b> option <b>unknown_trap_exec_format</b>
+to allow custom output with substitutions.</li>
+<li>Added the ability to log system messages to a text file in
+addtion to the existing syslog and Event Log.
+ Added <b>snmptt.ini</b> options <b>log_system</b> and
+<span style="font-weight: bold;">log_system_file</span>.</li>
+<li>Added a work-around to the <a href=
+"http://sourceforge.net/tracker/index.php?func=detail&aid=1638225&group_id=12694&atid=112694">
+Net-SNMP v5.4 traphandle bug (1638225)</a> where the host name was
+set to <UNKNOWN>. When detected, SNMPTT will use the host IP
+address instead.</li>
+<li>Added a <b>$H</b> variable substitution to give the host name
+of the computer that is running SNMPTT, or a user defined value
+specified in the new <b>snmptt_system_name</b> <b>snmptt.ini</b>
+option.</li>
+<li>Added MATCH support for bitwise AND</li>
+<li>Added <b>snmptt.ini</b> option <b>exec_escape</b> to escape
+wildards (* and ?) in EXEC, PREEXEC and the unknown_trap_exec
+commands. This is enabled by default for Linux and Unix (or
+anything non-Windows) to prevent the wildcards from being expanded
+by the shell.</li>
+<li>Moved <b>unknown_trap_exec</b> to Exec section in
+<b>snmptt.ini</b>.</li>
+<li>Added 'use strict' pragma in source code.</li>
+<li>Experimental: Added threads (Perl ithreads) support for
+EXEC. When enabled, EXEC commands will launch in a thread to allow
+SNMPTT to continue processing other traps. Added <b>snmptt.ini</b>
+options <b>threads_enable</b> and <b>threads_max</b>.</li>
+<li>Fixed bug where snmptt tried to log to syslog when changing
+UIDs even if syslog_system_enable was set to 0.</li>
+<li>Fixed a bug in REGEX with handling of captures.
+ Text::Balanced module is now required.</li>
+<li>Fixed a bug under Windows where SNMPTT was trying to log to
+syslog instead of the event log.</li>
+<li>Fixed a bug where SNMPTT was attempting to log to syslog /
+eventlog when using the --time option.</li>
+<li>Fixed a bug in MATCH where the i modifier was not handled
+correctly.</li>
+<li>Added information to Nagios section of documentation for using
+SNMP traps as heartbeats by using freshness checks.</li>
+<li>Added information to Nagios section of documentation for using
+freshness checks to automatically clear trap alerts.</li>
+<li>SNMPTTConvertMIB:</li>
+<li style=
+"list-style-type: none; list-style-image: none; list-style-position: outside;">
+<ul>
+<li>Fixed a bug (1438794) where a TRAP-TYPE / NOTIFICATION-TYPE
+line would not translate if it was split across two lines.</li>
+<li>Fixed a bug (1438394) where ARGUMENTS lines that have $1, $2
+etc instead of %0, %1 would not translate.</li>
+<li>Fixed a bug where a --#SEVERITYMAP line would be used instead
+of --#SEVERITY.</li>
+</ul>
+</li>
+</ul>
<h3><b>v1.1</b> <b>- January 17th, 2006</b></h3>
<ul>
- <li>Added <b>PREEXEC</b> <b>snmptt.conf</b> file option to allow an external
- program to be run before processing the FORMAT and EXEC lines.
- The output of the external program is stored in the <b>$p<i>n</i></b> variable
- where <b><i>n</i></b> is a number starting from 1. Multiple <b>PREEXEC</b> lines
- are permitted. The first <b>PREEXEC</b> stores the result of the
- command in <b>$p1</b>, the second in <b>$p2</b> etc. Any ending newlines
- are removed. The <b>snmptt.ini</b> parameter <b>pre_exec_enable</b> can be used
- to enable / disable it.</li>
- <li><b>MATCH</b> statement now accepts any variable name instead of only enterprise variables. Example: MATCH $s:(Normal)</li>
- <li>Added <b>NODES MODE=</b> snmptt.conf file option to allow you to select either <b>POS</b> (positive - the default) or <b>NEG</b> (negative) for <b>NODES</b> matches. If set to <b>NEG</b>, then <b>NODES</b> is a 'match' only if <i>none</i> of the <b>NODES</b> entries match.</li>
- <li>Added <b>unknown_trap_exec</b> <b>snmptt.ini</b> option. If defined, the
- command will be executed for ALL unknown traps. Passed to the
- command will be all standard and enterprise variables, similar
- to <b>unknown_trap_log_file</b> but without the newlines.</li>
- <li><b>snmptt --dump</b> which dumps all the configured EVENTs, now displays duplicate
- EVENT entries to assist with troubleshooting duplicate entries trap logs.</li>
- <li>If the debug log file can not be opened, a message is now logged
- to syslog if <b>syslog_system_enable</b> is enabled, and to the
- Event Log if <b>eventlog_system_enable</b> is enabled</li>
- <li>Fixed bug with PostgreSQL where some trap data was interpreted as 'placeholders'
- in the INSERT statement which caused logging errors. PostgreSQL now uses
- PREPARE / EXECUTE statements instead.
- <li>MySQL now uses PREPARE / EXECUTE statements instead of a single INSERT statement.</li>
- <li>Fixed bug in <b>NODES</b> where <b>NODES</b> entries from previous EVENTs were not being purged correctly.</li>
- <li>Fixed bug where <b>snmptt --dump</b> would attempt to log to syslog or the Event Log.
- <li>Fixed bug that prevented the wildcard <b>.*</b> from being accepted on the EVENT line.</li>
- <li>Added Windows Event Log forwarding documentation to integration section.
- <li>SNMPTTConvertMIB:</li>
- <li style="list-style: none">
- <ul>
- <li>Fixed a bug when <b>--format_desc=n</b> was used that caused extra trailing whitespaces
- to be added for every non existent line in the description.</li>
- <li>Fixed bug that prevented some MIBs from being accepted due to
- spacing in the <b>DEFINITIONS::= line</b>.</li>
- <li>Fixed bug in that prevented <b>--ARGUMENTS {}</b> from being parsed
- due to spacing.</li>
- </ul>
- </li>
+<li>Added <b>PREEXEC</b> <b>snmptt.conf</b> file option to allow an
+external program to be run before processing the FORMAT and EXEC
+lines. The output of the external program is stored in the
+<b>$p<i>n</i></b> variable where <b><i>n</i></b> is a number
+starting from 1. Multiple <b>PREEXEC</b> lines are permitted. The
+first <b>PREEXEC</b> stores the result of the command in
+<b>$p1</b>, the second in <b>$p2</b> etc. Any ending newlines are
+removed. The <b>snmptt.ini</b> parameter <b>pre_exec_enable</b> can
+be used to enable / disable it.</li>
+<li><b>MATCH</b> statement now accepts any variable name instead of
+only enterprise variables. Example: MATCH $s:(Normal)</li>
+<li>Added <b>NODES MODE=</b> snmptt.conf file option to allow you
+to select either <b>POS</b> (positive - the default) or <b>NEG</b>
+(negative) for <b>NODES</b> matches. If set to <b>NEG</b>, then
+<b>NODES</b> is a 'match' only if <i>none</i> of the <b>NODES</b>
+entries match.</li>
+<li>Added <b>unknown_trap_exec</b> <b>snmptt.ini</b> option. If
+defined, the command will be executed for ALL unknown traps. Passed
+to the command will be all standard and enterprise variables,
+similar to <b>unknown_trap_log_file</b> but without the
+newlines.</li>
+<li><b>snmptt --dump</b> which dumps all the configured EVENTs, now
+displays duplicate EVENT entries to assist with troubleshooting
+duplicate entries trap logs.</li>
+<li>If the debug log file can not be opened, a message is now
+logged to syslog if <b>syslog_system_enable</b> is enabled, and to
+the Event Log if <b>eventlog_system_enable</b> is enabled</li>
+<li>Fixed bug with PostgreSQL where some trap data was interpreted
+as 'placeholders' in the INSERT statement which caused logging
+errors. PostgreSQL now uses PREPARE / EXECUTE statements
+instead.</li>
+<li>MySQL now uses PREPARE / EXECUTE statements instead of a single
+INSERT statement.</li>
+<li>Fixed bug in <b>NODES</b> where <b>NODES</b> entries from
+previous EVENTs were not being purged correctly.</li>
+<li>Fixed bug where <b>snmptt --dump</b> would attempt to log to
+syslog or the Event Log.</li>
+<li>Fixed bug that prevented the wildcard <b>.*</b> from being
+accepted on the EVENT line.</li>
+<li>Added Windows Event Log forwarding documentation to integration
+section.</li>
+<li>SNMPTTConvertMIB:</li>
+<li style=
+"list-style-type: none; list-style-image: none; list-style-position: outside;">
+<ul>
+<li>Fixed a bug when <b>--format_desc=n</b> was used that caused
+extra trailing whitespaces to be added for every non existent line
+in the description.</li>
+<li>Fixed bug that prevented some MIBs from being accepted due to
+spacing in the <b>DEFINITIONS::= line</b>.</li>
+<li>Fixed bug in that prevented <b>--ARGUMENTS {}</b> from being
+parsed due to spacing.</li>
+</ul>
+</li>
</ul>
-
<h3><b>1.0</b> <b>- August 30, 2004</b></h3>
<ul>
-<li>SQL database connections are now opened after forking to the background
-when running in daemon mode, and after changing users when running SNMPTT as a
-non-root user. This should prevent 'gone away' and other connection problems
-with SQL databases due to lost handles.</li>
-<li>Added <b>mysql_ping_on_insert</b>, <b>postgresql_ping_on_insert</b> and
-<b>dbd_odbc_ping_on_insert</b> options to 'ping' the database before doing an
-INSERT. Also added the options <b>mysql_ping_interval</b>,
-<b>postgresql_ping_interval</b> and <b>dbd_odbc_ping_interval</b> to
-periodically ping the database. These options will help ensure the connection
-to the database remains available. If an error is returned, it will attempt to
-reconnect to the database. This should prevent SNMPTT from having to be
-restarted if the SQL server is not available due to an outage or a connection
-timeout due to no activity.</li>
-<li>Added variable substitution <b>$Fz</b> which when used on an EXEC line
-will dump the translated FORMAT line. This will allow for simplified EXEC
-lines when they are the same as the FORMAT line (minus the command to execute
-of course).</li>
-<li>Added variable substitutions <b>$Fa</b>, <b>$Ff</b>, <b>$Fn</b>,
-<b>$Fr</b>, <b>$Ft</b>, for alarm (bell), form feed (FF), newline (LF, NL),
-return (CR) and tab (HT, TAB)</li>
-<li>Added variable substitution <b>$D</b> to dump the description text for
-FORMAT and EXEC lines. The descriptions can be pulled from either the
-SNMPTT.CONF or MIB files. This is controlled by the <b>description_mode</b>
-and <b>description_clean</b> <b>snmptt.ini</b> options.</li>
+<li>SQL database connections are now opened after forking to the
+background when running in daemon mode, and after changing users
+when running SNMPTT as a non-root user. This should prevent 'gone
+away' and other connection problems with SQL databases due to lost
+handles.</li>
+<li>Added <b>mysql_ping_on_insert</b>,
+<b>postgresql_ping_on_insert</b> and <b>dbd_odbc_ping_on_insert</b>
+options to 'ping' the database before doing an INSERT. Also added
+the options <b>mysql_ping_interval</b>,
+<b>postgresql_ping_interval</b> and <b>dbd_odbc_ping_interval</b>
+to periodically ping the database. These options will help ensure
+the connection to the database remains available. If an error is
+returned, it will attempt to reconnect to the database. This should
+prevent SNMPTT from having to be restarted if the SQL server is not
+available due to an outage or a connection timeout due to no
+activity.</li>
+<li>Added variable substitution <b>$Fz</b> which when used on an
+EXEC line will dump the translated FORMAT line. This will allow for
+simplified EXEC lines when they are the same as the FORMAT line
+(minus the command to execute of course).</li>
+<li>Added variable substitutions <b>$Fa</b>, <b>$Ff</b>,
+<b>$Fn</b>, <b>$Fr</b>, <b>$Ft</b>, for alarm (bell), form feed
+(FF), newline (LF, NL), return (CR) and tab (HT, TAB)</li>
+<li>Added variable substitution <b>$D</b> to dump the description
+text for FORMAT and EXEC lines. The descriptions can be pulled from
+either the SNMPTT.CONF or MIB files. This is controlled by the
+<b>description_mode</b> and <b>description_clean</b>
+<b>snmptt.ini</b> options.</li>
<li>Added support for logging unknown traps to a SQL table</li>
-<li>Added logging of statistical information for <b>total traps received</b>,
-<b>total traps translated</b>, <b>total traps ignored</b> and <b>total unknown
-traps</b>. Statistics are logged at shut down, and optionally at a defined
-interval defined by the new <b>snmptt.ini</b> variable
-<b>statistics_interval</b>. Logging can also be forced by sending the SIGUSR1
-signal, or by creating a file called !statistics in the spool folder.<br /></li>
-<li>Added the error number reported by MySQL to MySQL errors (system syslog,
-eventlog etc)</li>
-<li>Added <b>/usr/local/etc/snmp</b> and <b>/usr/local/etc</b> paths to the
-list of default directories searched for <b>snmptt.ini</b>.</li>
-<li>Added some friendly error messages when required Perl modules are not
-available</li>
-<li>Fixed bug with with handling traps in symbolic format (snmptrapd without
--On)</li>
-<li>Fixed bug with with using printing $ symbols in FORMAT and EXEC lines</li>
-<li>Added <a href="http://kodu.neti.ee/%7Eristo/sec/">Simple Event Correlator
-(SEC)</a> integration documentation</li>
+<li>Added logging of statistical information for <b>total traps
+received</b>, <b>total traps translated</b>, <b>total traps
+ignored</b> and <b>total unknown traps</b>. Statistics are logged
+at shut down, and optionally at a defined interval defined by the
+new <b>snmptt.ini</b> variable <b>statistics_interval</b>. Logging
+can also be forced by sending the SIGUSR1 signal, or by creating a
+file called !statistics in the spool folder.<br /></li>
+<li>Added the error number reported by MySQL to MySQL errors
+(system syslog, eventlog etc)</li>
+<li>Added <b>/usr/local/etc/snmp</b> and <b>/usr/local/etc</b>
+paths to the list of default directories searched for
+<b>snmptt.ini</b>.</li>
+<li>Added some friendly error messages when required Perl modules
+are not available</li>
+<li>Fixed bug with with handling traps in symbolic format
+(snmptrapd without -On)</li>
+<li>Fixed bug with with using printing $ symbols in FORMAT and EXEC
+lines</li>
+<li>Added <a href="http://kodu.neti.ee/%7Eristo/sec/">Simple Event
+Correlator (SEC)</a> integration documentation</li>
<li>SNMPTTConvertMIB:</li>
-<li style="list-style: none">
+<li style=
+"list-style-type: none; list-style-image: none; list-style-position: outside;">
<ul>
-<li>Fixed bug that prevented the variable list (OBJECTS) of V2 MIB files from
-being converted</li>
-<li>Fixed bug that caused an infinite loop processing the VARIABLES/OBJECTS
-section if the line in the MIB file contained spaces after the closing
-bracket</li>
+<li>Fixed bug that prevented the variable list (OBJECTS) of V2 MIB
+files from being converted</li>
+<li>Fixed bug that caused an infinite loop processing the
+VARIABLES/OBJECTS section if the line in the MIB file contained
+spaces after the closing bracket</li>
</ul>
</li>
</ul>
-<h3><b>0.9</b><b> - November 3rd, 2003</b></h3>
+<h3><b>0.9</b> <b>- November 3rd, 2003</b></h3>
<ul>
<li>Syslog messages are now logged with <span style=
"font-weight: bold;">snmptt[<span style=
@@ -341,69 +496,77 @@
"font-weight: bold;">snmptt-sys[<span style=
"font-style: italic;">pid</span>]</span> instead of <span style=
"font-weight: bold;">SNMPTT</span> for system messages<br /></li>
-<li>Added the option <span style="font-weight: bold;">daemon_uid</span> which
-causes <span style="font-weight: bold;">snmptt</span> to change to a different
-user (uid) after launching on Unix systems running in daemon mode<br /></li>
-<li>Fixed bug that prevented ip addresses from being detected correctly with
-<span style="font-weight: bold;">translate_value_oids</span><br /></li>
-<li>Fixed bug with MATCH that caused integer ranges from not being handled
-correctly</li>
+<li>Added the option <span style=
+"font-weight: bold;">daemon_uid</span> which causes <span style=
+"font-weight: bold;">snmptt</span> to change to a different user
+(uid) after launching on Unix systems running in daemon
+mode<br /></li>
+<li>Fixed bug that prevented ip addresses from being detected
+correctly with <span style=
+"font-weight: bold;">translate_value_oids</span><br /></li>
+<li>Fixed bug with MATCH that caused integer ranges from not being
+handled correctly</li>
<li>Separated SNMPTT, SNMPTTCONVERT, SNMPTTCONVERTMIB and FAQ /
Troubleshooting documentation into separate documents<br /></li>
</ul>
-<h3><b>0.8</b><b> -</b> <b>September 16th</b><b>, 2003</b></h3>
+<h3><b>0.8</b> <b>-</b> <b>September 16th</b><b>, 2003</b></h3>
<ul>
-<li>Added <span style="font-weight: bold;">MATCH</span> keyword support to
-allow trap matching based on values contained inside the trap enterprise
-variables</li>
-<li><span style="font-weight: bold;">REGEX</span> now supports substitution
-with captures and the modifiers <span style="font-weight: bold;">i</span>,
-<span style="font-weight: bold;">g</span> and <span style=
+<li>Added <span style="font-weight: bold;">MATCH</span> keyword
+support to allow trap matching based on values contained inside the
+trap enterprise variables</li>
+<li><span style="font-weight: bold;">REGEX</span> now supports
+substitution with captures and the modifiers <span style=
+"font-weight: bold;">i</span>, <span style=
+"font-weight: bold;">g</span> and <span style=
"font-weight: bold;">e</span>. The <span style=
"font-weight: bold;">e</span> modifier allows for complex REGEX
expressions.<br /></li>
-<li>Added support for <span style="font-weight: bold;">remote</span> MySQL and
-PostgreSQL databases</li>
+<li>Added support for <span style=
+"font-weight: bold;">remote</span> MySQL and PostgreSQL
+databases</li>
<li>Added PostgreSQL support for <a href=
"http://search.cpan.org/search?dist=DBD-Pg">DBD:Pg</a></li>
<li>An EVENT can now contain mulitple EXEC lines</li>
<li>An EVENT can now contain mulitple NODES lines</li>
-<li>Added the option <span style="font-weight: bold;">dynamic_nodes</span> to
-allow NODES files to be either loaded at startup or loaded each time an EVENT
-is processed<br /></li>
-<li>Added <span style="font-weight: bold;">trapoid</span> column for database
-logging to contain the actual trap received. The <span style=
-"font-weight: bold;">eventid</span> column will contain the actual matched
-entry from the .conf file (which could be a wildcard OID)<br /></li>
-<li>Fixed bug that prevented some variables from displaying the correct values
-because the received trap OID was replaced with the actual EVENT
-entry<br /></li>
+<li>Added the option <span style=
+"font-weight: bold;">dynamic_nodes</span> to allow NODES files to
+be either loaded at startup or loaded each time an EVENT is
+processed<br /></li>
+<li>Added <span style="font-weight: bold;">trapoid</span> column
+for database logging to contain the actual trap received. The
+<span style="font-weight: bold;">eventid</span> column will contain
+the actual matched entry from the .conf file (which could be a
+wildcard OID)<br /></li>
+<li>Fixed bug that prevented some variables from displaying the
+correct values because the received trap OID was replaced with the
+actual EVENT entry<br /></li>
<li>Fixed bug that caused OIDs not to be translated correctly with
<span style="font-weight: bold;">translate_value_oids</span>
enabled<br /></li>
-<li>Agent IP address is now used instead of 'host' IP address for NODES
-matches, the 'hostname' column in database logs and the <span style=
-"font-weight: bold;">$A</span> variable</li>
-<li>Variable <span style="font-weight: bold;">$A</span> now prints the agent
-host name. <span style="font-weight: bold;">$aA</span> prints the agent
-IP address.</li>
-<li>Variable <span style="font-weight: bold;">$E</span> now prints the
-enterprise in symbolic form. <span style="font-weight: bold;">$e</span>
-prints the numeric OID</li>
-<li>Variable <span style="font-weight: bold;">$O</span> now prints the trap in
-symbolic form. <span style="font-weight: bold;">$o</span> prints the
-numeric OID</li>
-<li>Added new variable substitution <b>$i</b> to print the actual matched
-entry from the .conf file (which could be a wildcard OID)<br /></li>
+<li>Agent IP address is now used instead of 'host' IP address for
+NODES matches, the 'hostname' column in database logs and the
+<span style="font-weight: bold;">$A</span> variable</li>
+<li>Variable <span style="font-weight: bold;">$A</span> now prints
+the agent host name. <span style=
+"font-weight: bold;">$aA</span> prints the agent IP address.</li>
+<li>Variable <span style="font-weight: bold;">$E</span> now prints
+the enterprise in symbolic form. <span style=
+"font-weight: bold;">$e</span> prints the numeric OID</li>
+<li>Variable <span style="font-weight: bold;">$O</span> now prints
+the trap in symbolic form. <span style=
+"font-weight: bold;">$o</span> prints the numeric OID</li>
+<li>Added new variable substitution <b>$i</b> to print the actual
+matched entry from the .conf file (which could be a wildcard
+OID)<br /></li>
<li>Added the configuration option <span style=
-"font-weight: bold;">dns_enable</span> to enable DNS lookups on host and agent
-IP addresses</li>
-<li>If DNS is enabled, NODES entries are resolved to IP addresses and the IP
-address is used to perform the match. This will allow for aliases to be
-used.<br /></li>
+"font-weight: bold;">dns_enable</span> to enable DNS lookups on
+host and agent IP addresses</li>
+<li>If DNS is enabled, NODES entries are resolved to IP addresses
+and the IP address is used to perform the match. This will
+allow for aliases to be used.<br /></li>
<li>Added the option <span style=
-"font-weight: bold;">resolve_value_ip_addresses</span> to resolve ip addresses
-contained inside enterprise variable values</li>
+"font-weight: bold;">resolve_value_ip_addresses</span> to resolve
+ip addresses contained inside enterprise variable values</li>
<li>Changed snmptt.ini setting <span style=
"font-weight: bold;">translate_trap_oid</span> to <span style=
"font-weight: bold;">translate_log_trap_oid</span></li>
@@ -413,81 +576,92 @@
<li>Added configuraiton settings: <span style=
"font-weight: bold;">translate_enterprise_oid_format,
translate_trap_oid_format,</span> <span style=
-"font-weight: bold;">translate_varname_oid_format</span> and <span style=
+"font-weight: bold;">translate_varname_oid_format</span> and
+<span style=
"font-weight: bold;">db_translate_enterprise</span><br /></li>
<li><span style="font-weight: bold;">$O</span> follows <span style=
-"font-weight: bold;">translate_trap_oid_format</span>, and <span style=
-"font-weight: bold;">$o</span> is always the numerical trap OID</li>
+"font-weight: bold;">translate_trap_oid_format</span>, and
+<span style="font-weight: bold;">$o</span> is always the numerical
+trap OID</li>
<li><span style="font-weight: bold;">$E</span> follows <span style=
-"font-weight: bold;">translate_enterprise_oid_format</span>, and <span style=
-"font-weight: bold;">$e</span> is always the numerical enterprise OID</li>
-<li>The enterprise column when logging to a database now follows the
-<span style="font-weight: bold;">db_translate_enterprise</span> setting</li>
-<li>Fixed bug with <span style="font-weight: bold;">$#</span> to report the
-correct number of enterprise variables (was 1 lower than it should have
-been)</li>
-<li>Fixed bug with handling traps that contain quoted values that span
-multiple lines<br /></li>
-<li>PID file now created (/var/run/snmptt.pid or ./snmptt.pid) when running in
-daemon mode on Linux / Unix. snmptt-init.d script updated to remove the
-pid file when shutting down snmptt.</li>
+"font-weight: bold;">translate_enterprise_oid_format</span>, and
+<span style="font-weight: bold;">$e</span> is always the numerical
+enterprise OID</li>
+<li>The enterprise column when logging to a database now follows
+the <span style="font-weight: bold;">db_translate_enterprise</span>
+setting</li>
+<li>Fixed bug with <span style="font-weight: bold;">$#</span> to
+report the correct number of enterprise variables (was 1 lower than
+it should have been)</li>
+<li>Fixed bug with handling traps that contain quoted values that
+span multiple lines<br /></li>
+<li>PID file now created (/var/run/snmptt.pid or ./snmptt.pid) when
+running in daemon mode on Linux / Unix. snmptt-init.d script
+updated to remove the pid file when shutting down snmptt.</li>
<li>Added <a href="http://www.nagios.org">Nagios</a> / <a href=
-"http:/www.netsaint.org">Netsaint</a> integration documentation</li>
+"http:/www.netsaint.org">Netsaint</a> integration
+documentation</li>
<li>Added contrib folder<br /></li>
<li>Snmpttconvertmib</li>
<li style=
"list-style-type: none; list-style-image: none; list-style-position: outside;">
<ul>
-<li>Now prints the variables contained in each trap definition unless
-<span style="font-weight: bold;">--no_variables</span> is set. When
-using <span style="font-weight: bold;">--net_snmp_perl</span> it will also
-resolve the Syntax (INTEGER, OCTETSTR etc) and Description. If it's an
-INTEGER, will also print out the enumeration tags if any exist.</li>
+<li>Now prints the variables contained in each trap definition
+unless <span style="font-weight: bold;">--no_variables</span> is
+set. When using <span style=
+"font-weight: bold;">--net_snmp_perl</span> it will also resolve
+the Syntax (INTEGER, OCTETSTR etc) and Description. If it's
+an INTEGER, will also print out the enumeration tags if any
+exist.</li>
<li>Improved compatability with MIB files<br /></li>
</ul>
</li>
</ul>
-<h3><b>0.7</b><b> - April 17th</b><b>, 2003</b></h3>
+<h3><b>0.7</b> <b>- April 17th</b><b>, 2003</b></h3>
<ul>
<li>Fixes a vulnerability that prevents the <span style=
"font-size: 12pt; font-family: "Times New Roman";">possibility</span>
-of injected commands contained in traps from being executed when using the
-<span style="font-weight: bold;">EXEC</span> feature<br /></li>
+of injected commands contained in traps from being executed when
+using the <span style="font-weight: bold;">EXEC</span>
+feature<br /></li>
<li>Added the ability for traps passed from <span style=
-"font-weight: bold;">snmptrapd</span> or loaded from the <span style=
-"font-weight: bold;">snmptt.conf</span> files to contain symbolic OIDs such as
-<span style="font-weight: bold;">linkDown</span> and <span style=
-"font-weight: bold;">IF-MIB::linkUp</span>. This feature requires the
-UCD-SNMP / Net-SNMP Perl module<br /></li>
-<li>Added the configuration options <b>translate_trap_oid</b> and <span style=
-"font-weight: bold;">translate_oids</span> to have the trap OID and OID values
-contained in the trap variables converted from numerical OID to symbolic form
-before logging. This feature requires the UCD-SNMP / Net-SNMP Perl
-module</li>
+"font-weight: bold;">snmptrapd</span> or loaded from the
+<span style="font-weight: bold;">snmptt.conf</span> files to
+contain symbolic OIDs such as <span style=
+"font-weight: bold;">linkDown</span> and <span style=
+"font-weight: bold;">IF-MIB::linkUp</span>. This feature
+requires the UCD-SNMP / Net-SNMP Perl module<br /></li>
+<li>Added the configuration options <b>translate_trap_oid</b> and
+<span style="font-weight: bold;">translate_oids</span> to have the
+trap OID and OID values contained in the trap variables converted
+from numerical OID to symbolic form before logging. This
+feature requires the UCD-SNMP / Net-SNMP Perl module</li>
<li>Added support for logging of traps using PostgreSQL via DBI /
DBD::PgPP</li>
-<li>Added <span style="font-weight: bold;">REGEX</span> keyword support to
-allow user definable search and replace on <span style=
+<li>Added <span style="font-weight: bold;">REGEX</span> keyword
+support to allow user definable search and replace on <span style=
"font-weight: bold;">FORMAT</span> / <span style=
"font-weight: bold;">EXEC</span> lines<br /></li>
-<li><span style="font-weight: bold;">NODES</span> entry can now contain a CIDR
-address (eg: 192.168.10.0/23), or a network range
+<li><span style="font-weight: bold;">NODES</span> entry can now
+contain a CIDR address (eg: 192.168.10.0/23), or a network range
(192.168.10.0-192.168.11.255)<br /></li>
-<li><span style="font-weight: bold;">NODES</span> entry can now contain a mix
-of host names, IP addresses, CIDR addresses, network ranges and filenames</li>
-<li>Added the ability to force a reload of the configuration files while
-running in daemon mode by placing a file called <span style=
+<li><span style="font-weight: bold;">NODES</span> entry can now
+contain a mix of host names, IP addresses, CIDR addresses, network
+ranges and filenames</li>
+<li>Added the ability to force a reload of the configuration files
+while running in daemon mode by placing a file called <span style=
"font-weight: bold;">!reload</span> in the spool directory</li>
-<li>Added <span style="font-weight: bold;">snmptt-net-snmp-test</span> program
-to perform various translations of numeric and symbolic OIDS to assist with
+<li>Added <span style=
+"font-weight: bold;">snmptt-net-snmp-test</span> program to perform
+various translations of numeric and symbolic OIDS to assist with
determining if the installed Perl module<br />
will function as expected with <span style=
"font-weight: bold;">SNMPTT</span><br /></li>
-<li>Fixed bug that prevented quoted text from being logged correctly to SQL
-databases</li>
-<li>Fixed bug that would prevent the translation of integer values to
-enumeration tags and variable name substitutions when using Net-SNMP
-5.0.x</li>
+<li>Fixed bug that prevented quoted text from being logged
+correctly to SQL databases</li>
+<li>Fixed bug that would prevent the translation of integer values
+to enumeration tags and variable name substitutions when using
+Net-SNMP 5.0.x</li>
<li>Snmpttconvertmib</li>
<li style=
"list-style-type: none; list-style-image: none; list-style-position: outside;">
@@ -496,20 +670,23 @@
<li style=
"list-style-type: none; list-style-image: none; list-style-position: outside;">
<ul>
-<li>--#SUMMARY <span style="font-weight: bold;">or</span> DESCRIPTION (use
-DESCRIPTION only if --#SUMMARY does not exist)<br /></li>
-<li>description <span style="font-weight: bold;">or</span> --#SUMMARY (use
---#SUMMARY only if DESCRIPTION does not exist)</li>
-<li>--#SUMMARY <span style="font-weight: bold;">and</span> DESCRIPTION</li>
+<li>--#SUMMARY <span style="font-weight: bold;">or</span>
+DESCRIPTION (use DESCRIPTION only if --#SUMMARY does not
+exist)<br /></li>
+<li>description <span style="font-weight: bold;">or</span>
+--#SUMMARY (use --#SUMMARY only if DESCRIPTION does not exist)</li>
+<li>--#SUMMARY <span style="font-weight: bold;">and</span>
+DESCRIPTION</li>
<li>DESCRIPTION <span style="font-weight: bold;">and</span>
--#SUMMARY<br /></li>
</ul>
</li>
-<li>When using the DESCRIPTION to build the FORMAT / EXEC line, can now choose
-between using the first line of the DESCRIPTION field, or the first
-<span style="font-style: italic;">x</span> number of sentences<br /></li>
-<li>The use of the --#SUMMARY and DESCRIPTION line for the FORMAT / EXEC line
-can be disabled</li>
+<li>When using the DESCRIPTION to build the FORMAT / EXEC line, can
+now choose between using the first line of the DESCRIPTION field,
+or the first <span style="font-style: italic;">x</span> number of
+sentences<br /></li>
+<li>The use of the --#SUMMARY and DESCRIPTION line for the FORMAT /
+EXEC line can be disabled</li>
<li>Support for multiple --#SUMMARY lines</li>
<li>Support for --#SEVERITY lines<br /></li>
<li>The default of using the $* wildcard can be disabled</li>
@@ -527,43 +704,46 @@
"list-style-type: none; list-style-image: none; list-style-position: outside;">
<ul>
<li>Added support for logging of traps using DBD::ODBC</li>
-<li>Fixed bug with Win32::ODBC connection not being closed on exit of
-SNMPTT</li>
+<li>Fixed bug with Win32::ODBC connection not being closed on exit
+of SNMPTT</li>
<li>MySQL code cleanup</li>
-<li>Added support for logging traps to the NT Event Log including the ability
-to select the Event Log level based on the severity level defined in the
-<span style="font-weight: bold;">snmptt.conf</span> file</li>
-<li>Improved syslog support by adding the ability to select the syslog level
-based on the severity level defined in the <span style=
+<li>Added support for logging traps to the NT Event Log including
+the ability to select the Event Log level based on the severity
+level defined in the <span style=
"font-weight: bold;">snmptt.conf</span> file</li>
-<li>Added syslog and NT Event Log support for SNMPTT 'system' events such as
-startup, shutdown, errors handling spool directory / files, database
-connectivity errors etc</li>
-<li>Added the option <b>keep_unlogged_traps</b> to have SNMPTT erase the
-spooled trap file only after it successfully logs to at least one or all log
-systems. This will help prevent traps from being lost due to logging
-problems.</li>
+<li>Improved syslog support by adding the ability to select the
+syslog level based on the severity level defined in the
+<span style="font-weight: bold;">snmptt.conf</span> file</li>
+<li>Added syslog and NT Event Log support for SNMPTT 'system'
+events such as startup, shutdown, errors handling spool directory /
+files, database connectivity errors etc</li>
+<li>Added the option <b>keep_unlogged_traps</b> to have SNMPTT
+erase the spooled trap file only after it successfully logs to at
+least one or all log systems. This will help prevent traps
+from being lost due to logging problems.</li>
</ul>
</li>
-<li>Added ability to translate integer values to enumeration tags defined in
-MIB files. This feature requires the UCD-SNMP / Net-SNMP Perl
-module</li>
-<li>Added new variable substitutions: <b>$v<i>n</i></b> (variable name),
-<b>$+<i>n</i></b>(variable name:value), <b>$-<i>n</i></b> (variable name
-(type):value), <b>$+*</b> (same as $+<i>n</i> but wildcard), and <b>$-*</b>
-(same as $-<i>n</i> but wildcard). Translation of the variable name
-using the MIB requires the UCD-SNMP / Net-SNMP Perl module.</li>
-<li>If a variable is passed from snmptrapd that is blank, snmptt will replace
-it with <span style="font-weight: bold;">(null)</span></li>
-<li>Fixed bug that would prevent variables numbered 10 or higher from being
-translated correctly</li>
-<li>Fixed bug with handling trap data that contains spaces but is not inside
-of quotes</li>
+<li>Added ability to translate integer values to enumeration tags
+defined in MIB files. This feature requires the UCD-SNMP /
+Net-SNMP Perl module</li>
+<li>Added new variable substitutions: <b>$v<i>n</i></b> (variable
+name), <b>$+<i>n</i></b>(variable name:value), <b>$-<i>n</i></b>
+(variable name (type):value), <b>$+*</b> (same as $+<i>n</i> but
+wildcard), and <b>$-*</b> (same as $-<i>n</i> but wildcard).
+Translation of the variable name using the MIB requires the
+UCD-SNMP / Net-SNMP Perl module.</li>
+<li>If a variable is passed from snmptrapd that is blank, snmptt
+will replace it with <span style=
+"font-weight: bold;">(null)</span></li>
+<li>Fixed bug that would prevent variables numbered 10 or higher
+from being translated correctly</li>
+<li>Fixed bug with handling trap data that contains spaces but is
+not inside of quotes</li>
<li>Code cleanup to remove Perl warnings (-w)</li>
<li>Added separate debug file for snmptthandler</li>
<li>Cleaned up defaults code for snmptthandler</li>
-<li>Added examples folder containg a sample snmptt.conf file and sample trap
-file</li>
+<li>Added examples folder containg a sample snmptt.conf file and
+sample trap file</li>
<li>Added FAQ section to this document</li>
<li>Snmpttconvertmib</li>
<li style=
@@ -572,40 +752,42 @@
<li>Code cleanup</li>
<li>Now uses new command line arguments (<span style=
"font-weight: bold;">snmpttconvertmib -h</span> for help).</li>
-<li>Can now use either <span style="font-weight: bold;">snmptranslate</span>
-or the SNMP Perl module (Net-SNMP) to process MIB files</li>
+<li>Can now use either <span style=
+"font-weight: bold;">snmptranslate</span> or the SNMP Perl module
+(Net-SNMP) to process MIB files</li>
<li>Can now add a NODES line when converting MIB files</li>
<li>Now checks the version of <span style=
-"font-weight: bold;">snmptranslate</span> before converting the mib to ensure
-<span style="font-weight: bold;">snmptranslate</span> is called correctly</li>
-<li>Fixed bug which would cause the last notification of a v2 MIB file not to
-be converted correctly</li>
+"font-weight: bold;">snmptranslate</span> before converting the mib
+to ensure <span style="font-weight: bold;">snmptranslate</span> is
+called correctly</li>
+<li>Fixed bug which would cause the last notification of a v2 MIB
+file not to be converted correctly</li>
</ul>
</li>
</ul>
<b><br /></b>
<h3><b>0.5 - February 12th, 2003</b></h3>
<ul>
-<li>Spool file list sorted before processing to ensure traps are processed in
-the order they are received when in daemon mode</li>
-<li>Added <b>use_trap_time</b> variable to config file for daemon mode to have
-SNMPTT use either the time from the spool file, or the current time.
-Changed SNMPTTHANDLER to output the current date and time on the first line of
-the spool file</li>
-<li>Fixed bug with default variable settings being ignored. Defaults
-were not being set correctly if variable was not defined in the .ini
-file.</li>
-<li>Fixed bug with SNMPTT ignoring the daemon mode parameter in the .ini
-file</li>
-<li>Fixed bug with Nodes list not being flushed out for each processed trap
-when running in daemon mode</li>
-<li>Added <b>strip_domain</b> and <b>strip_domain_list</b> configuration
-options to enable / disable the removal of the domain name from the host name
-passed to SNMPTT. Defaults to disabled (do not strip domain
-name)</li>
-<li>SNMPTTCONVERTMIB now prepends the contents of the --#TYPE line (if
-present) to the --#SUMMARY line to provide a more descriptive FORMAT / EXEC
-line</li>
+<li>Spool file list sorted before processing to ensure traps are
+processed in the order they are received when in daemon mode</li>
+<li>Added <b>use_trap_time</b> variable to config file for daemon
+mode to have SNMPTT use either the time from the spool file, or the
+current time. Changed SNMPTTHANDLER to output the current
+date and time on the first line of the spool file</li>
+<li>Fixed bug with default variable settings being ignored.
+Defaults were not being set correctly if variable was not defined
+in the .ini file.</li>
+<li>Fixed bug with SNMPTT ignoring the daemon mode parameter in the
+.ini file</li>
+<li>Fixed bug with Nodes list not being flushed out for each
+processed trap when running in daemon mode</li>
+<li>Added <b>strip_domain</b> and <b>strip_domain_list</b>
+configuration options to enable / disable the removal of the domain
+name from the host name passed to SNMPTT. Defaults to
+disabled (do not strip domain name)</li>
+<li>SNMPTTCONVERTMIB now prepends the contents of the --#TYPE line
+(if present) to the --#SUMMARY line to provide a more descriptive
+FORMAT / EXEC line</li>
</ul>
<h3><b>0.4 - November 18th, 2002</b></h3>
<ul>
@@ -613,7 +795,8 @@
<li style=
"list-style-type: none; list-style-image: none; list-style-position: outside;">
<ul>
-<li>$X = Date, $x = Time instead of $x being both date and time</li>
+<li>$X = Date, $x = Time instead of $x being both date and
+time</li>
<li>$N = Event name instead of $S</li>
<li>Added $c, $@, $O, $o, $ar, $R, $aR, $G, $S</li>
</ul>
@@ -626,19 +809,20 @@
<ul>
<li>Daemon mode support for SNMPTT. When running as a daemon,
SNMPTTHANDLER script is used to spool traps from SNMPTRAPD.</li>
-<li>SNMPTTCONVERTMIB utility to convert trap / notify definitions from MIB
-files</li>
+<li>SNMPTTCONVERTMIB utility to convert trap / notify definitions
+from MIB files</li>
<li>Sample trap file (sample-trap) for testing</li>
<li>Command line options to SNMPTT</li>
-<li>SNMPTT now strips UDP: and :<i>port</i> from IP addresses when using
-Net-SNMP 5.0+</li>
+<li>SNMPTT now strips UDP: and :<i>port</i> from IP addresses when
+using Net-SNMP 5.0+</li>
<li>NODES files can now contain comments</li>
-<li>NODES files can now contain either host names or IP addresses</li>
-<li>You can now have multiple definitions of the same trap so that different
-hosts / nodes can have different actions or one host have multiple
-actions</li>
-<li>Configuration file can now contain a list of other configuration files to
-load</li>
+<li>NODES files can now contain either host names or IP
+addresses</li>
+<li>You can now have multiple definitions of the same trap so that
+different hosts / nodes can have different actions or one host have
+multiple actions</li>
+<li>Configuration file can now contain a list of other
+configuration files to load</li>
</ul>
<h3><b>0.2 - July 10th, 2002</b></h3>
<ul>
@@ -652,51 +836,68 @@
<li>Initial release</li>
</ul>
<h2><a id="Upgrading" name="Upgrading"></a>Upgrading</h2>
-
+<h3><b>v1.1 to v1.2</b></h3>
+<p>To upgrade from v1.1 to v1.2, you should:</p>
+<ol>
+<li>Replace <b>snmptt</b> and <b>snmpttconvertmib</b> with the new
+versions contained in the v1.2 package. Make sure the files
+are executable (<b>chmod +x <i>filename</i></b>).</li>
+<li>Backup your <b>snmptt.ini</b> file, replace it with the new
+version, and make any necessary configuration changes to it.</li>
+<li>Enable any new features in <b>snmptt.ini</b> as required.</li>
+<li>For Linux and Unix (or anything non-Windows), if you are using
+the <b>daemon_uid</b> option in <b>snmptt.ini</b>, and are
+monitoring the availability of snmptt by checking for the snmptt
+process, be aware that there will now be two snmptt processes
+running instead of one.</li>
+<li>For Linux and Unix (or anything non-Windows), the
+<b>snmptt.ini</b> <b>exec_escape</b> option is enabled by default
+which will escape wildcard characters (* and ?) for EXEC, PREEXEC
+and the unknown_trap_exec commands. Disable if required.<br /></li>
+</ol>
<h3><b>v1.0 to v1.1</b></h3>
<p>To upgrade from v1.0 to v1.1, you should:</p>
<ol>
- <li>Replace <b>snmptt</b> and <b>snmpttconvertmib</b> with the new versions
- contained in the v1.1 package. Make sure the files are executable
- (<b>chmod +x <i>filename</i></b>).</li>
- <li>Backup your <b>snmptt.ini</b> file, replace it with the new version, and
- make any necessary configuration changes to it.</li>
- <li>Enable any new features in <b>snmptt.ini</b> as required.</li>
+<li>Replace <b>snmptt</b> and <b>snmpttconvertmib</b> with the new
+versions contained in the v1.1 package. Make sure the files
+are executable (<b>chmod +x <i>filename</i></b>).</li>
+<li>Backup your <b>snmptt.ini</b> file, replace it with the new
+version, and make any necessary configuration changes to it.</li>
+<li>Enable any new features in <b>snmptt.ini</b> as required.</li>
</ol>
-
<h3><b>v0.9 to v1.0</b></h3>
<p>To upgrade from v0.9 to v1.0, you should:</p>
<ol>
-<li>Replace <b>snmptt</b>, <b>snmpttconvert</b>, <b>snmpttconvertmib</b>,
-and <b>snmptthandler</b> with the new versions
-contained in the v1.0 package. Make sure the files are executable
-(<b>chmod +x <i>filename</i></b>).</li>
-<li>Backup your <b>snmptt.ini</b> file, replace it with the new version, and
-make any necessary configuration changes to it</li>
-<li>If you are using a MySQL, PostgreSQL or ODBC (via DBD::ODBC) and do not
-want the database to be pinged before each INSERT, set
+<li>Replace <b>snmptt</b>, <b>snmpttconvert</b>,
+<b>snmpttconvertmib</b>, and <b>snmptthandler</b> with the new
+versions contained in the v1.0 package. Make sure the files
+are executable (<b>chmod +x <i>filename</i></b>).</li>
+<li>Backup your <b>snmptt.ini</b> file, replace it with the new
+version, and make any necessary configuration changes to it</li>
+<li>If you are using a MySQL, PostgreSQL or ODBC (via DBD::ODBC)
+and do not want the database to be pinged before each INSERT, set
<b>mysql_ping_on_insert</b>, <b>postgresql_ping_on_insert</b> or
-<b>dbd_odbc_ping_on_insert</b> to 0 in <b>snmptt.ini</b>. If you do not want
-the database to be pinged periodically, set <b>mysql_ping_interval</b>,
-<b>postgresql_ping_interval</b> or <b>dbd_odbc_ping_interval</b> to 0 in
-<b>snmptt.ini</b>.</li>
+<b>dbd_odbc_ping_on_insert</b> to 0 in <b>snmptt.ini</b>. If you do
+not want the database to be pinged periodically, set
+<b>mysql_ping_interval</b>, <b>postgresql_ping_interval</b> or
+<b>dbd_odbc_ping_interval</b> to 0 in <b>snmptt.ini</b>.</li>
<li>Enable any new features in <span style=
"font-weight: bold;">snmptt.ini</span> as required</li>
-<li>Test and report any issues to alex_b@users.sourceforge.net, or open a bug
-report at <a href=
+<li>Test and report any issues to alex_b@users.sourceforge.net, or
+open a bug report at <a href=
"http://sourceforge.net/tracker/?group_id=51473&atid=463393">Sourceforge</a>.</li>
</ol>
<h3><b>v0.8 to v0.9</b></h3>
<p>To upgrade from v0.8 to v0.9, you should:</p>
<ol>
-<li>Replace <span style="font-weight: bold;">snmptt</span> with the new
-version contained in the v0.9 package. Make sure the file is executable
-(<span style="font-weight: bold;">chmod +x <span style=
-"font-style: italic;">filename</span></span>)</li>
-<li>Backup your <b>snmptt.ini</b> file, replace it with the new version, and
-make any necessary configuration changes to it</li>
-<li>If you have any external applications that monitor the syslog for
-<span style="font-weight: bold;">SNMPTT</span> or <span style=
+<li>Replace <span style="font-weight: bold;">snmptt</span> with the
+new version contained in the v0.9 package. Make sure the file
+is executable (<span style="font-weight: bold;">chmod +x
+<span style="font-style: italic;">filename</span></span>)</li>
+<li>Backup your <b>snmptt.ini</b> file, replace it with the new
+version, and make any necessary configuration changes to it</li>
+<li>If you have any external applications that monitor the syslog
+for <span style="font-weight: bold;">SNMPTT</span> or <span style=
"font-weight: bold;">TRAPD</span> messages, modify them to look for
<span style="font-weight: bold;">snmptt[<span style=
"font-style: italic;">pid</span>]</span> and <span style=
@@ -704,151 +905,161 @@
"font-style: italic;">pid</span>]</span> instead<br /></li>
<li>Enable any new features in <span style=
"font-weight: bold;">snmptt.ini</span> as required</li>
-<li>Test and report any issues to alex_b@users.sourceforge.net, or open a bug
-report at <a href=
+<li>Test and report any issues to alex_b@users.sourceforge.net, or
+open a bug report at <a href=
"http://sourceforge.net/tracker/?group_id=51473&atid=463393">Sourceforge</a>.</li>
</ol>
<h3><b>v0.7 to v0.8</b></h3>
<p>To upgrade from v0.7 to v0.8, you should:</p>
<ol>
-<li>Replace <span style="font-weight: bold;">snmptt</span> and <span style=
-"font-weight: bold;">snmpttconvertmib</span> with the new versions contained
-in the v0.8 package. Make sure the files are executable (<span style=
-"font-weight: bold;">chmod +x <span style=
-"font-style: italic;">filename</span></span>)</li>
-<li>Replace your <span style=
-"font-weight: bold;">/etc/rc.d/init.d/snmptt</span> file (<span style=
-"font-weight: bold;">cp snmptt-init.d /etc/rc.d/init.d/snmptt</span>).
-Make sure the file is executable (<span style="font-weight: bold;">chmod +x
+<li>Replace <span style="font-weight: bold;">snmptt</span> and
+<span style="font-weight: bold;">snmpttconvertmib</span> with the
+new versions contained in the v0.8 package. Make sure the
+files are executable (<span style="font-weight: bold;">chmod +x
<span style="font-style: italic;">filename</span></span>)</li>
-<li>Backup your <b>snmptt.ini</b> file, replace it with the new version, and
-make any necessary configuration changes to it</li>
+<li>Replace your <span style=
+"font-weight: bold;">/etc/rc.d/init.d/snmptt</span> file
+(<span style="font-weight: bold;">cp snmptt-init.d
+/etc/rc.d/init.d/snmptt</span>). Make sure the file is
+executable (<span style="font-weight: bold;">chmod +x <span style=
+"font-style: italic;">filename</span></span>)</li>
+<li>Backup your <b>snmptt.ini</b> file, replace it with the new
+version, and make any necessary configuration changes to it</li>
<li>In your snmptt.ini file, configure <span style=
-"font-weight: bold;">translate_log_trap_oid</span> with <span style=
-"font-weight: bold;">translate_trap_oid</span> value from old <span style=
-"font-weight: bold;">snmptt.ini</span></li>
+"font-weight: bold;">translate_log_trap_oid</span> with
+<span style="font-weight: bold;">translate_trap_oid</span> value
+from old <span style="font-weight: bold;">snmptt.ini</span></li>
<li>In your snmptt.ini file, configure <span style=
"font-weight: bold;">translate_value_oids</span> with <span style=
-"font-weight: bold;">translate_oids</span> value from old <span style=
-"font-weight: bold;">snmptt.ini</span></li>
+"font-weight: bold;">translate_oids</span> value from old
+<span style="font-weight: bold;">snmptt.ini</span></li>
<li>In your snmptt.ini file, set <span style=
-"font-weight: bold;">dynamic_nodes</span> to 1 if you want the NODES files to
-be loaded each time an event is processed which is how previous versions of
-snmptt worked<br /></li>
+"font-weight: bold;">dynamic_nodes</span> to 1 if you want the
+NODES files to be loaded each time an event is processed which is
+how previous versions of snmptt worked<br /></li>
<li>In your snmptt.conf files, replace any <span style=
"font-weight: bold;">$A</span> with <span style=
-"font-weight: bold;">$aA</span> unless you want agent host names to be used
-instead of IP addresses</li>
+"font-weight: bold;">$aA</span> unless you want agent host names to
+be used instead of IP addresses</li>
<li>In your snmptt.conf files, replace any <span style=
-"font-weight: bold;">$E</span> with <span style="font-weight: bold;">$e</span>
-unless you want Enterprise trap OID in symbolic format</li>
+"font-weight: bold;">$E</span> with <span style=
+"font-weight: bold;">$e</span> unless you want Enterprise trap OID
+in symbolic format</li>
<li>In your snmptt.conf files, replace any <span style=
-"font-weight: bold;">$O</span> with <span style="font-weight: bold;">$o</span>
-unless you want Trap OID in symbolic format</li>
+"font-weight: bold;">$O</span> with <span style=
+"font-weight: bold;">$o</span> unless you want Trap OID in symbolic
+format</li>
<li>In your snmptt.conf files, append a <span style=
-"font-weight: bold;">g</span> to the end of all REGEX lines to enable global
-search and replace</li>
+"font-weight: bold;">g</span> to the end of all REGEX lines to
+enable global search and replace</li>
<li>Review other translate settings in <span style=
"font-weight: bold;">snmptt.ini</span><br /></li>
<li>Enable any new features in <span style=
"font-weight: bold;">snmptt.ini</span> as required</li>
-<li>If you are using database logging, add a new column called <span style=
-"font-weight: bold;">trapoid</span><br /></li>
-<li>If you are using database logging and you enable conversions of OIDs to
-long names, make sure the table columns are wide enough to hold
-them<br /></li>
-<li>Test and report any issues to alex_b@users.sourceforge.net, or open a bug
-report at <a href=
+<li>If you are using database logging, add a new column called
+<span style="font-weight: bold;">trapoid</span><br /></li>
+<li>If you are using database logging and you enable conversions of
+OIDs to long names, make sure the table columns are wide enough to
+hold them<br /></li>
+<li>Test and report any issues to alex_b@users.sourceforge.net, or
+open a bug report at <a href=
"http://sourceforge.net/tracker/?group_id=51473&atid=463393">Sourceforge</a>.</li>
</ol>
<h3><b>v0.6 to v0.7</b></h3>
<p>To upgrade from v0.6 to v0.7, you should:</p>
<ol>
-<li>Replace <b>SNMPTT</b> and <b>SNMPTTCONVERTMIB</b> with the new versions
-contained in the v0.7 package</li>
-<li>Backup your <b>snmptt.ini</b> file, replace it with the new version, and
-make any necessary configuration changes to it</li>
+<li>Replace <b>SNMPTT</b> and <b>SNMPTTCONVERTMIB</b> with the new
+versions contained in the v0.7 package</li>
+<li>Backup your <b>snmptt.ini</b> file, replace it with the new
+version, and make any necessary configuration changes to it</li>
<li>Enable any new features in <span style=
"font-weight: bold;">snmptt.ini</span> as required</li>
-<li>Test and report any issues to alex_b@users.sourceforge.net, or open a bug
-report at <a href=
+<li>Test and report any issues to alex_b@users.sourceforge.net, or
+open a bug report at <a href=
"http://sourceforge.net/tracker/?group_id=51473&atid=463393">Sourceforge</a>.</li>
</ol>
<h3><b>v0.5 to v0.6</b></h3>
<p>To upgrade from v0.5 to v0.6, you should:</p>
<ol>
-<li>Replace <b>SNMPTTHANDLER, SNMPTT</b> and <b>SNMPTTCONVERTMIB</b> with the
-new versions contained in the v0.6 package</li>
-<li>Backup your <b>snmptt.ini</b> file, replace it with the new version, and
-make any necessary configuration changes to it</li>
+<li>Replace <b>SNMPTTHANDLER, SNMPTT</b> and
+<b>SNMPTTCONVERTMIB</b> with the new versions contained in the v0.6
+package</li>
+<li>Backup your <b>snmptt.ini</b> file, replace it with the new
+version, and make any necessary configuration changes to it</li>
<li>Enable any new features in <span style=
"font-weight: bold;">snmptt.ini</span> as required</li>
-<li>Test and report any issues to alex_b@users.sourceforge.net, or open a bug
-report at <a href=
+<li>Test and report any issues to alex_b@users.sourceforge.net, or
+open a bug report at <a href=
"http://sourceforge.net/tracker/?group_id=51473&atid=463393">Sourceforge</a>.<br />
</li>
</ol>
<h3><b>v0.4 to v0.5</b></h3>
<p>To upgrade from v0.1, v0.2 to v0.3 to v0.4, you should:</p>
<ol>
-<li>Set <b>use_trap_time</b> to <b>0</b> to have SNMPTT operate the same as
-v0.4, or leave as 1 (recommended default) and test</li>
-<li>Replace <b><u>both</u></b> <b>SNMPTTHANDLER</b> and <b>SNMPTT</b> with the
-new versions contained in the v0.5 package</li>
-<li>Backup your <b>snmptt.ini</b> file, replace it with the new version, and
-make any necessary configuration changes to it</li>
+<li>Set <b>use_trap_time</b> to <b>0</b> to have SNMPTT operate the
+same as v0.4, or leave as 1 (recommended default) and test</li>
+<li>Replace <b><u>both</u></b> <b>SNMPTTHANDLER</b> and
+<b>SNMPTT</b> with the new versions contained in the v0.5
+package</li>
+<li>Backup your <b>snmptt.ini</b> file, replace it with the new
+version, and make any necessary configuration changes to it</li>
</ol>
<h3><b>v0.1, v0.2 or v0.3 to v0.4</b></h3>
<p>To upgrade from v0.1, v0.2 to v0.3 to v0.4, you should:</p>
<ol>
-<li>In your snmptt.conf file, replace all <b>$x</b> with <b>$x $X</b> (see
-What's New section)</li>
-<li>In your snmptt.conf file, replace all <b>$S</b> with <b>$N (</b>see What's
-New section)</li>
-<li>Configure the snmptt.ini as described in this file - configuration options
-are no longer stored in the snmptt and snmptthandler scripts</li>
-<li>If your snmptt.conf file contained a list of other snmptt.conf files
-instead of trap definitions, move that list to the snmptt.ini file</li>
+<li>In your snmptt.conf file, replace all <b>$x</b> with <b>$x
+$X</b> (see What's New section)</li>
+<li>In your snmptt.conf file, replace all <b>$S</b> with <b>$N
+(</b>see What's New section)</li>
+<li>Configure the snmptt.ini as described in this file -
+configuration options are no longer stored in the snmptt and
+snmptthandler scripts</li>
+<li>If your snmptt.conf file contained a list of other snmptt.conf
+files instead of trap definitions, move that list to the snmptt.ini
+file</li>
</ol>
<h2><a id="Installation-Overview" name=
"Installation-Overview"></a>Installation - Overview</h2>
-The following outlines the general steps required to install and configure
-SNMPTT:<br />
+The following outlines the general steps required to install and
+configure SNMPTT:<br />
<br />
<ol>
<li>Install Net-SNMP and SNMPTT as described below</li>
<li>Create an <b>snmptt.conf</b> file <a href=
-"#SNMPTT.CONF-Configuration-file-format">by hand</a>, or using <a href=
+"#SNMPTT.CONF-Configuration-file-format">by hand</a>, or using
+<a href=
"#SNMP-Trap-Translator-Convert-MIB">snmpttconvertmib<br /></a></li>
-<li><a href="#Configuration-Options">Modify snmptt.ini</a> to include the
-<b>snmptt.conf</b> file and set any desired options</li>
+<li><a href="#Configuration-Options">Modify snmptt.ini</a> to
+include the <b>snmptt.conf</b> file and set any desired
+options</li>
<li><a href="#Installation-Unix">Start snmptt</a></li>
-<li>Configure your network devices to send traps to the Net-SNMP / SNMPTT
-machine</li>
-<li>Initiate a trap on your network device and check the SNMPTT log files for
-the result</li>
+<li>Configure your network devices to send traps to the Net-SNMP /
+SNMPTT machine</li>
+<li>Initiate a trap on your network device and check the SNMPTT log
+files for the result</li>
<li>Secure the SNMPTT installation<br /></li>
</ol>
-<h3><a id="Installation-Unix" name="Installation-Unix"></a>Installation -
-Unix</h3>
+<h3><a id="Installation-Unix" name=
+"Installation-Unix"></a>Installation - Unix</h3>
<p>1. <b><u>Read this entire file to understand how snmptt
works</u></b></p>
<p>2. Copy <b>snmptt</b> to <span style=
-"font-weight: bold;">/usr/sbin/</span> and ensure it is executable (<b>chmod
-+x snmptt</b>)</p>
+"font-weight: bold;">/usr/sbin/</span> and ensure it is executable
+(<b>chmod +x snmptt</b>)</p>
<p>3. Copy <b>snmptthandler</b> to <span style=
-"font-weight: bold;">/usr/sbin/</span> and ensure it is executable (<b>chmod
-+x snmptthandler</b>)</p>
-<p>4. Copy <b>snmptt.ini</b> to <b>/etc/snmp/</b> or <span style=
-"font-weight: bold;">/etc/</span> and edit the options inside the file.</p>
-<p>5a. For <b>standlone mode: </b> Modify the Net-SNMP
-<span style="font-weight: bold;">snmptrapd.conf</span> file by adding the
-following line:</p>
+"font-weight: bold;">/usr/sbin/</span> and ensure it is executable
+(<b>chmod +x snmptthandler</b>)</p>
+<p>4. Copy <b>snmptt.ini</b> to <b>/etc/snmp/</b> or
+<span style="font-weight: bold;">/etc/</span> and edit the options
+inside the file.</p>
+<p>5a. For <b>standlone mode: </b> Modify the
+Net-SNMP <span style="font-weight: bold;">snmptrapd.conf</span>
+file by adding the following line:</p>
<blockquote><b>traphandle default /usr/sbin/snmptt</b>
-<p>Note: It is possible to configure snmptrapd to execute
-<span style="font-weight: bold;">snmptt</span> based on the specific trap
-received, but using the <span style="font-weight: bold;">default</span> option
-is preferred</p>
+<p>Note: It is possible to configure snmptrapd to
+execute <span style="font-weight: bold;">snmptt</span> based on the
+specific trap received, but using the <span style=
+"font-weight: bold;">default</span> option is preferred</p>
</blockquote>
5b. For <b>daemon mode: </b> Modify the Net-SNMP
snmptrapd.conf file by adding the following line:
@@ -856,106 +1067,120 @@
<p>Launch snmptt using:</p>
<p><b>snmptt --daemon</b></p>
</blockquote>
-<blockquote>A startup script is included which can be used to start and stop
-<b>snmptt</b> on Mandrake, RedHat and other systems. Copy the script to
-the init.d directory (renaming the file during the copy):
+<blockquote>A startup script is included which can be used to start
+and stop <b>snmptt</b> on Mandrake, RedHat and other systems.
+Copy the script to the init.d directory (renaming the file during
+the copy):
<p><b>cp snmptt.init.d to /etc/rc.d/init.d/snmptt</b></p>
<p>Add the service using <span style=
"font-weight: bold;">chkconfig</span>:</p>
<p><b>chkconfig --add snmptt</b></p>
<p>Configure the service to start at runlevel 2345:</p>
<p><b>chkconfig --level 2345 snmptt on</b></p>
-<p>Snmptt will be started at the next reboot, or can be started immediately
-with:</p>
+<p>Snmptt will be started at the next reboot, or can be started
+immediately with:</p>
<p><b>service snmptt start</b></p>
<p>or</p>
<p><b>/etc/rc.d/init.d/snmptt start</b></p>
</blockquote>
-6. Start <span style="font-weight: bold;">snmptrapd</span> using the
-command line: <span style="font-weight: bold;">snmptrapd
--On</span>.<br />
+6. Start <span style="font-weight: bold;">snmptrapd</span>
+using the command line: <span style=
+"font-weight: bold;">snmptrapd -On</span>.<br />
You should be able to edit the
-<b>/etc/rc.d/init.d/snmptrapd</b> script if you have one and change<br />
- the <b>OPTIONS</b> to <b>"-On"</b>. <b><br />
+<b>/etc/rc.d/init.d/snmptrapd</b> script if you have one and
+change<br />
+ the <b>OPTIONS</b> to <b>"-On"</b>.
+<b><br />
<span style="font-weight: bold;"><br /></span></b>
<div style="margin-left: 40px;"><b><span style=
-"font-weight: bold;">Note: The -On is recommended. This will make
-snmptrapd pass OIDs in numeric form</span> <span style=
-"font-weight: bold;">and prevent SNMPTT from having to translate the symbolic
-name to numerical form. If</span> <span style=
-"font-weight: bold;">the</span></b> <span style="font-weight: bold;">UCD-SNMP
-/ Net-SNMP Perl module is not installed, then you MUST use the -On
-switch. Depending on the version of UCD-SNMP / Net-SNMP, some symbolic
-names may not translate correctly. See the FAQ for more
-info.</span></div>
+"font-weight: bold;">Note: The -On is recommended. This
+will make snmptrapd pass OIDs in numeric form</span> <span style=
+"font-weight: bold;">and prevent SNMPTT from having to translate
+the symbolic name to numerical form. If</span> <span style=
+"font-weight: bold;">the</span></b> <span style=
+"font-weight: bold;">UCD-SNMP / Net-SNMP Perl module is not
+installed, then you MUST use the -On switch. Depending on the
+version of UCD-SNMP / Net-SNMP, some symbolic names may not
+translate correctly. See the FAQ for more info.</span></div>
<p> As an alternative, you can edit your
-<b>snmp.conf</b> file to include the line: <b>printNumericOids 1. </b>
-This setting will take effect no matter what is used on the command line.</p>
-<p>7. See the <a href="#SecuringSNMPTT">Securing SNMPTT</a> section.</p>
+<b>snmp.conf</b> file to include the line: <b>printNumericOids
+1. </b> This setting will take effect no matter what is used
+on the command line.</p>
+<p>7. See the <a href="#SecuringSNMPTT">Securing SNMPTT</a>
+section.</p>
<br />
-<h3><a id="Installation-Windows" name="Installation-Windows"></a>Installation
-- Windows</h3>
+<h3><a id="Installation-Windows" name=
+"Installation-Windows"></a>Installation - Windows</h3>
<p>1. <b><u>Read this entire file to understand how snmptt
works</u></b></p>
<p>2. Create the directory <span style=
"font-weight: bold;">c:\snmp</span> and copy <b>snmptt</b> and
<b>snmptthandler</b> to it. </p>
-<p>3. Copy <b>snmptt.ini-nt</b> to <b>%SystemRoot%\snmptt.ini</b>
-(c:\winnt\snmptt.ini) and edit the options inside the file.</p>
-<p>4a. For <b>standlone mode: </b> Modify the Net-SNMP
-snmptrapd.conf file by adding the following line:</p>
-<blockquote><b>traphandle default perl c:\snmp\snmptt</b></blockquote>
-<blockquote>Note: It is possible to configure snmptrapd to execute
-snmptt based on the specific trap received, but using the <span style=
-"font-weight: bold;">default</span> option is preferred</blockquote>
+<p>3. Copy <b>snmptt.ini-nt</b> to
+<b>%SystemRoot%\snmptt.ini</b> (c:\winnt\snmptt.ini) and edit the
+options inside the file.</p>
+<p>4a. For <b>standlone mode: </b> Modify the
+Net-SNMP snmptrapd.conf file by adding the following line:</p>
+<blockquote><b>traphandle default perl
+c:\snmp\snmptt</b></blockquote>
+<blockquote>Note: It is possible to configure snmptrapd
+to execute snmptt based on the specific trap received, but using
+the <span style="font-weight: bold;">default</span> option is
+preferred</blockquote>
4b. For <b>daemon mode: </b> Modify the Net-SNMP
snmptrapd.conf file by adding the following line:
<blockquote><b>traphandle default perl c:\snmp\snmptthandler</b>
<p>Launch snmptt using:</p>
<p><b>snmptt --daemon</b></p>
-5. Start SNMPTRAPD using the command line: SNMPTRAPD -On.
-<b><br /></b><b><span style="font-weight: bold;">
-Note: The -On is recommended. This will make snmptrapd pass OIDs
-in numeric form</span><br style="font-weight: bold;" />
-<span style="font-weight: bold;"> and prevent SNMPTT
-from having to translate the symbolic name to numerical form.
-If</span><br style="font-weight: bold;" />
-<span style="font-weight: bold;"> the</span></b>
-<span style="font-weight: bold;">UCD-SNMP / Net-SNMP Perl module is not
-installed, then you MUST use the<br />
- -On switch. Depending on the version of
-UCD-SNMP / Net-SNMP, some symbolic names<br />
- may not translate correctly. See the FAQ for
-more info.<br /></span><br />
- As an alternative, you can edit your <b>snmp.conf</b>
-file to include the line: <b>printNumericOids 1. </b> This setting will
-take effect no matter what is used on the command line.<br />
+5. Start SNMPTRAPD using the command line: SNMPTRAPD
+-On. <b><br /></b> <b><span style=
+"font-weight: bold;"> Note: The -On
+is recommended. This will make snmptrapd pass OIDs in numeric
+form</span><br style="font-weight: bold;" />
+<span style="font-weight: bold;"> and
+prevent SNMPTT from having to translate the symbolic name to
+numerical form. If</span><br style="font-weight: bold;" />
+<span style="font-weight: bold;">
+the</span></b> <span style="font-weight: bold;">UCD-SNMP / Net-SNMP
+Perl module is not installed, then you MUST use the<br />
+ -On switch. Depending on the version
+of UCD-SNMP / Net-SNMP, some symbolic names<br />
+ may not translate correctly. See the
+FAQ for more info.<br /></span><br />
+ As an alternative, you can edit your
+<b>snmp.conf</b> file to include the line: <b>printNumericOids
+1. </b> This setting will take effect no matter what is used
+on the command line.<br />
<br />
-6. See the <a href="#SecuringSNMPTT">Securing SNMPTT</a> section.<br />
+6. See the <a href="#SecuringSNMPTT">Securing SNMPTT</a>
+section.<br />
<br />
<p><b><u>Windows NT EventLog:</u></b></p>
-<p>If you have enabled Windows Event Log support, then you must install an
-Event Message File to prevent "Event Message Not Found" messages from
-appearing in the Event Log. Microsoft Knowledge Base article KB166902
-contains information on this error.</p>
-<p>The Event Message File is a binary DLL file. Included with SNMPTT is
-a pre-compiled binary. To compile the DLL yourself, see 'Compiling'
-below.</p>
+<p>If you have enabled Windows Event Log support, then you must
+install an Event Message File to prevent "Event Message Not Found"
+messages from appearing in the Event Log. Microsoft Knowledge
+Base article KB166902 contains information on this error.</p>
+<p>The Event Message File is a binary DLL file. Included with
+SNMPTT is a pre-compiled binary. To compile the DLL yourself,
+see 'Compiling' below.</p>
<p>To install the DLL:</p>
<ol>
<li>Backup your system</li>
<li>Make sure Event Viewer is not open</li>
-<li>Copy <b>bin\snmptt-eventlog.dll</b> to <b>%windir%\system32</b></li>
+<li>Copy <b>bin\snmptt-eventlog.dll</b> to
+<b>%windir%\system32</b></li>
<li>Launch the Registry Editor</li>
<li>Go to
'<b>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application</b>'</li>
-<li>Create a new subkey (under Application) called <b>SNMPTT</b></li>
+<li>Create a new subkey (under Application) called
+<b>SNMPTT</b></li>
<li>Inside of the <b>SNMPTT</b> key, create a new <span style=
-"font-weight: bold;">String</span> Value called <b>EventMessageFile</b>.
-Give it a value of <b>%windir%\system32\snmptt-eventlog.dll.</b></li>
+"font-weight: bold;">String</span> Value called
+<b>EventMessageFile</b>. Give it a value of
+<b>%windir%\system32\snmptt-eventlog.dll.</b></li>
<li>Inside of the <b>SNMPTT</b> key, create a new <span style=
-"font-weight: bold;">DWORD</span> Value called <b>TypesSupported</b>.
-Give it a value of <b>7</b>.</li>
+"font-weight: bold;">DWORD</span> Value called
+<b>TypesSupported</b>. Give it a value of <b>7</b>.</li>
</ol>
To un-install the DLL:
<ol>
@@ -969,166 +1194,188 @@
</ol>
Compiling snmptt-eventlog.dll (MS Visual C++ required)
<ol>
-<li>If your environment is not already set up for command line compilation,
-locate <b>vcvars32.bat</b>, start a command prompt, and execute it
-(<span style="font-weight: bold;">vcvars32.bat</span>).<br /></li>
+<li>If your environment is not already set up for command line
+compilation, locate <b>vcvars32.bat</b>, start a command prompt,
+and execute it (<span style=
+"font-weight: bold;">vcvars32.bat</span>).<br /></li>
<li>cd into the directory where <span style=
-"font-weight: bold;">snmptt-eventlog.mc</span> is located (included with
-SNMPTT) and execute the following commands:</li>
+"font-weight: bold;">snmptt-eventlog.mc</span> is located (included
+with SNMPTT) and execute the following commands:</li>
<li><b>mc snmptt-eventlog.mc</b></li>
<li><b>rc /r snmptt-eventlog.rc</b></li>
-<li><b>link /nodefaultlib /INCREMENTAL:NO /release /nologo -base:0x60000000
--machine:i386 -dll -noentry -out:snmptt-eventlog.dll
-snmptt-eventlog.res</b></li>
+<li><b>link /nodefaultlib /INCREMENTAL:NO /release /nologo
+-base:0x60000000 -machine:i386 -dll -noentry
+-out:snmptt-eventlog.dll snmptt-eventlog.res</b></li>
<li>Install the DLL as described above</li>
</ol>
<p><br />
<b><u>Windows NT Service:</u></b></p>
<p>To configure SNMPTT as a service under Windows NT, follow these
-steps. More information can be obtained from the Windows NT Resource
-Kit.</p>
+steps. More information can be obtained from the Windows NT
+Resource Kit.</p>
<p>1. Install the Windows NT resource kit</p>
<p>2. Copy the <b>srvany.exe</b> program to
-<b>c:\winnt\system32</b> from <b>c:\Program Files\Resource Kit *</b></p>
+<b>c:\winnt\system32</b> from <b>c:\Program Files\Resource Kit
+*</b></p>
<p>3. Install the SNMPTT service using:</p>
<p> <b>instsrv SNMPTT
c:\winnt\system32\srvany.exe</b></p>
<p>4. Configure the service:</p>
-<p> Launch <b>REGEDIT</b></p>
+<p> Launch
+<b>REGEDIT</b></p>
<p> Go to
<b>HKLM\SYSTEM\CurrentControlSet\SNMPTT</b></p>
<p> Create a key called:
<b>Parameters</b></p>
-<p> Inside of Parameters, create a
-Sting Value (REG_SZ) called <b>Application</b> with the value of:
-<b>c:\perl\bin\perl.exe</b></p>
-<p> Inside of Parameters, create a
-Sting Value (REG_SZ) called <b>AppParameters</b> with the value of:
-<b>c:\snmp\snmptt --daemon</b></p>
-<p>5. Start the service from the control panel, or from a
-command prompt, type: <b>net start snmptt</b></p>
-To remove the service, type: <b>instsrv SNMPTT remove</b><br />
-<h3><a id="SecuringSNMPTT" name="SecuringSNMPTT"></a>Securing SNMPTT</h3>
-As with most software, SNMPTT should be run without root or administrator
-privileges. Running with a non privileged account can help restrict what
-actions can occur when using features such as <span style=
-"font-weight: bold;">EXEC</span> and <span style=
-"font-weight: bold;">REGEX</span>.<br />
-<br />
-For Linux and Unix, a user called '<span style=
-"font-weight: bold;">snmptt</span>' should be created and the <span style=
-"font-weight: bold;">snmptt.ini</span> option <span style=
-"font-weight: bold;">daemon_uid</span> set to the numerical user id (eg: 500)
-or textual user id (snmptt).<br />
-<br />
-Before forking to the background in daemon mode, SNMPTT will change to the
-defined user id. If the system syslog (<span style=
-"font-weight: bold;">syslog_system_enable</span>) is enabled, a message will
-be logged stating the user id has been changed. All processing from that
-point on will be as the new user id. This can be verified by checking
-the user id in the syslog for traps and system messages. For example, if
-the user id was changed to 500, the syslog would contain entries with
-<span style="font-weight: bold;">snmptt[500]</span>. When running as
+<p> Inside of Parameters,
+create a Sting Value (REG_SZ) called <b>Application</b> with the
+value of: <b>c:\perl\bin\perl.exe</b></p>
+<p> Inside of Parameters,
+create a Sting Value (REG_SZ) called <b>AppParameters</b> with the
+value of: <b>c:\snmp\snmptt --daemon</b></p>
+<p>5. Start the service from the control panel,
+or from a command prompt, type: <b>net start snmptt</b></p>
+To remove the service, type: <b>instsrv SNMPTT
+remove</b><br />
+<h3><a id="SecuringSNMPTT" name="SecuringSNMPTT"></a>Securing
+SNMPTT</h3>
+As with most software, SNMPTT should be run without root or
+administrator privileges. Running with a non privileged
+account can help restrict what actions can occur when using
+features such as <span style="font-weight: bold;">EXEC</span> and
+<span style="font-weight: bold;">REGEX</span>.<br />
+<br />
+For Linux and Unix, if you start SNMPTT as root, a user called
+'<span style="font-weight: bold;">snmptt</span>' should be created
+and the <span style="font-weight: bold;">snmptt.ini</span> option
+<span style="font-weight: bold;">daemon_uid</span> should be set to
+the numerical user id (eg: 500) or textual user id (snmptt).
+<b>Only define daemon_uid if starting snmptt using root.</b><br />
+<br />
+If you start SNMPTT as a non-root user, then <b>daemon_uid</b> is
+not required (and will probably not work).<br />
+<br />
+When using <b>daemon_uid</b> in daemon mode, there will be two
+SNMPTT processes. The first will run as root and will be
+responsible for creating the .pid file, and for cleaning up the
+.pid file on exit. The second process will run as the user defined
+by <b>daemon_uid</b>. If the system syslog (<span style=
+"font-weight: bold;">syslog_system_enable</span>) is enabled, a
+message will be logged stating the user id has been changed. All
+processing from that point on will be as the new user id. This can
+be verified by checking the user id in the syslog for traps and
+system messages. For example, if the user id was changed to 500,
+the syslog would contain entries with <span style=
+"font-weight: bold;">snmptt[500]</span>. When running as
root, entries will contain <span style=
"font-weight: bold;">snmptt[0]</span>.<br />
<br />
For Windows, a local or domain user account called '<span style=
-"font-weight: bold;">snmptt</span>' should be created. If running as an
-NT service, the service should be configured to use the <span style=
-"font-weight: bold;">snmptt</span> user account. Otherwise the system
-should be logged in locally with the <span style=
-"font-weight: bold;">snmptt</span> account before launching SNMPTT in daemon
-mode.<br />
-<br />
-The script <span style="font-weight: bold;">snmptthandler</span> which is
-called from Net-SNMP's <span style="font-weight: bold;">snmptrapd</span> will
-be executed in the same security context as <span style=
+"font-weight: bold;">snmptt</span>' should be created. If
+running as an NT service, the service should be configured to use
+the <span style="font-weight: bold;">snmptt</span> user
+account. Otherwise the system should be logged in locally
+with the <span style="font-weight: bold;">snmptt</span> account
+before launching SNMPTT in daemon mode.<br />
+<br />
+The script <span style="font-weight: bold;">snmptthandler</span>
+which is called from Net-SNMP's <span style=
+"font-weight: bold;">snmptrapd</span> will be executed in the same
+security context as <span style=
"font-weight: bold;">snmptrapd</span>. <br />
<br />
-The <span style="font-weight: bold;">snmptt</span> user should be configured
-with the following permissions:
+The <span style="font-weight: bold;">snmptt</span> user should be
+configured with the following permissions:
<ul>
-<li>read / delete access to spool directory to be able to read new traps, and
-delete processed traps<br /></li>
-<li>read access to configuration files (snmptt.ini and all snmptt.conf
-files)</li>
-<li>write access to log files (snmptt.log, snmptt.debug if enabled)</li>
-<li>any other permissions required for EXEC statements to execute<br /></li>
-</ul>
-If <span style="font-weight: bold;">snmptrapd</span> is run as a non root /
-administrator, it should be configured with the following permissions:<br />
+<li>read / delete access to spool directory to be able to read new
+traps, and delete processed traps<br /></li>
+<li>read access to configuration files (snmptt.ini and all
+snmptt.conf files)</li>
+<li>write access to log files (snmptt.log, snmptt.debug if
+enabled)</li>
+<li>any other permissions required for EXEC statements to
+execute<br /></li>
+</ul>
+If <span style="font-weight: bold;">snmptrapd</span> is run as a
+non root / administrator, it should be configured with the
+following permissions:<br />
<ul>
<li>write access to spool directory</li>
</ul>
-Note: It is recommended that only the user running <span style=
-"font-weight: bold;">snmptrapd</span> and the <span style=
-"font-weight: bold;">snmptt</span> user be given permission to the spool
-folder. This will prevent other users from placing files into the spool
-folder such as non-trap related files, or the <span style=
-"font-weight: bold;">!reload</span> file which causes SNMPTT to reload.
+Note: It is recommended that only the user running
+<span style="font-weight: bold;">snmptrapd</span> and the
+<span style="font-weight: bold;">snmptt</span> user be given
+permission to the spool folder. This will prevent other users
+from placing files into the spool folder such as non-trap related
+files, or the <span style="font-weight: bold;">!reload</span> file
+which causes SNMPTT to reload.
<h2><a id="Configuration-Options" name=
"Configuration-Options"></a>Configuration Options - snmptt.ini</h2>
-<p>As mentioned throughout this document, configuration options are set by
-editing the <b>snmptt.ini</b> file.</p>
-<p>For Linux / Unix, the following directories are searched to locate
-<b>snmptt.ini</b>:</p>
+<p>As mentioned throughout this document, configuration options are
+set by editing the <b>snmptt.ini</b> file.</p>
+<p>For Linux / Unix, the following directories are searched to
+locate <b>snmptt.ini</b>:</p>
<blockquote><b>/etc/snmp/</b><br />
<b>/etc/</b><br />
<b>/usr/local/etc/snmp/</b><br />
<b>/usr/local/etc/</b></blockquote>
-<p>For Windows, the file should be in <b>%SystemRoot%\</b>. For example,
-<b>c:\winnt</b> or <b>c:\windows</b>.</p>
-<p>The location of the ini file can be set on the command line using the
-<b>-ini=</b> parameter. See <a href="#Command-line-arguments">Command
-Line Arguments</a>.</p>
-<p>A sample <b>snmptt.ini</b> is provided in this package. For Windows
-NT, be sure to copy the <b>snmptt.ini-nt</b> file to
-<b>%SystemRoot%\snmptt.ini</b>. Be sure to remove the <span style=
-"font-weight: bold;">-nt</span> from the end of the filename.</p>
-<p style="text-decoration: underline;"><span style="font-weight: bold;">This
-readme file does not document all configuration options available in
-the</span> <b style="font-weight: bold;">snmptt.ini</b> <span style=
+<p>For Windows, the file should be in <b>%SystemRoot%\</b>.
+For example, <b>c:\winnt</b> or <b>c:\windows</b>.</p>
+<p>The location of the ini file can be set on the command line
+using the <b>-ini=</b> parameter. See <a href=
+"#Command-line-arguments">Command Line Arguments</a>.</p>
+<p>A sample <b>snmptt.ini</b> is provided in this package.
+For Windows NT, be sure to copy the <b>snmptt.ini-nt</b> file to
+<b>%SystemRoot%\snmptt.ini</b>. Be sure to remove the
+<span style="font-weight: bold;">-nt</span> from the end of the
+filename.</p>
+<p style="text-decoration: underline;"><span style=
+"font-weight: bold;">This readme file does not document all
+configuration options available in the</span> <b style=
+"font-weight: bold;">snmptt.ini</b> <span style=
"font-weight: bold;">as the</span> <b style=
-"font-weight: bold;">snmptt.ini</b> <span style="font-weight: bold;">file
-contains detailed descriptions for each option.<br /></span></p>
-<h2><a id="LoggingStandard" name="LoggingStandard"></a>Logging - Standard</h2>
-<p>Translated traps can be sent to standard output and to a log file.
-The output format is:</p>
+"font-weight: bold;">snmptt.ini</b> <span style=
+"font-weight: bold;">file contains detailed descriptions for each
+option.<br /></span></p>
+<h2><a id="LoggingStandard" name="LoggingStandard"></a>Logging -
+Standard</h2>
+<p>Translated traps can be sent to standard output and to a log
+file. The output format is:</p>
<blockquote><b>date trap-oid severity category hostname
translated-trap</b></blockquote>
-To configure standard output or regular logging, edit the <b>snmptt.ini</b>
-file and modify the following variables:
+To configure standard output or regular logging, edit the
+<b>snmptt.ini</b> file and modify the following variables:
<blockquote><b>enable_stdout</b><br />
<b>enable_log</b><br />
<b>log_file</b></blockquote>
-<h3><a id="LoggingUnknown" name="LoggingUnknown"></a>Logging - Unknown
-traps</h3>
-<p>Logging of unrecognized traps is also possible. This would be used
-mainly for troubleshooting purposes.</p>
-<p>To configure unknown trap logging, edit the snmptt.ini file and modify the
-following variables:</p>
-<blockquote>
- <b>enable_unknown_trap_log</b><br />
- <b>unknown_trap_log_file<br /></b>
-</blockquote>
-Unknown traps can also be logged to a SQL table as described in the <a href=
-"#LoggingDatabase">Database</a> section.<br />
-<h3><a id="LoggingSyslog" name="LoggingSyslog"></a>Logging - Syslog</h3>
-<p>Translated traps can also be sent to syslog. The format of the
-entries will be similar to above without the date (as syslogd logs the
-date):</p>
+<h3><a id="LoggingUnknown" name="LoggingUnknown"></a>Logging -
+Unknown traps</h3>
+<p>Logging of unrecognized traps is also possible. This would
+be used mainly for troubleshooting purposes.</p>
+<p>To configure unknown trap logging, edit the snmptt.ini file and
+modify the following variables:</p>
+<blockquote><b>enable_unknown_trap_log</b><br />
+<b>unknown_trap_log_file<br /></b></blockquote>
+Unknown traps can also be logged to a SQL table as described in the
+<a href="#LoggingDatabase">Database</a> section.<br />
+<h3><a id="LoggingSyslog" name="LoggingSyslog"></a>Logging -
+Syslog</h3>
+<p>Translated traps can also be sent to syslog. The format of
+the entries will be similar to above without the date (as syslogd
+logs the date):</p>
<blockquote><b>trap-oid severity category hostname
translated-trap</b></blockquote>
-Syslog entries normally start with: <span style="font-weight: bold;">date
-hostname snmptt[<span style="font-style: italic;">pid</span>]:</span><br />
+Syslog entries normally start with: <span style=
+"font-weight: bold;">date hostname snmptt[<span style=
+"font-style: italic;">pid</span>]:</span><br />
<br />
-To configure syslog, edit the snmptt ini file and modify the following
-variables:
+To configure syslog, edit the snmptt ini file and modify the
+following variables:
<blockquote><b>syslog_enable</b><br />
<b>syslog_facility</b><br />
<b>syslog_level</b></blockquote>
-SNMPTT system errors can be sent to syslog by editing the snmptt.ini file and
-modifying the following variables:
+SNMPTT system errors can be sent to syslog by editing the
+snmptt.ini file and modifying the following variables:
<blockquote><b>syslog_system_enable</b><br />
<b>syslog_system_facility</b><br />
<b>syslog_system_level</b></blockquote>
@@ -1142,13 +1389,15 @@
Unable to read spool dir <i>x</i> <b>(*)</b><br />
Could not open trap file <i>x</i> <b>(*)</b><br />
Unable to delete trap file <i>x</i> from spool dir <b>(*)</b><br />
-Unable to delete !reload file spool dir <b>(*)<br /></b> Unable to delete
-!statistics file spool dir <b>(*)</b><br />
+Unable to delete !reload file spool dir <b>(*)<br /></b> Unable to
+delete !statistics file spool dir <b>(*)</b><br />
Reloading configuration file(s) <b>(*)</b><br />
SNMPTT (version) shutdown <b>(*)</b><br />
Loading <i>snmpttconfigfile</i> <b>(*)</b><br />
-Could not open configuration file: <i>snmpttconfigfile</i><b>(*)</b><br />
-Finished loading <i>x</i> lines from <i>snmpttconfigfile</i> <b>(*)</b><br />
+Could not open configuration file:
+<i>snmpttconfigfile</i><b>(*)</b><br />
+Finished loading <i>x</i> lines from <i>snmpttconfigfile</i>
+<b>(*)</b><br />
MySQL error: Unable to connect to database<br />
SQL error: Unable to connect to DSN<br />
Can not open log file <i>logfile</i><br />
@@ -1161,31 +1410,36 @@
PostgreSQL error: Unable to perform INSERT INTO (EXECUTE)<br />
<p><b>* (daemon mode only)</b></p>
</blockquote>
-<h3><a id="LoggingEventLog" name="LoggingEventLog"></a>Logging - EventLog</h3>
-<p>Translated traps can also be sent to the NT EventLog. All traps are
-logged under <span style="font-weight: bold;">EventID 2</span> under the
-source <span style="font-weight: bold;">SNMPTT</span>. The format of the
-entries will be similar to above without the date (as the Event Log logs the
-date):</p>
+<h3><a id="LoggingEventLog" name="LoggingEventLog"></a>Logging -
+EventLog</h3>
+<p>Translated traps can also be sent to the NT EventLog. All
+traps are logged under <span style="font-weight: bold;">EventID
+2</span> under the source <span style=
+"font-weight: bold;">SNMPTT</span>. The format of the entries
+will be similar to above without the date (as the Event Log logs
+the date):</p>
<blockquote><b>trap-oid severity category hostname
translated-trap</b></blockquote>
-To configure eventlog support, edit the snmptt ini file and modify the
-following variables:
+To configure eventlog support, edit the snmptt ini file and modify
+the following variables:
<blockquote><b>eventlog_enable</b><br />
<b>eventlog_type</b></blockquote>
-SNMPTT system errors can be sent to the Event Log by editing the snmptt.ini
-file and modifying the following variables:
+SNMPTT system errors can be sent to the Event Log by editing the
+snmptt.ini file and modifying the following variables:
<blockquote><b>eventlog_system_enable</b></blockquote>
-The following errors are logged. Note that each error contains a unique
-<span style="font-weight: bold;">EventID</span>:<br />
+The following errors are logged. Note that each error
+contains a unique <span style=
+"font-weight: bold;">EventID</span>:<br />
<blockquote>EventID 0: SNMPTT (version) started <b>(*)</b><br />
EventID 3: Unable to enter spool dir <i>x</i> <b>(*)</b><br />
EventID 4: Unable to open spool dir <i>x</i> <b>(*)</b><br />
EventID 5: Unable to read spool dir <i>x</i> <b>(*)</b><br />
EventID 6: Could not open trap file <i>x</i> <b>(*)</b><br />
-EventID 7: Unable to delete trap file <i>x</i> from spool dir <b>(*)</b><br />
-EventID 20: Unable to delete !reload file spool dir <b>(*)<br /></b> EventID
-21: Unable to delete !statistics file spool dir <b>(*)</b><br />
+EventID 7: Unable to delete trap file <i>x</i> from spool dir
+<b>(*)</b><br />
+EventID 20: Unable to delete !reload file spool dir
+<b>(*)<br /></b> EventID 21: Unable to delete !statistics file
+spool dir <b>(*)</b><br />
EventID 8: Reloading configuration file(s) <b>(*)</b><br />
EventID 1: SNMPTT (version) shutdown <b>(*)</b><br />
EventID 9: Loading <i>snmpttconfigfile</i> <b>(*)</b><br />
@@ -1197,46 +1451,53 @@
EventID 13: SQL error: Unable to connect to DSN <i>dsn</i><br />
EventID 14: Can not open log file <i>logfile</i><br />
EventID 23: MySQL error: Unable to perform PREPARE<br />
-EventID 15: MySQL error: Unable to perform INSERT INTO (EXECUTE)<br />
-EventID 16: DBI DBD::ODBC error: Unable to perform INSERT INTO<br />
+EventID 15: MySQL error: Unable to perform INSERT INTO
+(EXECUTE)<br />
+EventID 16: DBI DBD::ODBC error: Unable to perform INSERT
+INTO<br />
EventID 17: Win32::ODBC error: Unable to perform INSERT INTO<br />
EventID 18: PostgreSQL error: Unable to connect to database<br />
EventID 22: PostgreSQL error: Unable to perform PREPARE<br />
-EventID 19: PostgreSQL error: Unable to perform INSERT INTO (EXECUTE)<br />
+EventID 19: PostgreSQL error: Unable to perform INSERT INTO
+(EXECUTE)<br />
<p><b>* (daemon mode only)</b></p>
</blockquote>
Note:
-<blockquote>To prevent "Event Message Not Found" messages in the Event Viewer,
-an Event Message File must be used. For information on installing the
-message file, see the <a href="#Installation%20-%20Windows">Installation
-section for Windows</a>.</blockquote>
-<h3><a id="LoggingDatabase" name="LoggingDatabase"></a>Logging - Database</h3>
-<p>Translated and unrecognized traps can also be sent to a database.
-MySQL (tested under Linux), PostgreSQL (tested under Linux) and ODBC (tested
-under Windows NT) can be used.</p>
-<p>To configure unknown trap logging, edit the snmptt.ini file and modify the
-following variables:</p>
+<blockquote>To prevent "Event Message Not Found" messages in the
+Event Viewer, an Event Message File must be used. For
+information on installing the message file, see the <a href=
+"#Installation%20-%20Windows">Installation section for
+Windows</a>.</blockquote>
+<h3><a id="LoggingDatabase" name="LoggingDatabase"></a>Logging -
+Database</h3>
+<p>Translated and unrecognized traps can also be sent to a
+database. MySQL (tested under Linux), PostgreSQL (tested
+under Linux) and ODBC (tested under Windows NT) can be used.</p>
+<p>To configure unknown trap logging, edit the snmptt.ini file and
+modify the following variables:</p>
<blockquote><b>enable_unknown_trap_log</b><br />
<b>db_unknown_trap_format<br />
<br /></b></blockquote>
<h4><a id="LoggingDatabase-MySQL" name=
"LoggingDatabase-MySQL"></a>DBD::MySQL</h4>
-<p>To configure SNMPTT for MySQL, modify the following variables in the
-snmptt.ini file.</p>
+<p>To configure SNMPTT for MySQL, modify the following variables in
+the snmptt.ini file.</p>
<blockquote><b>mysql_dbi_enable</b><br />
<b>mysql_dbi_host<br /></b> <b>mysql_dbi_port</b><br />
<b>mysql_dbi_database</b><br />
-<b>mysql_dbi_table<br /></b><b>mysql_dbi_table_unknown</b><br />
+<b>mysql_dbi_table<br /></b> <b>mysql_dbi_table_unknown</b><br />
<b>mysql_dbi_username</b><br />
<b>mysql_dbi_password</b></blockquote>
-<p>Note: Sample values are defined in the default ini file.
-Defining <span style="font-weight: bold;">mysql_dbi_table_unknown</span> is
+<p>Note: Sample values are defined in the default ini
+file. Defining <span style=
+"font-weight: bold;">mysql_dbi_table_unknown</span> is
optional.</p>
-<p>The following MySQL script can create the database and table. Permissions
-etc should also be defined. Run '<b>mysql</b>' as root and enter:</p>
+<p>The following MySQL script can create the database and table.
+Permissions etc should also be defined. Run '<b>mysql</b>' as root
+and enter:</p>
<blockquote><b>CREATE DATABASE snmptt;</b><br />
<b>USE snmptt;</b>
-<p><b>DROP TABLE snmptt;;</b><br />
+<p><b>DROP TABLE snmptt;</b><br />
<b>CREATE TABLE snmptt (</b><br />
<b>id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,</b><br />
<b>eventname VARCHAR(50),</b><br />
@@ -1252,12 +1513,16 @@
<b>traptime VARCHAR(30),</b><br />
<b>formatline VARCHAR(255));</b></p>
</blockquote>
-<p>If you do not want the auto-incrementing id column, remove the 'id INT...'
-line.</p>
-<p>If logging of unknown traps to a SQL table is required, create the
-<b>snmptt_unknown</b> table using:</p>
+<p>Note: To store the traptime as a real date/time (<b>DATETIME</b>
+data type), change 'traptime VARCHAR(30),' to 'traptime DATETIME,'
+and set <b>date_time_format_sql</b> in <b>snmptt.ini</b> to
+<b>%Y-%m-%d %H:%M:%S</b>.</p>
+<p>Note: If you do not want the auto-incrementing id column, remove
+the 'id INT...' line.</p>
+<p>If logging of unknown traps to a SQL table is required, create
+the <b>snmptt_unknown</b> table using:</p>
<blockquote><b>USE snmptt;</b>
-<p><b>DROP TABLE snmptt_unknown;;</b><br />
+<p><b>DROP TABLE snmptt_unknown;</b><br />
<b>CREATE TABLE snmptt_unknown (</b><br />
<b>trapoid VARCHAR(100),<br />
enterprise VARCHAR(100),</b><br />
@@ -1268,45 +1533,66 @@
<b>traptime VARCHAR(30),</b><br />
<b>formatline VARCHAR(255));</b></p>
</blockquote>
-<p>All variables are INSERTted into the database as standard text including
-the date and time. The variable lengths I have chosen above should be
+<p>Note: To store the traptime as a real date/time (<b>DATETIME</b>
+data type), change 'traptime VARCHAR(30),' to 'traptime DATETIME,'
+and set <b>date_time_format_sql</b> in <b>snmptt.ini</b> to
+<b>%Y-%m-%d %H:%M:%S</b>.</p>
+<p>If logging of statistics to a SQL table is required, create the
+<b>snmptt_statistics</b> table using:</p>
+<blockquote><b>USE snmptt;</b>
+<p><b>DROP TABLE snmptt_statistics;</b><br />
+<b>CREATE TABLE snmptt_statistics (</b><br />
+<b>stat_time VARCHAR(30),</b><br />
+<b>total_received BIGINT,</b><br />
+<b>total_translated BIGINT,</b><br />
+<b>total_ignored BIGINT,</b><br />
+<b>total_unknown BIGINT);</b><br /></p>
+</blockquote>
+<p>Note: To store the stat_time as a real date/time
+(<b>DATETIME</b> data type), change 'stat_time VARCHAR(30),' to
+'stat_time DATETIME,' and set <b>stat_time_format_sql</b> in
+<b>snmptt.ini</b> to <b>%Y-%m-%d %H:%M:%S</b>.</p>
+<p>Note: The variable lengths I have chosen above should be
sufficient, but they may need to be increased depending on your
environment.</p>
<p>To add a user account called '<b>snmptt</b>' with a password of
-'<b>mytrap</b>' for use by SNMPTT, use the following SQL statement:</p>
-<blockquote><b>GRANT ALL PRIVILEGES ON *.* TO 'snmptt'@'localhost' IDENTIFIED
-BY 'mytrap' WITH GRANT OPTION;</b></blockquote>
+'<b>mytrap</b>' for use by SNMPTT, use the following SQL
+statement:</p>
+<blockquote><b>GRANT ALL PRIVILEGES ON *.* TO 'snmptt'@'localhost'
+IDENTIFIED BY 'mytrap';</b></blockquote>
<br />
<h4><a id="LoggingDatabase-PostgreSQL" name=
"LoggingDatabase-PostgreSQL"></a>DBD::PgPP (PostgreSQL)</h4>
-<p>To configure SNMPTT for PostgreSQL, modify the following variables in the
-snmptt.ini file.</p>
+<p>To configure SNMPTT for PostgreSQL, modify the following
+variables in the snmptt.ini file.</p>
<blockquote><b>postgresql_dbi_enable</b><br />
-<span style="font-weight: bold;">postgresql_dbi_module</span><br style=
-"font-weight: bold;" />
<span style=
-"font-weight: bold;">postgresql_dbi_hostport_enable</span><br style=
+"font-weight: bold;">postgresql_dbi_module</span><br style=
"font-weight: bold;" />
+<span style=
+"font-weight: bold;">postgresql_dbi_hostport_enable</span><br style="font-weight: bold;" />
+
<b>postgresql_dbi_host<br /></b> <b>postgresql_dbi_port</b><br />
<b>postgres</b><b>ql_dbi_database</b><br />
-<b>postgres</b><b>ql_dbi_table<br /></b><b>postgres</b><b>ql_dbi_table_unknown</b><br />
-
+<b>postgres</b><b>ql_dbi_table<br /></b>
+<b>postgres</b><b>ql_dbi_table_unknown</b><br />
<b>postgres</b><b>ql_dbi_username</b><br />
<b>postgres</b><b>ql_dbi_password</b></blockquote>
-<p>Note: Sample values are defined in the default ini file. Defining
-<b>postgresql_dbi_table_unknown</b> is optional.</p>
-<p>The following shell / PostgreSQL commands will drop the existing database
-if it exists and then delete the existing snmptt user. It will then create a
-new snmptt database, a new snmptt user (prompting for a password) and then
-create the table. Run these commands as root.</p>
+<p>Note: Sample values are defined in the default ini file.
+Defining <b>postgresql_dbi_table_unknown</b> is optional.</p>
+<p>The following shell / PostgreSQL commands will drop the existing
+database if it exists and then delete the existing snmptt user. It
+will then create a new snmptt database, a new snmptt user
+(prompting for a password) and then create the table. Run these
+commands as root.</p>
<blockquote>
<p><b>su - postgres<br />
dropdb snmptt<br />
dropuser snmptt<br /></b></p>
-<p>createuser -P snmptt<br />
+<p><b>createuser -P snmptt<br />
createdb -O snmptt snmptt<br />
-psql snmptt</p>
-<p>DROP TABLE snmptt;<br />
+psql snmptt</b></p>
+<p><b>DROP TABLE snmptt;<br />
CREATE TABLE snmptt (<br />
eventname VARCHAR(50),<br />
eventid VARCHAR(50),<br />
@@ -1319,12 +1605,17 @@
severity VARCHAR(20),<br />
uptime VARCHAR(20),<br />
traptime VARCHAR(30),<br />
-formatline VARCHAR(255));</p>
-<p>GRANT ALL ON snmptt TO snmptt;<br />
-\q</p>
-</blockquote>
+formatline VARCHAR(255));</b></p>
+<p><b>GRANT ALL ON snmptt TO snmptt;<br />
+\q</b></p>
+</blockquote>
+<p>Note: To store the traptime as a real date/time
+(<b>timestamp</b> data type), change 'traptime VARCHAR(30),' to
+'traptime timestamp,' and set <b>date_time_format_sql</b> in
+<b>snmptt.ini</b> to <b>%Y-%m-%d %H:%M:%S</b>.</p>
If logging of unknown traps to a SQL table is required, create the
-<span style="font-weight: bold;">snmptt_unknown</span> table using:<br />
+<span style="font-weight: bold;">snmptt_unknown</span> table
+using:<br />
<blockquote><b>su - postgres<br />
psql snmptt<br /></b>
<p><b>DROP TABLE snmptt_unknown;</b><br />
@@ -1337,38 +1628,62 @@
<b>uptime VARCHAR(20),</b><br />
<b>traptime VARCHAR(30),</b><br />
<b>formatline VARCHAR(255));<br /></b></p>
-<p>GRANT ALL ON snmptt_unknown TO snmptt;<br />
-\q</p>
+<p><b>GRANT ALL ON snmptt_unknown TO snmptt;</b><br />
+<b>\q</b></p>
</blockquote>
-All variables are INSERTted into the database as standard text including the
-date and time. The variable lengths I have chosen above should be
-sufficient, but they may need to be increased depending on your
-environment.<br />
+<p>Note: To store the traptime as a real date/time
+(<b>timestamp</b> data type), change 'traptime VARCHAR(30),' to
+'traptime timestamp,' and set <b>date_time_format_sql</b> in
+<b>snmptt.ini</b> to <b>%Y-%m-%d %H:%M:%S</b>.</p>
+If logging of statistics to a SQL table is required, create the
+<span style="font-weight: bold;">snmptt_statistics</span> table
+using:<br />
+<blockquote><b>su - postgres<br />
+psql snmptt<br /></b>
+<p><b>DROP TABLE snmptt_statistics;<br />
+CREATE TABLE snmptt_statistics (<br />
+stat_time VARCHAR(30),<br />
+total_received BIGINT,<br />
+total_translated BIGINT,<br />
+total_ignored BIGINT,<br />
+total_unknown BIGINT);<br /></b></p>
+<b>GRANT ALL ON snmptt_statistics TO snmptt;<br />
+\q</b></blockquote>
+<p>Note: To store the stat_time as a real date/time
+(<b>timestamp</b> data type), change 'stat_time VARCHAR(30),' to
+'stat_time timestamp,' and set <b>stat_time_format_sql</b> in
+<b>snmptt.ini</b> to <b>%Y-%m-%d %H:%M:%S</b>.</p>
+The variable lengths I have chosen above should be sufficient, but
+they may need to be increased depending on your environment.<br />
<br />
<h4><a id="LoggingDatabase-ODBC" name=
"LoggingDatabase-ODBC"></a>DBD::ODBC</h4>
-<p>SNMPTT can access ODBC data sources using either the DBD::ODBC module on
-Linux and Windows, or the WIN32::ODBC module on Windows.</p>
-<p>To configure SNMPTT for ODBC access using the module DBD::ODBC, modify the
-following variables in the snmptt script.</p>
+<p>SNMPTT can access ODBC data sources using either the DBD::ODBC
+module on Linux and Windows, or the WIN32::ODBC module on
+Windows.</p>
+<p>To configure SNMPTT for ODBC access using the module DBD::ODBC,
+modify the following variables in the snmptt script.</p>
<blockquote><b>dbd_odbc_enable = 1;</b><br />
<b>dbd_odbc_dsn = 'snmptt';</b><br />
-<b>dbd_odbc_table = 'snmptt';<br /></b><b>dbd_odbc_table_unknown =
+<b>dbd_odbc_table = 'snmptt';<br /></b> <b>dbd_odbc_table_unknown =
'snmptt';</b><br />
<b>dbd_odbc_username = 'snmptt';</b><br />
<b>dbd_odbc_password = 'password';</b></blockquote>
Note: <br />
-<div style="margin-left: 40px;">SNMPTT does not create the DSN connection. You
-must define the DSN outside of SNMPTT. See 'Data Sources (ODBC)' in Windows
-help for information on creating a DSN connection.<br />
+<div style="margin-left: 40px;">SNMPTT does not create the DSN
+connection. You must define the DSN outside of SNMPTT. See 'Data
+Sources (ODBC)' in Windows help for information on creating a DSN
+connection.<br />
<br />
-Defining <span style="font-weight: bold;"><b>dbd_odbc</b></span><span style=
+Defining <span style=
+"font-weight: bold;"><b>dbd_odbc</b></span><span style=
"font-weight: bold;">_table_unknown</span> is optional.<br />
<br />
Sample values are defined in the default ini file.</div>
<br />
-<p>The following MS SQL Server / Access script can create the table inside an
-existing database. Permissions etc should also be defined.</p>
+<p>The following MS SQL Server / Access script can create the table
+inside an existing database. Permissions etc should also be
+defined.</p>
<blockquote><b>CREATE TABLE snmptt (</b><br />
<b>eventname character(50) NULL,</b><br />
<b>eventid character(50) NULL,</b><br />
@@ -1382,8 +1697,14 @@
<b>uptime character(20) NULL,</b><br />
<b>traptime character(30) NULL,</b><br />
<b>formatline character(255) NULL)</b></blockquote>
+<p>Note: To store the traptime as a real date/time, change
+'traptime character(30),' to the date/time data type supported by
+the database and and set <b>date_time_format_sql</b> in
+<b>snmptt.ini</b> to a compatible format. For example: <b>%Y-%m-%d
+%H:%M:%S</b>.</p>
If logging of unknown traps to a SQL table is required, create the
-<span style="font-weight: bold;">snmptt_unknown</span> table using:<br />
+<span style="font-weight: bold;">snmptt_unknown</span> table
+using:<br />
<blockquote><b>CREATE TABLE snmptt_unknown (</b><br />
<b>trapoid</b><b> character(100) NULL,</b><br />
<b>enterprise character(100) NULL,</b><br />
@@ -1393,34 +1714,56 @@
<b>uptime character(20) NULL,</b><br />
<b>traptime character(30) NULL,</b><br />
<b>formatline character(255) NULL)</b></blockquote>
-All variables are inserted into the database using '<b>INSERT INTO</b>' as
-text including the date and time. The variable lengths I have chosen
-above should be sufficient, but they may need to be increased depending on
-your environment.<br />
+<p>Note: To store the traptime as a real date/time, change
+'traptime character(30),' to the date/time data type supported by
+the database and and set <b>date_time_format_sql</b> in
+<b>snmptt.ini</b> to a compatible format. For example: <b>%Y-%m-%d
+%H:%M:%S</b>.</p>
+If logging of statistics to a SQL table is required, create the
+<span style="font-weight: bold;">snmptt_statistics</span> table
+using:<br />
+<blockquote><b>CREATE TABLE snmptt_statistics (<br />
+stat_time character(30) NULL,<br />
+total_received BIGINT NULL,<br />
+total_translated BIGINT NULL,<br />
+total_ignored BIGINT NULL,<br />
+total_unknown BIGINT NULL)<br /></b></blockquote>
+<p>Note: To store the stat_time as a real date/time, change
+'stat_time character(30),' to the date/time data type supported by
+the database and and set <b>stat_time_format_sql</b> in
+<b>snmptt.ini</b> to a compatible format. For example: <b>%Y-%m-%d
+%H:%M:%S</b>.</p>
+All variables are inserted into the database using '<b>INSERT
+INTO</b>' as text including the date and time. The variable
+lengths I have chosen above should be sufficient, but they may need
+to be increased depending on your environment.<br />
<h4><a id="LoggingDatabase-Windows_ODBC" name=
-"LoggingDatabase-Windows_ODBC"></a>Win32::ODB</h4>
-<p>SNMPTT can access ODBC data sources using either the DBD::ODBC module on
-Linux and Windows, or the WIN32::ODBC module on Windows.</p>
-<p>To configure SNMPTT for MS SQL via ODBC on Windows, modify the following
-variables in the snmptt script.</p>
+"LoggingDatabase-Windows_ODBC"></a>Win32::ODBC</h4>
+<p>SNMPTT can access ODBC data sources using either the DBD::ODBC
+module on Linux and Windows, or the WIN32::ODBC module on
+Windows.</p>
+<p>To configure SNMPTT for MS SQL via ODBC on Windows, modify the
+following variables in the snmptt script.</p>
<blockquote><b>sql_win32_odbc_enable = 1;</b><br />
<b>sql_win32_odbc_dsn = 'snmptt';</b><br />
<b>sql_win32_odbc_table = 'snmptt';</b><br />
<b>sql_win32_odbc_username = 'snmptt';</b><br />
<b>sql_win32_odbc_password = 'password';</b></blockquote>
Note: <br />
-<div style="margin-left: 40px;">SNMPTT does not create the DSN connection. You
-must define the DSN outside of SNMPTT. See 'Data Sources (ODBC)' in Windows
-help for information on creating a DSN connection.<br />
+<div style="margin-left: 40px;">SNMPTT does not create the DSN
+connection. You must define the DSN outside of SNMPTT. See 'Data
+Sources (ODBC)' in Windows help for information on creating a DSN
+connection.<br />
<br />
Defining <span style=
"font-weight: bold;"><b>sql_win32_odbc</b></span><span style=
"font-weight: bold;">_table_unknown</span> is optional.<br />
<br />
Sample values are defined in the default ini file.</div>
-<p>The following MS SQL Server script can create the table inside an existing
-database. Permissions etc should also be defined.</p>
+<p>The following MS SQL Server script can create the table inside
+an existing database. Permissions etc should also be
+defined.</p>
<blockquote><b>CREATE TABLE snmptt (</b><br />
<b>eventname character(50) NULL,</b><br />
<b>eventid character(50) NULL,</b><br />
@@ -1434,8 +1777,14 @@
<b>uptime character(20) NULL,</b><br />
<b>traptime character(30) NULL,</b><br />
<b>formatline character(255) NULL)</b></blockquote>
+<p>Note: To store the traptime as a real date/time, change
+'traptime character(30),' to the date/time data type supported by
+the database and and set <b>date_time_format_sql</b> in
+<b>snmptt.ini</b> to a compatible format. For example: <b>%Y-%m-%d
+%H:%M:%S</b>.</p>
If logging of unknown traps to a SQL table is required, create the
-<span style="font-weight: bold;">snmptt_unknown</span> table using:<br />
+<span style="font-weight: bold;">snmptt_unknown</span> table
+using:<br />
<blockquote><b>CREATE TABLE snmptt_unknown (</b><br />
<b>trapoid</b><b> character(50) NULL,</b><br />
<b>enterprise character(50) NULL,</b><br />
@@ -1445,40 +1794,64 @@
<b>uptime character(20) NULL,</b><br />
<b>traptime character(30) NULL,</b><br />
<b>formatline character(255) NULL)</b></blockquote>
-All variables are inserted into the database using '<b>INSERT INTO</b>' as
-text including the date and time. The variable lengths I have chosen
-above should be sufficient, but they may need to be increased depending on
-your environment.<br />
+<p>Note: To store the traptime as a real date/time, change
+'traptime character(30),' to the date/time data type supported by
+the database and and set <b>date_time_format_sql</b> in
+<b>snmptt.ini</b> to a compatible format. For example: <b>%Y-%m-%d
+%H:%M:%S</b>.</p>
+If logging of statistics to a SQL table is required, create the
+<span style="font-weight: bold;">snmptt_statistics</span> table
+using:<br />
+<blockquote><b>CREATE TABLE snmptt_statistics (<br />
+stat_time character(30) NULL,<br />
+total_received BIGINT NULL,<br />
+total_translated BIGINT NULL,<br />
+total_ignored BIGINT NULL,<br />
+total_unknown BIGINT NULL)<br /></b></blockquote>
+<p>Note: To store the stat_time as a real date/time, change
+'stat_time character(30),' to the date/time data type supported by
+the database and and set <b>stat_time_format_sql</b> in
+<b>snmptt.ini</b> to a compatible format. For example: <b>%Y-%m-%d
+%H:%M:%S</b>.</p>
+All variables are inserted into the database using '<b>INSERT
+INTO</b>' as text including the date and time. The variable
+lengths I have chosen above should be sufficient, but they may need
+to be increased depending on your environment.<br />
<br />
<h2><a id="Executing-an-external-program" name=
- "Executing-an-external-program"></a>Executing an external program</h2>
-<p>An external program can be launched when a trap is received. The
-command line is defined in the configuration file. For example, to send
-a page using QPAGE (<a href="http://www.qpage.org">http://www.qpage.org</a>),
-the following command line could be used:</p>
-<blockquote>
- <b>qpage -f TRAP notifygroup1 "$r $x $X Compaq Drive Array Spare
- Drive on controller $4, bus $5, bay $6 status is $3."</b>
-</blockquote>
-$r is translated to the hostname, and $x is the current date, and $X is the
-current time (described in detail below)
-<p>To enable or disable the execution of EXEC definitions, edit the snmptt.ini
-file and modify the following variable:</p>
+"Executing-an-external-program"></a>Executing an external
+program</h2>
+<p>An external program can be launched when a trap is
+received. The command line is defined in the configuration
+file. For example, to send a page using QPAGE (<a href=
+"http://www.qpage.org">http://www.qpage.org</a>), the following
+command line could be used:</p>
+<blockquote><b>qpage -f TRAP notifygroup1 "$r $x $X Compaq Drive
+Array Spare Drive on controller $4, bus $5, bay $6 status is
+$3."</b></blockquote>
+$r is translated to the hostname, and $x is the current date, and
+$X is the current time (described in detail below)
+<p>To enable or disable the execution of EXEC definitions, edit the
+snmptt.ini file and modify the following variable:</p>
<blockquote><b>exec_enable</b></blockquote>
-It is also possible to launch an external program when an unknown trap is received. This
-can be enabled by defining <b>unknown_trap_exec</b> in <b>snmptt.ini</b>. Passed to the
-command will be all standard and enterprise variables, similar to <b>unknown_trap_log_file</b> but
-without the newlines.
-<h2><a id="Modes-of-Operation" name="Modes-of-Operation"></a>Modes of
- Operation</h2>
-<p>SNMPTT can be run in two modes: standalone mode and daemon mode.</p>
+It is also possible to launch an external program when an unknown
+trap is received. This can be enabled by defining
+<b>unknown_trap_exec</b> in <b>snmptt.ini</b>. Passed to the
+command will be all standard and enterprise variables, similar to
+<b>unknown_trap_log_file</b> but without the newlines.
+<h2><a id="Modes-of-Operation" name="Modes-of-Operation"></a>Modes
+of Operation</h2>
+<p>SNMPTT can be run in two modes: standalone mode and daemon
+mode.</p>
<h3><b>Standalone mode</b></h3>
<p>To use SNMPTT in standalone mode, the <span style=
- "font-weight: bold;">snmptrapd.conf</span> file would contain a <span style=
- "font-weight: bold;">traphandle</span> statement such as:</p>
+"font-weight: bold;">snmptrapd.conf</span> file would contain a
+<span style="font-weight: bold;">traphandle</span> statement such
+as:</p>
<blockquote><b>traphandle default /usr/sbin/snmptt</b></blockquote>
When a trap is received by SNMPTRAPD, the trap is passed to the
-<b>/usr/sbin/snmptt</b> script. SNMPTT performs the following tasks:
+<b>/usr/sbin/snmptt</b> script. SNMPTT performs the following
+tasks:
<ul>
<li>reads trap passed from snmptrapd</li>
<li>loads configuration file(s) containing trap definitions</li>
@@ -1486,93 +1859,105 @@
<li>logs, executes EXEC statement etc</li>
<li>quits</li>
</ul>
-With a 450 Mhz PIII and a 9000 line snmptt.conf containing 566 unique traps
-(EVENTs), it takes under a second to process the trap including logging and
-executing the qpage program. The larger the snmptt.conf file is, the
-longer it will take to process. If there are a large number of traps
-being received, daemon mode should be used. If it takes 1 second to
-process one trap, then obviously you shouldn't try to process more than one
-trap per second.
-<p>Running SNMPTT without the <b>--daemon</b> command line option will result
-standalone mode unless the <b>mode</b> variable in the <b>snmptt.ini</b> file
-is set to <b>daemon</b>. For standalone mode, the <b>mode</b> variable
-in the <b>snmptt.ini</b> file should be set <b>standalone</b>.</p>
-<p>Note: Enabling the UCD-SNMP / Net-SNMP Perl module will greatly increase
-the startup time of SNMPTT. Daemon mode is recommended.</p>
+With a 450 Mhz PIII and a 9000 line snmptt.conf containing 566
+unique traps (EVENTs), it takes under a second to process the trap
+including logging and executing the qpage program. The larger
+the snmptt.conf file is, the longer it will take to process.
+If there are a large number of traps being received, daemon mode
+should be used. If it takes 1 second to process one trap,
+then obviously you shouldn't try to process more than one trap per
+second.
+<p>Running SNMPTT without the <b>--daemon</b> command line option
+will result standalone mode unless the <b>mode</b> variable in the
+<b>snmptt.ini</b> file is set to <b>daemon</b>. For
+standalone mode, the <b>mode</b> variable in the <b>snmptt.ini</b>
+file should be set <b>standalone</b>.</p>
+<p>Note: Enabling the UCD-SNMP / Net-SNMP Perl module will greatly
+increase the startup time of SNMPTT. Daemon mode is
+recommended.</p>
<h3><b>Daemon mode</b></h3>
<p>When SNMPTT is run in daemon mode, the <span style=
-"font-weight: bold;">snmptrapd.conf</span> file would contain a <span style=
-"font-weight: bold;">traphandle</span> statement such as:</p>
-<blockquote><b>traphandle default /usr/sbin/snmptthandler</b></blockquote>
-When a trap is received by SNMPTRAPD, the trap is passed to the <span style=
-"font-weight: bold;">/usr/sbin/snmptthandler</span> script.
-SNMPTTHANDLER performs the following tasks:
+"font-weight: bold;">snmptrapd.conf</span> file would contain a
+<span style="font-weight: bold;">traphandle</span> statement such
+as:</p>
+<blockquote><b>traphandle default
+/usr/sbin/snmptthandler</b></blockquote>
+When a trap is received by SNMPTRAPD, the trap is passed to the
+<span style="font-weight: bold;">/usr/sbin/snmptthandler</span>
+script. SNMPTTHANDLER performs the following tasks:
<ul>
<li>reads trap passed from snmptrapd</li>
-<li>writes the trap in a new unique file to a spool directory such as
-/var/spool/snmptt</li>
+<li>writes the trap in a new unique file to a spool directory such
+as /var/spool/snmptt</li>
<li>quits</li>
</ul>
SNMPTT running in daemon mode performs the following tasks:
<ul>
-<li>loads configuration file(s) containing trap definitions at startup</li>
+<li>loads configuration file(s) containing trap definitions at
+startup</li>
<li>reads traps passed from spool directory</li>
<li>searches traps for a match</li>
<li>logs, executes EXEC statement etc</li>
<li>sleeps for 5 seconds (configurable)</li>
<li>loops back up to 'reads traps passed from spool directory'</li>
</ul>
-Using SNMPTTHANDLER and SNMPTT in daemon mode, a large number of traps per
-minute should be handled easily.
-<p>Running SNMPTT with the <span style="font-weight: bold;">--daemon</span>
-command line option or setting the <b>mode</b> variable in the
-<b>snmptt.ini</b> file to <b>daemon</b> will cause SNMPTT to run in daemon
-mode.</p>
-<p>By setting the <span style="font-weight: bold;">snmptt.ini</span> variable
-<b>use_trap_time</b> to <b>1</b> (default), the date and time used for logging
-will be the date and time passed inside the trap spool file. If
-<b>use_trap_time</b> is set to <b>0</b>, the date and time that the trap was
-<i>processed</i> by SNMPTT is used. Setting <b>use_trap_time</b> to
-<b>0</b> can result in inaccurate time stamps in log files due to the length
-of time SNMPTT sleeps between spool directory polling.</p>
-<p>Note: When running on a <b>non</b> Windows platform, SNMPTT will fork
-to the background and create a pid file in <span style=
-"font-weight: bold;">/var/run/snmptt.pid</span> if <b>daemon_fork</b> is set
-to 1. If the user is not able to create the <span style=
-"font-weight: bold;">/var/run/snmptt.pid</span> file, it will attempt to
-create one in the current working directory.</p>
-<p>Sending the HUP signal to SNMPTT when running as a daemon will cause it to
-reload the configuration file including the .ini file, snmptt.conf files
-listed in the .ini file and any NODES files if <span style=
-"font-weight: bold;">dynamic_nodes</span> is disabled. A reload can also
-be forced by adding a file to the spool directory called <span style=
-"font-weight: bold;">!reload</span>. The filename is <span style=
-"font-weight: bold;">not</span> case sensitive. If this file is
-detected, it will flag a reload to occur and will delete the file. This
-would be the only way to cause a reload when using Windows as Windows does not
-support signals.</p>
-<p>Statistical logging of <span style="font-weight: bold;">total traps
-received</span>, <span style="font-weight: bold;">total traps
-translated</span> and <span style="font-weight: bold;">total unknown
-traps</span> can be enabled by setting the <span style=
+Using SNMPTTHANDLER and SNMPTT in daemon mode, a large number of
+traps per minute should be handled easily.
+<p>Running SNMPTT with the <span style=
+"font-weight: bold;">--daemon</span> command line option or setting
+the <b>mode</b> variable in the <b>snmptt.ini</b> file to
+<b>daemon</b> will cause SNMPTT to run in daemon mode.</p>
+<p>By setting the <span style=
+"font-weight: bold;">snmptt.ini</span> variable
+<b>use_trap_time</b> to <b>1</b> (default), the date and time used
+for logging will be the date and time passed inside the trap spool
+file. If <b>use_trap_time</b> is set to <b>0</b>, the date
+and time that the trap was <i>processed</i> by SNMPTT is
+used. Setting <b>use_trap_time</b> to <b>0</b> can result in
+inaccurate time stamps in log files due to the length of time
+SNMPTT sleeps between spool directory polling.</p>
+<p>Note: When running on a <b>non</b> Windows platform,
+SNMPTT will fork to the background and create a pid file in
+<span style="font-weight: bold;">/var/run/snmptt.pid</span> if
+<b>daemon_fork</b> is set to 1. If the user is not able to
+create the <span style=
+"font-weight: bold;">/var/run/snmptt.pid</span> file, it will
+attempt to create one in the current working directory.</p>
+<p>Sending the HUP signal to SNMPTT when running as a daemon will
+cause it to reload the configuration file including the .ini file,
+snmptt.conf files listed in the .ini file and any NODES files if
+<span style="font-weight: bold;">dynamic_nodes</span> is
+disabled. A reload can also be forced by adding a file to the
+spool directory called <span style=
+"font-weight: bold;">!reload</span>. The filename is
+<span style="font-weight: bold;">not</span> case sensitive.
+If this file is detected, it will flag a reload to occur and will
+delete the file. This would be the only way to cause a reload
+when using Windows as Windows does not support signals.</p>
+<p>Statistical logging of <span style="font-weight: bold;">total
+traps received</span>, <span style="font-weight: bold;">total traps
+translated</span> and <span style="font-weight: bold;">total
+unknown traps</span> can be enabled by setting the <span style=
"font-weight: bold;">statistics_interval</span> <span style=
-"font-weight: bold;">snmptt.ini</span> variable to a value greater than
-0. At each interval (defined in seconds), the statistics will be logged
-to syslog or the event log.</p>
-Sending the USR1 signal will also cause the statistical information for
-<span style="font-weight: bold;">total traps received</span>, <span style=
-"font-weight: bold;">total traps translated</span> and <span style=
-"font-weight: bold;">total unknown traps</span> to be logged. This could
-be used for example if you want to log statistics at a set time each day using
-a task scheduler instead of using the interval time defined in the
-<span style="font-weight: bold;">snmptt.ini</span> variable <span style=
-"font-weight: bold;">statistics_interval</span>. A statistics dump can
-also be forced by adding a file to the spool directory called <span style=
-"font-weight: bold;">!statistics</span> which is processed similar to the
-<span style="font-weight: bold;">!reload</span> file.<br />
+"font-weight: bold;">snmptt.ini</span> variable to a value greater
+than 0. At each interval (defined in seconds), the statistics
+will be logged to syslog or the event log.</p>
+Sending the USR1 signal will also cause the statistical information
+for <span style="font-weight: bold;">total traps received</span>,
+<span style="font-weight: bold;">total traps translated</span> and
+<span style="font-weight: bold;">total unknown traps</span> to be
+logged. This could be used for example if you want to log
+statistics at a set time each day using a task scheduler instead of
+using the interval time defined in the <span style=
+"font-weight: bold;">snmptt.ini</span> variable <span style=
+"font-weight: bold;">statistics_interval</span>. A statistics
+dump can also be forced by adding a file to the spool directory
+called <span style="font-weight: bold;">!statistics</span> which is
+processed similar to the <span style=
+"font-weight: bold;">!reload</span> file.<br />
<br />
-<h2><a id="Command-line-arguments" name="Command-line-arguments"></a>Command
-line arguments</h2>
+<h2><a id="Command-line-arguments" name=
+"Command-line-arguments"></a>Command line arguments</h2>
<p>The following command line arguments are supported:</p>
<p>Usage:<br />
snmptt [<options>]<br />
@@ -1583,8 +1968,8 @@
--debug=n
Set debug level (1 or 2)<br />
- --debugfile=filename Set debug output
-file<br />
+ --debugfile=filename Set debug
+output file<br />
--dump
Dump (display) defined traps<br />
@@ -1604,15 +1989,16 @@
process trap file (eg: time snmptt --time)<br />
</p>
<h2><a id="SNMPTT.CONF-Configuration-file-format" name=
-"SNMPTT.CONF-Configuration-file-format"></a><b>SNMPTT.CONF Configuration file
-format</b></h2>
+"SNMPTT.CONF-Configuration-file-format"></a><b>SNMPTT.CONF
+Configuration file format</b></h2>
<p>The configuration file (usually /etc/snmp/snmptt.conf or
c:\snmp\snmptt.conf) contains a list of all the defined traps.</p>
-<p>If your snmptt.conf file is getting rather large and you would like to
-divide it up into many smaller files, then do the following:</p>
+<p>If your snmptt.conf file is getting rather large and you would
+like to divide it up into many smaller files, then do the
+following:</p>
<p>-create additional snmptt.conf files<br />
--add the file names to the <b>snmptt_conf_files</b> section in the snmptt.ini
-file.</p>
+-add the file names to the <b>snmptt_conf_files</b> section in the
+snmptt.ini file.</p>
<p>For example:</p>
<blockquote>snmptt_conf_files = <<END<br />
/etc/snmp/snmptt.conf.generic<br />
@@ -1628,19 +2014,21 @@
<p>[<b>NODES</b> sources_list]</p>
<p>[<span style="font-weight: bold;">MATCH [MODE=[or | and]] |
[</span><span style="font-weight: bold;">$n:</span><span style=
-"font-weight: bold;">[!][( ) | n | n-n | > n | < n |
-x.x.x.x | x.x.x.x-x.x.x.x | x.x.x.x/x]</span>]</p>
+"font-weight: bold;">[!][( ) | n | n-n | > n |
+< n | x.x.x.x | x.x.x.x-x.x.x.x | x.x.x.x/x]</span>]</p>
<p>[<b style="font-weight: bold;">REGEX</b> <span style=
-"font-weight: bold;">( )( )</span><span style=
-"font-weight: bold;">[i][g][e]</span>]</p>
+"font-weight: bold;">( )(
+)</span><span style="font-weight: bold;">[i][g][e]</span>]</p>
<p>[<b>SDESC</b>]<br />
[<b>EDESC</b>]</p>
<p>Note: Lines starting with a # will be ignored.</p>
-<p>Note: The EVENT and FORMAT line are REQUIRED. Commands in []
-are optional. Do NOT include the []s in the configuration file!</p>
+<p>Note: The EVENT and FORMAT line are REQUIRED.
+Commands in [] are optional. Do NOT include the []s in the
+configuration file!</p>
</blockquote>
<blockquote>
-<h3><a id="SNMPTT.CONF-EVENT" name="SNMPTT.CONF-EVENT"></a><b>EVENT:</b></h3>
+<h3><a id="SNMPTT.CONF-EVENT" name=
+"SNMPTT.CONF-EVENT"></a><b>EVENT:</b></h3>
<blockquote><b>EVENT</b> event_name event_OID "category" severity
<p><b>event_name:</b></p>
<blockquote>Unique text label (alias) <b><u>containing no
@@ -1648,81 +2036,90 @@
NOTIFICATION-TYPE line in the MIB file when converted using
<b>snmpttconvertmib</b>.</blockquote>
<b>event_OID:</b>
-<blockquote>Object identifier string in dotted format or symbolic notation
-<b><u>containing no spaces</u></b>.
-<p>For example, a Compaq (enterprise .1.3.6.1.4.1.232) cpqHoGenericTrap trap
-(trap 11001) would be written as:</p>
+<blockquote>Object identifier string in dotted format or symbolic
+notation <b><u>containing no spaces</u></b>.
+<p>For example, a Compaq (enterprise .1.3.6.1.4.1.232)
+cpqHoGenericTrap trap (trap 11001) would be written as:</p>
<p style="margin-left: 40px;">.1.3.6.1.4.1.232.0.11001</p>
-<p>Symbolic names can also be used if the UCD-SNMP / Net-SNMP Perl module is
-installed and enabled by setting <b>net_snmp_perl_enable</b> in the snmptt.ini
-file. For example:</p>
+<p>Symbolic names can also be used if the UCD-SNMP / Net-SNMP Perl
+module is installed and enabled by setting
+<b>net_snmp_perl_enable</b> in the snmptt.ini file. For
+example:</p>
<p style="margin-left: 40px;">linkDown</p>
<p style="margin-left: 40px;">IF-MIB::linkDown</p>
<p>Note:</p>
-<div style="margin-left: 40px;">Net-SNMP 5.0.9 and earlier does not support
-including the module name (eg: <span style=
-"font-weight: bold;">IF-MIB::</span>) when translating an OID. A patch
-is available for 5.0.8+ that is included in Net-SNMP 5.1.1 and higher. The
-patch is available from the <a href=
+<div style="margin-left: 40px;">Net-SNMP 5.0.9 and earlier does not
+support including the module name (eg: <span style=
+"font-weight: bold;">IF-MIB::</span>) when translating an
+OID. A patch is available for 5.0.8+ that is included in
+Net-SNMP 5.1.1 and higher. The patch is available from the <a href=
"http://sourceforge.net/tracker/index.php?func=detail&aid=722075&group_id=12694&atid=312694">
-Net-SNMP patch page</a>. If the version of Net-SNMP you are using does
-not support this feature and the event OID is specified with the module name,
-the event definition will be <span style=
-"font-weight: bold; text-decoration: underline;">ignored</span>. Also
-note that UCD-SNMP may not properly convert symbolic names to numeric OIDs
-which could result in traps not being matched.</div>
+Net-SNMP patch page</a>. If the version of Net-SNMP you are
+using does not support this feature and the event OID is specified
+with the module name, the event definition will be <span style=
+"font-weight: bold; text-decoration: underline;">ignored</span>.
+Also note that UCD-SNMP may not properly convert symbolic names to
+numeric OIDs which could result in traps not being matched.</div>
<blockquote>SNMP V1 traps are in the format of enterprise ID
-(.1.3.6.1.4.1.232) followed by a 0, and then followed by the trap number
-(11001).
-<p>There can be multiple entries for the same trap OID in the configuration
-file. If <b>multiple_event</b> is enabled in the <span style=
-"font-weight: bold;">snmptt.ini</span>, then it will process all matching
-traps. If <b>multiple_event</b> is disabled, only the first matching
-entry will be used.</p>
+(.1.3.6.1.4.1.232) followed by a 0, and then followed by the trap
+number (11001).
+<p>There can be multiple entries for the same trap OID in the
+configuration file. If <b>multiple_event</b> is enabled in
+the <span style="font-weight: bold;">snmptt.ini</span>, then it
+will process all matching traps. If <b>multiple_event</b> is
+disabled, only the first matching entry will be used.</p>
</blockquote>
-Wildcards in dotted format notation can also be used. For example:
+Wildcards in dotted format notation can also be used.
+For example:
<p style="margin-left: 40px;">.1.3.6.1.4.1.232.1.2.*</p>
<p><b>Note:</b></p>
-<blockquote>Specific trap matches are performed before wildcards so if you
-have an entry for .1.3.6.1.4.1.232.1.2.5 AND .1.3.6.1.4.1.232.1.2.*, it will
-process the .5 trap when received even if the wildcard is defined first.
-<p>Wildcard matches are only matched if there are NO exact matches. This
-takes into consideration the NODES list. Therefore, if there is a
-matching trap, but the NODES list prevents it from being considered a match,
-the wildcard entry will only be used if there are no other exact matches.</p>
+<blockquote>Specific trap matches are performed before wildcards so
+if you have an entry for .1.3.6.1.4.1.232.1.2.5 AND
+.1.3.6.1.4.1.232.1.2.*, it will process the .5 trap when received
+even if the wildcard is defined first.
+<p>Wildcard matches are only matched if there are NO exact
+matches. This takes into consideration the NODES list.
+Therefore, if there is a matching trap, but the NODES list prevents
+it from being considered a match, the wildcard entry will only be
+used if there are no other exact matches.</p>
</blockquote>
</blockquote>
<b>category:</b>
-<blockquote>Character string enclosed in double "s. Used when logging
-output (see above).
-<p>If the category is "<b>IGNORE</b>", no action will take place even if the
-snmptt.conf contains FORMAT and / or EXEC statements.</p>
-<p>If the category is "<b>LOGONLY</b>", the trap will be logged as usual, but
-the EXEC statement will be ignored.</p>
-<p>Note: If you plan on using an external program such as Nagios
-for logging, paging etc, you probably do not want any traps defined with
-<b>LOGONLY</b> as the <span style="font-weight: bold;">EXEC</span> line would
-never be used to submit the passive service check.</p>
+<blockquote>Character string enclosed in double "s. Used when
+logging output (see above).
+<p>If the category is "<b>IGNORE</b>", no action will take place
+even if the snmptt.conf contains FORMAT and / or EXEC
+statements.</p>
+<p>If the category is "<b>LOGONLY</b>", the trap will be logged as
+usual, but the EXEC statement will be ignored.</p>
+<p>Note: If you plan on using an external program such
+as Nagios for logging, paging etc, you probably do not want any
+traps defined with <b>LOGONLY</b> as the <span style=
+"font-weight: bold;">EXEC</span> line would never be used to submit
+the passive service check.</p>
</blockquote>
<b>severity:</b>
-<blockquote>Character string of the severity of the event. Used in the
-output when logging. Example: Minor, Major, Normal, Critical,
-Warning. The <b>snmptt.ini</b> contains options to match the syslog
-level or NT Event Log type to the severity level.</blockquote>
+<blockquote>Character string of the severity of the event.
+Used in the output when logging. Example: Minor, Major,
+Normal, Critical, Warning. The <b>snmptt.ini</b> contains
+options to match the syslog level or NT Event Log type to the
+severity level.</blockquote>
</blockquote>
<h3><a id="SNMPTT.CONF-FORMAT" name=
"SNMPTT.CONF-FORMAT"></a><b>FORMAT:</b></h3>
<blockquote><b>FORMAT</b> format_string
<p>There can be only one FORMAT line per EVENT.</p>
-<p>The format string is used to generate the text that will be logged to any
-of the supported logging methods.</p>
-<p><a id="Variable-substitutions" name="Variable-substitutions"></a>Variable
-substitution is performed on this string using the following variables:</p>
+<p>The format string is used to generate the text that will be
+logged to any of the supported logging methods.</p>
+<p><a id="Variable-substitutions" name=
+"Variable-substitutions"></a>Variable substitution is performed on
+this string using the following variables:</p>
<blockquote>$A - Trap agent host name <b>(see Note 1)</b><br />
$aA - Trap agent IP address<br />
$c - Category<br />
$C - Trap community string<br />
-$D - Description text from SNMPTT.CONF or MIB file <b>(see Note 6)</b><br />
+$D - Description text from SNMPTT.CONF or MIB file <b>(see Note
+6)</b><br />
$E - Enterprise trap OID in symbolic format<br />
$e - Enterprise trap OID in number format<br />
$Fa - alarm (bell) (BEL)<br />
@@ -1732,231 +2129,254 @@
$Ft - tab (HT, TAB)<br />
$Fz - Translated FORMAT line (EXEC only)<br />
$G - Generic trap number (0 if enterprise trap)<br />
+$H - Host name of the system running SNMPTT<br />
$S - Specific trap number (0 if generic trap)<br />
$N - Event name defined in .conf file of matched entry<br />
-$i - Event OID defined in .conf file of matched entry (could be a
-wildcard OID)<br />
+$i - Event OID defined in .conf file of matched entry (could
+be a wildcard OID)<br />
$O - Trap OID in symbolic format <b>(see Note 4)</b><br />
$o - Trap OID in numerical format <b>(see Note 4)</b><br />
-$R, $r - Hostname <b>(see Note 1)</b><br />
+$R, $r - Trap hostname <b>(see Note 1)</b><br />
$aR, $ar - IP address<br />
$s - Severity<br />
-$T - Uptime: Time since network entity was initialized<br />
-$X - Time trap was spooled (daemon mode) or current time (standalone
-mode)<br />
-$x - Date trap was spooled (daemon mode) or current date (standalone
-mode)<br />
+$T - Uptime: Time since network entity was
+initialized<br />
+$X - Time trap was spooled (daemon mode) or current time
+(standalone mode)<br />
+$x - Date trap was spooled (daemon mode) or current date
+(standalone mode)<br />
$# - Number of (how many) variable-bindings in the trap<br />
$$ - Print a $<br />
-$@ - Number of seconds since the epoch<br />
-$<i>n</i> - Expand variable-binding n (1-<i>n</i>) <b>(see Note
-2,5)</b><br />
-$+<i>n</i> - Expand variable-binding n (1-<i>n</i>) in the format of
-<i>variable name:value</i> <b>(see Note 2,3</b><b>,5</b><b>)</b><br />
-$-<i>n</i> - Expand variable-binding n (1-<i>n</i>) in the format of
-<i>variable name (variable type):value</i> <b>(see Note
+$@ - Number of seconds since the epoch of when the trap was spooled
+(daemon mode) or the current time (standalone mode)<br />
+$<i>n</i> - Expand variable-binding n (1-<i>n</i>) <b>(see
+Note 2,5)</b><br />
+$+<i>n</i> - Expand variable-binding n (1-<i>n</i>) in the
+format of <i>variable name:value</i> <b>(see Note
+2,3</b><b>,5</b><b>)</b><br />
+$-<i>n</i> - Expand variable-binding n (1-<i>n</i>) in the
+format of <i>variable name (variable type):value</i> <b>(see Note
2,3</b><b>,5</b><b>)</b><br />
$v<i>n</i> - Expand variable name of the variable-binding n
(1-<i>n</i>)<b>(see Note 3)</b><br />
$* - Expand all variable-bindings <b>(see Note 5)</b><br />
-$+* - Expand all variable-bindings in the format of <i>variable
-name:value</i> <b>(see Note 2,3</b><b>,5</b><b>)</b><br />
-$-* - Expand all variable-bindings in the format of <i>variable name
-(variable type):value</i> <b>(see Note 2,3</b><b>,5</b><b>)</b></blockquote>
+$+* - Expand all variable-bindings in the format of
+<i>variable name:value</i> <b>(see Note
+2,3</b><b>,5</b><b>)</b><br />
+$-* - Expand all variable-bindings in the format of
+<i>variable name (variable type):value</i> <b>(see Note
+2,3</b><b>,5</b><b>)</b></blockquote>
Example:
-<blockquote>FORMAT NIC switchover to slot $3, port $4 from slot $5, port $6</blockquote>
+<blockquote>FORMAT NIC switchover to slot $3, port $4 from slot $5,
+port $6</blockquote>
<p>Note:</p>
<blockquote>For the text log file, the output will be formatted as:
<blockquote><b><i>date time trap-OID severity category hostname -
format</i></b></blockquote>
-For all other log files except MySQL, DBD::ODBC and Win32::ODBC, the output
-will be formatted as:
+For all other log files except MySQL, DBD::ODBC and Win32::ODBC,
+the output will be formatted as:
<blockquote><b><i>trap-OID severity category hostname -
format</i></b></blockquote>
-For MySQL, DBD::ODBC and Win32::ODBC, the <b>formatline</b> column will
-contain only the <b>format</b> text.</blockquote>
+For MySQL, DBD::ODBC and Win32::ODBC, the <b>formatline</b> column
+will contain only the <b>format</b> text.</blockquote>
Note (1):
-<blockquote>See the section '<a href="#DNS">Name Resolution / DNS</a>' for
-important DNS information.</blockquote>
+<blockquote>See the section '<a href="#DNS">Name Resolution /
+DNS</a>' for important DNS information.</blockquote>
Note (2):
<blockquote>If <b>translate_integers</b> is enabled in the
-<b>snmptt.ini</b> file, SNMPTT will attempt to convert integer values received
-in traps into text by performing a lookup in the MIB file.<br />
+<b>snmptt.ini</b> file, SNMPTT will attempt to convert integer
+values received in traps into text by performing a lookup in the
+MIB file.<br />
<br />
-You must have the UCD-SNMP / Net-SNMP Perl module installed for this to work
-and you must enable support for it by enabling <b>net_snmp_perl_enable</b> in
-the snmptt.ini file.<br />
-<p>For this feature to work, you must ensure UCD-SNMP / Net-SNMP is configured
-correctly with all the required MIBS. If the option is enabled, but the
-value can not be found, the integer value will be used. If the MIB files
-are present, but translations do not occur, ensure UCD-SNMP / Net-SNMP is
-correctly configured to process all the required mibs. This is
+You must have the UCD-SNMP / Net-SNMP Perl module installed for
+this to work and you must enable support for it by enabling
+<b>net_snmp_perl_enable</b> in the snmptt.ini file.<br />
+<p>For this feature to work, you must ensure UCD-SNMP / Net-SNMP is
+configured correctly with all the required MIBS. If the
+option is enabled, but the value can not be found, the integer
+value will be used. If the MIB files are present, but
+translations do not occur, ensure UCD-SNMP / Net-SNMP is correctly
+configured to process all the required mibs. This is
configured in the UCD-SNMP / Net-SNMP <b>snmp.conf</b> file.
-Alternatively, you can try setting the <b>mibs_enviroment</b> variable in
-<b>snmptt.ini</b> to <b>ALL</b> (no quotes) to force all MIBS to be
-initialized at SNMPTT startup.</p>
-<p>If <b>translate_integers</b> is enabled while using stand-alone mode, it
-may take longer to process each trap due to the initialization of the MIB
-files.</p>
+Alternatively, you can try setting the <b>mibs_enviroment</b>
+variable in <b>snmptt.ini</b> to <b>ALL</b> (no quotes) to force
+all MIBS to be initialized at SNMPTT startup.</p>
+<p>If <b>translate_integers</b> is enabled while using stand-alone
+mode, it may take longer to process each trap due to the
+initialization of the MIB files.</p>
</blockquote>
Note (3):
-<blockquote>$v<i>n</i>, $+<i>n</i> and $-<i>n</i> variable names and variable
-type are translated into the text name by performing a lookup in the MIB
-file. You must have the UCD-SNMP / Net-SNMP Perl module installed for
-this to work and you must enable support for it by enabling
-<b>net_snmp_perl_enable</b> in the snmptt.ini file. If
-<b>net_snmp_perl_enable</b> is not enabled, the $v<i>n</i> variable will be
-replaced with the text 'variable<i>n</i>' where <i>n</i> is the variable
-number (1+).
-<p>For the name translation to work, you must ensure UCD-SNMP / Net-SNMP is
-configured correctly with all the required MIBS. If the option is
-enabled and the correct name is not returned, ensure UCD-SNMP / Net-SNMP is
-correctly configured to process all the required mibs. This is
-configured in the UCD-SNMP / Net-SNMP <b>snmp.conf</b> file.
-Alternatively, you can try setting the <b>mibs_enviroment</b> variable in
-<b>snmptt.ini</b> to <b>ALL</b> (no quotes) to force all MIBS to be
-initialized at SNMPTT startup.</p>
+<blockquote>$v<i>n</i>, $+<i>n</i> and $-<i>n</i> variable names
+and variable type are translated into the text name by performing a
+lookup in the MIB file. You must have the UCD-SNMP / Net-SNMP
+Perl module installed for this to work and you must enable support
+for it by enabling <b>net_snmp_perl_enable</b> in the snmptt.ini
+file. If <b>net_snmp_perl_enable</b> is not enabled, the
+$v<i>n</i> variable will be replaced with the text
+'variable<i>n</i>' where <i>n</i> is the variable number (1+).
+<p>For the name translation to work, you must ensure UCD-SNMP /
+Net-SNMP is configured correctly with all the required MIBS.
+If the option is enabled and the correct name is not returned,
+ensure UCD-SNMP / Net-SNMP is correctly configured to process all
+the required mibs. This is configured in the UCD-SNMP /
+Net-SNMP <b>snmp.conf</b> file. Alternatively, you can try
+setting the <b>mibs_enviroment</b> variable in <b>snmptt.ini</b> to
+<b>ALL</b> (no quotes) to force all MIBS to be initialized at
+SNMPTT startup.</p>
</blockquote>
<p>Note (4):</p>
-<div style="margin-left: 40px;">If <b>translate_trap_oid</b> is enabled
-in the <b>snmptt.ini</b> file, SNMPTT will attempt to convert the numeric OID
-of the received trap into symbolic form such as IF-MIB::linkDown. You
-must have the UCD-SNMP / Net-SNMP Perl module installed for this to work and
-you must enable support for it by enabling <b>net_snmp_perl_enable</b> in the
-snmptt.ini file. If <b>net_snmp_perl_enable</b> is not enabled, it will
-default to using the numeric OID. <br />
-<br />
-Net-SNMP 5.0.9 and earlier does not support including the module name (eg:
-<span style="font-weight: bold;">IF-MIB::</span>) when translating an OID and
-most of the 5.0.x versions do not properly tranlsate numeric OIDs to long
-symbolic names. A patch is available for 5.0.8+ that is included in
-Net-SNMP 5.1.1 and higher. The patch is available from the <a href=
+<div style="margin-left: 40px;">If <b>translate_trap_oid</b>
+is enabled in the <b>snmptt.ini</b> file, SNMPTT will attempt to
+convert the numeric OID of the received trap into symbolic form
+such as IF-MIB::linkDown. You must have the UCD-SNMP /
+Net-SNMP Perl module installed for this to work and you must enable
+support for it by enabling <b>net_snmp_perl_enable</b> in the
+snmptt.ini file. If <b>net_snmp_perl_enable</b> is not
+enabled, it will default to using the numeric OID. <br />
+<br />
+Net-SNMP 5.0.9 and earlier does not support including the module
+name (eg: <span style="font-weight: bold;">IF-MIB::</span>) when
+translating an OID and most of the 5.0.x versions do not properly
+tranlsate numeric OIDs to long symbolic names. A patch is
+available for 5.0.8+ that is included in Net-SNMP 5.1.1 and higher.
+The patch is available from the <a href=
"http://sourceforge.net/tracker/index.php?func=detail&aid=722075&group_id=12694&atid=312694">
Net-SNMP patch page</a>.</div>
<br />
<p>Note (5):</p>
-<blockquote>If <b>translate_oids</b> is enabled in the <b>snmptt.ini</b>
-file, SNMPTT will attempt to convert any numeric OIDs found inside the
-variables passed inside the trap to symbolic form. You must have the
-UCD-SNMP / Net-SNMP Perl module installed for this to work and you must enable
-support for it by enabling <b>net_snmp_perl_enable</b> in the snmptt.ini
-file. If <b>net_snmp_perl_enable</b> is not enabled, it will default to
+<blockquote>If <b>translate_oids</b> is enabled in the
+<b>snmptt.ini</b> file, SNMPTT will attempt to convert any numeric
+OIDs found inside the variables passed inside the trap to symbolic
+form. You must have the UCD-SNMP / Net-SNMP Perl module
+installed for this to work and you must enable support for it by
+enabling <b>net_snmp_perl_enable</b> in the snmptt.ini file.
+If <b>net_snmp_perl_enable</b> is not enabled, it will default to
using the numeric OID. <br />
<br />
-Net-SNMP 5.0.9 and earlier does not support including the module name (eg:
-<span style="font-weight: bold;">IF-MIB::</span>) when translating an OID and
-most of the 5.0.x versions do not properly tranlsate numeric OIDs to long
-symbolic names. A patch is available for 5.0.8+ that is inlcuded in
-Net-SNMP 5.1.1 and higher. The patch is available from the <a href=
+Net-SNMP 5.0.9 and earlier does not support including the module
+name (eg: <span style="font-weight: bold;">IF-MIB::</span>) when
+translating an OID and most of the 5.0.x versions do not properly
+tranlsate numeric OIDs to long symbolic names. A patch is
+available for 5.0.8+ that is inlcuded in Net-SNMP 5.1.1 and higher.
+The patch is available from the <a href=
"http://sourceforge.net/tracker/index.php?func=detail&aid=722075&group_id=12694&atid=312694">
Net-SNMP patch page</a>.</blockquote>
<p>Note (6):</p>
-<blockquote>The <b>snmptt.ini</b> <b>description_mode</b> option must be set
-to either 1 or 2. If set to 1, the description is pulled from the SNMPTT.CONF
-files. If set to 2, the description is pulled from the MIB file. If using the
-MIB file, you must have the UCD-SNMP / Net-SNMP Perl module installed and
-enabled.</blockquote>
+<blockquote>The <b>snmptt.ini</b> <b>description_mode</b> option
+must be set to either 1 or 2. If set to 1, the description is
+pulled from the SNMPTT.CONF files. If set to 2, the description is
+pulled from the MIB file. If using the MIB file, you must have the
+UCD-SNMP / Net-SNMP Perl module installed and enabled.</blockquote>
</blockquote>
-
-<h3><a id="SNMPTT.CONF-EXEC" name="SNMPTT.CONF-EXEC"></a><b>EXEC:</b></h3>
+<h3><a id="SNMPTT.CONF-EXEC" name=
+"SNMPTT.CONF-EXEC"></a><b>EXEC:</b></h3>
<blockquote>[<b>EXEC</b> command_string]
<p>There can be multiple EXEC lines per EVENT.</p>
-<p>Optional string containing a command to execute when trap is received and
-arguments to pass to the program. The EXEC lines are executed in the
-order that they appear.</p>
+<p>Optional string containing a command to execute when trap is
+received and arguments to pass to the program. The EXEC lines
+are executed in the order that they appear.</p>
<p>EXEC uses the same variable substitution as the FORMAT line.</p>
<p>Example:</p>
-<blockquote>EXEC /usr/bin/qpage -f TRAP alex "$r: $x $X - NIC switchover to
-slot $3, port $4 from slot $5, port $6"</blockquote>
+<blockquote>EXEC /usr/bin/qpage -f TRAP alex "$r: $x $X - NIC
+switchover to slot $3, port $4 from slot $5, port $6"</blockquote>
or
-<blockquote>EXEC c:\snmp\pager netops "$r: $x $X - NIC switchover to slot $3,
-port $4 from slot $5, port $6"</blockquote>
-Note: Unlike the FORMAT line, nothing is prepended to the message. If
-you would like to include the hostname and date in the page above, you must
-use the variables such as $r, $x and $X.</blockquote>
-
-
-<h3><a id="SNMPTT.CONF-PREEXEC" name="SNMPTT.CONF-PREEXEC"></a><b>PREEXEC:</b></h3>
+<blockquote>EXEC c:\snmp\pager netops "$r: $x $X - NIC switchover
+to slot $3, port $4 from slot $5, port $6"</blockquote>
+Note: Unlike the FORMAT line, nothing is prepended to the
+message. If you would like to include the hostname and date
+in the page above, you must use the variables such as $r, $x and
+$X.</blockquote>
+<h3><a id="SNMPTT.CONF-PREEXEC" name=
+"SNMPTT.CONF-PREEXEC"></a><b>PREEXEC:</b></h3>
<blockquote>[<b>PREEXEC</b> command_string]
<p>There can be multiple PREEXEC lines per EVENT.</p>
-<p>Optional string containing a command to execute after a trap is received but
-<b><i>before</i></b> the FORMAT and EXEC statements are processed. The output of the external
-program is stored in the <b>$p<i>n</i></b> variable where <b><i>n</i></b> is a
-number starting from 1. Multiple PREEXEC lines are permitted. The first PREEXEC
-stores the result of the command in <b>$p1</b>, the second in <b>$p2</b> etc.
-Any ending newlines are removed. The <b>snmptt.ini</b> parameter <b>pre_exec_enable</b> can be
-used to enable / disable <b>PREEXEC</b> statements.</p>
-
-<p><b>PREEXEC</b> uses the same variable substitution as the FORMAT line.</p>
+<p>Optional string containing a command to execute after a trap is
+received but <b><i>before</i></b> the FORMAT and EXEC statements
+are processed. The output of the external program is stored in the
+<b>$p<i>n</i></b> variable where <b><i>n</i></b> is a number
+starting from 1. Multiple PREEXEC lines are permitted. The first
+PREEXEC stores the result of the command in <b>$p1</b>, the second
+in <b>$p2</b> etc. Any ending newlines are removed. The
+<b>snmptt.ini</b> parameter <b>pre_exec_enable</b> can be used to
+enable / disable <b>PREEXEC</b> statements.</p>
+<p><b>PREEXEC</b> uses the same variable substitution as the FORMAT
+line.</p>
<p>Example:</p>
-<blockquote>EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Normal</br>
-FORMAT Link down on interface $1($p1). Admin state: $2. Operational state: $3<br />
-<b>PREEXEC /usr/local/bin/snmpget -v 1 -Ovq -c public $aA ifDescr.$1</b>
-</blockquote>
-
+<blockquote>EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events"
+Normal<br />
+FORMAT Link down on interface $1($p1). Admin state: $2. Operational
+state: $3<br />
+<b>PREEXEC /usr/local/bin/snmpget -v 1 -Ovq -c public $aA
+ifDescr.$1</b></blockquote>
<p>Sample output:</p>
-<blockquote>Link down on interface 69("100BaseTX Port 1/6 Name SERVER1"). Admin
- state up. Operational state: down</blockquote>
-<p>In the above example the result is in quotes because that is what comes
-back from snmpget (it is not added by SNMPTT).</p>
+<blockquote>Link down on interface 69("100BaseTX Port 1/6 Name
+SERVER1"). Admin state up. Operational state: down</blockquote>
+<p>In the above example the result is in quotes because that is
+what comes back from snmpget (it is not added by SNMPTT).</p>
</blockquote>
-
-<h3><a id="SNMPTT.CONF-NODES" name="SNMPTT.CONF-NODES"></a><b>NODES:</b></h3>
+<h3><a id="SNMPTT.CONF-NODES" name=
+"SNMPTT.CONF-NODES"></a><b>NODES:</b></h3>
<blockquote>[<b>NODES</b> sources_list]
<p>Used to limit which devices can be mapped to this EVENT
definition. </p>
<p>There can be multiple NODES lines per EVENT.</p>
-<p>Optional string containing any combination of host names, IP addresses,
-CIDR network address, network IP address ranges, or a filename. If this
-keyword omitted then ALL sources will be accepted. Each entry is checked
-for a match. As soon as one match occurs, searching stops.</p>
-
-<p>For example, if you only wanted devices on the subnet 192.168.1.0/24 to
-trigger this EVENT, you could use a NODES entry of:</p>
-<p style="margin-left: 40px;"><span style="font-weight: bold;">NODES
-192.168.1.0/24</span></p>
+<p>Optional string containing any combination of host names, IP
+addresses, CIDR network address, network IP address ranges, or a
+filename. If this keyword omitted then ALL sources will be
+accepted. Each entry is checked for a match. As soon as
+one match occurs, searching stops.</p>
+<p>For example, if you only wanted devices on the subnet
+192.168.1.0/24 to trigger this EVENT, you could use a NODES entry
+of:</p>
+<p style="margin-left: 40px;"><span style=
+"font-weight: bold;">NODES 192.168.1.0/24</span></p>
<p>If a filename is specified, it must be specified with a full
path. </p>
-
-<p>There are two modes of operation: <b>POS</b> (positive - the default) and <b>NEG</b> (negative). If set to <b>POS</b>, then <b>NODES</b> is a 'match' if <i>any</i> of the <b>NODES</b> entries match.</li> If set to <b>NEG</b>, then <b>NODES</b> is a 'match' only if <i>none</i> of the <b>NODES</b> entries match. To change the mode of operation, use one of the following statements:</li>
-<p style="margin-left: 40px;">
-<b>NODES MODE=POS</b><br />
-<b>NODES MODE=NEG</b><br />
-</p>
-
-<p>A common use for this feature is when you have devices that implement a trap in a non-standard way (added additional variables for example) such as the linkDown and linkUp traps. By defining two EVENT statements and using NODES statements with NODES MODE, you can have one EVENT statement handle the standard devices, and the other handle the other devices with the extended linkDown / linkUp traps.</p>
-
+<p>There are two modes of operation: <b>POS</b> (positive - the
+default) and <b>NEG</b> (negative). If set to <b>POS</b>, then
+<b>NODES</b> is a 'match' if <i>any</i> of the <b>NODES</b> entries
+match. If set to <b>NEG</b>, then <b>NODES</b> is a 'match' only if
+<i>none</i> of the <b>NODES</b> entries match. To change the mode
+of operation, use one of the following statements:</p>
+<p style="margin-left: 40px;"><b>NODES MODE=POS</b><br />
+<b>NODES MODE=NEG</b><br /></p>
+<p>A common use for this feature is when you have devices that
+implement a trap in a non-standard way (added additional variables
+for example) such as the linkDown and linkUp traps. By defining two
+EVENT statements and using NODES statements with NODES MODE, you
+can have one EVENT statement handle the standard devices, and the
+other handle the other devices with the extended linkDown / linkUp
+traps.</p>
Example 1:<br />
-<blockquote>This example will match any hosts called
- <b>fred</b>, <b>barney</b>, <b>betty</b> or <b>wilma</b>:<br />
- <br />
- <b>NODES fred barney betty wilma</b>
-</blockquote>
-
+<blockquote>This example will match any hosts called <b>fred</b>,
+<b>barney</b>, <b>betty</b> or <b>wilma</b>:<br />
+<br />
+<b>NODES fred barney betty wilma</b></blockquote>
Example 2:<br />
<blockquote>This example will match any hosts <b>not</b> called
- <b>fred</b>, <b>barney</b>, <b>betty</b> or <b>wilma</b>:<br />
- <br />
- <b>NODES fred barney betty wilma</b><br />
- <b>NODES MODE=NEG</b>
-</blockquote>
-
-
+<b>fred</b>, <b>barney</b>, <b>betty</b> or <b>wilma</b>:<br />
+<br />
+<b>NODES fred barney betty wilma</b><br />
+<b>NODES MODE=NEG</b></blockquote>
Example 3:<br />
-<blockquote>This example will load the file /etc/snmptt-nodes (see below), and
-match any hosts called <span style="font-weight: bold;">fred</span>,
-<span style="font-weight: bold;">barney</span>, <span style=
-"font-weight: bold;">betty</span>, network ip addresses <span style=
-"font-weight: bold;">192.168.1.1, 192.168.1.2, 192.168.1.3,
-192.168.2.1</span>, network range <span style=
-"font-weight: bold;">192.168.50.0/22</span> or network range <span style=
+<blockquote>This example will load the file /etc/snmptt-nodes (see
+below), and match any hosts called <span style=
+"font-weight: bold;">fred</span>, <span style=
+"font-weight: bold;">barney</span>, <span style=
+"font-weight: bold;">betty</span>, network ip addresses
+<span style="font-weight: bold;">192.168.1.1, 192.168.1.2,
+192.168.1.3, 192.168.2.1</span>, network range <span style=
+"font-weight: bold;">192.168.50.0/22</span> or network range
+<span style=
"font-weight: bold;">192.168.60.0-192.168.61.255</span>:<br />
<br />
-<span style="font-weight: bold;">NODES /etc/snmptt-nodes</span></blockquote>
+<span style="font-weight: bold;">NODES
+/etc/snmptt-nodes</span></blockquote>
Example 4:<br />
<blockquote>This example will load both files <span style=
"font-weight: bold;">/etc/snmptt-nodes</span> and <span style=
-"font-weight: bold;">/etc/snmptt-nodes2</span> (see above example):<br />
+"font-weight: bold;">/etc/snmptt-nodes2</span> (see above
+example):<br />
<br />
<span style="font-weight: bold;">NODES /etc/snmptt-nodes
/etc/snmptt-nodes2</span></blockquote>
@@ -1964,8 +2384,9 @@
<blockquote><span style="font-weight: bold;">NODES 192.168.4.0/22
192.168.60.0-192.168.61.255 /etc/snmptt-nodes2</span></blockquote>
Example 6:<br />
-<blockquote>NODES <span style="font-weight: bold;">fred /etc/snmptt-nodes
-pebbles /etc/snmptt-nodes2 barney</span></blockquote>
+<blockquote>NODES <span style="font-weight: bold;">fred
+/etc/snmptt-nodes pebbles /etc/snmptt-nodes2
+barney</span></blockquote>
where snmptt-nodes contains:
<blockquote><span style="font-weight: bold;">fred</span><br style=
"font-weight: bold;" />
@@ -1979,306 +2400,341 @@
"font-weight: bold;" />
<span style="font-weight: bold;">192.168.50.0/22</span><br style=
"font-weight: bold;" />
-<span style="font-weight: bold;">192.168.60.0-192.168.61.255</span><br style=
+<span style=
+"font-weight: bold;">192.168.60.0-192.168.61.255</span><br style=
"font-weight: bold;" />
<span style="font-weight: bold;">wilma</span></blockquote>
Notes:
-<blockquote>The names are NOT case sensitive and comment lines are permitted
-by starting the line with a #.<br />
+<blockquote>The names are NOT case sensitive and comment lines are
+permitted by starting the line with a #.<br />
<br />
-CIDR network addresses must be specified using 4 octets followed by a /
-followed by the number of bits. For example: 172.16.0.0/24. Using
-172.16/24 will NOT work.<br />
-<br />
-Do not use any spaces between network ranges as they will be interpreted as
-two different values. For example, 192.168.1.1
-- 192.168.1.20 will not work. Use
-192.168.1.1-192.168.1.20 instead.<br />
+CIDR network addresses must be specified using 4 octets followed by
+a / followed by the number of bits. For example:
+172.16.0.0/24. Using 172.16/24 will NOT work.<br />
+<br />
+Do not use any spaces between network ranges as they will be
+interpreted as two different values. For example,
+192.168.1.1 - 192.168.1.20 will not
+work. Use 192.168.1.1-192.168.1.20 instead.<br />
<br />
By default, NODES files are loaded when the <span style=
-"font-weight: bold;">snmptt.conf</span> files are loaded (during startup of
-SNMPTT). The <span style="font-weight: bold;">snmptt.ini</span> option
-<span style="font-weight: bold;">dynamic_nodes</span> can be set to
-<span style="font-weight: bold;">1</span> to have the nodes files loaded each
-time an EVENT is processed.<br />
+"font-weight: bold;">snmptt.conf</span> files are loaded (during
+startup of SNMPTT). The <span style=
+"font-weight: bold;">snmptt.ini</span> option <span style=
+"font-weight: bold;">dynamic_nodes</span> can be set to
+<span style="font-weight: bold;">1</span> to have the nodes files
+loaded each time an EVENT is processed.<br />
<br />
-<p>See the section '<a href="#DNS">Name Resolution / DNS</a>' for important
-DNS information.</p>
+<p>See the section '<a href="#DNS">Name Resolution / DNS</a>' for
+important DNS information.</p>
</blockquote>
</blockquote>
-<h3><a id="SNMPTT.CONF-MATCH" name="SNMPTT.CONF-MATCH"></a><b>MATCH:</b></h3>
+<h3><a id="SNMPTT.CONF-MATCH" name=
+"SNMPTT.CONF-MATCH"></a><b>MATCH:</b></h3>
<div style="margin-left: 40px;"><br />
<span style="font-weight: bold;">[MATCH [MODE=[or | and]] |
[</span><span style="font-weight: bold;">$n:</span><span style=
-"font-weight: bold;">[!][( )[i] | n | n-n | > n | < n
-| x.x.x.x | x.x.x.x-x.x.x.x | x.x.x.x/x]]</span></div>
-<p style="margin-left: 40px;">Optional match expression that must be evaluated
-to true for the trap to be considered a match to this EVENT definition.</p>
-<p style="margin-left: 40px;">If a MATCH statement exists, and no matches
-evaluate to true, then the default will be to NOT match this EVENT
-definition.</p>
-<p style="margin-left: 40px;">The following Perl regular expression modifiers
-are supported:</p>
-<div style="margin-left: 80px;"><span style="font-weight: bold;">i</span> -
-ignore case when trying to match</div>
-<br />
-<p style="margin-left: 40px;">The following command formats are available:</p>
-<div style="margin-left: 80px;">
-
- <b>
- MATCH MODE=[or | and]<br />
- MATCH <i>$x:</i> [!] <i>(reg) [i]</i><br />
- MATCH <i>$x:</i> [!] <i>n</i><br />
- MATCH <i>$x:</i> [!] <i>n-n</i><br />
- MATCH <i>$x:</i> [!] <i>< n</i><br />
- MATCH <i>$x:</i> [!] <i>> n</i><br />
- MATCH <i>$x:</i> [!] <i>x.x.x.x</i><br />
- MATCH <i>$x:</i> [!] <i>x.x.x.x-x.x.x.x</i><br />
- MATCH <i>$x:</i> [!] <i>x.x.x.x/x</i><br />
- </b>
-
-<br />
+"font-weight: bold;">[!][( )[i] | n | n-n | >
+n | < n | x.x.x.x | x.x.x.x-x.x.x.x | x.x.x.x/x]]</span></div>
+<p style="margin-left: 40px;">Optional match expression that must
+be evaluated to true for the trap to be considered a match to this
+EVENT definition.</p>
+<p style="margin-left: 40px;">If a MATCH statement exists, and no
+matches evaluate to true, then the default will be to NOT match
+this EVENT definition.</p>
+<p style="margin-left: 40px;">The following Perl regular expression
+modifiers are supported:</p>
+<div style="margin-left: 80px;"><span style=
+"font-weight: bold;">i</span> - ignore case when trying to
+match</div>
+<br />
+<p style="margin-left: 40px;">The following command formats are
+available:</p>
+<div style="margin-left: 80px;"><b>MATCH MODE=[or | and]<br />
+MATCH <i>$x:</i> [!] <i>(reg) [i]</i><br />
+MATCH <i>$x:</i> [!] <i>n</i><br />
+MATCH <i>$x:</i> [!] <i>n-n</i><br />
+MATCH <i>$x:</i> [!] <i>< n</i><br />
+MATCH <i>$x:</i> [!] <i>> n</i><br />
+MATCH <i>$x:</i> [!] & <i>n</i><br />
+MATCH <i>$x:</i> [!] <i>x.x.x.x</i><br />
+MATCH <i>$x:</i> [!] <i>x.x.x.x-x.x.x.x</i><br />
+MATCH <i>$x:</i> [!] <i>x.x.x.x/x</i><br /></b><br />
where:<br />
-<div style="margin-left: 40px;">
- <b>or</b> or <b>and</b> set the default evaluation mode for ALL matches<br />
- <b>$x</b> is any variable (example: $3, $A etc)<br />
- <b>reg</b> is a regular expression<br />
- <b>!</b> is used to negate the result (not)<br />
- <b>n</b> is a number<br />
- <b>x.x.x.x</b> is an IP address<br />
- <b>x.x.x.x-x.x.x.x</b> is an IP network address range<br />
- <b>x.x.x.x/x</b> is an IP CIDR network addresss<br />
+<div style="margin-left: 40px;"><b>or</b> or <b>and</b> set the
+default evaluation mode for ALL matches<br />
+<b>$x</b> is any variable (example: $3, $A etc)<br />
+<b>reg</b> is a regular expression<br />
+<b>!</b> is used to negate the result (not)<br />
+<b>&</b> is used to perform a bitwise AND<br />
+<b>n</b> is a number<br />
+<b>x.x.x.x</b> is an IP address<br />
+<b>x.x.x.x-x.x.x.x</b> is an IP network address range<br />
+<b>x.x.x.x/x</b> is an IP CIDR network addresss<br /></div>
</div>
</blockquote>
<div style="margin-left: 40px;">
<div style="margin-left: 40px;">Notes:<br />
<br />
-<div style="margin-left: 40px;">To limit which devices can be mapped to this
-EVENT definition based on the IP address / hostname of the device / agent that
-sent the trap, the <b>NODES</b> keyword is recommended.<br />
+<div style="margin-left: 40px;">To limit which devices can be
+mapped to this EVENT definition based on the IP address / hostname
+of the device / agent that sent the trap, the <b>NODES</b> keyword
+is recommended.<br />
<br />
-If the match mode is 'or', once a match occurs no other matches are performed
-and the end result is true.<br />
+If the match mode is 'or', once a match occurs no other matches are
+performed and the end result is true.<br />
<br />
-If the match mode is 'and', once a match fails, no other matches are performed
-and the end result is false.<br />
+If the match mode is 'and', once a match fails, no other matches
+are performed and the end result is false.<br />
<br />
-To use parentheses ( or ) in the search expression, they must be backslashed
-(\).<br />
+To use parentheses ( or ) in the search expression, they must be
+backslashed (\).<br />
<br />
If no MATCH MODE= line exists, it defaults to 'or'.<br />
<br />
-There can be only one match <span style="font-weight: bold;">mode</span> per
-EVENT. If multiple MATCH MODE= lines exists, the last one in the list is
-used.</div>
+There can be only one match <span style=
+"font-weight: bold;">mode</span> per EVENT. If multiple MATCH
+MODE= lines exists, the last one in the list is used.</div>
</div>
</div>
<div style="margin-left: 40px;">
<div style="margin-left: 40px;">Examples:<br />
<br />
-<div style="margin-left: 40px;">$2 must be between 1000 and 2000:<br />
-<br />
-<div style="margin-left: 40px;"><span style="font-weight: bold;">MATCH $2:
-1000-2000</span></div>
+<div style="margin-left: 40px;">$2 must be between 1000 and
+2000:<br />
<br />
-Any one must match (or): $3 must be 52, or $4 must be an IP address between
-192.168.1.10 and 192.168.1.20, or the severity must be 'Major':<br />
+<div style="margin-left: 40px;"><span style=
+"font-weight: bold;">MATCH $2: 1000-2000</span></div>
<br />
-<div style="margin-left: 40px;">
- <b>MATCH $3: 52</b><br />
- <b>MATCH $4: 192.168.1.10-192.168.1.20</b><br />
- <b>MATCH $s: (Major)</b><br />
-</div>
+Any one must match (or): $3 must be 52, or $4 must be an IP address
+between 192.168.1.10 and 192.168.1.20, or the severity must be
+'Major':<br />
+<br />
+<div style="margin-left: 40px;"><b>MATCH $3: 52</b><br />
+<b>MATCH $4: 192.168.1.10-192.168.1.20</b><br />
+<b>MATCH $s: (Major)</b><br /></div>
</div>
</div>
</div>
<div style="margin-left: 80px;">
<div style="margin-left: 40px;"><br />
-All must match (and): $3 must be greater than 20, and $5 must not contain the
-words alarm or critical, $6 must contain the string '(1) remaining' and $7
-must contain the string 'power' which is not case sensitive:<br />
+All must match (and): $3 must be greater than 20, and $5 must not
+contain the words alarm or critical, $6 must contain the string
+'(1) remaining' and $7 must contain the string 'power' which is not
+case sensitive:<br />
<br style="font-weight: bold;" />
-<div style="margin-left: 40px;"><span style="font-weight: bold;">MATCH $3:
->20</span><br style="font-weight: bold;" />
-<span style="font-weight: bold;">MATCH $5: !(alarm|critical)</span><br style=
+<div style="margin-left: 40px;"><span style=
+"font-weight: bold;">MATCH $3: >20</span><br style=
"font-weight: bold;" />
+<span style="font-weight: bold;">MATCH $5:
+!(alarm|critical)</span><br style="font-weight: bold;" />
<span style="font-weight: bold;">MATCH $6: (\(1\)
-remaining)<br /></span><span style="font-weight: bold;">MATCH $7:
+remaining)<br /></span> <span style="font-weight: bold;">MATCH $7:
(power)i</span><br style="font-weight: bold;" />
<span style="font-weight: bold;">MATCH MODE=and</span></div>
</div>
+<br />
+<div style="margin-left: 40px;">The integer $1 must have bit 4
+set:<br />
+<br />
+<div style="margin-left: 40px;"><span style=
+"font-weight: bold;">MATCH $1: &8</span></div>
+<br /></div>
</div>
<blockquote>
-<h3><a id="SNMPTT.CONF-REGEX" name="SNMPTT.CONF-REGEX"></a><b>REGEX:</b></h3>
+<h3><a id="SNMPTT.CONF-REGEX" name=
+"SNMPTT.CONF-REGEX"></a><b>REGEX:</b></h3>
<div style="margin-left: 40px;"><br />
[<b style="font-weight: bold;">REGEX</b><span style=
"font-weight: bold;">( )(
)[i][g][e]</span>]</div>
-<p style="margin-left: 40px;">Optional regular expression to perform a search
-and replace on the <span style="font-weight: bold;">translated</span> FORMAT /
-EXEC line. Multiple REGEX ( )( )
-lines are permitted.</p>
-<p style="margin-left: 40px;">First ( ) contains the search
-expression.<br />
+<p style="margin-left: 40px;">Optional regular expression to
+perform a search and replace on the <span style=
+"font-weight: bold;">translated</span> FORMAT / EXEC line.
+Multiple REGEX ( )( ) lines are
+permitted.</p>
+<p style="margin-left: 40px;">First ( ) contains
+the search expression.<br />
Second ( ) contains the replacement text</p>
-<p style="margin-left: 40px;">The following Perl regular expression modifiers
-are supported:</p>
-<div style="margin-left: 80px;"><span style="font-weight: bold;">i</span> -
-ignore case when trying to match left side<br />
-<span style="font-weight: bold;">g</span> - replace all occurances instead of
-only the first<br />
-<span style="font-weight: bold;">e</span> - execute the right side (eval) as
-code</div>
-<p style="margin-left: 40px;">To use substitution with captures (memory
-parenthesis) or the <span style="font-weight: bold;">e</span> modifier, you
-must first enable support in the snmptt.ini file by setting <span style=
+<p style="margin-left: 40px;">The following Perl regular expression
+modifiers are supported:</p>
+<div style="margin-left: 80px;"><span style=
+"font-weight: bold;">i</span> - ignore case when trying to match
+left side<br />
+<span style="font-weight: bold;">g</span> - replace all occurances
+instead of only the first<br />
+<span style="font-weight: bold;">e</span> - execute the right side
+(eval) as code</div>
+<p style="margin-left: 40px;">To use substitution with captures
+(memory parenthesis) or the <span style=
+"font-weight: bold;">e</span> modifier, you must first enable
+support in the snmptt.ini file by setting <span style=
"font-weight: bold;">allow_unsafe_regex</span> to <span style=
"font-weight: bold;">1</span>. Note: <span style=
-"font-weight: bold;">This is considered unsafe because the contents of the
-right expression is executed (eval) by Perl which could contain unsafe
-code</span>. If this option is enabled, <span style=
-"font-weight: bold;">BE SURE THAT THE SNMPTT CONFIGURATION FILES ARE
-SECURE! </span></p>
-<p style="margin-left: 40px;">Each REGEX line is processed in order from top
-to bottom and are accumulative. The second REGEX operates on the results
-of the first REGEX etc.</p>
+"font-weight: bold;">This is considered unsafe because the contents
+of the right expression is executed (eval) by Perl which could
+contain unsafe code</span>. If this option is enabled,
+<span style="font-weight: bold;">BE SURE THAT THE SNMPTT
+CONFIGURATION FILES ARE SECURE! </span></p>
+<p style="margin-left: 40px;">Each REGEX line is processed in order
+from top to bottom and are accumulative. The second REGEX
+operates on the results of the first REGEX etc.</p>
<p style="margin-left: 40px;">Example:</p>
-<div style="margin-left: 80px;">FORMAT line before: <span style=
-"font-weight: bold;">UPS has detected
+<div style="margin-left: 80px;">FORMAT line before:
+<span style="font-weight: bold;">UPS
+has detected
a building
-alarm. Cause: UPS1 Alarm #14: Building
-alarm 3.</span><br />
+alarm. Cause: UPS1 Alarm #14:
+Building alarm 3.</span><br />
<br />
-<span style="font-weight: bold;">REGEX (Building alarm 3)(Computer room high
-temperature)<br /></span> <span style="font-weight: bold;">REGEX (Building
-alarm 4)(Moisture detection alarm)</span><br style="font-weight: bold;" />
-<span style="font-weight: bold;">REGEX (roOm)(ROOM)ig</span><br style=
-"font-weight: bold;" />
+<span style="font-weight: bold;">REGEX (Building alarm 3)(Computer
+room high temperature)<br /></span> <span style=
+"font-weight: bold;">REGEX (Building alarm 4)(Moisture detection
+alarm)</span><br style="font-weight: bold;" />
+<span style="font-weight: bold;">REGEX
+(roOm)(ROOM)ig</span><br style="font-weight: bold;" />
<span style="font-weight: bold;">REGEX (UPS)(The big UPS)<br />
REGEX (\s+)( )g<br /></span><br />
-FORMAT line after: <span style="font-weight: bold;">The big UPS has
-detected a building alarm. Cause: UPS1 Alarm #14: Computer ROOM high
-temperature</span></div>
-<p style="margin-left: 40px;">To use parentheses ( or ) in the search
-expression, they must be backslashed (\) otherwise it is interpreted as a
-capture (see below). The replacement text does not need to be
-backslashed.</p>
+FORMAT line after: <span style="font-weight: bold;">The big
+UPS has detected a building alarm. Cause: UPS1 Alarm #14: Computer
+ROOM high temperature</span></div>
+<p style="margin-left: 40px;">To use parentheses ( or ) in the
+search expression, they must be backslashed (\) otherwise it is
+interpreted as a capture (see below). The replacement text
+does not need to be backslashed.</p>
<p style="margin-left: 40px;">Example:</p>
-<div style="margin-left: 80px;">FORMAT line before: <span style=
-"font-weight: bold;">Alarm (1) and (2) has been triggered</span><br />
-<br />
-<span style="font-weight: bold;">REGEX (\(1\))(One)</span><br style=
-"font-weight: bold;" />
-<span style="font-weight: bold;">REGEX (\(2\))((Two))</span><br style=
-"font-weight: bold;" />
+<div style="margin-left: 80px;">FORMAT line before:
+<span style="font-weight: bold;">Alarm (1) and (2) has been
+triggered</span><br />
+<br />
+<span style="font-weight: bold;">REGEX
+(\(1\))(One)</span><br style="font-weight: bold;" />
+<span style="font-weight: bold;">REGEX
+(\(2\))((Two))</span><br style="font-weight: bold;" />
<br />
-FORMAT line after: <span style="font-weight: bold;">Alarm One and (Two)
-has been triggered</span></div>
+FORMAT line after: <span style="font-weight: bold;">Alarm One
+and (Two) has been triggered</span></div>
</blockquote>
<div style="margin-left: 80px;">If <span style=
-"font-weight: bold;">allow_unsafe_regex</span> is enabled, then captures can
-be used in the replacement text.<br />
+"font-weight: bold;">allow_unsafe_regex</span> is enabled, then
+captures can be used in the replacement text.<br />
<p>Example:</p>
-<div style="margin-left: 40px;">FORMAT line before: <span style=
-"font-weight: bold;">The system has logged exception error 55 for the service
-testservice<br /></span></div>
-<br />
-<div style="margin-left: 40px;"><span style="font-weight: bold;">REGEX
-(</span><span style="font-weight: bold;">The system has logged exception error
-(\d+) for the service (\w+</span><span style="font-weight: bold;">))(Service
-$2 generated error $1)</span><br style="font-weight: bold;" />
-<br />
-FORMAT line after: <span style="font-weight: bold;">Service testservice
-generated error 55</span></div>
-<br />
-If <span style="font-weight: bold;">allow_unsafe_regex</span> is enabled and
-an <span style="font-weight: bold;">e</span> modifier is specified, then the
-right side is executed (evaluated). This allows you to use Perl
-functions to perform various tasks such as convert from hex to decimal, format
-text using sprintf etc. All text must be inside of quotes, and
-statements can be concatenated together using the dot (.).<br />
+<div style="margin-left: 40px;">FORMAT line before:
+<span style="font-weight: bold;">The system has logged exception
+error 55 for the service testservice<br /></span></div>
+<br />
+<div style="margin-left: 40px;"><span style=
+"font-weight: bold;">REGEX (</span><span style=
+"font-weight: bold;">The system has logged exception error (\d+)
+for the service (\w+</span><span style=
+"font-weight: bold;">))(Service $2 generated error
+$1)</span><br style="font-weight: bold;" />
+<br />
+FORMAT line after: <span style="font-weight: bold;">Service
+testservice generated error 55</span></div>
+<br />
+If <span style="font-weight: bold;">allow_unsafe_regex</span> is
+enabled and an <span style="font-weight: bold;">e</span> modifier
+is specified, then the right side is executed (evaluated).
+This allows you to use Perl functions to perform various tasks such
+as convert from hex to decimal, format text using sprintf
+etc. All text must be inside of quotes, and statements can be
+concatenated together using the dot (.).<br />
<p>Example 1:</p>
-<div style="margin-left: 40px;">FORMAT line before: <span style=
-"font-weight: bold;">Authentication Failure Trap from IP address: C0 A8 1
-FE<br /></span></div>
+<div style="margin-left: 40px;">FORMAT line before:
+<span style="font-weight: bold;">Authentication Failure Trap from
+IP address: C0 A8 1 FE<br /></span></div>
<br />
-<div style="margin-left: 40px;"><span style="font-weight: bold;">REGEX
-(Address: (\w+)\s+(\w+)\s+(\w+)\s+(\w+))("address:
+<div style="margin-left: 40px;"><span style=
+"font-weight: bold;">REGEX (Address:
+(\w+)\s+(\w+)\s+(\w+)\s+(\w+))("address:
".hex($1).".".hex($2).".".hex($3).".".hex($4))ei</span><br style=
"font-weight: bold;" />
<br />
-FORMAT line after: <span style="font-weight: bold;">Authentication
-Failure Trap from IP address: 192.168.1.254</span></div>
+FORMAT line after: <span style=
+"font-weight: bold;">Authentication Failure Trap from IP address:
+192.168.1.254</span></div>
<br />
<p>Example 2:</p>
-<div style="margin-left: 40px;">FORMAT line before: <span style=
-"font-weight: bold;">Authentication Failure Trap from IP address: C0 A8 1
-FE<br /></span></div>
+<div style="margin-left: 40px;">FORMAT line before:
+<span style="font-weight: bold;">Authentication Failure Trap from
+IP address: C0 A8 1 FE<br /></span></div>
<br />
-<div style="margin-left: 40px;"><span style="font-weight: bold;">REGEX
-(Address:
+<div style="margin-left: 40px;"><span style=
+"font-weight: bold;">REGEX (Address:
(\w+)\s+(\w+)\s+(\w+)\s+(\w+))("address:".sprintf("%03d.%03d.%03d.%03d",hex($1),hex($2),hex($3),hex($4)))ie</span></div>
<br style="font-weight: bold;" />
<br />
-<div style="margin-left: 40px;">FORMAT line after: <span style=
-"font-weight: bold;">Authentication Failure Trap from IP address:
-192.168.001.254</span></div>
+<div style="margin-left: 40px;">FORMAT line after:
+<span style="font-weight: bold;">Authentication Failure Trap from
+IP address: 192.168.001.254</span></div>
<br />
<p>Example 3</p>
-<div style="margin-left: 40px;">This example is for a BGP <span style=
-"font-weight: bold;">bgpBackwardTranstion</span> trap. The OID for the
-bgpBackwardTranstion trap has the IP address of the device that transitioned
-appended to the end of the OID. To create a meaningful trap message, the
-IP address needs to be separated from the variable OID. Because the IP
-address is part of the OID <span style="font-weight: bold;">variable
-name</span> instead of the OID <span style="font-weight: bold;">value</span>,
-a REGEX expression is needed. The following uses the $+1 variable on the
-FORMAT line so REGEX can parse out the IP address. <br />
-<br />
-FORMAT line before: <span style="font-weight: bold;">Peer:$+2<br />
-<br /></span>FORMAT line after substitution, but before REGEX:
-<span style="font-weight: bold;">Peer:bgpPeerState</span>.<span style=
+<div style="margin-left: 40px;">This example is for a BGP
+<span style="font-weight: bold;">bgpBackwardTranstion</span>
+trap. The OID for the bgpBackwardTranstion trap has the IP
+address of the device that transitioned appended to the end of the
+OID. To create a meaningful trap message, the IP address
+needs to be separated from the variable OID. Because the IP
+address is part of the OID <span style=
+"font-weight: bold;">variable name</span> instead of the OID
+<span style="font-weight: bold;">value</span>, a REGEX expression
+is needed. The following uses the $+1 variable on the FORMAT
+line so REGEX can parse out the IP address. <br />
+<br />
+FORMAT line before: <span style=
+"font-weight: bold;">Peer:$+2<br />
+<br /></span> FORMAT line after substitution, but before
+REGEX: <span style=
+"font-weight: bold;">Peer:bgpPeerState</span>.<span style=
"font-weight: bold;">192.168.1.1:idle<br /></span></div>
<br />
-<div style="margin-left: 40px;"><span style="font-weight: bold;">REGEX
+<div style="margin-left: 40px;"><span style=
+"font-weight: bold;">REGEX
(Peer:.*\.(\d+\.\d+\.\d+\.\d+):(.*))("Peer: $1 has transitioned to
$2")e</span><br style="font-weight: bold;" />
<br />
-FORMAT line after: <span style="font-weight: bold;">Peer: 192.168.1.1
-has transitioned to idle</span></div>
+FORMAT line after: <span style="font-weight: bold;">Peer:
+192.168.1.1 has transitioned to idle</span></div>
</div>
<blockquote>
<p style="margin-left: 40px;"><br />
Example 4</p>
-<div style="margin-left: 80px;">This example is a sample of using Perl
-subroutines inside of a <span style="font-weight: bold;">REGEX</span>
-statement.<br />
-<br />
-FORMAT line before: <span style="font-weight: bold;">Extremely severe
-error has occured<br /></span><br />
+<div style="margin-left: 80px;">This example is a sample of using
+Perl subroutines inside of a <span style=
+"font-weight: bold;">REGEX</span> statement.<br />
+<br />
+FORMAT line before: <span style=
+"font-weight: bold;">Extremely severe error has
+occured<br /></span><br />
<span style="font-weight: bold;">REGEX (</span><span style=
-"font-weight: bold;">Extremely severe error has occured</span><span style=
-"font-weight: bold;">)(("Better get a lotto ticket!! Here is a lotto
-number to try:".sprintf ("%s", lottonumber());sub lottonumber { for(my
-$i=0;$i<6;$i++) { $temp = $temp . " " . (int(rand 49) +1); } return $temp;
-} )ie</span><br style="font-weight: bold;" />
-<br />
-FORMAT line after: <span style="font-weight: bold;">Better get a lotto
-ticket!! Here is a lotto number to try: 36 27 38 32 29 6</span></div>
+"font-weight: bold;">Extremely severe error has
+occured</span><span style="font-weight: bold;">)(("Better get a
+lotto ticket!! Here is a lotto number to try:".sprintf ("%s",
+lottonumber());sub lottonumber { for(my $i=0;$i<6;$i++) { $temp
+= $temp . " " . (int(rand 49) +1); } return $temp; }
+)ie</span><br style="font-weight: bold;" />
+<br />
+FORMAT line after: <span style="font-weight: bold;">Better
+get a lotto ticket!! Here is a lotto number to try: 36 27 38
+32 29 6</span></div>
<br />
<div style="margin-left: 40px;"><br />
-Note: The REGEX expression is executed on the final translated FORMAT /
-EXEC line, after all variable substitutions have been completed.</div>
+Note: The REGEX expression is executed on the final
+translated FORMAT / EXEC line, after all variable substitutions
+have been completed.</div>
<br />
<br />
-<h3><a id="SNMPTT.CONF-SDESC" name="SNMPTT.CONF-SDESC"></a><b>SDESC</b></h3>
+<h3><a id="SNMPTT.CONF-SDESC" name=
+"SNMPTT.CONF-SDESC"></a><b>SDESC</b></h3>
<blockquote>[<b>SDESC</b>]
-<p>Optional start of a description. All text between this line and the
-line EDESC will be ignored by snmptt. This section can be used to enter
-comments about the trap for your own use. If you use a SDESC, you MUST
-follow with a EDESC.</p>
+<p>Optional start of a description. All text between this
+line and the line EDESC will be ignored by snmptt. This section can
+be used to enter comments about the trap for your own use. If
+you use a SDESC, you MUST follow with a EDESC.</p>
</blockquote>
-<h3><a id="SNMPTT.CONF-EDESC" name="SNMPTT.CONF-EDESC"></a><b>EDESC</b></h3>
+<h3><a id="SNMPTT.CONF-EDESC" name=
+"SNMPTT.CONF-EDESC"></a><b>EDESC</b></h3>
<blockquote>[<b>EDESC</b>]
<p>Used to end the description section.</p>
<p>Example:</p>
@@ -2289,87 +2745,100 @@
</blockquote>
</blockquote>
<h2><a id="SNMPTT.CONF-Configuration-file-Notes" name=
-"SNMPTT.CONF-Configuration-file-Notes"></a><b>SNMPTT.CONF Configuration file
-Notes</b></h2>
-<p>When there are multiple definitions of the same trap in the configuration
-file, the following rules apply:</p>
+"SNMPTT.CONF-Configuration-file-Notes"></a><b>SNMPTT.CONF
+Configuration file Notes</b></h2>
+<p>When there are multiple definitions of the same trap in the
+configuration file, the following rules apply:</p>
<p><b>A match occurs when:</b></p>
<ul>
-<li>The received trap OID matches a defined OID in the configuration file</li>
-<li><b>AND</b> <b>(</b> the hostname matches a defined hostname in the NODES
-entry <b>OR</b> there is no NODES entry <b>)</b></li>
-<li><b>AND</b> <b>(</b> the MATCH statement evaluates to TRUE <b>OR</b> the
-there is no MATCH entry <b>)</b></li>
+<li>The received trap OID matches a defined OID in the
+configuration file</li>
+<li><b>AND</b> <b>(</b> the hostname matches a defined hostname in
+the NODES entry <b>OR</b> there is no NODES entry <b>)</b></li>
+<li><b>AND</b> <b>(</b> the MATCH statement evaluates to TRUE
+<b>OR</b> the there is no MATCH entry <b>)</b></li>
</ul>
<b>If multiple_event is set to 1 in snmptt.ini:</b>
<ul>
-<li>A trap is handled as many times as it matches in the configuration
-file</li>
+<li>A trap is handled as many times as it matches in the
+configuration file</li>
<li>If any number of exact matches exist, the wildcard match is NOT
performed</li>
-<li>If an exact match does NOT exist, the wildcard match IS performed if
-<b>(</b> the hostname matches a defined hostname in the NODES entry <b>OR</b>
-there is no NODES entry <b>)</b> <b>AND</b> <b>(</b> the MATCH statement
-evaluates to TRUE <b>OR</b> the there is no MATCH entry <b>)</b></li>
+<li>If an exact match does NOT exist, the wildcard match IS
+performed if <b>(</b> the hostname matches a defined hostname in
+the NODES entry <b>OR</b> there is no NODES entry <b>)</b>
+<b>AND</b> <b>(</b> the MATCH statement evaluates to TRUE <b>OR</b>
+the there is no MATCH entry <b>)</b></li>
</ul>
<b>If multiple_event is set to 0 in snmptt.ini:</b>
<ul>
-<li>A trap is handled once using the first match in the configuration
-file</li>
-<li>If an exact match exists, the wildcard match is NOT performed</li>
-<li>If an exact match does NOT exist, the wildcard match IS performed if
-<b>(</b> the hostname matches a defined hostname in the NODES entry <b>OR</b>
-there is no NODES entry <b>)</b> <b>AND</b> <b>(</b> the MATCH statement
-evaluates to TRUE <b>OR</b> the there is no MATCH entry <b>)</b></li>
+<li>A trap is handled once using the first match in the
+configuration file</li>
+<li>If an exact match exists, the wildcard match is NOT
+performed</li>
+<li>If an exact match does NOT exist, the wildcard match IS
+performed if <b>(</b> the hostname matches a defined hostname in
+the NODES entry <b>OR</b> there is no NODES entry <b>)</b>
+<b>AND</b> <b>(</b> the MATCH statement evaluates to TRUE <b>OR</b>
+the there is no MATCH entry <b>)</b></li>
</ul>
<br />
<h2><a id="DNS" name="DNS"></a><b>Name resolution / DNS</b></h2>
-<p>Snmptrapd passes the IP address of the device sending the trap (host), the
-host name of the device sending the trap (host) (if configured to resolve host
-names) and the IP address of the actual SNMP agent (agent).<br />
+<p>Snmptrapd passes the IP address of the device sending the trap
+(host), the host name of the device sending the trap (host) (if
+configured to resolve host names) and the IP address of the actual
+SNMP agent (agent).<br />
<br />
If the configuration setting <span style=
-"font-weight: bold;">dns_enable</span> is set to 0 (dns disabled), then the
-host name of the AGENT will not be available for the $A variable, NODES
-matches, and the hostname column in SQL databases. The only exception to
-this is if the (host) IP address matches the (agent) IP address and snmptrapd
-is configured to resolve host names. In that case, the host name of the
-(host) will be used for the (agent) host name as they are obviously the same
-host.<br />
+"font-weight: bold;">dns_enable</span> is set to 0 (dns disabled),
+then the host name of the AGENT will not be available for the $A
+variable, NODES matches, and the hostname column in SQL
+databases. The only exception to this is if the (host) IP
+address matches the (agent) IP address and snmptrapd is configured
+to resolve host names. In that case, the host name of the
+(host) will be used for the (agent) host name as they are obviously
+the same host.<br />
<br />
If the configuration setting <span style=
-"font-weight: bold;">dns_enable</span> is set to 1 (dns enabled), then the
-host name of both the host and the AGENT will be resolved via DNS. NODES
-entries will also be resolved to IP addresses before performing matches.<br />
-<br />
-The host name may resolve to the Fully Qualified Domain Name (FQDN). For
-example: barney.bedrock.com. Adding an entry for the host in your
-/etc/hosts file or %systemroot%\system32\drivers\etc\hosts may result in the
-short name being used instead (barney). You can also enable the
-<b>strip_domain</b> / <b>strip_domain_list</b> options to have SNMPTT strip
-the domain of any FQDN host. See the <span style=
-"font-weight: bold;">snmptt.ini</span> file for details.</p>
-To allow IP addresses to be resolved to host names, PTR records must exist in
-DNS or the local hosts file must contain all hosts.<br />
-<br />
-<span style="font-weight: bold; text-decoration: underline;">It is recommended
-that either DNS be installed on the machine running SNMPTT / snmptrapd or a
-local hosts file be configured will all devices</span>. DNS should be
-configured as a secondary (authoritive) for the domains that it will receive
-traps from. This will reduce network resolution traffic, speed up
+"font-weight: bold;">dns_enable</span> is set to 1 (dns enabled),
+then the host name of both the host and the AGENT will be resolved
+via DNS. NODES entries will also be resolved to IP addresses
+before performing matches.<br />
+<br />
+The host name may resolve to the Fully Qualified Domain Name
+(FQDN). For example: barney.bedrock.com. Adding an
+entry for the host in your /etc/hosts file or
+%systemroot%\system32\drivers\etc\hosts may result in the short
+name being used instead (barney). You can also enable the
+<b>strip_domain</b> / <b>strip_domain_list</b> options to have
+SNMPTT strip the domain of any FQDN host. See the
+<span style="font-weight: bold;">snmptt.ini</span> file for
+details.</p>
+To allow IP addresses to be resolved to host names, PTR records
+must exist in DNS or the local hosts file must contain all
+hosts.<br />
+<br />
+<span style="font-weight: bold; text-decoration: underline;">It is
+recommended that either DNS be installed on the machine running
+SNMPTT / snmptrapd or a local hosts file be configured will all
+devices</span>. DNS should be configured as a secondary
+(authoritive) for the domains that it will receive traps
+from. This will reduce network resolution traffic, speed up
resolution, and remove the dependency of the network for DNS.
-<span style="font-weight: bold;">If a local DNS or hosts file is not used,
-then the entire network management station could become useless during a DNS /
-remote network outage and could cause false alarms for network management
-software.</span><br style="font-weight: bold;" />
+<span style="font-weight: bold;">If a local DNS or hosts file is
+not used, then the entire network management station could become
+useless during a DNS / remote network outage and could cause false
+alarms for network management software.</span><br style=
+"font-weight: bold;" />
<br />
<br />
<h2><a id="Sample1-SNMPTT.CONF-file" name=
"Sample1-SNMPTT.CONF-file"></a><b>Sample1 SNMPTT.CONF file</b></h2>
-<p>Note: The <span style="font-weight: bold;">examples</span> folder also
-contains a sample <span style="font-weight: bold;">snmptt.conf</span>
-file.</p>
-<p>Following is a sample of two defined traps in <b>snmptt.conf:</b></p>
+<p>Note: The <span style="font-weight: bold;">examples</span>
+folder also contains a sample <span style=
+"font-weight: bold;">snmptt.conf</span> file.</p>
+<p>Following is a sample of two defined traps in
+<b>snmptt.conf:</b></p>
<blockquote>#<br />
EVENT COMPAQ_11003 .1.3.6.1.4.1.232.0.11003 "LOGONLY" Normal<br />
FORMAT Compaq Generic Trap: $*<br />
@@ -2380,16 +2849,18 @@
EDESC<br />
#<br />
#<br />
-EVENT cpqDa3AccelBatteryFailed .1.3.6.1.4.1.232.0.3014 "Error Events"
-Critical<br />
+EVENT cpqDa3AccelBatteryFailed .1.3.6.1.4.1.232.0.3014 "Error
+Events" Critical<br />
FORMAT Battery status is $3.<br />
-EXEC qpage -f TRAP notifygroup1 "$s $r $x $X: Battery status is $3"<br />
+EXEC qpage -f TRAP notifygroup1 "$s $r $x $X: Battery status is
+$3"<br />
NODES ntserver1 ntserver2 ntserver3<br />
#<br />
#</blockquote>
<h2><a id="Sample2-SNMPTT.CONF-file" name=
"Sample2-SNMPTT.CONF-file"></a><b>Sample2 SNMPTT.CONF file</b></h2>
-<p>Following is a sample of a list of files to load in <b>snmptt.ini:</b></p>
+<p>Following is a sample of a list of files to load in
+<b>snmptt.ini:</b></p>
<blockquote>snmptt_conf_files = <<END<br />
/etc/snmp/snmp-compaq.conf<br />
/etc/snmp/snmp-compaq-hsv.conf<br />
@@ -2408,219 +2879,252 @@
Following is a sample of one defined traps in
<b>/etc/snmp/snmptt-compaq-hsv.conf:</b>
<blockquote>#<br />
-EVENT mngmtAgentTrap-16025 .1.3.6.1.4.1.232.0.136016025 "Status Events"
-Normal<br />
-FORMAT Host $1 : SCellName-TimeDate $2 : EventCode $3 : Description $4<br />
-EXEC qpage -f TRAP notifygroup1 "Host $1 : SCellName-TimeDate $2 : EventCode
-$3 : Description $4"<br />
+EVENT mngmtAgentTrap-16025 .1.3.6.1.4.1.232.0.136016025 "Status
+Events" Normal<br />
+FORMAT Host $1 : SCellName-TimeDate $2 : EventCode $3 : Description
+$4<br />
+EXEC qpage -f TRAP notifygroup1 "Host $1 : SCellName-TimeDate $2 :
+EventCode $3 : Description $4"<br />
SDESC<br />
"Ema EMU Internal State Machine Error [status:10]"<br />
EDESC<br />
#</blockquote>
<h2><a id="Notes" name="Notes"></a><b>Notes</b></h2>
-<p>An existing HP Openview trapd.conf can be used in most cases but the file
-must be a VERSION 3 file. SNMPTT does not support all the variables
-implemented in HPOV, but most are available. The following variables may
-or may not match exactly to HPOV: $O, $o, $r, $ar, $R, $aR.</p>
-<p>Some vendors (such as Compaq and Cisco ) provide a file that can be
-imported in to HP Openview using an HP Openview utility. <span style=
-"font-weight: bold;">Snmpttconvert</span> can be used to convert the file to
-<span style="font-weight: bold;">snmptt.conf</span> format.</p>
-<p>Some vendors provide a MIB file that contains TRAP or NOTIFICATION
-definitions. <span style="font-weight: bold;">Snmpttconvertmib</span>
-can be used to convert the file to <span style=
-"font-weight: bold;">snmptt.conf</span> format.<br />
+<p>An existing HP Openview trapd.conf can be used in most cases but
+the file must be a VERSION 3 file. SNMPTT does not support
+all the variables implemented in HPOV, but most are
+available. The following variables may or may not match
+exactly to HPOV: $O, $o, $r, $ar, $R, $aR.</p>
+<p>Some vendors (such as Compaq and Cisco ) provide a file that can
+be imported in to HP Openview using an HP Openview utility.
+<span style="font-weight: bold;">Snmpttconvert</span> can be used
+to convert the file to <span style=
+"font-weight: bold;">snmptt.conf</span> format.</p>
+<p>Some vendors provide a MIB file that contains TRAP or
+NOTIFICATION definitions. <span style=
+"font-weight: bold;">Snmpttconvertmib</span> can be used to convert
+the file to <span style="font-weight: bold;">snmptt.conf</span>
+format.<br />
</p>
-<h2><a id="Limitations" name="Limitations"></a><b>Limitations</b></h2>
+<h2><a id="Limitations" name=
+"Limitations"></a><b>Limitations</b></h2>
<h3><b>Standalone mode only:</b></h3>
-<p>With a 450 Mhz PIII and a 9000 line snmptt.conf containing 566 unique traps
-(EVENTs), it takes under a second to process the trap including logging and
-executing the qpage program. The larger the snmptt.conf file is, the
-longer it will take to process. If there are a large number of traps
-being received, daemon mode should be used. If it takes 1 second to
-process one trap, then obviously you shouldn't try to process more than one
-trap per second.</p>
-<p>Note: Enabling the UCD-SNMP / Net-SNMP Perl module will greatly increase
-the startup time of SNMPTT. Daemon mode is recommended.</p>
+<p>With a 450 Mhz PIII and a 9000 line snmptt.conf containing 566
+unique traps (EVENTs), it takes under a second to process the trap
+including logging and executing the qpage program. The larger
+the snmptt.conf file is, the longer it will take to process.
+If there are a large number of traps being received, daemon mode
+should be used. If it takes 1 second to process one trap,
+then obviously you shouldn't try to process more than one trap per
+second.</p>
+<p>Note: Enabling the UCD-SNMP / Net-SNMP Perl module will greatly
+increase the startup time of SNMPTT. Daemon mode is
+recommended.</p>
<h3><b>Standalone or daemon mode:</b></h3>
-<p>The SNMPTRAPD program blocks when executing traphandle commands. This
-means that if the program called never quits, SNMPTRAPD will wait
-forever. If a trap is received while the traphandler is running, it is
-buffered and will be processed when the traphandler finishes. I do not
-know how large this buffer is.</p>
-<p>The program called by SNMPTT (EXEC) blocks SNMPTT. If you call a
-program that does not return, SNMPTT will be left waiting. In standalone
-mode, this would cause snmptrapd to wait forever also.<br />
+<p>The SNMPTRAPD program blocks when executing traphandle
+commands. This means that if the program called never quits,
+SNMPTRAPD will wait forever. If a trap is received while the
+traphandler is running, it is buffered and will be processed when
+the traphandler finishes. I do not know how large this buffer
+is.</p>
+<p>The program called by SNMPTT (EXEC) blocks SNMPTT. If you
+call a program that does not return, SNMPTT will be left
+waiting. In standalone mode, this would cause snmptrapd to
+wait forever also.<br />
</p>
-<h2><a id="Feedback" name="Feedback"></a><b>Feedback & Bugs</b></h2>
+<h2><a id="Feedback" name="Feedback"></a><b>Feedback &
+Bugs</b></h2>
<p>Please send me any comments - good or bad - to
-alex_b@users.sourceforge.net. If you have any problems including
-converting trap files, please send me an email and include the file you are
-trying to convert and I will try to take a look at it.</p>
-<p>Please also send any bug reports, patches or improvements so I can fix /
-add them and add it to the next release. You can also use Sourceforge
-for <a href=
-"http://sourceforge.net/tracker/?group_id=51473&atid=463393">bugs</a> and
-<a href=
+alex_b@users.sourceforge.net. If you have any problems
+including converting trap files, please send me an email and
+include the file you are trying to convert and I will try to take a
+look at it.</p>
+<p>Please also send any bug reports, patches or improvements so I
+can fix / add them and add it to the next release. You can
+also use Sourceforge for <a href=
+"http://sourceforge.net/tracker/?group_id=51473&atid=463393">bugs</a>
+and <a href=
"http://sourceforge.net/tracker/?atid=463396&group_id=51473&func=browse">
feature requests</a>.<br />
</p>
<h2><a id="Integration-with-other-software" name=
"Integration-with-other-software"></a><b>Integration with other
software<br /></b></h2>
-<h3><a id="Nagios-Netsaint" name="Nagios-Netsaint"></a><b>Nagios /</b>
-<b>Netsaint<br /></b></h3>
+<h3><a id="Nagios-Netsaint" name="Nagios-Netsaint"></a><b>Nagios
+/</b> <b>Netsaint<br /></b></h3>
<h4>Overview</h4>
-<p>Nagios / Netsaint is a system monitoring application. It monitors hosts and
-services and alerts you when things go wrong. The name changed from
-Netsaint to Nagios in July of 2002.</p>
-<p style="font-weight: bold;">This section will outline the basic steps to
-integrate SNMPTT with Nagios. It will not attempt to explain how Nagios
-works. There is very good documentation available on the <a href=
-"http://www.nagios.org">Nagios web page</a>. You should be able to
-install and configuration Nagios before attempting to integrate it with
-SNMPTT. You should also have a functioning SNMPTT system that can at
-least log translated traps to a log file.</p>
+<p>Nagios / Netsaint is a system monitoring application. It
+monitors hosts and services and alerts you when things go
+wrong. The name changed from Netsaint to Nagios in July of
+2002.</p>
+<p style="font-weight: bold;">This section will outline the basic
+steps to integrate SNMPTT with Nagios. It will not attempt to
+explain how Nagios works. There is very good documentation
+available on the <a href="http://www.nagios.org">Nagios web
+page</a>. You should be able to install and configuration
+Nagios before attempting to integrate it with SNMPTT. You
+should also have a functioning SNMPTT system that can at least log
+translated traps to a log file.</p>
<br />
<h4><big>Nagios Passive Service Checks</big></h4>
-<p>Passive service checks allow Nagios to process service check results that
-are submitted by external applications. Using SNMPTT's EXEC statement,
-the received trap can be passed to Nagios using the <span style=
-"font-weight: bold;">submit_check_result</span> script included with
-Nagios. Once received by Nagios, the trap can be logged, a page sent,
-email sent etc. <span style=
+<p>Passive service checks allow Nagios to process service check
+results that are submitted by external applications. Using
+SNMPTT's EXEC statement, the received trap can be passed to Nagios
+using the <span style=
+"font-weight: bold;">submit_check_result</span> script included
+with Nagios. Once received by Nagios, the trap can be logged,
+a page sent, email sent etc. <span style=
"font-weight: bold; text-decoration: underline;"><br /></span></p>
-<p><span style="font-weight: bold; text-decoration: underline;">One</span>
-service is defined for each Nagios host that is to receive traps from
-SNMPTT. The benefits of using only one service entry is that it is makes
-it easier to set up Nagios. Trying to define every possible trap for every
-host you have is not recommended. For example, after converting the MIBS
-from Compaq, there are over 340 traps defined. Trying to define this for
-every Compaq server would not be a good idea as 40 servers * 340 traps =
-13,600 service definitions.</p>
-<p>The downside of using only one service entry is that you will only see the
-last trap that was recieved on the Nagios console. Each received trap
-will be logged, emailed, paged etc but the console will only show the last one
-as being in the warning or critical state. <span style=
-"text-decoration: underline;">The service will remain in this state until you
-manually force a service check.</span> See <big><small><span style=
-"font-weight: bold;">Clearing received traps in Nagios</span>
-below.<br /></small></big></p>
+<p><span style=
+"font-weight: bold; text-decoration: underline;">One</span> service
+is defined for each Nagios host that is to receive traps from
+SNMPTT. The benefits of using only one service entry is that
+it is makes it easier to set up Nagios. Trying to define every
+possible trap for every host you have is not recommended. For
+example, after converting the MIBS from Compaq, there are over 340
+traps defined. Trying to define this for every Compaq server
+would not be a good idea as 40 servers * 340 traps = 13,600 service
+definitions.</p>
+<p>The downside of using only one service entry is that you will
+only see the last trap that was recieved on the Nagios
+console. Each received trap will be logged, emailed, paged
+etc but the console will only show the last one as being in the
+warning or critical state. <span style=
+"text-decoration: underline;">The service will remain in this state
+until you manually force a service check unless you have freshness
+checking enabled (Nagios 2.0 and higher).</span> See
+<big><small><span style="font-weight: bold;">Clearing received
+traps in Nagios</span> below.</small></big></p>
+<p><big><small><br /></small></big></p>
<h4><big><span style="font-weight: bold;">Nagios Volatile
Services</span></big></h4>
-<p>When defining the service for receiving the SNMPTT translated trap, the
-service must be defined as <span style=
-"font-weight: bold;">volatile</span>. When a service is changed from an
-<span style="font-weight: bold;">OK</span> state to a <span style=
-"font-weight: bold;">non-OK</span> state, contacts are notified etc.
-Normally, a service is Nagios is NOT defined volatile which means if another
-service check is performed and the state is <span style=
+<p>When defining the service for receiving the SNMPTT translated
+trap, the service must be defined as <span style=
+"font-weight: bold;">volatile</span>. When a service is
+changed from an <span style="font-weight: bold;">OK</span> state to
+a <span style="font-weight: bold;">non-OK</span> state, contacts
+are notified etc. Normally, a service is Nagios is NOT
+defined volatile which means if another service check is performed
+and the state is <span style=
"text-decoration: underline;">STILL</span> <span style=
-"font-weight: bold;">non-OK</span> then NO contacts are notified.
-Because there is only one service entry for the SNMP traps, we need to make
-sure we are contacted every time a trap comes in.</p>
-<br />
-<h4><big><span style="font-weight: bold;">Creating the Nagios service
-entry</span></big></h4>
-<p>Following is a sample service entry for Nagios. The <span style=
-"font-weight: bold;">Description</span> column should not be included in the
-definition.</p>
+"font-weight: bold;">non-OK</span> then NO contacts are
+notified. Because there is only one service entry for the
+SNMP traps, we need to make sure we are contacted every time a trap
+comes in.</p>
+<br />
+<h4><big><span style="font-weight: bold;">Creating the Nagios
+service entry</span></big></h4>
+<p>Following is a sample service entry for Nagios. The
+<span style="font-weight: bold;">Description</span> column should
+not be included in the definition.</p>
<table border="1">
<tbody>
<tr>
<td class="Definition" colspan="3">define service{</td>
-<td style="vertical-align: top; font-style: italic;">Description<br /></td>
+<td style="vertical-align: top; font-style: italic;">
+Description<br /></td>
</tr>
<tr>
<td><br /></td>
<td class="Required">host_name</td>
<td class="Required">server01</td>
-<td style="vertical-align: top; font-style: italic;">Name of host<br /></td>
+<td style="vertical-align: top; font-style: italic;">Name of
+host<br /></td>
</tr>
<tr>
<td><br /></td>
<td class="Required">service_description</td>
<td class="Required">TRAP</td>
-<td style="vertical-align: top; font-style: italic;">Name of service.
-What you use here must match the same value for the <span style=
-"font-weight: bold;">submit_check_result</span> script</td>
+<td style="vertical-align: top; font-style: italic;">Name of
+service. What you use here must match the same value for the
+<span style="font-weight: bold;">submit_check_result</span>
+script</td>
</tr>
<tr>
<td><br /></td>
<td class="Optional">is_volatile</td>
<td class="Optional">1</td>
-<td style="vertical-align: top; font-style: italic;">Enables volatile
-services</td>
+<td style="vertical-align: top; font-style: italic;">Enables
+volatile services</td>
</tr>
<tr>
<td><br /></td>
<td class="Required">check_command</td>
<td class="Required">check-host-alive</td>
-<td style="vertical-align: top; font-style: italic;">Used to reset the status
-to OK when <span style="font-weight: bold;">'Schedule an immediate check of
-this service'</span> is selected.<br /></td>
+<td style="vertical-align: top; font-style: italic;">Used to reset
+the status to OK when <span style="font-weight: bold;">'Schedule an
+immediate check of this service'</span> is selected.<br /></td>
</tr>
<tr>
<td><br /></td>
<td class="Required">max_check_attempts</td>
<td class="Required">1<br /></td>
-<td style="vertical-align: top; font-style: italic;">Leave as 1.</td>
+<td style="vertical-align: top; font-style: italic;">Leave as
+1.</td>
</tr>
<tr>
<td><br /></td>
<td class="Required">normal_check_interval</td>
<td class="Required">1<br /></td>
-<td style="vertical-align: top; font-style: italic;">Leave as 1.</td>
+<td style="vertical-align: top; font-style: italic;">Leave as
+1.</td>
</tr>
<tr>
<td><br /></td>
<td class="Required">retry_check_interval</td>
<td class="Required">1<br /></td>
-<td style="vertical-align: top; font-style: italic;">Leave as 1.</td>
+<td style="vertical-align: top; font-style: italic;">Leave as
+1.</td>
</tr>
<tr>
<td><br /></td>
-<td class="Optional">passive_checks_enabled</td>
-<td class="Optional">1</td>
-<td style="vertical-align: top; font-style: italic;">Enables passive
-checks<br /></td>
+<td>active_checks_enabled</td>
+<td>0</td>
+<td>Prevent active checks from occuring as we are only using
+passive checks.</td>
</tr>
<tr>
<td><br /></td>
-<td class="Required">check_period</td>
-<td class="Required">none</td>
-<td style="vertical-align: top; font-style: italic;">When this servcie can be
-checked. Because it is a passive service, it never needs to be
-automatically checked</td>
+<td class="Required">passive_checks_enabled</td>
+<td class="Required">1</td>
+<td style="vertical-align: top; font-style: italic;">Enables
+passive checks<br /></td>
</tr>
<!--<tr><td></td><td class="Optional">failure_prediction_enabled</td><td class="Optional">[0/1]</td></tr>//-->
<tr>
<td><br /></td>
+<td>check_period</td>
+<td>24x7</td>
+<td>Required for freshness checking.</td>
+</tr>
+<tr>
+<td><br /></td>
<td class="Required">notification_interval</td>
<td class="Required">31536000</td>
<td style="vertical-align: top; font-style: italic;">Notification
-interval. Set to a very high number to prevent you from getting pages of
-previously received traps (1 year - restart Nagios at least once a year! - do
-not set to 0!).<br /></td>
+interval. Set to a very high number to prevent you from
+getting pages of previously received traps (1 year - restart Nagios
+at least once a year! - do not set to 0!).<br /></td>
</tr>
<tr>
<td><br /></td>
<td class="Required">notification_period</td>
<td class="Required">24x7</td>
-<td style="vertical-align: top; font-style: italic;">When you can be
-notified. Can be changed</td>
+<td style="vertical-align: top; font-style: italic;">When you can
+be notified. Can be changed</td>
</tr>
<tr>
<td><br /></td>
<td class="Required">notification_options</td>
-<td class="Required">w,u,c,r</td>
-<td style="vertical-align: top; font-style: italic;">Notify on warning,
-unknown, critical and recovery<br /></td>
+<td class="Required">w,u,c</td>
+<td style="vertical-align: top; font-style: italic;">Notify on
+warning, unknown and critical. Recovery is not enabled
+so we do not get notified when a trap is cleared.<br /></td>
</tr>
<tr>
<td><br /></td>
-<td class="Optional">notifications_enabled</td>
-<td class="Optional">1<br /></td>
+<td class="Required">notifications_enabled</td>
+<td class="Required">1<br /></td>
<td style="vertical-align: top; font-style: italic;">Enable
notifications<br /></td>
</tr>
@@ -2628,8 +3132,8 @@
<td><br /></td>
<td class="Required">contact_groups</td>
<td class="Required">cg_core</td>
-<td style="vertical-align: top; font-style: italic;">Name of contact group to
-notify</td>
+<td style="vertical-align: top; font-style: italic;">Name of
+contact group to notify</td>
</tr>
<tr>
<td> </td>
@@ -2638,11 +3142,24 @@
</tr>
</tbody>
</table>
-<p>Following is a sample service entry for Netsaint.</p>
+<p>Note: Previous versions of this documentation defined a
+<span style="font-weight: bold;">check_period</span> of none, and
+did not set <span style=
+"font-weight: bold;">active_checks_enabled</span> to 0. As of
+SNMPTT 1.2, setting <span style=
+"font-weight: bold;">active_checks_enabled</span> to 0 instead of
+setting <span style="font-weight: bold;">check_period</span>to none
+is recommened as freshness checks require it. The recovery
+notification option has also been removed so we do not get notified
+when a trap is cleared.<br /></p>
+<p>Following is a sample service entry for Netsaint. Netsaint
+does not support <span style=
+"font-weight: bold;">active_checks_enabled</span>, so a check
+period of none is used.</p>
<p style="margin-left: 40px;"><span style=
"font-weight: bold;">service[server01]=TRAP;1;none;1;1;1;cg_core;31536000;24x7;0;1;1;;check-host-alive</span></p>
-See the Netsaint documentation and the Nagios table above for an explanation
-of the various fields.<br />
+See the Netsaint documentation and the Nagios table above for an
+explanation of the various fields.<br />
<br />
<br />
<h4><big><span style="font-weight: bold;">Creating the SNMPTT EXEC
@@ -2650,154 +3167,316 @@
<br />
The Nagios distribution should contain the script <span style=
"font-weight: bold;">submit_check_result</span> in the <span style=
-"font-weight: bold;">contrib/eventhandlers</span> directory. Create a
-directory called <span style="font-weight: bold;">eventhandlers</span> under
-<span style="font-weight: bold;">libexec</span> (<span style=
-"font-weight: bold;">/usr/local/netsaint/libexec</span>) and copy the
-<span style="font-weight: bold;">submit_check_result</span> script to that
-directory. Make sure the script is executable (<span style=
-"font-weight: bold;">chmod +x submit_check_result)</span>.<br />
+"font-weight: bold;">contrib/eventhandlers</span> directory.
+Create a directory called <span style=
+"font-weight: bold;">eventhandlers</span> under <span style=
+"font-weight: bold;">libexec</span> (<span style=
+"font-weight: bold;">/usr/local/netsaint/libexec</span>) and copy
+the <span style="font-weight: bold;">submit_check_result</span>
+script to that directory. Make sure the script is executable
+(<span style="font-weight: bold;">chmod +x
+submit_check_result)</span>.<br />
<br />
-The <span style="font-weight: bold;">submit_check_result</span> script expects
-the following arguments:<br />
+The <span style="font-weight: bold;">submit_check_result</span>
+script expects the following arguments:<br />
<br />
<div style="margin-left: 40px;"><span style=
-"font-weight: bold;">host_name</span><br style="font-weight: bold;" />
+"font-weight: bold;">host_name</span><br style=
+"font-weight: bold;" />
<span style="font-weight: bold;">svc_description</span><br style=
"font-weight: bold;" />
<span style="font-weight: bold;">return_code</span><br style=
"font-weight: bold;" />
<span style="font-weight: bold;">plugin_output</span></div>
<br />
-The possible return codes are: 0=OK, 1=WARNING, 2=CRITICAL, -1=UNKNOWN.
-See the top of the <span style="font-weight: bold;">submit_check_result</span>
-script for a detailed description of each argument.<br />
+The possible return codes are: 0=OK, 1=WARNING, 2=CRITICAL,
+-1=UNKNOWN. See the top of the <span style=
+"font-weight: bold;">submit_check_result</span> script for a
+detailed description of each argument.<br />
<br />
-Create an EXEC statement such as the following for each <span style=
-"font-weight: bold;">EVENT</span> entry in your <span style=
+Create an EXEC statement such as the following for each
+<span style="font-weight: bold;">EVENT</span> entry in your
+<span style=
"font-weight: bold;">snmptt.conf</span> file:<br />
<br />
-<div style="margin-left: 40px;"><span style="font-weight: bold;">EXEC
-/usr/local/netsaint/libexec/eventhandlers/submit_check_result $r TRAP 1
-"xxxxxx"</span></div>
-<br />
-where "xxxxxx" is the text for the trap using the same format as the
-<span style="font-weight: bold;">FORMAT</span> statement. For
-example:<br />
-<br />
-<div style="margin-left: 40px;"><span style="font-weight: bold;">EXEC
-/usr/local/netsaint/libexec/eventhandlers/submit_check_result $r TRAP 1 "Drive
-$1 in bay $2 has failed"</span></div>
-<br />
-The variable substitution <span style="font-weight: bold;">$r</span> is used
-to pass the host name, <span style="font-weight: bold;">TRAP</span> matches
-the service definition defined above, <span style=
-"font-weight: bold;">1</span> represents a WARNING, and <span style=
+<div style="margin-left: 40px;"><span style=
+"font-weight: bold;">EXEC
+/usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP
+1 "xxxxxx"</span></div>
+<br />
+where "xxxxxx" is the text for the trap using the same format as
+the <span style="font-weight: bold;">FORMAT</span> statement.
+For example:<br />
+<br />
+<div style="margin-left: 40px;"><span style=
+"font-weight: bold;">EXEC /usr/local/</span><span style=
+"font-weight: bold;">nagios</span><span style=
+"font-weight: bold;">/libexec/eventhandlers/submit_check_result $r
+TRAP 1 "Drive $1 in bay $2 has failed"</span></div>
+<br />
+The variable substitution <span style=
+"font-weight: bold;">$r</span> is used to pass the host name,
+<span style="font-weight: bold;">TRAP</span> matches the service
+definition defined above, <span style="font-weight: bold;">1</span>
+represents a WARNING, and <span style=
"font-weight: bold;">"xxxxxx"</span> is the translated message from
SNMPTT.<br />
<br />
-You must make sure that the host definition in Nagios matches the hostname
-that will be passed from SNMPTT using the $r variable. See the section
-'<a href="#DNS">Name Resolution / DNS</a>' for important DNS
-information.<br />
-<br />
-<br />
-<h4><big><span style="font-weight: bold;">Clearing received traps in
-Nagios</span></big></h4>
-<br />
-Once a trap is received for a host, it will remain in the <span style=
-"font-weight: bold;">WARNING</span> state. To clear the trap from the
-Nagios console, open the <span style="font-weight: bold;">TRAP</span> service
-and click '<span style="font-weight: bold;">Schedule an immediate check of
-this service</span>'. This will cause the defined service check to be
-run (<span style="font-weight: bold;">check-host-alive</span> in the example
-above) which will then change the status code to <span style=
-"font-weight: bold;">OK</span> and clear the warning after a minute or so,
-assuming of course the system responds OK to the <span style=
-"font-weight: bold;">check-host-alive</span> check.<br />
+You must make sure that the host definition in Nagios matches the
+hostname that will be passed from SNMPTT using the $r
+variable. See the section '<a href="#DNS">Name Resolution /
+DNS</a>' for important DNS information.<br />
+<br />
+<br />
+<h4><big><span style="font-weight: bold;">Clearing received traps
+in Nagios</span></big></h4>
+Using the above configuration, once a trap is received for a host,
+it will remain in the <span style=
+"font-weight: bold;">WARNING</span> state. To clear the trap
+from the Nagios console, open the <span style=
+"font-weight: bold;">TRAP</span> service and click '<span style=
+"font-weight: bold;">Schedule an immediate check of this
+service</span>'. This will cause the defined service check to
+be run (<span style="font-weight: bold;">check-host-alive</span> in
+the example above) which will then change the status code to
+<span style="font-weight: bold;">OK</span> and clear the warning
+after a minute or so, assuming of course the system responds OK to
+the <span style="font-weight: bold;">check-host-alive</span> check.
+ An alternative to using <span style=
+"font-weight: bold;">check-host-alive</span> is to create a new
+command called <span style="font-weight: bold;">reset-trap</span>
+with:<br />
+<br />
+<div style="margin-left: 40px; font-weight: bold;">#!/bin/sh<br />
+/bin/echo "OK: No recent traps received"<br />
+exit 0</div>
+<br />
+Be sure to create a command definition in your *commands.cfg file.
+ See the 'Object configuration file options' section of the
+Nagios documentation.<br />
+<br />
+Nagios 2.0 introduced service and host result freshness checks.
+ Service freshness checks can be used to automatically reset
+the trap notification to an OK state by defining <span style=
+"font-weight: bold;">check_freshness</span> and <span style=
+"font-weight: bold;">freshness_threshold</span> in the service
+definition. Using freshness checks is recommended over normal
+active checks (defined by <span style=
+"font-weight: bold;">normal_check_interval</span>) because the next
+check time of a normal active check does not change when a service
+changes state. Because of this, if you wanted to clear the
+trap after 24 hours, the last trap would be cleared some time
+between when it happened at 24 hours, depending on when the last
+active check was done. With freshness checking, the check
+command will be run <span style=
+"font-weight: bold;">freshness_threshold</span> seconds after the
+last passive result was received.<br />
+<br />
+For freshness checking to work, <span style=
+"font-weight: bold;">normal_check_interval</span> must be set to
+1, <span style="font-weight: bold;">valid
+check_period</span> should be set to 24x7 and the following
+service definitions should be added. The third column should
+not be included in the definition.<br />
+<br />
+<comment><br /></comment>
+<table border="1">
+<tbody>
+<tr>
+<td class="Required">check_freshness</td>
+<td class="Required">1</td>
+<td style="vertical-align: top; font-style: italic;">Enable
+freshness checking<br /></td>
+</tr>
+<tr>
+<td class="Required">freshness_threshold</td>
+<td class="Required">86400</td>
+<td style="vertical-align: top; font-style: italic;">Reset trap
+alert every 24 hours.</td>
+</tr>
+</tbody>
+</table>
+<br />
+<br />
+<h4><big><span style="font-weight: bold;">SNMP heartbeat
+monitoring</span></big></h4>
+If you have an application that sends periodic SNMP heartbeats, it
+is possible to use freshness checking to alert if a heartbeat has
+not been received.<br />
+<br />
+To configure a heartbeat trap, start by creating a new service
+definition by following 'Creating the Nagios service entry' above,
+but use a new <span style=
+"font-weight: bold;">service_description</span> such as
+<span style="font-weight: bold;">MyApp_heartbeat</span>.
+ Next, add / change the following service definitions.
+ The third column should not be included in the
+definition.<br />
+<br />
+<table border="1">
+<tbody>
+<tr>
+<td class="Required">check_freshness</td>
+<td class="Required">1</td>
+<td style="vertical-align: top; font-style: italic;">Enable
+freshness checking<br /></td>
+</tr>
+<tr>
+<td class="Required">freshness_threshold</td>
+<td class="Required">1200</td>
+<td style="vertical-align: top; font-style: italic;">Check
+freshness every 20 minutes.</td>
+</tr>
+<tr>
+<td class="Required">check_command</td>
+<td class="Required">myapp_heartbeat_alarm_set</td>
+<td style="vertical-align: top; font-style: italic;">Command to
+execute when a heartbeat is not received within freshness_threshold
+seconds.</td>
+</tr>
+<tr>
+<td class="Required">notification_options</td>
+<td class="Required">w,u,c,r</td>
+<td style="vertical-align: top; font-style: italic;">Notify on
+warning, unknown critical and recovery.</td>
+</tr>
+</tbody>
+</table>
+<br />
+<br />
+Note: For freshness checking to work, <span style=
+"font-weight: bold;">normal_check_interval</span> must be set to
+1, and <span style="font-weight: bold;">valid
+check_period</span> should be set to 24x7.<br />
+<br />
+In this example, it is assumed that the heartbeat trap is received
+every 15 minutes, so a freshness_threshold of 20 minutes was
+selected in case the heartbeat was delayed.<br />
+<br />
+Create the new <span style=
+"font-weight: bold;">myapp_heartbeat_alarm_set</span> command
+for Nagios:<br />
+<br />
+<div style="margin-left: 40px; font-weight: bold;">#!/bin/sh<br />
+/bin/echo "CRITICAL: Heartbeat signal from MyApp was not
+received!"<br />
+exit 2</div>
+<br />
+Be sure to create a command definition in your *commands.cfg file.
+ See the 'Object configuration file options' section of the
+Nagios documentation.<br />
+<br />
+Next, add an EXEC statement to the snmptt.conf file for the trap
+definition:<br />
+<br />
+<div style="margin-left: 40px;"><span style=
+"font-weight: bold;">EXEC
+/usr/local/nagios/libexec/eventhandlers/submit_check_result
+$r MyApp_heartbeat 1 "Heartbeat signal from MyApp
+received."</span></div>
+<br />
+As long as the traps are received, the <span style=
+"font-weight: bold;">MyApp_heartbeat</span> service will have an OK
+status. If the heartbeat is not received, the freshness
+command will be executed which will set the status to
+CRITICAL.<br />
+<br />
<br />
<h3><a id="SEC" name="SEC"></a><b>SEC - Simple Event
Correlator</b><b><br /></b></h3>
<h4>Overview</h4>
-<p><a href="http://kodu.neti.ee/%7Eristo/sec/">Simple Event Correlator
-(SEC)</a> is a free and platform independent event correlation tool.</p>
-<p style="font-weight: bold;">This section will outline the basic steps to
-integrate SNMPTT with SEC. It will not attempt to explain how SEC
-works. There is very good documentation available on the <a href=
-"http://kodu.neti.ee/%7Eristo/sec/">SECs web page</a> and a good introduction
-to SEC can be found <a href=
+<p><a href="http://kodu.neti.ee/%7Eristo/sec/">Simple Event
+Correlator (SEC)</a> is a free and platform independent event
+correlation tool.</p>
+<p style="font-weight: bold;">This section will outline the basic
+steps to integrate SNMPTT with SEC. It will not attempt to
+explain how SEC works. There is very good documentation
+available on the <a href="http://kodu.neti.ee/%7Eristo/sec/">SECs
+web page</a> and a good introduction to SEC can be found <a href=
"http://sixshooter.v6.thrupoint.net/SEC-examples/article.html">here</a>.
-You should be able to install and configuration SEC before attempting to
-integrate it with SNMPTT. You should also have a functioning SNMPTT
-system that can at least log translated traps to a log file.</p>
-Here are a couple of examples of why you would want to integrate SNMPTT with
-SEC: <br />
+You should be able to install and configuration SEC before
+attempting to integrate it with SNMPTT. You should also have
+a functioning SNMPTT system that can at least log translated traps
+to a log file.</p>
+This section outlines one method of integrating SEC with SNMPTT.
+ Another method is documented in the <a href=
+"http://www.samag.com/articles/2005/0503/">March edition</a> of
+<a href="http://www.samag.com/">Sys Admin Magazine</a> in an
+article written by Francois Meehan.<br />
+<br />
+Here are a couple of examples of why you would want to integrate
+SNMPTT with SEC: <br />
<ol>
-<li>You have a 'noisy' device that constantly sends the same trap over and
-over again. It would be possible to simply disable the trap in SNMPTT,
-but you want the trap to be logged, just not excessively. The SEC
-'SingleWithSupress' could be used to reduce the number of traps
-logged.<br /></li>
-<li><>Router interfaces often go up and down and you are receiving a
-trap for each event. You do not want to be alerted every time the
-interface 'bounces', but you do want to be alerted if it happens many times
-over a set period of time. You want to be alerted when the interface is
-down for more than 10 seconds, and then when the interface comes back
-up. </><br /></li>
+<li>You have a 'noisy' device that constantly sends the same trap
+over and over again. It would be possible to simply disable
+the trap in SNMPTT, but you want the trap to be logged, just not
+excessively. The SEC 'SingleWithSupress' could be used to
+reduce the number of traps logged.<br /></li>
+<li>Router interfaces often go up and down and you are receiving a
+trap for each event. You do not want to be alerted every time
+the interface 'bounces', but you do want to be alerted if it
+happens many times over a set period of time. You want to be
+alerted when the interface is down for more than 10 seconds, and
+then when the interface comes back up.<br /></li>
</ol>
</blockquote>
<blockquote>
-<p>The following outlines how the flow of traps between SNMPTT and SEC could
-take place:</p>
+<p>The following outlines how the flow of traps between SNMPTT and
+SEC could take place:</p>
<ol>
<li>SNMPTT receives a trap.</li>
<li>SNMPTT logs the trap to a separate log file such as
-/var/log/snmptt.sec.log using '/bin/echo ...' for the EXEC statement. No
-FORMAT line is defined so the trap is not logged to the regular snmptt.log log
-file (or SQL table if a SQL server is used).<br /></li>
+/var/log/snmptt.sec.log using '/bin/echo ...' for the EXEC
+statement. No FORMAT line is defined so the trap is not
+logged to the regular snmptt.log log file (or SQL table if a SQL
+server is used).<br /></li>
<li>SEC monitors the log file for new entries.</li>
<li>SEC correlates the messages from the log file.</li>
-<li>When a new alert needs to be generated by SEC based on its rules, SEC will
-call an external script which will feed the information back into SNMPTT as a
-trap using a user defined unique trap OID. The unique trap OID is
-defined in a custom snmptt.conf file (such as
-/etc/snmp/snmptt.conf.sec).<br /></li>
-<li>SNMPTT will process the new trap as it would any other trap by logging to
-snmptt.log, a SQL table etc.<br /></li>
+<li>When a new alert needs to be generated by SEC based on its
+rules, SEC will call an external script which will feed the
+information back into SNMPTT as a trap using a user defined unique
+trap OID. The unique trap OID is defined in a custom
+snmptt.conf file (such as /etc/snmp/snmptt.conf.sec).<br /></li>
+<li>SNMPTT will process the new trap as it would any other trap by
+logging to snmptt.log, a SQL table etc.<br /></li>
</ol>
<h4>Configuration Overview</h4>
-<p>The following outlines how example 2 from above could be handled using
-SEC. This is a slightly modified version of the example from the
-<a href="http://kodu.neti.ee/%7Eristo/sec/examples.html">SEC Examples
+<p>The following outlines how example 2 from above could be handled
+using SEC. This is a slightly modified version of the example
+from the <a href=
+"http://kodu.neti.ee/%7Eristo/sec/examples.html">SEC Examples
page</a>.</p>
<p>The example provides the following:</p>
<ul>
<li>Prevents interface flapping from flooding the log files</li>
-<li>Provides an 'unstable' and 'stable' alert based on how often the interface
-bounces.<br /></li>
+<li>Provides an 'unstable' and 'stable' alert based on how often
+the interface bounces.<br /></li>
</ul>
<p>The following steps need to be completed:</p>
<ol>
-<li>Modify the Cisco snmptt.conf file to output linkDown and linkUp messages
-to a separate log file.</li>
-<li>Create a new snmptt.conf file to handle incoming alerts from SEC</li>
-<li>Create a SEC configuration file to correlate the linkDown / linkUp
-messages and pass new alerts to a script</li>
+<li>Modify the Cisco snmptt.conf file to output linkDown and linkUp
+messages to a separate log file.</li>
+<li>Create a new snmptt.conf file to handle incoming alerts from
+SEC</li>
+<li>Create a SEC configuration file to correlate the linkDown /
+linkUp messages and pass new alerts to a script</li>
<li>Create a script that will feed the messages from SEC back in to
SNMPTT</li>
<li>Test<br /></li>
</ol>
<h4>1. Modify the Cisco SNMPTT.CONF file</h4>
-<p>The existing SNMPTT.CONF file needs to be modified to output the linkDown
-and linkUp messages to a separate log file for processing by SEC.</p>
-<p>Following is an example snmptt.conf.cisco file modified to log a linkdown
-or linkup message to /var/log/snmptt/sec.log. As you can see there are
-no FORMAT lines so the trap will not be logged to the regular SNMPTT log
-system.</p>
+<p>The existing SNMPTT.CONF file needs to be modified to output the
+linkDown and linkUp messages to a separate log file for processing
+by SEC.</p>
+<p>Following is an example snmptt.conf.cisco file modified to log a
+linkdown or linkup message to /var/log/snmptt/sec.log. As you
+can see there are no FORMAT lines so the trap will not be logged to
+the regular SNMPTT log system.</p>
<div style="margin-left: 40px;">EVENT Cisco_Link_Down
.1.3.6.1.6.3.1.1.5.3.1.3.6.1.4.1.9 "Cisco Events" Minor<br />
-<span style="font-weight: bold;">EXEC /bin/echo "node=$A msg_text=cisco
-linkdown trap on interface $1" >> /var/log/snmptt/sec.log</span><br />
+<span style="font-weight: bold;">EXEC /bin/echo "node=$A
+msg_text=cisco linkdown trap on interface $1" >>
+/var/log/snmptt/sec.log</span><br />
SDESC<br />
This event occurs when the Cisco agent<br />
detects an interface has gone down.<br />
@@ -2810,10 +3489,11 @@
#<br />
#<br />
#<br />
-EVENT Cisco_Link_Up .1.3.6.1.6.3.1.1.5.4.1.3.6.1.4.1.9 "Cisco Events"
-Normal<br />
-<span style="font-weight: bold;">EXEC /bin/echo "node=$A msg_text=cisco linkup
-trap on interface $1" >></span> <span style=
+EVENT Cisco_Link_Up .1.3.6.1.6.3.1.1.5.4.1.3.6.1.4.1.9 "Cisco
+Events" Normal<br />
+<span style="font-weight: bold;">EXEC /bin/echo "node=$A
+msg_text=cisco linkup trap on interface $1" >></span>
+<span style=
"font-weight: bold;">/var/log/snmptt/sec.log</span><br />
SDESC<br />
This event occurs when the Cisco agent<br />
@@ -2829,44 +3509,50 @@
#</div>
<br />
<h4>2. Create a new SNMPTT.CONF file for incoming SEC alerts</h4>
-A new SNMPTT.CONF file needs to be created which will handle the incoming
-traps from SEC.<br />
+A new SNMPTT.CONF file needs to be created which will handle the
+incoming traps from SEC.<br />
<br />
-Following is an example snmptt.conf.sec file to accept incoming traps from
-SEC. Use an enterprise OID that will not interferre with any other OIDs
-already configured on your system. For example, .1.3.6.1.4.1.9999.<br />
+Following is an example snmptt.conf.sec file to accept incoming
+traps from SEC. Use an enterprise OID that will not
+interferre with any other OIDs already configured on your
+system. For example, .1.3.6.1.4.1.9999.<br />
<br />
-<div style="margin-left: 40px;"><span style="font-weight: bold;">EVENT
-Cisco_Link_DownUp .1.3.6.1.4.1.9999.1 "Cisco Events" Normal</span><br />
+<div style="margin-left: 40px;"><span style=
+"font-weight: bold;">EVENT Cisco_Link_DownUp .1.3.6.1.4.1.9999.1
+"Cisco Events" Normal</span><br />
FORMAT $1<br />
#<br />
#<br />
#<br />
-<span style="font-weight: bold;">EVENT Cisco_Link_DownUp .1.3.6.1.4.1.9999.2
-"Cisco Events" Major</span><br />
+<span style="font-weight: bold;">EVENT Cisco_Link_DownUp
+.1.3.6.1.4.1.9999.2 "Cisco Events" Major</span><br />
FORMAT $1<br />
#<br />
#<br />
#</div>
<br />
<h4>3. Create a SEC configuration file</h4>
-Following is a SEC configuration file that handles the even correlation for
-the Cisco traps. This file is the same as the file available on the
-<a href="http://kodu.neti.ee/%7Eristo/sec/examples.html">SEC Examples page</a>
-except comments and file paths have been modified.<br />
+Following is a SEC configuration file that handles the even
+correlation for the Cisco traps. This file is the same as the
+file available on the <a href=
+"http://kodu.neti.ee/%7Eristo/sec/examples.html">SEC Examples
+page</a> except comments and file paths have been modified.<br />
<br />
<div style="margin-left: 40px;">
################################################################<br />
-# Sample SEC ruleset for
-SNMPTT<br />
+
+# Sample SEC
+ruleset for SNMPTT<br />
################################################################<br />
+
<br />
# process Cisco linkDown/linkUp trap events received from<br />
# SNMPTT via log file<br />
<br />
type=PairWithWindow<br />
ptype=RegExp<br />
-pattern=node=(\S+).*msg_text=cisco linkdown trap on interface (\S+)<br />
+pattern=node=(\S+).*msg_text=cisco linkdown trap on interface
+(\S+)<br />
desc=CISCO $1 INTERFACE $2 DOWN<br />
action=event %s;<br />
continue2=TakeNext<br />
@@ -2911,46 +3597,52 @@
<br />
<span style="font-weight: bold;">First rule:</span><br />
<ul>
-<li>If a linkDown is received (node=x msg_text=cisco linkdowni trap on
-interface x from SNMPTT), and then a linkUp is received within 20 seconds, it
-is considered a BOUNCE. A new 'event' is created with the internal SEC
-event 'CISCO %1 INTERFACE %2 BOUNCE' is created which is passed to the other
-rules. <br /></li>
+<li>If a linkDown is received (node=x msg_text=cisco linkdowni trap
+on interface x from SNMPTT), and then a linkUp is received within
+20 seconds, it is considered a BOUNCE. A new 'event' is
+created with the internal SEC event 'CISCO %1 INTERFACE %2 BOUNCE'
+is created which is passed to the other rules. <br /></li>
<li>If a linkDown is received and a linkUp is <span style=
-"font-weight: bold;">not</span> received within 20 seconds, a new 'down'
-internal SEC event is created (CISCO $1 INTERFACE $2 DOWN) which is passed to
-the other rules.</li>
+"font-weight: bold;">not</span> received within 20 seconds, a new
+'down' internal SEC event is created (CISCO $1 INTERFACE $2 DOWN)
+which is passed to the other rules.</li>
</ul>
<span style="font-weight: bold;">Second rule:</span><br />
<ul>
-<li>Allows only one 'CISCO x INTERFACE x DOWN' message to be processed over 60
-seconds.</li>
+<li>Allows only one 'CISCO x INTERFACE x DOWN' message to be
+processed over 60 seconds.</li>
</ul>
<span style="font-weight: bold;">Third rule:</span><br />
<ul>
-<li>When a SEC internally generated 'CISCO $1 INTERFACE $2 DOWN' message is
-found, it passes the host name, interface number and 'major <span style=
-"font-weight: bold;">down</span>' to the cisco_msg script.</li>
-<li>When a SEC internally generated 'CISCO $1 INTERFACE $2 UP' message is
-found, it passes the host name, interface number and 'normal <span style=
-"font-weight: bold;">up</span>' to the cisco_msg script.</li>
+<li>When a SEC internally generated 'CISCO $1 INTERFACE $2 DOWN'
+message is found, it passes the host name, interface number and
+'major <span style="font-weight: bold;">down</span>' to the
+cisco_msg script.</li>
+<li>When a SEC internally generated 'CISCO $1 INTERFACE $2 UP'
+message is found, it passes the host name, interface number and
+'normal <span style="font-weight: bold;">up</span>' to the
+cisco_msg script.</li>
</ul>
<span style="font-weight: bold;">Fourth rule:</span><br />
<ul>
-<li>If ten 'CISCO %1 INTERFACE %2 BOUNCE' messages are detected over the span
-of 1 hour, it passes the host name, interface number and 'major <span style=
-"font-weight: bold;">unstable</span>' to the cisco_msg script.</li>
-<li><>If after the last unstable alert there are no 'CISCO %1 INTERFACE
-%2 BOUNCE' messages for 3 hours, it passes the host name, interface number and
-'normal <span style="font-weight: bold;">stable</span>' to the cisco_msg
+<li>If ten 'CISCO %1 INTERFACE %2 BOUNCE' messages are detected
+over the span of 1 hour, it passes the host name, interface number
+and 'major <span style="font-weight: bold;">unstable</span>' to the
+cisco_msg script.</li>
+<li><>If after the last unstable alert there are no 'CISCO %1
+INTERFACE %2 BOUNCE' messages for 3 hours, it passes the host name,
+interface number and 'normal <span style=
+"font-weight: bold;">stable</span>' to the cisco_msg
script.<br /></li>
</ul>
<br />
<h4>4. Create a script to pass a trap back to SNMPTT</h4>
-Following is a Perl script that passes the information passed from SEC back to
-SNMPTT by calling SNMPTTHANDLER directly. This file is basically a
-modified Perl version of the shell script available on the <a href=
-"http://kodu.neti.ee/%7Eristo/sec/examples.html">SEC Examples page</a>.<br />
+Following is a Perl script that passes the information passed from
+SEC back to SNMPTT by calling SNMPTTHANDLER directly. This
+file is basically a modified Perl version of the shell script
+available on the <a href=
+"http://kodu.neti.ee/%7Eristo/sec/examples.html">SEC Examples
+page</a>.<br />
<br />
<div style="margin-left: 40px;">#!/usr/bin/perl<br />
#<br />
@@ -2972,7 +3664,8 @@
}<br />
<br />
# use snmpget utility from Net-SNMP package<br />
-$ifname=`/usr/bin/snmpget -c public -OQv $NODE .1.3.6.1.2.1.2.2.1.2.$IF`<br />
+$ifname=`/usr/bin/snmpget -c public -OQv $NODE
+.1.3.6.1.2.1.2.2.1.2.$IF`<br />
$description=`/usr/bin/snmpget -c public -OQv $NODE
.1.3.6.1.4.1.9.2.2.1.1.28.$IF`<br />
<br />
@@ -2999,237 +3692,210 @@
<br />
close TRAP;</div>
<br />
-
-<h3><a id='EventWin' name='EventWin'</a><b>Windows Event Log forwarding</b></h3>
-
+<h3><a id="EventWin" name="EventWin"></a><b>Windows Event Log
+forwarding</b></h3>
<h4>Overview</h4>
-
-<p>The Windows utility Event to Trap Translator (<b>evntwin.exe </b>and<b>
-evntcmd.exe)</b> can be used to configure Windows to forward user selectable
-Event Log entries to an SNMP manager when using the Microsoft SNMP
-service. SNMPTT can be configured to process these traps like any other trap.
- If the Event to Trap Translator is not already installed on your machine, it
- should be available from the Microsoft Resource Kit, SMS or after installation
- of the Microsoft SNMP service (Windows 2000 AS and Windows XP or higher).</p>
-
-<p><b>This section will outline the basic steps to configure Windows to forward
-event log entries to Net-SNMP / SNMPTT when using the Microsoft SNMP server
-(not the Net-SNMP snmpd.exe agent). It will not attempt to explain how
-evntwin.exe and evntcmd.exe function. Documentation on using
-evntwin.exe and evntcmd.exe is available on the Microsoft web site and should
-be reviewed. </span>You should have a
-functioning SNMPTT system that can at least log translated traps to a log file
-before attempting this.</b></p>
-
+<p>The Windows utility Event to Trap Translator (<b>evntwin.exe</b>
+and<b>evntcmd.exe)</b> can be used to configure Windows to forward
+user selectable Event Log entries to an SNMP manager when using the
+Microsoft SNMP service. SNMPTT can be configured to process these
+traps like any other trap. If the Event to Trap Translator is not
+already installed on your machine, it should be available from the
+Microsoft Resource Kit, SMS or after installation of the Microsoft
+SNMP service (Windows 2000 AS and Windows XP or higher).</p>
+<p><b>This section will outline the basic steps to configure
+Windows to forward event log entries to Net-SNMP / SNMPTT when
+using the Microsoft SNMP server (not the Net-SNMP snmpd.exe
+agent). It will not attempt to explain how evntwin.exe and
+evntcmd.exe function. Documentation on using evntwin.exe and
+evntcmd.exe is available on the Microsoft web site and should be
+reviewed. You should have a functioning SNMPTT system that can at
+least log translated traps to a log file before attempting
+this.</b></p>
<h4>SNMP Service</h4>
-
-<p>The Windows SNMP Service is the Microsoft SNMP agent. The agent is responsible for handling SNMP
-requests from management stations such as queries for CPU utilization, disk space
-etc. The agent is also responsible for
-sending traps to management stations when an event occurs.</p>
-
-<p>Note: The Microsoft SNMP Trap Service is used to RECEIVE SNMP traps which
-is similar to the Net-SNMP <b>snmptrapd.exe</b> daemon. The Microsoft SNMP Trap Service is NOT used to send
-traps and is not required.</p>
-
-<h4><Configuring the trap destination</h4>
-
-<p>The Windows SNMP agent needs to be configured to forward traps to your
-Net-SNMP / SNMPTT management station.
-</span>This is done using the following steps:</p>
-
-<ul>
- <li>Click <b>Start - Settings - Control Panel</b></li>
- <li>Open <b>Administrative Tools</b></li>
- <li>Open <b>Services</b></li>
- <li>Open <b>Local Policies</b></li>
- <li>Open <b>SNMP Service</b></li>
- <li>Click the <b>Traps</b> tab<b></b></li>
- <li>Enter a community name and click Add to List</li>
- <li>Click Add and enter the IP address of the management station</li>
- <li>Click Apply</li>
- <li>Click OK</li>
- <li>Right-click on <b>SNMP Service</b> and select <b>Restart</b></li>
-</ul>
-
-<p>After the service is restarted, a coldStart trap will be sent to the
-management station. If SNMPTT has been
-configured to translate coldStart messages, you should see a log entry similar
-to the following:</p>
-
-<p><b>Thu Sep 9 21:33:06 2004
-.1.3.6.1.6.3.1.1.5.1 Normal "Status Events" server1 - Device
-reinitialized (coldStart)</b></p>
-
-Note:If the SNMP Service is not listed in the Services Control Panel, then it
-needs to be installed using Add/Remove Programs. Under Add/Remove
-Windows Components, select <b>Management and Monitoring Tools</b> and then <b>Simple
-Network Management Protocol</b>.
-
+<p>The Windows SNMP Service is the Microsoft SNMP agent. The agent
+is responsible for handling SNMP requests from management stations
+such as queries for CPU utilization, disk space etc. The agent is
+also responsible for sending traps to management stations when an
+event occurs.</p>
+<p>Note: The Microsoft SNMP Trap Service is used to RECEIVE SNMP
+traps which is similar to the Net-SNMP <b>snmptrapd.exe</b> daemon.
+The Microsoft SNMP Trap Service is NOT used to send traps and is
+not required.</p>
+<h4>Configuring the trap destination</h4>
+<p>The Windows SNMP agent needs to be configured to forward traps
+to your Net-SNMP / SNMPTT management station. This is done using
+the following steps:</p>
+<ul>
+<li>Click <b>Start - Settings - Control Panel</b></li>
+<li>Open <b>Administrative Tools</b></li>
+<li>Open <b>Services</b></li>
+<li>Open <b>Local Policies</b></li>
+<li>Open <b>SNMP Service</b></li>
+<li>Click the <b>Traps</b> tab</li>
+<li>Enter a community name and click Add to List</li>
+<li>Click Add and enter the IP address of the management
+station</li>
+<li>Click Apply</li>
+<li>Click OK</li>
+<li>Right-click on <b>SNMP Service</b> and select
+<b>Restart</b></li>
+</ul>
+<p>After the service is restarted, a coldStart trap will be sent to
+the management station. If SNMPTT has been configured to translate
+coldStart messages, you should see a log entry similar to the
+following:</p>
+<p><b>Thu Sep 9 21:33:06 2004 .1.3.6.1.6.3.1.1.5.1 Normal "Status
+Events" server1 - Device reinitialized (coldStart)</b></p>
+Note:If the SNMP Service is not listed in the Services Control
+Panel, then it needs to be installed using Add/Remove Programs.
+Under Add/Remove Windows Components, select <b>Management and
+Monitoring Tools</b> and then <b>Simple Network Management
+Protocol</b>.
<h4>Configuring the Event to Trap Translator</h4>
-
-<p>The following steps explain how to configure the Event to Trap Translator
-to forward system logon failures to SNMPTT:</p>
-
+<p>The following steps explain how to configure the Event to Trap
+Translator to forward system logon failures to SNMPTT:</p>
<ul>
- <li>Launch <b>evntwin.exe</b></li>
- <li>For <b>Configuration Type</b> select <b>Custom</b></li>
- <li>Click the <b>Edit</b> button</li>
- <li>Inside <b>Event Sources</b>, expand <b>Security</b> and then click <b>Security</b></li>
- <li>Locate Event ID <b>529</b> (Logon Failure:%n%tReason:%t%tUnknown username or bad password%n.)</li>
- <li>Click <b>Add</b></li>
- <li>Click <b>OK</b></li>
- <li>Click <b>Apply</b></li>
-</ul>
-
-<p>The SNMP agent should now forward all logon failures to the SNMP management
-station. A restart of the SNMP service should not be necessary.</p>
-
+<li>Launch <b>evntwin.exe</b></li>
+<li>For <b>Configuration Type</b> select <b>Custom</b></li>
+<li>Click the <b>Edit</b> button</li>
+<li>Inside <b>Event Sources</b>, expand <b>Security</b> and then
+click <b>Security</b></li>
+<li>Locate Event ID <b>529</b> (Logon
+Failure:%n%tReason:%t%tUnknown username or bad password%n.)</li>
+<li>Click <b>Add</b></li>
+<li>Click <b>OK</b></li>
+<li>Click <b>Apply</b></li>
+</ul>
+<p>The SNMP agent should now forward all logon failures to the SNMP
+management station. A restart of the SNMP service should not be
+necessary.</p>
<h4>Configuring SNMPTT to accept the Microsoft traps</h4>
-
-<p>An SNMPTT.CONF file needs to be created to handle the Microsoft traps. As documented in Microsoft knowledge base
-article 318464, all Microsoft traps start with .1.3.6.1.4.1.311.1.13.1. For simplicity, a single SNMPTT.CONF EVENT
-entry will be used with a wildcard to accept all Microsoft traps.
-Following is an example <b>snmptt.conf.microsoft</b>
-file which needs to be included in the list of .conf files in the <b>TrapFiles</b>
-section in <b>snmptt.ini</b>:</p>
-
-<p>EVENT EventLog .1.3.6.1.4.1.311.1.13.1.* "Regular" Normal</p>
-
+<p>An SNMPTT.CONF file needs to be created to handle the Microsoft
+traps. As documented in Microsoft knowledge base article 318464,
+all Microsoft traps start with .1.3.6.1.4.1.311.1.13.1. For
+simplicity, a single SNMPTT.CONF EVENT entry will be used with a
+wildcard to accept all Microsoft traps. Following is an example
+<b>snmptt.conf.microsoft</b> file which needs to be included in the
+list of .conf files in the <b>TrapFiles</b> section in
+<b>snmptt.ini</b>:</p>
+<p>EVENT EventLog .1.3.6.1.4.1.311.1.13.1.* "Regular" Normal</p>
<p>FORMAT EventLog entry: $1</p>
-
-<p>The first enterprise variable ($1) contains the complete text that is
-displayed in the Event Log Description box. Variables are described in more
-detail in the <b>Advanced Section</b>.</p>
-
-<p>After creating the <b>snmptt.conf.microsoft</b> file and adding it to the <b>snmptt.ini</b>,
-restart snmptt.</p>
-
+<p>The first enterprise variable ($1) contains the complete text
+that is displayed in the Event Log Description box. Variables are
+described in more detail in the <b>Advanced Section</b>.</p>
+<p>After creating the <b>snmptt.conf.microsoft</b> file and adding
+it to the <b>snmptt.ini</b>, restart snmptt.</p>
<h4>Testing</h4>
-
-<p>To test that the trap is received by SNMPTT, a logon failure in Windows
-should be created.</p>
-
-<p>Your default installation of Windows may not create Event
-Log entries for unsuccessful logins. To configure Windows to log all failed logins, follow these steps:</p>
-
+<p>To test that the trap is received by SNMPTT, a logon failure in
+Windows should be created.</p>
+<p>Your default installation of Windows may not create Event Log
+entries for unsuccessful logins. To configure Windows to log all
+failed logins, follow these steps:</p>
+<ul>
+<li>Click <b>Start - Settings - Control - Panel</b></li>
+<li>Open <b>Administrative Tools</b></li>
+<li>Open <b>Local Security Policy</b></li>
+<li>Open <b>Local Policies</b></li>
+<li>Open <b>Audit Policy</b></li>
+<li>Enable auditing of failures for <b>Audit account logon
+events</b></li>
+<li>Enable auditing of failures for <b>Audit logon events</b></li>
+</ul>
+<p>The settings should take effect immediately, and a reboot should
+not be required.</p>
+<p>To generate an event log entry, you can either log off and try
+to log on to the system with an invalid username and password, or
+use the <b>runas.exe</b> command from a command prompt. For
+example:</p>
<ul>
- <li>Click <b>Start - Settings - Control - Panel</b></li>
- <li>Open <b>Administrative Tools</b></li>
- <li>Open <b>Local Security Policy</b></li>
- <li>Open <b>Local Policies</b></li>
- <li>Open <b>Audit Policy</b></li>
- <li>Enable auditing of failures for <b>Audit account logon events</b></li>
- <li>Enable auditing of failures for <b>Audit logon events</b></li>
+<li class="MsoNormal" style=""><b>runas /user:fakeuser cmd</b></li>
</ul>
-
-<p>The settings should take effect immediately, and a reboot
-should not be required.</p>
-
-<p>To generate an event log entry, you can either log off and
-try to log on to the system with an invalid username and password, or use the <b>runas.exe</b>
-command from a command prompt. For example:</p>
-
-<ul>
- <li class=MsoNormal style='mso-list:l2 level1 lfo3;tab-stops:list 36.0pt'><b>runas
- /user:fakeuser cmd</b></li>
-</ul>
-
<p>When prompted for a password, press <b>Enter</b>.</p>
-
<p>SNMPTT should log something similar to the following:</p>
-
-<p><b>Thu Sep 9 21:05:40 2004 .1.3.6.1.4.1.311.1.13.1.8.83.101.99.117.114.105.116.121.0.529 Normal
-"Regular" server1 - Event Log entry: Logon Failure:.....Reason:..Unknown
-user name or bad password.....User Name:.fakeuser.....Domain:.......Logon
-Type:.joint-iso-ccitt.....Logon Process:.seclogon.....Authentication
+<p><b>Thu Sep 9 21:05:40 2004
+.1.3.6.1.4.1.311.1.13.1.8.83.101.99.117.114.105.116.121.0.529
+Normal "Regular" server1 - Event Log entry: Logon
+Failure:.....Reason:..Unknown user name or bad password.....User
+Name:.fakeuser.....Domain:.......Logon
+Type:.joint-iso-ccitt.....Logon
+Process:.seclogon.....Authentication
Package:.Negotiate.....Workstation Name:.SERVER1.</b></p>
-
-<p>The text in the log entry should match the text in the <b>Description</b>
-field of the Event Log entry but without the formatting.</p>
-
+<p>The text in the log entry should match the text in the
+<b>Description</b> field of the Event Log entry but without the
+formatting.</p>
<h4>Advanced Configuration</h4>
-
<h4>Specific EVENTs</h4>
-
-<p>Instead of using a wildcard EVENT entry to match all Microsoft traps, it is
-possible to create EVENT entries for each trap. As SNMPTT will only match using wildcard entries if there is no
-exact EVENT match, it may be desirable to create EVENT entries for a select
-number of important events, and keep the wildcard to catch any others.</p>
-
-<p>To determine the trap OID that will be used for the EVENT, display the entry
-in <b>evntwin.exe</b> and combine the <b>Enterprise OID</b>, a <b>0</b> and
-the <b>Trap Specific ID</b>. </span>For
-example, for the security event ID 529 used above:</p>
-
-<p>Enterprise OID: 1.3.6.1.4.1.311.1.13.1.8.83.101.99.117.114.105.116.121</p>
-
+<p>Instead of using a wildcard EVENT entry to match all Microsoft
+traps, it is possible to create EVENT entries for each trap. As
+SNMPTT will only match using wildcard entries if there is no exact
+EVENT match, it may be desirable to create EVENT entries for a
+select number of important events, and keep the wildcard to catch
+any others.</p>
+<p>To determine the trap OID that will be used for the EVENT,
+display the entry in <b>evntwin.exe</b> and combine the
+<b>Enterprise OID</b>, a <b>0</b> and the <b>Trap Specific ID</b>.
+For example, for the security event ID 529 used above:</p>
+<p>Enterprise OID:
+1.3.6.1.4.1.311.1.13.1.8.83.101.99.117.114.105.116.121</p>
<p>Trap Specific ID: 529</p>
-
-<p>Based on the information above, the following EVENT line would be used::</p>
-
-<p>EVENT EventLog 1.3.6.1.4.1.311.1.13.1.8.83.101.99.117.114.105.116.121.<b>0</b>.529
-"Regular" Normal</p>
-
+<p>Based on the information above, the following EVENT line would
+be used::</p>
+<p>EVENT EventLog
+1.3.6.1.4.1.311.1.13.1.8.83.101.99.117.114.105.116.121.<b>0</b>.529
+"Regular" Normal</p>
<h4>Enterprise variables</h4>
-
-<p>Each trap sent from the Event to Trap Translator contains the text
-displayed in the Description, User and Computer fields for the Event Log. Also passed are the individual variables
-which are used by the Windows SNMP Service to create the Description field in
-the Event Log.</p>
-
-<p>The following lists the enterprise variables that can be used in SNMPTT for
-each trap:</p>
-
-<ul style="list-style-type: none">
- <li>$1:Event Log Description</li>
- <li>$2:Event Log User</li>
- <li>$3:Event Log Computer</li>
- <li>$4:?</li>
- <li>$5:?</li>
- <li>$6:Event to Trap Translator variable %1</li>
- <li>$7:Event to Trap Translator variable %2</li>
- <li>$8:Event to Trap Translator variable %3</li>
- <li>$9:Event to Trap Translator variable %4</li>
- <li>$<i>n</i>:Event to Trap Translator variable %<i>n-5</i></li>
-</ul>
-
-<p>As the individual variables are passed in the trap, it is possible to recreate the FORMAT line instead of using
-the passed Description ($1) field. For example, $1 in the previous example contains:</p>
-
+<p>Each trap sent from the Event to Trap Translator contains the
+text displayed in the Description, User and Computer fields for the
+Event Log. Also passed are the individual variables which are used
+by the Windows SNMP Service to create the Description field in the
+Event Log.</p>
+<p>The following lists the enterprise variables that can be used in
+SNMPTT for each trap:</p>
+<ul style="list-style-type: none;">
+<li>$1:Event Log Description</li>
+<li>$2:Event Log User</li>
+<li>$3:Event Log Computer</li>
+<li>$4:?</li>
+<li>$5:?</li>
+<li>$6:Event to Trap Translator variable %1</li>
+<li>$7:Event to Trap Translator variable %2</li>
+<li>$8:Event to Trap Translator variable %3</li>
+<li>$9:Event to Trap Translator variable %4</li>
+<li>$<i>n</i>:Event to Trap Translator variable %<i>n-5</i></li>
+</ul>
+<p>As the individual variables are passed in the trap, it is
+possible to recreate the FORMAT line instead of using the passed
+Description ($1) field. For example, $1 in the previous example
+contains:</p>
<p><b>Logon Failure:.....Reason:..Unknown user name or bad
password.....User Name:.fakeuser.....Domain:.......Logon
-Type:.joint-iso-ccitt.....Logon Process:.seclogon.....Authentication
+Type:.joint-iso-ccitt.....Logon
+Process:.seclogon.....Authentication
Package:.Negotiate.....Workstation Name:.SERVER1.</b></p>
-
-<p>By reviewing the Description field
-as defined in the <b>evntwin.exe</b> utility, a new cleaned up FORMAT line can
-be used that doesnt contain all the dots.</p>
-
-<p>Following is the text from the
-Description field in <b>evntwin.exe</b> which will be used as a
-reference. Notice the use of %<i>n</i>
-variables which are equivalent to the SNMPTT $n variables +5 (%1 = SNMPTTs
-$6). Note: In the example below, %n is a newline and %t is a tab while %<i>n</i> is a variable number.</p>
-
+<p>By reviewing the Description field as defined in the
+<b>evntwin.exe</b> utility, a new cleaned up FORMAT line can be
+used that does not contain all the dots.</p>
+<p>Following is the text from the Description field in
+<b>evntwin.exe</b> which will be used as a reference. Notice the
+use of %<i>n</i> variables which are equivalent to the SNMPTT $n
+variables +5 (%1 = SNMPTT's $6). Note: In the example below, %n is
+a newline and %t is a tab while %<i>n</i> is a variable number.</p>
<p>Logon Failure:%n %tReason:%t%tUnknown user name or bad
-password%n %tUser Name:%t%1%n %tDomain:%t%t%2%n %tLogon Type:%t%3%n
-%tLogon Process:%t%4%n
-%tAuthentication Package:%t%5%n
+password%n %tUser Name:%t%1%n %tDomain:%t%t%2%n %tLogon Type:%t%3%n
+%tLogon Process:%t%4%n %tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6</p>
-
<p>The EVENT entry could be cleaned up using:</p>
-
-<p><b>EVENT EventLog 1.3.6.1.4.1.311.1.13.1.8.83.101.99.117.114.105.116.121.<b>0</b>.529
- "Regular" Normal<br />
-FORMAT Logon Failure: Reason: Unknown user name or bad password. User Name: $6, Domain: $7, Logon Type: $8,
-Logon Process: $9, Auth package: $10, Workstation name: $11</b></p>
-
-<h3><a id='Hobbit' name='Hobbit'</a><b>Hobbit</b></h3>
-
-Information on handling SNMP traps with <a href="http://hobbitmon.sourceforge.net/">Hobbit</a> can be found at <a href="http://cerebro.victoriacollege.edu/hobbit-trap.html">http://cerebro.victoriacollege.edu/hobbit-trap.html</a>.
-
-</blockquote>
+<p><b>EVENT EventLog
+1.3.6.1.4.1.311.1.13.1.8.83.101.99.117.114.105.116.121.</b>0.529
+"Regular" Normal<br />
+FORMAT Logon Failure: Reason: Unknown user name or bad password.
+User Name: $6, Domain: $7, Logon Type: $8, Logon Process: $9, Auth
+package: $10, Workstation name: $11</p>
+<h3><a id="Hobbit" name="Hobbit"></a><b>Hobbit</b></h3>
+Information on handling SNMP traps with <a href=
+"http://hobbitmon.sourceforge.net/">Hobbit</a> can be found at
+<a href=
+"http://cerebro.victoriacollege.edu/hobbit-trap.html">http://cerebro.victoriacollege.edu/hobbit-trap.html</a>.</blockquote>
</body>
</html>
-
|
|
[-]
[+]
|
Changed |
snmptt_1.2.tar.bz2/docs/snmpttconvert.html
^
|
| @@ -12,11 +12,11 @@
<title>SNMP Trap Translator</title>
</head>
<body>
-<h1><b>SNMP Trap Translator Convert v1.1</b></h1>
+<h1><b>SNMP Trap Translator Convert v1.2</b></h1>
<b>(</b><a href="http://www.snmptt.org"><b>SNMPTTCONVERT</b></a><b>)</b><br />
This file was last updated on: August 30th, 2004
<h2><b>License</b></h2>
-<p>Copyright 2002-2006 Alex Burger<br />
+<p>Copyright 2002-2007 Alex Burger<br />
alex_b@users.sourceforge.net<br />
4/3/2002</p>
<p>This program is free software; you can redistribute it and/or modify<br />
|
|
[-]
[+]
|
Changed |
snmptt_1.2.tar.bz2/docs/snmpttconvertmib.html
^
|
| @@ -12,12 +12,12 @@
<title>SNMP Trap Translator</title>
</head>
<body>
-<h1><b>SNMP Trap Translator Convert MIB v1.1</b></h1>
+<h1><b>SNMP Trap Translator Convert MIB v1.2</b></h1>
<b>(</b><a href=
"http://www.snmptt.org"><b>SNMPTTCONVERTMIB</b></a><b>)</b><br />
This file was last updated on: November 5th, 2005
<h2><b>License</b></h2>
-<p>Copyright 2002-2006 Alex Burger<br />
+<p>Copyright 2002-2007 Alex Burger<br />
alex_b@users.sourceforge.net<br />
4/3/2002</p>
<p>This program is free software; you can redistribute it and/or modify<br />
|
|
[-]
[+]
|
Changed |
snmptt_1.2.tar.bz2/snmptt
^
|
| @@ -1,8 +1,8 @@
#!/usr/bin/perl
#
-# SNMPTT v1.1
+# SNMPTT v1.2
#
-# Copyright 2002-2006 Alex Burger
+# Copyright 2002-2007 Alex Burger
# alex_b@users.sourceforge.net
# 4/11/2002
#
@@ -45,13 +45,14 @@
#
##############################################################################
#
+use strict;
-$snmptt_version = "v1.1";
+my $snmptt_version = "v1.2";
sub showversion
{
print "\nSNMPTT $snmptt_version\n";
- print "(c) 2002-2006 Alex Burger\n";
+ print "(c) 2002-2007 Alex Burger\n";
print "http://snmptt.sourceforge.net\n\n";
}
@@ -60,14 +61,14 @@
use Getopt::Long;
-$version = 0;
-$daemon = 0;
-$debug = 0;
-$debugfile = '';
-$dump = 0;
-$help = 0;
-$time = 0;
-$ini = '';
+my $version = 0;
+my $daemon = 0;
+my $debug = 0;
+my $debugfile = '';
+my $dump = 0;
+my $help = 0;
+my $time = 0;
+my $ini = '';
GetOptions ('version' => \$version,
'daemon' => \$daemon,
@@ -86,7 +87,7 @@
if ($help == 1)
{
-$USAGE = qq/Usage:
+my $USAGE = qq/Usage:
snmptt [<options>]
Options:
--daemon Run as a daemon
@@ -106,6 +107,12 @@
exit(0);
}
+my $DEBUGGING;
+my $debugcmdline;
+my $daemoncmdline;
+my $DEBUGGING_FILE;
+my $debugfilecmdline;
+
if ($debug >= 1)
{
$DEBUGGING = $debug;
@@ -156,6 +163,135 @@
$debugfilecmdline = 0;
}
+# Global config file variables
+my $snmptt_system_name;
+my $daemon;
+my $multiple_event;
+my $dns_enable;
+my $strip_domain;
+my @strip_domain_list;
+my $net_snmp_perl_enable;
+my $net_snmp_perl_best_guess;
+my $translate_log_trap_oid;
+my $translate_value_oids;
+my $resolve_value_ip_addresses;
+my $translate_enterprise_oid_format;
+my $translate_trap_oid_format;
+my $translate_varname_oid_format;
+my $translate_integers;
+my $wildcard_expansion_separator;
+my $mibs_environment;
+my $allow_unsafe_regex;
+my $remove_backslash_from_quotes;
+my $dynamic_nodes;
+my $description_mode;
+my $description_clean;
+my $threads_enable;
+my $threads_max;
+my $date_format;
+my $time_format;
+my $date_time_format;
+my $date_time_format_sql;
+my $stat_time_format_sql;
+
+# DaemonMode
+my $daemon_fork;
+my $daemon_uid;
+my $pid_file;
+my $spool_directory;
+my $sleep;
+my $use_trap_time;
+my $keep_unlogged_traps;
+
+# Logging
+my $stdout_enable;
+my $log_enable;
+my $log_file;
+my $log_system_enable;
+my $log_system_file;
+my $unknown_trap_log_enable;
+my $unknown_trap_log_file;
+my $statistics_interval;
+my $syslog_enable;
+my $syslog_facility;
+my @syslog_level_alert;
+my @syslog_level_crit;
+my @syslog_level_err;
+my @syslog_level_warning;
+my @syslog_level_notice;
+my @syslog_level_info;
+my @syslog_level_debug;
+my $syslog_level;
+my $syslog_system_enable;
+my $syslog_system_facility;
+my $syslog_system_level;
+my $eventlog_enable;
+my @eventlog_type_information;
+my @eventlog_type_warning;
+my @eventlog_type_error;
+my $eventlog_type;
+my $eventlog_system_enable;
+
+# Exec
+my $exec_enable;
+my $pre_exec_enable;
+my $unknown_trap_exec;
+my $unknown_trap_exec_format;
+my $exec_escape;
+
+# SQL
+my $db_translate_enterprise;
+my $db_unknown_trap_format;
+my $mysql_dbi_enable;
+my $mysql_dbi_host;
+my $mysql_dbi_port;
+my $mysql_dbi_database;
+my $mysql_dbi_table;
+my $mysql_dbi_table_unknown;
+my $mysql_dbi_table_statistics;
+my $mysql_dbi_username;
+my $mysql_dbi_password;
+my $mysql_ping_on_insert;
+my $mysql_ping_interval;
+
+my $postgresql_dbi_enable;
+my $postgresql_dbi_module;
+my $postgresql_dbi_hostport_enable;
+my $postgresql_dbi_host;
+my $postgresql_dbi_port;
+my $postgresql_dbi_database;
+my $postgresql_dbi_table;
+my $postgresql_dbi_table_unknown;
+my $postgresql_dbi_table_statistics;
+my $postgresql_dbi_username;
+my $postgresql_dbi_password;
+my $postgresql_ping_on_insert;
+my $postgresql_ping_interval;
+
+my $dbd_odbc_enable;
+my $dbd_odbc_dsn;
+my $dbd_odbc_table;
+my $dbd_odbc_table_unknown;
+my $dbd_odbc_table_statistics;
+my $dbd_odbc_username;
+my $dbd_odbc_password;
+my $dbd_odbc_ping_on_insert;
+my $dbd_odbc_ping_interval;
+
+my $sql_win32_odbc_enable;
+my $sql_win32_odbc_dsn;
+my $sql_win32_odbc_table;
+my $sql_win32_odbc_table_unknown;
+my $sql_win32_odbc_table_statistics;
+my $sql_win32_odbc_username;
+my $sql_win32_odbc_password;
+
+my @sql_custom_columns;
+my @sql_custom_columns_unknown;
+
+# TrapFiles
+my @snmptt_conf_files;
+
##############################################################################
#
# Load config file
@@ -168,8 +304,11 @@
use Text::ParseWords;
use POSIX qw(strftime);
+use Sys::Hostname;
+use File::Basename;
+use Text::Balanced qw (extract_bracketed);
-$debug_file_used = 0;
+my $debug_file_used = 0;
my $g_start_time = time();
@@ -194,6 +333,28 @@
print "********** SNMPTT $snmptt_version started: ",scalar(localtime($g_start_time))," **********\n\n"
}
+if ($threads_enable == 1)
+{
+ eval 'require threads;';
+ if ($@) {
+ warn $@;
+ print "\nThreads have been enabled but the threads module is not available. To\n";
+ print "enable threads you need the threads module (part of ithreads,not Threads).\n";
+ print "This is only available in Perl 5.6.0 and higher.\n";
+ die "died";
+ }
+ require threads;
+
+ eval 'require Thread::Semaphore;';
+ if ($@) {
+ warn $@;
+ print "\nThreads have been enabled but the Thread module is not available.\n";
+ die "died";
+ }
+ require Thread::Semaphore;
+}
+
+
if ($syslog_enable == 1 || $syslog_system_enable == 1)
{
eval 'require Sys::Syslog;';
@@ -207,6 +368,12 @@
require Sys::Syslog;
}
+
+# Win32 constants not available when using 'require' (!)
+my $eventlog_error = 1; # EVENTLOG_ERROR_TYPE
+my $eventlog_warning = 2; # EVENTLOG_WARNING_TYPE
+my $eventlog_information = 4; # EVENTLOG_INFORMATION_TYPE
+
if ($eventlog_system_enable == 1 || $eventlog_enable == 1)
{
eval 'require Win32::EventLog;';
@@ -218,11 +385,6 @@
die "died";
}
require Win32::EventLog;
-
- # Constants not available when using 'require' (!)
- $eventlog_error = 1; # EVENTLOG_ERROR_TYPE
- $eventlog_warning = 2; # EVENTLOG_WARNING_TYPE
- $eventlog_information = 4; # EVENTLOG_INFORMATION_TYPE
}
@@ -233,12 +395,19 @@
syslog_system("Could not open debug output file!");
}
}
+if ($log_system_enable == 1 && $daemon == 1)
+{
+ log_system("SNMPTT $snmptt_version started");
+ if ($debug_file_open_error == 1) {
+ log_system("Could not open debug output file!");
+ }
+}
if ($eventlog_system_enable == 1 && $daemon == 1)
{
eventlog_system("SNMPTT $snmptt_version started",0,$eventlog_information);
if ($debug_file_open_error == 1) {
- syslog_system("Could not open debug output file!");
+ eventlog_system("Could not open debug output file!",14,$eventlog_warning);
}
}
@@ -398,7 +567,33 @@
##############################################################################
#### MAIN SECTION START
-# Pull in passed SNMP info from snmptrapd via STDIN and place in the array @tempvar
+# Global variables
+my %event; # Holds EVENT entries from all .conf files
+my $receivedtrap_entry; # Trap received - stored by readtrap()
+my $input; # For reading in trap from spool folder or STDIN
+my @event2; # Copy of the matched event
+my @var; # Variables of trap received by SNMPTRAPD
+my @entvar; # Enterprise variable values of trap received by SNMPTRAPD
+my @entvarname; # Enterprise variable names of trap received by SNMPTRAPD
+my @preexec_var; # PREXEC results
+my $receivedtrap; # Received trap
+my $receivedtrap_trans; # Translated version of received trap
+my $enterprise_trans; # Translated enterprise of received trap
+my $agent_dns_name; # DNS name of trap received
+my $processed; # Whether or not the trap was processed (found) to determine
+ # if it should search using wildcards and log to unknown
+my $trap_attempted_to_log; # To keep track of whether or not we attempted to log the trap
+my $trap_date_time; # Date and time of the trap. Used for log files.
+my $trap_date_time_sql; # Date and time of the trap. Used for SQL.
+my $trap_successfully_logged; # To keep track of whether or not we successfully logged the trap
+ # so we know if we should delete the trap file
+my $db_enterprise;
+my $trap_date; # Date of trap
+my $trap_time; # Time of trap
+my $trap_date_time_epoch; # Date / time of trap
+my $configfile; # .ini file to use
+
+my $thread_exec_semaphore; # Semaphore for EXEC
# Global variables for statistics
my $g_total_traps_received = 0;
@@ -407,13 +602,69 @@
my $g_total_traps_unknown = 0;
my $g_last_statistics_logged = $g_start_time;
+# Global variables for SQL
+my $dbh_mysql;
+my $dbh_postgresql;
+my $dbh_odbc;
+my $dbh_win32_odbc;
+
# Global variables for SQL ping
my $g_last_mysql_ping = $g_start_time;
my $g_last_postgresql_ping = $g_start_time;
my $g_last_dbd_odbc_ping = $g_start_time;
+# Global variables for daemon mode
+my $timetoreload;
+my $timetodie;
+my $timetologstatistics;
+
if ($daemon == 1)
{
+ # Check for old pid file.
+ my $pid_file_set = 0;
+ if ($pid_file eq '') {
+ $pid_file = '/var/run/snmptt.pid';
+ }
+ else {
+ $pid_file_set = 1;
+ }
+
+ print STDOUT "$pid_file\n";
+ if (-e $pid_file) {
+ open(OLDPID, "<$pid_file");
+ my $old_pid = <OLDPID>;
+ chomp $old_pid;
+ close OLDPID;
+
+ warn("There seems to be another SNMPTT process (pid $old_pid) running.\n");
+ warn("You may want to kill it and delete the .pid file ($pid_file). Aborting...\n");
+ if ($syslog_system_enable == 1) {
+ syslog_system("There seems to be another SNMPTT process (pid $old_pid) running.");
+ syslog_system("You may want to kill it and delete the .pid file ($pid_file). Aborting...");
+ }
+ if ($log_system_enable == 1) {
+ log_system("There seems to be another SNMPTT process (pid $old_pid) running.");
+ log_system("You may want to kill it and delete the .pid file ($pid_file). Aborting...");
+ }
+ die;
+ }
+
+ # Check to make sure we can create the .pid file if it was set by the user.
+ # If the user didn't set it, then we don't really care.
+ if ($pid_file_set) {
+ if (! (-w dirname($pid_file))) {
+ warn("pid file \'$pid_file\' is not writable. Aborting...");
+
+ if ($syslog_system_enable == 1) {
+ syslog_system("pid file \'$pid_file\' is not writable. Aborting...");
+ }
+ if ($log_system_enable == 1) {
+ log_system("pid file \'$pid_file\' is not writable. Aborting...");
+ }
+ die;
+ }
+ }
+
$SIG{HUP} = \&signal_handler_reload;
$SIG{TERM} = \&signal_handler_die;
@@ -422,15 +673,19 @@
$timetoreload = 0;
$timetodie = 0;
- $timetologstatistics = 0;
+ $timetologstatistics = 0;
&loadsnmpttconf; # Load SNMPTT.CONF file
- # Only fork to the background if not Win32
+ # Only fork to the background if not Win32
if (($^O ne "MSWin32") && ($daemon_fork==1))
{
- use POSIX qw(setsid);
+ use POSIX qw(setsid);
+ use POSIX qw(signal_h);
+ use POSIX ":sys_wait_h";
use Cwd;
+ my $pid;
+ my $pid2;
my $working_dir = cwd;
print "cwd: $working_dir\n";
@@ -443,28 +698,66 @@
or die "Can't write to /dev/null: $!";
open STDERR, '>>/dev/null'
or die "Can't write to /dev/null: $!";
- defined(my $pid = fork)
- or die "Can't fork: $!";
-
- if ($pid)
- {
- if ( ! (open(PID, ">/var/run/snmptt.pid") ))
- {
- open(PID, ">$working_dir/snmptt.pid");
- }
- if (defined (PID))
- {
+ # We fork so we can return back to the shell or whatever started snmptt
+ defined($pid = fork)
+ or die "Can't fork: $!";
+
+ # fork returns: child pid to the parent, 0 to the child, undef if it failed.
+
+ # We write PID using the uid of the user that started snmptt.
+ if ($pid) # This is run in the parent process
+ {
+ if (open(PID, ">$pid_file") ) {
print(PID "$pid\n");
close(PID);
}
+ else {
+ $pid_file = "$working_dir/snmptt.pid";
+
+ if (open(PID, ">$pid_file") )
+ {
+ print(PID "$pid\n");
+ close(PID);
+ }
+ }
+
exit;
}
POSIX:setsid
or die "Can't start a new session: $!";
umask 0;
- }
+
+ # We fork again so there are two processes. The first which is run using the uid
+ # of the user that started snmptt, and the second which is run as the user as
+ # defined by daemon_uid in snmptt.ini. We do this so we can sit and wait for the
+ # child to finish so we can clean up the snmptt.pid file.
+ # We only need to do this if daemon_uid is set..
+ if ($^O ne "MSWin32" && $daemon_uid ne '') {
+ defined($pid2 = fork)
+ or die "Can't fork: $!";
+
+ if ($pid2) # This is run in the parent process
+ {
+ $SIG{TERM} = \&signal_handler_die; # new signal for parent
+
+ while (1) {
+ if ($timetodie == 1 || waitpid($pid2, WNOHANG) != 0) {
+ kill SIGTERM, $pid2;
+ # Clean up snmptt.pid file
+ unlink($pid_file);
+ exit;
+ }
+ sleep 3;
+ }
+ }
+
+ POSIX:setsid
+ or die "Can't start a new session: $!";
+ umask 0;
+ }
+ }
# Change user if not Windows, and daemon_uid ini parameter not blank
if ($^O ne "MSWin32" && $daemon_uid ne '')
@@ -479,8 +772,15 @@
$daemon_uid = getpwnam($daemon_uid_name);
if (!defined($daemon_uid))
- {
- syslog_system("Could not convert user id \'$daemon_uid_name\' to a numeric UID\n");
+ {
+ warn("Could not convert user id \'$daemon_uid_name\' to a numeric UID\n");
+
+ if ($syslog_system_enable == 1) {
+ syslog_system("Could not convert user id \'$daemon_uid_name\' to a numeric UID\n");
+ }
+ if ($log_system_enable == 1) {
+ log_system("Could not convert user id \'$daemon_uid_name\' to a numeric UID\n");
+ }
}
}
@@ -489,26 +789,39 @@
{
if ($daemon_uid_name ne '')
{
- syslog_system("Changing to UID: $daemon_uid_name \($daemon_uid\)");
+ if ($syslog_system_enable == 1) {
+ syslog_system("Changing to UID: $daemon_uid_name \($daemon_uid\)");
+ }
+ if ($log_system_enable == 1) {
+ log_system("Changing to UID: $daemon_uid_name \($daemon_uid\)");
+ }
+
if ($DEBUGGING >= 1)
{
- print "Changing to UID: $daemon_uid_name \($daemon_uid\)\n";
+ print "Changing to UID: $daemon_uid_name \($daemon_uid\)\n";
}
}
else
{
- syslog_system("Changing to UID: $daemon_uid");
+ if ($syslog_system_enable == 1) {
+ syslog_system("Changing to UID: $daemon_uid");
+ }
+ if ($log_system_enable == 1) {
+ log_system("Changing to UID: $daemon_uid");
+ }
+
if ($DEBUGGING >= 1)
{
- print "Changing to UID: $daemon_uid\n";
+ print "Changing to UID: $daemon_uid\n";
}
}
- # Close debug file before changing users and re-open after
- if (defined (DEBUGFILE))
- {
- close(DEBUGFILE);
+
+ if ($DEBUGGING >= 1) {
+ print DEBUGFILE "Closing debug file $DEBUGGING_FILE\n";
}
+ # Close debug file (if it is open) before changing users and re-open after
+ close(DEBUGFILE);
$> = $daemon_uid;
@@ -523,22 +836,30 @@
select DEBUGFILE; # change default output to debug file
$debug_file_used = 1;
$debug_file_open_error = 0;
+ print "Debug file $DEBUGGING_FILE re-opened under uid $daemon_uid\n";
+ warn "Debug file $DEBUGGING_FILE re-opened under uid $daemon_uid\n";
}
else
{
warn "could not re-open debug output file ($!)";
}
- }
- if ($syslog_system_enable == 1 && $daemon == 1)
- {
- if ($debug_file_open_error == 1) {
- syslog_system("Could not re-open debug output file!");
+ if ($syslog_system_enable == 1 && $daemon == 1)
+ {
+ if ($debug_file_open_error == 1) {
+ syslog_system("Could not re-open debug output file!");
+ }
+ }
+ if ($log_system_enable == 1 && $daemon == 1)
+ {
+ if ($debug_file_open_error == 1) {
+ log_system("Could not re-open debug output file!");
+ }
}
}
if ($eventlog_system_enable == 1 && $daemon == 1){
if ($debug_file_open_error == 1) {
- syslog_system("Could not re-open debug output file!");
+ eventlog_system("Could not re-open debug output file!",14,$eventlog_error);
}
}
}
@@ -549,6 +870,11 @@
# (Do this after switch user IDs when daemon_uid is defined)
create_db_connections();
+ if ($threads_enable == 1) {
+ $thread_exec_semaphore = ();
+ $thread_exec_semaphore = Thread::Semaphore->new($threads_max);
+ }
+
while (!$timetodie)
{
if (! (chdir($spool_directory)))
@@ -563,6 +889,10 @@
{
syslog_system("Unable to enter spool dir $spool_directory");
}
+ if ($log_system_enable == 1)
+ {
+ log_system("Unable to enter spool dir $spool_directory");
+ }
if ($eventlog_system_enable == 1)
{
eventlog_system("Unable to enter spool dir $spool_directory",3,$eventlog_error);
@@ -580,12 +910,16 @@
{
syslog_system("Unable to open spool dir $spool_directory");
}
+ if ($log_system_enable == 1)
+ {
+ log_system("Unable to open spool dir $spool_directory");
+ }
if ($eventlog_system_enable == 1)
{
eventlog_system("Unable to open spool dir $spool_directory",4,$eventlog_error);
}
}
- elsif (! (@filenames = readdir(DIR)))
+ elsif (! (my @filenames = readdir(DIR)))
{
if ($DEBUGGING >= 1)
{
@@ -597,6 +931,10 @@
{
syslog_system("Unable to read spool dir $spool_directory");
}
+ if ($log_system_enable == 1)
+ {
+ log_system("Unable to read spool dir $spool_directory");
+ }
if ($eventlog_system_enable == 1)
{
eventlog_system("Unable to read spool dir $spool_directory",5,$eventlog_error);
@@ -630,6 +968,10 @@
{
syslog_system("Unable to delete !reload file from spool dir");
}
+ if ($log_system_enable == 1)
+ {
+ log_system("Unable to delete !reload file from spool dir");
+ }
if ($eventlog_system_enable == 1)
{
eventlog_system("Unable to delete !reload file from spool dir",20,$eventlog_error);
@@ -653,6 +995,10 @@
{
syslog_system("Unable to delete !statistics file from spool dir");
}
+ if ($log_system_enable == 1)
+ {
+ log_system("Unable to delete !statistics file from spool dir");
+ }
if ($eventlog_system_enable == 1)
{
eventlog_system("Unable to delete !statistics file from spool dir",21,$eventlog_error);
@@ -666,7 +1012,7 @@
print "Processing file: $file\n";
}
- $filesuccess = 1;
+ my $filesuccess = 1;
unless (open FILE, $spool_directory.$file)
{
if ($DEBUGGING >= 1)
@@ -679,6 +1025,10 @@
{
syslog_system("Could not open trap file $spool_directory$file");
}
+ if ($log_system_enable == 1)
+ {
+ log_system("Could not open trap file $spool_directory$file");
+ }
if ($eventlog_system_enable == 1)
{
eventlog_system("Could not open trap file $spool_directory$file",6,$eventlog_error);
@@ -689,7 +1039,10 @@
$input = 'FILE';
- &readtrap; # Read trap from STDIN or file
+ if (! (&readtrap())) { # Read trap from STDIN or file
+ print " Error processing trap file $file. Skipping...\n";
+ next;
+ }
&searchfortrap; # Search for trap snmptt.conf (array)
@@ -711,6 +1064,10 @@
{
syslog_system("Unable to delete trap file $file from spool dir");
}
+ if ($log_system_enable == 1)
+ {
+ log_system("Unable to delete trap file $file from spool dir");
+ }
if ($eventlog_system_enable == 1)
{
eventlog_system("Unable to delete trap file $file from spool dir",7,$eventlog_error);
@@ -748,6 +1105,7 @@
if ($timetologstatistics == 1)
{
&log_statistics();
+
$timetologstatistics = 0;
}
@@ -768,6 +1126,10 @@
{
syslog_system("Reloading configuration file\(s\)");
}
+ if ($log_system_enable == 1)
+ {
+ log_system("Reloading configuration file\(s\)");
+ }
if ($eventlog_system_enable == 1)
{
eventlog_system("Reloading configuration file\(s\)",8,$eventlog_information);
@@ -778,6 +1140,14 @@
$timetoreload = 0;
}
}
+
+ # If $daemon_uid was not set, clean up pid file here. Otherwise it's cleaned up
+ # when the child process is finished above.
+ if ($^O ne "MSWin32" && $daemon_uid eq '') {
+ # Clean up snmptt.pid file
+ unlink($pid_file);
+ }
+
if ($DEBUGGING >= 1)
{
print "SNMPTT $snmptt_version shutdown: ",scalar(localtime),"\n\n";
@@ -796,6 +1166,15 @@
#syslog_system("Total traps ignored $g_total_traps_ignored");
#syslog_system("Total unknown traps: $g_total_traps_unknown");
}
+ if ($log_system_enable == 1 && $daemon == 1)
+ {
+ log_system("SNMPTT $snmptt_version shutdown");
+ log_system("Total traps received=$g_total_traps_received,Total traps translated=$g_total_traps_translated,Total traps ignored=$g_total_traps_ignored,Total unknown traps=$g_total_traps_unknown");
+ #syslog_system("Total traps received: $g_total_traps_received");
+ #syslog_system("Total traps translated: $g_total_traps_translated");
+ #syslog_system("Total traps ignored $g_total_traps_ignored");
+ #syslog_system("Total unknown traps: $g_total_traps_unknown");
+ }
if ($eventlog_system_enable == 1 && $daemon == 1)
{
my $message = "SNMPTT $snmptt_version shutdown\n\n" . \
@@ -872,9 +1251,10 @@
###############################################################################
# if no nodes list, then $hostmatch = 1 so trap is logged etc, otherwise it is not
- $l = 1; # Start with first event entry
+ my $l = 1; # Start with first event entry
- $multiple_event_passes = 0; # Below, if =1, then abort because we already found a match for
+ my $multiple_event_passes = 0; # This variable increases each time we match an EVENT.
+ # Below, if =1, then abort because we already found a match for
# this trap. This would only happen if you have a trap
# defined multiple times in the config file to allow
# different machines to have different actions based on
@@ -896,8 +1276,8 @@
print "Working with EVENT entry: $receivedtrap_entry => $event{$receivedtrap_entry}[0+$l],$event{$receivedtrap_entry}[1+$l],$event{$receivedtrap_entry}[2+$l],$event{$receivedtrap_entry}[5+$l]\n";
}
- $hostmatch = 0;
- $nodesmatch = 0; # Match from NODES
+ my $hostmatch = 0;
+ my $nodesmatch = 0; # Match from NODES
my $match_found = 0; # Match from MATCH
# $event is the hash of events defined in the config file
@@ -908,7 +1288,7 @@
# Flush out @nodes
#@nodes = ();
- @nodes2 = ();
+ my @nodes2 = ();
# $event2[0]=$event{"$receivedtrap_entry"}[0]; # 0: name of trap
# $event2[1]=$event{"$receivedtrap_entry"}[1]; # 1: category
@@ -1065,7 +1445,7 @@
{
$match_temp =~ s/\s*(\(.*\))\s*/$1/g; # Remove any white space from before and after ()'s
- $match_temp =~ s/\)\s*(\i)\s*/\)$1/g; # Remove any white space from before and after i modifier
+ $match_temp =~ s/\)\s*(i)\s*/\)$1/g; # Remove any white space from before and after i modifier
# if there is one
$match_temp =~ s/\s*(\!.*)/$1/g; # Remvoe any white space in front of the ! if there is one
@@ -1127,6 +1507,8 @@
$processed = 1;
}
+ my $message_short;
+ my $message;
if ($hostmatch == 1 && $event2[1] ne "IGNORE")
{
$message_short = "";
@@ -1169,6 +1551,12 @@
print "PREEXEC command: $command\n";
}
# Execute command
+
+ if ($exec_escape == 1) {
+ # Escape wildcard characters
+ $command =~ s/\*/\\\*/g;
+ $command =~ s/\?/\\\?/g;
+ }
my $result = `$command`;
chomp $result;
# Remove spaces before and after
@@ -1253,10 +1641,13 @@
{
syslog_system("Can not open log file $log_file");
}
-
+ if ($log_system_enable == 1)
+ {
+ log_system("Can not open log file $log_file");
+ }
if ($eventlog_system_enable == 1)
{
- eventlog_system("Can not open log file $log_file",14,$eventlog_information);
+ eventlog_system("Can not open log file $log_file",14,$eventlog_error);
}
}
}
@@ -1382,173 +1773,91 @@
if ($mysql_dbi_enable == 1)
{
- $trap_attempted_to_log++;
-
- # Make sure the connection is up
- if ($mysql_ping_on_insert == 1) {
- &mysql_ping();
- }
-
- if (defined ($dbh_mysql)) {
- # Backslash any quotes
- my $message_short2 = $message_short;
- $message_short2 =~ s(\')(\\\')g; #'
- $message_short2 =~ s(\")(\\\")g; #"
-
- my $community = $var[5];
- $community =~ s(\')(\\\')g; #'
- $community =~ s(\")(\\\")g; #"
-
- my $prepare_successful = 0;
- my $do_successful = 0;
-
- my $sql_statement = "INSERT INTO $mysql_dbi_table (eventname, eventid,
- trapoid, enterprise, community, hostname, agentip, category, severity,
- uptime, traptime, formatline) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)";
-
- my $sth_mysql = $dbh_mysql->prepare($sql_statement);
- unless (defined ($sth_mysql)) {
- my $msg = "MySQL error " . $dbh_mysql->{'errno'} . ": Unable to perform PREPARE: ".$dbh_mysql->errstr;
- warn $msg, "\n";
-
- if ($DEBUGGING >= 1)
- {
- print $msg, "\n";
- }
-
- if ($syslog_system_enable == 1)
- {
- syslog_system($msg);
- }
-
- if ($eventlog_system_enable == 1)
- {
- eventlog_system($msg,23,$eventlog_error);
- }
- }
- else {
- $prepare_successful = 1;
- }
-
- if ($prepare_successful == 1)
- {
- unless (defined ($sth_mysql->execute($event2[0],$receivedtrap_entry,
- $receivedtrap_trans,$db_enterprise,$community,$agent_dns_name,$var[4],$event2[1],
- $event2[2],$var[2],$trap_date_time,$message_short2))) {
- my $msg = "MySQL error " . $dbh_mysql->{'errno'} . ": Unable to perform INSERT INTO (EXECUTE): ".$dbh_mysql->errstr;
- warn $msg, "\n";
-
- if ($DEBUGGING >= 1)
- {
- print $msg, "\n";
- }
-
- if ($syslog_system_enable == 1)
- {
- syslog_system($msg);
- }
+ $trap_attempted_to_log++;
- if ($eventlog_system_enable == 1)
- {
- eventlog_system($msg,15,$eventlog_error);
- }
- }
- else {
- $do_successful = 1;
- }
+ # Backslash any quotes
+ my $message_short2 = $message_short;
+ $message_short2 =~ s(\')(\\\')g; #'
+ $message_short2 =~ s(\")(\\\")g; #"
+
+ my $community = $var[5];
+ $community =~ s(\')(\\\')g; #'
+ $community =~ s(\")(\\\")g; #"
+
+ my @t_sql_custom_columns = ();
+
+ if (@sql_custom_columns) {
+ @t_sql_custom_columns = @sql_custom_columns;
+
+ for (my $i = 1; $i <= $#t_sql_custom_columns; $i+=2) {
+ $_ = $t_sql_custom_columns[$i];
+ print "Performing substitution on custom column: $_\n";
+ &substitute();
+ print "Done performing substitution on custom column: $_\n";
+ $t_sql_custom_columns[$i] = $_;
}
+ }
- if ($do_successful == 1)
- {
- $trap_successfully_logged++;
- }
+ if (&mysql_insert($mysql_dbi_table,
+ "eventname", $event2[0], # $N
+ "eventid", $receivedtrap_entry, # $i
+ "trapoid", $receivedtrap_trans, # $O
+ "enterprise", $db_enterprise, # $E or $e depending on $db_translate_enterprise
+ "community", $community, # $C
+ "hostname", $agent_dns_name, # $A
+ "agentip", $var[4], # $aA
+ "category", $event2[1], # $c
+ "severity", $event2[2], # $s
+ "uptime", $var[2], # $T
+ "traptime", $trap_date_time_sql,
+ "formatline", $message_short2,
+ @t_sql_custom_columns) == 1 ) { #
+ $trap_successfully_logged++;
}
}
if ($postgresql_dbi_enable == 1)
{
- $trap_attempted_to_log++;
-
- # Make sure the connection is up
- if ($postgresql_ping_on_insert == 1) {
- &postgresql_ping();
- }
-
- if (defined ($dbh_postgresql)) {
- # Backslash any quotes
- my $message_short2 = $message_short;
- $message_short2 =~ s(\')(\\\')g; #'
- $message_short2 =~ s(\")(\\\")g; #"
-
- my $community = $var[5];
- $community =~ s(\')(\\\')g; #'
- $community =~ s(\")(\\\")g; #"
-
- my $prepare_successful = 0;
- my $do_successful = 0;
-
- my $sql_statement = "INSERT INTO $postgresql_dbi_table (eventname, eventid,
- trapoid, enterprise, community, hostname, agentip, category, severity,
- uptime, traptime, formatline) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)";
-
- my $sth_postgresql = $dbh_postgresql->prepare($sql_statement);
- unless (defined ($sth_postgresql)) {
- my $msg = "Postgres error: Unable to perform PREPARE: ".$dbh_postgresql->errstr;
-
- warn $msg, "\n";
-
- if ($DEBUGGING >= 1)
- {
- print $msg, "\n";
- }
-
- if ($syslog_system_enable == 1)
- {
- syslog_system($msg);
- }
-
- if ($eventlog_system_enable == 1)
- {
- eventlog_system($msg,22,$eventlog_error);
- }
- }
- else {
- $prepare_successful = 1;
- }
-
- if ($prepare_successful == 1)
- {
- unless (defined ($sth_postgresql->execute($event2[0],$receivedtrap_entry,
- $receivedtrap_trans,$db_enterprise,$community,$agent_dns_name,$var[4],$event2[1],
- $event2[2],$var[2],$trap_date_time,$message_short2))) {
- my $msg = "Postgres error: Unable to perform INSERT INTO (EXECUTE): ".$dbh_postgresql->errstr;
-
- warn $msg, "\n";
-
- if ($DEBUGGING >= 1)
- {
- print $msg, "\n";
- }
-
- if ($syslog_system_enable == 1)
- {
- syslog_system($msg);
- }
+ $trap_attempted_to_log++;
- if ($eventlog_system_enable == 1)
- {
- eventlog_system($msg,19,$eventlog_error);
- }
- }
- else {
- $do_successful = 1;
- }
+ # Backslash any quotes
+ my $message_short2 = $message_short;
+ $message_short2 =~ s(\')(\\\')g; #'
+ $message_short2 =~ s(\")(\\\")g; #"
+
+ my $community = $var[5];
+ $community =~ s(\')(\\\')g; #'
+ $community =~ s(\")(\\\")g; #"
+
+ my @t_sql_custom_columns = ();
+
+ if (@sql_custom_columns) {
+ @t_sql_custom_columns = @sql_custom_columns;
+
+ for (my $i = 1; $i <= $#t_sql_custom_columns; $i+=2) {
+ $_ = $t_sql_custom_columns[$i];
+ print "Performing substitution on custom column: $_\n";
+ &substitute();
+ print "Done performing substitution on custom column: $_\n";
+ $t_sql_custom_columns[$i] = $_;
}
+ }
- if ($do_successful == 1)
- {
- $trap_successfully_logged++;
- }
+ if (&postgresql_insert($postgresql_dbi_table,
+ "eventname", $event2[0], # $N
+ "eventid", $receivedtrap_entry, # $i
+ "trapoid", $receivedtrap_trans, # $O
+ "enterprise", $db_enterprise, # $E or $e depending on $db_translate_enterprise
+ "community", $community, # $C
+ "hostname", $agent_dns_name, # $A
+ "agentip", $var[4], # $aA
+ "category", $event2[1], # $c
+ "severity", $event2[2], # $s
+ "uptime", $var[2], # $T
+ "traptime", $trap_date_time_sql,
+ "formatline", $message_short2,
+ @t_sql_custom_columns) == 1 ) { #
+ $trap_successfully_logged++;
}
}
@@ -1556,90 +1865,86 @@
{
$trap_attempted_to_log++;
- # Make sure the connection is up
- if ($dbd_odbc_ping_on_insert == 1) {
- &dbd_odbc_ping();
- }
-
- if (defined ($dbh_odbc))
- {
- # Double any single quotes
- my $message_short2 = $message_short;
- $message_short2 =~ s(\')('')g; #'
-
- my $community = $var[5];
- $community =~ s(\')('')g; #'
-
- unless (defined ($dbh_odbc->do(
- "INSERT INTO $dbd_odbc_table (eventname, eventid, trapoid, enterprise,
- community, hostname, agentip, category, severity, uptime, traptime,
- formatline) VALUES (
- \'$event2[0]\',\'$receivedtrap_entry'\,\'$receivedtrap_trans'\,
- \'$db_enterprise\',\'$community\',\'$agent_dns_name\',\'$var[4]\',
- \'$event2[1]\',\'$event2[2]\',\'$var[2]\',\'".$trap_date_time."\',
- \'$message_short2\')" ) ) )
- {
- my $msg = warn "DBI DBD::ODBC error: Unable to perform INSERT INTO: ".$dbh_odbc->errstr;
- warn $msg, "\n";
-
- if ($DEBUGGING >= 1)
- {
- print $msg, "\n";
- }
-
- if ($syslog_system_enable == 1)
- {
- syslog_system($msg);
- }
-
- if ($eventlog_system_enable == 1)
- {
- eventlog_system($msg,16,$eventlog_error);
- }
- }
- else
- {
- $trap_successfully_logged++;
+ # Double any single quotes
+ my $message_short2 = $message_short;
+ $message_short2 =~ s(\')('')g; #'
+
+ my $community = $var[5];
+ $community =~ s(\')('')g; #'
+
+ my @t_sql_custom_columns = ();
+
+ if (@sql_custom_columns) {
+ @t_sql_custom_columns = @sql_custom_columns;
+
+ for (my $i = 1; $i <= $#t_sql_custom_columns; $i+=2) {
+ $_ = $t_sql_custom_columns[$i];
+ print "Performing substitution on custom column: $_\n";
+ &substitute();
+ print "Done performing substitution on custom column: $_\n";
+ $t_sql_custom_columns[$i] = $_;
}
}
+
+ if (&odbc_insert($dbd_odbc_table,
+ "eventname", $event2[0], # $N
+ "eventid", $receivedtrap_entry, # $i
+ "trapoid", $receivedtrap_trans, # $O
+ "enterprise", $db_enterprise, # $E or $e depending on $db_translate_enterprise
+ "community", $community, # $C
+ "hostname", $agent_dns_name, # $A
+ "agentip", $var[4], # $aA
+ "category", $event2[1], # $c
+ "severity", $event2[2], # $s
+ "uptime", $var[2], # $T
+ "traptime", $trap_date_time_sql,
+ "formatline", $message_short2,
+ @t_sql_custom_columns) == 1 ) { #
+ $trap_successfully_logged++;
+ }
}
if ($sql_win32_odbc_enable)
{
- $trap_attempted_to_log++;
-
- if (defined ($dbh_win32_odbc) )
- {
- # Double any single quotes
- my $message_short2 = $message_short;
- $message_short2 =~ s(\')('')g; #'
-
- my $community = $var[5];
- $community =~ s(\')('')g; #'
-
- # if defined, there's an error
- if (defined ($dbh_win32_odbc->Sql
- ("INSERT INTO $sql_win32_odbc_table (eventname, eventid, trapoid, enterprise,
- community, hostname, agentip, category, severity, uptime, traptime,
- formatline) VALUES (
- \'$event2[0]\',\'$receivedtrap_entry'\,\'$receivedtrap_trans'\,
- \'$db_enterprise\',\'$community\',\'$agent_dns_name\',\'$var[4]\',
- \'$event2[1]\',\'$event2[2]\',\'$var[2]\',\'".$trap_date_time."\',
- \'$message_short2\')" ) ) )
- {
- warn "Unable to perform INSERT INTO: ".Win32::ODBC::Error()."\n";
+ $trap_attempted_to_log++;
- if ($eventlog_system_enable == 1)
- {
- eventlog_system("Win32::ODBC error: Unable to perform INSERT INTO: ".Win32::ODBC::Error(),
- 17,$eventlog_error);
- }
- }
- else
- {
- $trap_successfully_logged++;
+ # Double any single quotes
+ my $message_short2 = $message_short;
+ $message_short2 =~ s(\')('')g; #'
+
+ my $community = $var[5];
+ $community =~ s(\')('')g; #'
+
+ my @t_sql_custom_columns = ();
+
+ if (@sql_custom_columns) {
+ @t_sql_custom_columns = @sql_custom_columns;
+
+ for (my $i = 1; $i <= $#t_sql_custom_columns; $i+=2) {
+ $_ = $t_sql_custom_columns[$i];
+ print "Performing substitution on custom column: $_\n";
+ &substitute();
+ print "Done performing substitution on custom column: $_\n";
+ $t_sql_custom_columns[$i] = $_;
}
}
+
+ if (&sql_win32_odbc_insert($sql_win32_odbc_table,
+ "eventname", $event2[0], # $N
+ "eventid", $receivedtrap_entry, # $i
+ "trapoid", $receivedtrap_trans, # $O
+ "enterprise", $db_enterprise, # $E or $e depending on $db_translate_enterprise
+ "community", $community, # $C
+ "hostname", $agent_dns_name, # $A
+ "agentip", $var[4], # $aA
+ "category", $event2[1], # $c
+ "severity", $event2[2], # $s
+ "uptime", $var[2], # $T
+ "traptime", $trap_date_time_sql,
+ "formatline", $message_short2,
+ @t_sql_custom_columns) == 1 ) { #
+ $trap_successfully_logged++;
+ }
}
} # end block for if ($event2[3] ne '') if FORMAT string has been defined
@@ -1651,7 +1956,6 @@
}
}
-
#
# Variable substitution for EXEC string
#
@@ -1679,8 +1983,41 @@
{
print "EXEC command:$command\n";
}
+
# Execute command
- system $command;
+ if ($threads_enable == 1 && $daemon == 1) {
+ if ($DEBUGGING >= 1)
+ {
+ print "EXEC command - creating thread...\n";
+ }
+ my $exec_thread = threads->new(\&exec_thread_sub, $command);
+ $exec_thread->detach; # Detach and let it clean up after itself
+
+ sub exec_thread_sub {
+ my $command = shift;
+ $thread_exec_semaphore->down;
+
+ if ($exec_escape == 1) {
+ # Escape wildcard characters
+ $command =~ s/\*/\\\*/g;
+ $command =~ s/\?/\\\?/g;
+ }
+ if ($DEBUGGING >= 1)
+ {
+ print "EXECing command in thread:$command\n";
+ }
+ system $command;
+ $thread_exec_semaphore->up;
+ }
+ }
+ else {
+ if ($exec_escape == 1) {
+ # Escape wildcard characters
+ $command =~ s/\*/\\\*/g;
+ $command =~ s/\?/\\\?/g;
+ }
+ system $command;
+ }
}
}
}
@@ -1734,7 +2071,7 @@
my $temp_wildcard1 = ();
my $temp_wildcard2 = ();
my $temp_wildcard3 = ();
- for($i=1;$i <= $#entvar+1; $i++)
+ for(my $i=1;$i <= $#entvar+1; $i++)
{
$temp_wildcard1 = $temp_wildcard1 . "\$$i" . $wildcard_expansion_separator;
$temp_wildcard2 = $temp_wildcard2 . "\$\+$i" . $wildcard_expansion_separator;
@@ -1760,7 +2097,7 @@
# $v - Names of variable-bindings
# Count down backwards to make sure 10 is not mistaken for $1
- for($i=$#entvarname+1;$i > 0; $i--)
+ for(my $i=$#entvarname+1;$i > 0; $i--)
{
if ($net_snmp_perl_enable == 1)
{
@@ -1781,7 +2118,7 @@
# $n - Variable-bindings
# Count down backwards to make sure 10 is not mistaken for $1
- for($i=$#entvar+1;$i > 0; $i--)
+ for(my $i=$#entvar+1;$i > 0; $i--)
{
my $val = $entvar[$i-1];
@@ -1959,10 +2296,13 @@
#s(\$ar)($var[1])g;
&substitute2 ("\$ar", $var[1]);
- # $R, $r - Hostname
+ # $R, $r - Trap hostname
#s(\$R)($var[0])g;
&substitute2 ("\$R", $var[0]);
+ # $H - Host name of the system running SNMPTT
+ &substitute2 ("\$H", $snmptt_system_name);
+
#s(\$r)($var[0])g;
&substitute2 ("\$r", $var[0]);
@@ -2036,6 +2376,7 @@
&substitute2 ("\$D", $description_temp);
}
elsif ($description_mode == 1) {
+ my $description_temp;
for (my $i=0; defined($event2[8][$i]); $i++)
{
$description_temp = $description_temp . $event2[8][$i] . "\n";
@@ -2098,14 +2439,19 @@
my $regex_temp = $event2[6][$i];
#print "!!!!!!$regex_temp\n";
- # Remove starting and ending ()
- #$regex_temp =~ /^\((.*)\)$/;
- $regex_temp =~ /^\((.*)\)(.*)$/;
+ # Pull out modifiers
+ $regex_temp =~ /^(.*\))(.*)$/;
$regex_temp = $1;
my $modifiers = $2;
# Split using )(
- my @regex_temp2 = split(/\)\(/,$regex_temp,2);
+ my @regex_temp2;
+ ($regex_temp2[0], $regex_temp2[1]) = extract_bracketed($regex_temp,'()');
+
+ #Remove starting and ending () from each part of the split REGEX
+ $regex_temp2[0] =~ s/^\((.*)\)$/$1/;
+ $regex_temp2[1] =~ s/^\((.*)\)$/$1/;
+
#print "0:$regex_temp2[0]\n";
#print "1:$regex_temp2[1]\n";
#print "Modifiers: $modifiers\n";
@@ -2267,13 +2613,13 @@
my $left = shift;
my $right = shift;
- $string_r = reverse $_;
- $left_r = reverse $left;
+ my $string_r = reverse $_;
+ my $left_r = reverse $left;
$left_r =~ s/\\/\\\\/g; # escape \
$left_r =~ s/\$/\\\$/g; # escape $
$left_r =~ s/\*/\\\*/g; # escape *
$left_r =~ s/\+/\\\+/g; # escape +
- $right_r = reverse $right;
+ my $right_r = reverse $right;
# The format is:
# s/a\$((?=(\$\$)*(?!\$)))/b/g;
@@ -2293,23 +2639,26 @@
# that will be used for variable substitution
# Flush variables in case this is a re-load during run
- @snmpttconf = ();
+ my @snmpttconf = ();
# @snmptt_conf_files = ();
undef %event;
- undef %nodes_file_hash; # NODES entries from NODES files
-
- foreach $snmpttconffile (@snmptt_conf_files)
+
+ foreach my $snmpttconffile (@snmptt_conf_files)
{
if ($DEBUGGING >= 1)
{
print "\n\tLoading $snmpttconffile\n";
}
- if ($syslog_system_enable == 1 && $daemon == 1 && $dump == 0)
+ if ($syslog_system_enable == 1 && $daemon == 1 && $dump == 0 && $time == 0)
{
syslog_system("Loading $snmpttconffile");
}
- if ($eventlog_system_enable == 1 && $daemon == 1 && $dump == 0)
+ if ($log_system_enable == 1 && $daemon == 1 && $dump == 0 && $time == 0)
+ {
+ log_system("Loading $snmpttconffile");
+ }
+ if ($eventlog_system_enable == 1 && $daemon == 1 && $dump == 0 && $time == 0)
{
eventlog_system("Loading $snmpttconffile",9,$eventlog_information);
}
@@ -2322,18 +2671,22 @@
print "\n\tCould not open configuration file: $snmpttconffile\n";
}
- if ($syslog_system_enable == 1 && $daemon == 1 && $dump == 0)
+ if ($syslog_system_enable == 1 && $daemon == 1 && $dump == 0 && $time == 0)
{
syslog_system("Could not open configuration file: $snmpttconffile");
}
- if ($eventlog_system_enable == 1 && $daemon == 1 && $dump == 0)
+ if ($log_system_enable == 1 && $daemon == 1 && $dump == 0 && $time == 0)
+ {
+ log_system("Could not open configuration file: $snmpttconffile");
+ }
+ if ($eventlog_system_enable == 1 && $daemon == 1 && $dump == 0 && $time == 0)
{
eventlog_system("Could not open configuration file: $snmpttconffile",10,$eventlog_error);
}
next;
}
- $tempcount = 0;
+ my $tempcount = 0;
while (<SNMPTTCONF>)
{
chomp; #remove <cr> at end of line
@@ -2346,11 +2699,15 @@
{
print "\tFinished loading $tempcount lines from $snmpttconffile\n";
}
- if ($syslog_system_enable == 1 && $daemon == 1 && $dump == 0)
+ if ($syslog_system_enable == 1 && $daemon == 1 && $dump == 0 && $time == 0)
{
syslog_system("Finished loading $tempcount lines from $snmpttconffile");
}
- if ($eventlog_system_enable == 1 && $daemon == 1 && $dump == 0)
+ if ($log_system_enable == 1 && $daemon == 1 && $dump == 0 && $time == 0)
+ {
+ log_system("Finished loading $tempcount lines from $snmpttconffile");
+ }
+ if ($eventlog_system_enable == 1 && $daemon == 1 && $dump == 0 && $time == 0)
{
eventlog_system("Finished loading $tempcount lines from $snmpttconffile",11,$eventlog_information);
}
@@ -2369,13 +2726,13 @@
print "\nProcessing memory copy of configuration files\n";
}
- $currentline=0;
- $tempcount=0;
- $tempcount2=0;
+ my $currentline=0;
+ my $tempcount=0;
+ my $tempcount2=0;
while ($currentline <= $#snmpttconf)
{
- $line = $snmpttconf[$currentline];
+ my $line = $snmpttconf[$currentline];
if ($line =~ /^EVENT/)
{
@@ -2400,12 +2757,12 @@
$tempcount++; # Temporary counter of the number of EVENTS found
# Divide up line taking into consideration strings in quotes
- $temp = join "::::", shellwords($line);
+ my $temp = join "::::", shellwords($line);
#print "line is: $temp\n";
# Split line up into multiple elements of an array using the new delimiter
- @temp = split ("::::",$temp);
+ my @temp = split ("::::",$temp);
if (! ($temp[2] =~ /^(\.\d+)+$/) && ! ($temp[2] =~ /^(\.\d+)+\.\*$/) && !
($temp[2] =~ /^(\.\*)$/) )
@@ -2452,18 +2809,18 @@
# Clear out the FORMAT, EXEC and NODES lines in case they are not found. Don't want old
# data in them..
- $lineformat = '';
- $lineexec = '';
- $linenodes = '';
- $lineregex = '';
- @exec = ();
- @regex = ();
- @match = ();
- @desc = ();
- @preexec = ();
+ my $lineformat = '';
+ my $lineexec = '';
+ my $linenodes = '';
+ my $lineregex = '';
+ my @exec = ();
+ my @regex = ();
+ my @match = ();
+ my @desc = ();
+ my @preexec = ();
$currentline++; # Increment to the next line which should be a FORMAT, EXEC or NODES
- $line2 = $snmpttconf[$currentline];
+ my $line2 = $snmpttconf[$currentline];
while ( ($currentline <= $#snmpttconf) && !($line2 =~ /^EVENT/) )
{
@@ -2489,7 +2846,7 @@
{
# It's a PREEXEC line
- $linematch = substr($line2,8);
+ my $linematch = substr($line2,8);
push (@preexec,$linematch);
}
@@ -2520,11 +2877,11 @@
{
# It's a MATCH line
- $linematch = substr($line2,6);
+ my $linematch = substr($line2,6);
push (@match,$linematch);
}
- elsif ( ($line2 =~ /^SDESC/) && ($description_mode == 1) )
+ elsif ( ($line2 =~ /^SDESC/) && ($description_mode== 1) )
{
# It's a DESC line
@@ -2556,7 +2913,7 @@
#@regex = qw/one two/;
- $countx = @{ $event{$temp[2]} }[0];
+ my $countx = @{ $event{$temp[2]} }[0];
#print "countx $countx\n";
@{ $event{$temp[2]} }[1+$countx]= $temp[1];
@{ $event{$temp[2]} }[2+$countx]= $temp[3];
@@ -2609,9 +2966,9 @@
{
print "==========================================================\n";
print "Printing out all the events in hash table:\n\n";
- foreach $key (sort keys %event)
+ foreach my $key (sort keys %event)
{
- $l=0;
+ my $l=0;
while (defined($event{$key}[$l+1]))
{
print "Event: $key => $event{$key}[1+$l],$event{$key}[2+$l],$event{$key}[3+$l],$event{$key}[4+$l],$event{$key}[7+$l][0]\n";
@@ -2625,16 +2982,16 @@
if ($dump == 1) {
print "Printing out all duplicate events in hash table:\n\n";
my %temp = ();
- foreach $key (sort keys %event)
+ foreach my $key (sort keys %event)
{
- $l=0;
+ my $l=0;
while (defined($event{$key}[$l+1]))
{
$temp{$key}++;
$l+=11;
}
}
- foreach $key (sort keys %temp)
+ foreach my $key (sort keys %temp)
{
if ($temp{$key} > 1) {
print "Duplicate event: $key\n";
@@ -2651,7 +3008,7 @@
sub readtrap
{
# Flush out @tempvar, @var and @entvar
- @tempvar = ();
+ my @tempvar = ();
@var = ();
@entvar = ();
@entvarname = ();
@@ -2668,6 +3025,13 @@
if ( $daemon == 1)
{
chomp($trap_date_time_epoch = (<$input>)); # Pull time trap was spooled
+ if ($trap_date_time_epoch eq "") {
+ if ($DEBUGGING >= 1) {
+ print " Invalid trap file. Expected a serial time on the first line but got nothing\n";
+ return 0;
+ }
+ }
+
$trap_date_time_epoch =~ s(`)(')g; #` Replace any back ticks with regular single quote
}
else
@@ -2675,34 +3039,83 @@
$trap_date_time_epoch = time(); # Use current time as time trap was received
}
+ my @localtime_array;
if ( $daemon == 1 && $use_trap_time == 1 ) # Daemon mode only
{
- $trap_date_time = localtime($trap_date_time_epoch);
- $trap_date = strftime "%a %b %e %Y", localtime($trap_date_time_epoch);
- $trap_time = strftime "%H:%M:%S", localtime($trap_date_time_epoch);
+ @localtime_array = localtime($trap_date_time_epoch);
+
+ if ($date_time_format eq "") {
+ $trap_date_time = localtime($trap_date_time_epoch);
+ }
+ else {
+ $trap_date_time = strftime $date_time_format, @localtime_array;
+ }
+
+ if ($date_time_format_sql eq "") {
+ $trap_date_time_sql = localtime($trap_date_time_epoch);
+ }
+ else {
+ $trap_date_time_sql = strftime $date_time_format_sql, @localtime_array;
+ }
+
}
- else
+ else # Standalone mode
{
- $trap_date_time = localtime();
- $trap_date = strftime "%a %b %e %Y", localtime();
- $trap_time = strftime "%H:%M:%S", localtime();
- }
+ @localtime_array = localtime();
- chomp($tempvar[0]=<$input>); # hostname
- $tempvar[0] =~ s(`)(')g; #` Replace any back ticks with regular single quote
+ if ($date_time_format eq "") {
+ $trap_date_time = localtime();
+ }
+ else {
+ $trap_date_time = strftime $date_time_format, @localtime_array;
+ }
+ if ($date_time_format_sql eq "") {
+ $trap_date_time_sql = localtime();
+ }
+ else {
+ $trap_date_time_sql = strftime $date_time_format_sql, @localtime_array;
+ }
+ }
+
+ $trap_date = strftime $date_format, @localtime_array;
+ $trap_time = strftime $time_format, @localtime_array;
+
+
+ # Pull in passed SNMP info from snmptrapd via STDIN and place in the array @tempvar
+
+ chomp($tempvar[0]=<$input>); # hostname
+ $tempvar[0] =~ s(`)(')g; #` Replace any back ticks with regular single quote
+ if ($tempvar[0] eq "") {
+ if ($DEBUGGING >= 1) {
+ print " Invalid trap file. Expected a hostname on line 2 but got nothing\n";
+ return 0;
+ }
+ }
+
chomp($tempvar[1]=<$input>); # ip address
$tempvar[1] =~ s(`)(')g; #` Replace any back ticks with regular single quote
+ if ($tempvar[1] eq "") {
+ if ($DEBUGGING >= 1) {
+ print " Invalid trap file. Expected an IP address on line 3 but got nothing\n";
+ return 0;
+ }
+ }
# Some systems pass the IP address as udp:ipaddress:portnumber. This will pull
# out just the IP address
$tempvar[1] =~ /(\d+\.\d+\.\d+\.\d+)/;
$tempvar[1] = $1;
+ # Net-SNMP 5.4 has a bug which gives <UNKNOWN> for the hostname
+ if ($tempvar[0] =~ /<UNKNOWN>/) {
+ $tempvar[0] = $tempvar[1];
+ }
+
#Process varbinds
#Separate everything out, keeping both the variable name and the value
- $linenum = 1;
- while (defined($line = <$input>))
+ my $linenum = 1;
+ while (defined(my $line = <$input>))
{
$line =~ s(`)(')g; #` Replace any back ticks with regular single quote
@@ -2720,6 +3133,7 @@
chomp ($temp2); # Variable VALUE
chomp ($line);
+ my $variable_fix;
if ($linenum == 1)
{
if (defined($temp2) ) # Check if line 1 contains 'variable value' or just 'value'
@@ -2746,7 +3160,7 @@
print " Multi-line value detected - merging onto one line...\n";
}
chomp $temp2; # Remove the newline character
- while (defined($line2 = <$input>))
+ while (defined(my $line2 = <$input>))
{
chomp $line2;
$temp2.=" ".$line2;
@@ -2805,7 +3219,7 @@
print " Multi-line value detected - merging onto one line...\n";
}
chomp $line; # Remove the newline character
- while (defined($line2 = <$input>))
+ while (defined(my $line2 = <$input>))
{
chomp $line2;
$line.=" ".$line2;
@@ -2842,7 +3256,7 @@
{
# Print out all items passed from snmptrapd
print "\nItems passed from snmptrapd:\n";
- for ($i=0;$i <= $#tempvar;$i++)
+ for (my $i=0;$i <= $#tempvar;$i++)
{
print "value $i: $tempvar[$i]\n\n";
}
@@ -2867,8 +3281,8 @@
# Cycle through remaining variables searching for for agent IP (.1.3.6.1.6.3.18.1.3.0),
# community name (.1.3.6.1.6.3.18.1.4.0) and enterpise (.1.3.6.1.6.3.1.1.4.3.0)
# All others found are regular passed variables
- $j=0;
- for ($i=6;$i <= $#tempvar; $i+=2)
+ my $j=0;
+ for (my $i=6;$i <= $#tempvar; $i+=2)
{
if ($tempvar[$i] =~ /^.1.3.6.1.6.3.18.1.3.0$/) # ip address from trap agent
{
@@ -2981,7 +3395,7 @@
print "0+: passed variables\n\n";
#print out all standard variables
- for ($i=0;$i <= $#var;$i++)
+ for (my $i=0;$i <= $#var;$i++)
{
print "Value $i: $var[$i]\n\n";
}
@@ -2989,12 +3403,14 @@
print "Agent dns name: $agent_dns_name\n\n";
#print out all enterprise specific variables
- for ($i=0;$i <= $#entvar;$i++)
+ for (my $i=0;$i <= $#entvar;$i++)
{
print "Ent Value $i (\$" . ($i+1) . "): $entvarname[$i]=$entvar[$i]\n\n";
}
}
+ return 1;
+
# Variables of trap received by SNMPTRAPD:
#
# $var[0] hostname
@@ -3093,11 +3509,11 @@
# Check for wildcard match in hash table if not already processed
if ($processed == 0)
{
- $receivedtraptemp = $receivedtrap;
+ my $receivedtraptemp = $receivedtrap;
- $counter = 0; # Drill down only 40 times. Should never need this, but
- # it's here to prevent an infinite loop in this while statement
- # just in case
+ my $counter = 0; # Drill down only 40 times. Should never need this, but
+ # it's here to prevent an infinite loop in this while statement
+ # just in case
if ($DEBUGGING >= 1)
{
@@ -3140,25 +3556,43 @@
if ($DEBUGGING >= 1) {
print "\n\nUnknown trap EXEC line:\n";
}
- my $command = $unknown_trap_exec . " \"";
- $command .= scalar($trap_date_time) . ": Unknown trap ($var[3]) received from $var[0] at:";
+
+ my $command;
- #print out all standard variables
- for ($i=0;$i <= $#var;$i++) {
- $command .= " Value $i: $var[$i]";
- }
+ if ($unknown_trap_exec_format ne "") {
+ $_ = $unknown_trap_exec_format;
+
+ &substitute;
- #print out all enterprise specific variables
- for ($i=0;$i <= $#entvar;$i++) {
- $command .= " Ent Value $i: $entvarname[$i]=$entvar[$i]";
+ $command = $unknown_trap_exec .= " \"$_\"";
}
+ else {
+ $command = $unknown_trap_exec . " \"";
+ $command .= scalar($trap_date_time) . ": Unknown trap ($var[3]) received from $var[0] at:";
+
+ #print out all standard variables
+ for (my $i=0;$i <= $#var;$i++) {
+ $command .= " Value $i: $var[$i]";
+ }
+
+ #print out all enterprise specific variables
+ for (my $i=0;$i <= $#entvar;$i++) {
+ $command .= " Ent Value $i: $entvarname[$i]=$entvar[$i]";
+ }
- $command .= "\"";
+ $command .= "\"";
+ }
if ($DEBUGGING >= 1) {
print "Unknown trap EXEC command:$command\n";
}
# Execute command
+
+ if ($exec_escape == 1) {
+ # Escape wildcard characters
+ $command =~ s/\*/\\\*/g;
+ $command =~ s/\?/\\\?/g;
+ }
system $command;
}
@@ -3169,12 +3603,12 @@
{
print LOGFILE scalar($trap_date_time),": Unknown trap ($var[3]) received from $var[0] at: \n";
#print out all standard variables
- for ($i=0;$i <= $#var;$i++)
+ for (my $i=0;$i <= $#var;$i++)
{
print LOGFILE "Value $i: $var[$i]\n";
}
#print out all enterprise specific variables
- for ($i=0;$i <= $#entvar;$i++)
+ for (my $i=0;$i <= $#entvar;$i++)
{
print LOGFILE "Ent Value $i: $entvarname[$i]=$entvar[$i]\n";
}
@@ -3187,6 +3621,7 @@
}
}
+ my $message_short;
if ( ($mysql_dbi_enable == 1) ||
($postgresql_dbi_enable == 1) ||
($dbd_odbc_enable == 1) ||
@@ -3202,7 +3637,6 @@
$enterprise_trans = &translate_enterprise_oid_format_sub($var[6]);
- $db_enterprise;
if ($net_snmp_perl_enable == 1 && $db_translate_enterprise == 1)
{
$db_enterprise = $enterprise_trans;
@@ -3228,64 +3662,32 @@
my $community = $var[5];
$community =~ s(\')(\\\')g; #'
- $community =~ s(\")(\\\")g; #"
-
- my $prepare_successful = 0;
- my $do_successful = 0;
-
- my $sql_statement = "INSERT INTO $mysql_dbi_table_unknown (trapoid, enterprise,
- community, hostname, agentip, uptime, traptime,
- formatline) VALUES (?,?,?,?,?,?,?,?)";
- my $sth_mysql = $dbh_mysql->prepare($sql_statement);
- unless (defined ($sth_mysql)) {
- my $msg = "MySQL error " . $dbh_mysql->{'errno'} . ": Unable to perform PREPARE: ".$dbh_mysql->errstr;
- warn $msg, "\n";
-
- if ($DEBUGGING >= 1)
- {
- print $msg, "\n";
- }
-
- if ($syslog_system_enable == 1)
- {
- syslog_system($msg);
- }
+ $community =~ s(\")(\\\")g; #"
- if ($eventlog_system_enable == 1)
- {
- eventlog_system($msg,23,$eventlog_error);
+ my @t_sql_custom_columns_unknown = ();
+
+ if (@sql_custom_columns_unknown) {
+ @t_sql_custom_columns_unknown = @sql_custom_columns_unknown;
+
+ for (my $i = 1; $i <= $#t_sql_custom_columns_unknown; $i+=2) {
+ $_ = $t_sql_custom_columns_unknown[$i];
+ print "Performing substitution on custom column: $_\n";
+ &substitute();
+ print "Done performing substitution on custom column: $_\n";
+ $t_sql_custom_columns_unknown[$i] = $_;
}
}
- else {
- $prepare_successful = 1;
- }
-
- if ($prepare_successful == 1)
- {
- unless (defined ($sth_mysql->execute($receivedtrap_trans,$db_enterprise,
- $community,$agent_dns_name,$var[4],$var[2],$trap_date_time,$message_short2))) {
- my $msg = "MySQL error " . $dbh_mysql->{'errno'} . ": Unable to perform INSERT INTO (EXECUTE): ".$dbh_mysql->errstr;
- warn $msg, "\n";
-
- if ($DEBUGGING >= 1)
- {
- print $msg, "\n";
- }
-
- if ($syslog_system_enable == 1)
- {
- syslog_system($msg);
- }
- if ($eventlog_system_enable == 1)
- {
- eventlog_system($msg,15,$eventlog_error);
- }
- }
- else {
- $do_successful = 1;
- }
- }
+ &mysql_insert($mysql_dbi_table_unknown,
+ "trapoid", $receivedtrap_trans,
+ "enterprise", $db_enterprise,
+ "community", $community,
+ "hostname", $agent_dns_name,
+ "agentip", $var[4],
+ "uptime", $var[2],
+ "traptime", $trap_date_time_sql,
+ "formatline", $message_short2,
+ @t_sql_custom_columns_unknown);
}
if ($postgresql_dbi_enable == 1 && defined ($dbh_postgresql) && $postgresql_dbi_table_unknown ne "")
@@ -3299,64 +3701,31 @@
$community =~ s(\')(\\\')g; #'
$community =~ s(\")(\\\")g; #"
- my $prepare_successful = 0;
- my $do_successful = 0;
-
- my $sql_statement = "INSERT INTO $postgresql_dbi_table_unknown (trapoid, enterprise,
- community, hostname, agentip, uptime, traptime,
- formatline) VALUES (?,?,?,?,?,?,?,?)";
-
- my $sth_postgresql = $dbh_postgresql->prepare($sql_statement);
- unless (defined ($sth_postgresql)) {
- my $msg = "Postgres error: Unable to perform PREPARE: ".$dbh_postgresql->errstr;
-
- warn $msg, "\n";
-
- if ($DEBUGGING >= 1)
- {
- print $msg, "\n";
- }
-
- if ($syslog_system_enable == 1)
- {
- syslog_system($msg);
- }
-
- if ($eventlog_system_enable == 1)
- {
- eventlog_system($msg,22,$eventlog_error);
+ my @t_sql_custom_columns_unknown = ();
+
+ if (@sql_custom_columns_unknown) {
+ @t_sql_custom_columns_unknown = @sql_custom_columns_unknown;
+
+ for (my $i = 1; $i <= $#t_sql_custom_columns_unknown; $i+=2) {
+ $_ = $t_sql_custom_columns_unknown[$i];
+ print "Performing substitution on custom column: $_\n";
+ &substitute();
+ print "Done performing substitution on custom column: $_\n";
+ $t_sql_custom_columns_unknown[$i] = $_;
}
}
- else {
- $prepare_successful = 1;
- }
- if ($prepare_successful == 1)
- {
- unless (defined ($sth_postgresql->execute($receivedtrap_trans,$db_enterprise,
- $community,$agent_dns_name,$var[4],$var[2],$trap_date_time,$message_short2))) {
- my $msg = "Postgres error: Unable to perform INSERT INTO (EXECUTE): ".$dbh_postgresql->errstr;
- warn $msg, "\n";
-
- if ($DEBUGGING >= 1)
- {
- print $msg, "\n";
- }
-
- if ($syslog_system_enable == 1)
- {
- syslog_system($msg);
- }
-
- if ($eventlog_system_enable == 1)
- {
- eventlog_system($msg,19,$eventlog_error);
- }
- }
- else {
- $do_successful = 1;
- }
- }
+ &postgresql_insert($postgresql_dbi_table_unknown,
+ "trapoid", $receivedtrap_trans,
+ "enterprise", $db_enterprise,
+ "community", $community,
+ "hostname", $agent_dns_name,
+ "agentip", $var[4],
+ "uptime", $var[2],
+ "traptime", $trap_date_time_sql,
+ "formatline", $message_short2,
+ @t_sql_custom_columns_unknown);
+
}
if ($dbd_odbc_enable == 1 && defined ($dbh_odbc) && $dbd_odbc_table_unknown ne "")
@@ -3368,28 +3737,31 @@
my $community = $var[5];
$community =~ s(\')('')g; #'
- unless (defined ($dbh_odbc->do(
- "INSERT INTO $dbd_odbc_table_unknown (trapoid, enterprise,
- community, hostname, agentip, uptime, traptime,
- formatline) VALUES (
- \'$receivedtrap_trans'\,
- \'$db_enterprise\',\'$community\',\'$agent_dns_name\',\'$var[4]\',
- \'$var[2]\',\'".$trap_date_time."\',
- \'$message_short2\')" ) ) )
- {
- warn "DBI DBD::ODBC error: Unable to perform INSERT INTO: ".$dbh_odbc->errstr."\n";
-
- if ($syslog_system_enable == 1)
- {
- syslog_system("DBI DBD::ODBC error: Unable to perform INSERT INTO: ".$dbh_odbc->errstr);
- }
-
- if ($eventlog_system_enable == 1)
- {
- eventlog_system("DBI DBD::ODBC error: Unable to perform INSERT INTO: ".$dbh_odbc->errstr,
- 16,$eventlog_error);
+ my @t_sql_custom_columns_unknown = ();
+
+ if (@sql_custom_columns_unknown) {
+ @t_sql_custom_columns_unknown = @sql_custom_columns_unknown;
+
+ for (my $i = 1; $i <= $#t_sql_custom_columns_unknown; $i+=2) {
+ $_ = $t_sql_custom_columns_unknown[$i];
+ print "Performing substitution on custom column: $_\n";
+ &substitute();
+ print "Done performing substitution on custom column: $_\n";
+ $t_sql_custom_columns_unknown[$i] = $_;
}
}
+
+ &odbc_insert($dbd_odbc_table_unknown,
+ "trapoid", $receivedtrap_trans,
+ "enterprise", $db_enterprise,
+ "community", $community,
+ "hostname", $agent_dns_name,
+ "agentip", $var[4],
+ "uptime", $var[2],
+ "traptime", $trap_date_time_sql,
+ "formatline", $message_short2,
+ @t_sql_custom_columns_unknown);
+
}
if ($sql_win32_odbc_enable == 1 && defined ($dbh_win32_odbc) && $sql_win32_odbc_table_unknown ne "")
@@ -3401,24 +3773,31 @@
my $community = $var[5];
$community =~ s(\')('')g; #'
- # if defined, there's an error
- if (defined ($dbh_win32_odbc->Sql
- ("INSERT INTO $sql_win32_odbc_table_unknown (trapoid, enterprise,
- community, hostname, agentip, uptime, traptime,
- formatline) VALUES (
- \'$receivedtrap_entry'\,
- \'$db_enterprise\',\'$community\',\'$agent_dns_name\',\'$var[4]\',
- \'$var[2]\',\'".$trap_date_time."\',
- \'$message_short2\')" ) ) )
- {
- warn "Unable to perform INSERT INTO: ".Win32::ODBC::Error()."\n";
-
- if ($eventlog_system_enable == 1)
- {
- eventlog_system("Win32::ODBC error: Unable to perform INSERT INTO: ".Win32::ODBC::Error(),
- 17,$eventlog_error);
+ my @t_sql_custom_columns_unknown = ();
+
+ if (@sql_custom_columns_unknown) {
+ @t_sql_custom_columns_unknown = @sql_custom_columns_unknown;
+
+ for (my $i = 1; $i <= $#t_sql_custom_columns_unknown; $i+=2) {
+ $_ = $t_sql_custom_columns_unknown[$i];
+ print "Performing substitution on custom column: $_\n";
+ &substitute();
+ print "Done performing substitution on custom column: $_\n";
+ $t_sql_custom_columns_unknown[$i] = $_;
}
}
+
+ &sql_win32_odbc_insert($sql_win32_odbc_table_unknown,
+ "trapoid", $receivedtrap_trans,
+ "enterprise", $db_enterprise,
+ "community", $community,
+ "hostname", $agent_dns_name,
+ "agentip", $var[4],
+ "uptime", $var[2],
+ "traptime", $trap_date_time_sql,
+ "formatline", $message_short2,
+ @t_sql_custom_columns_unknown);
+
}
}
}
@@ -3549,6 +3928,7 @@
$daemon = 0;
}
+ $snmptt_system_name = $cfg->val('General', 'snmptt_system_name');
$multiple_event = $cfg->val('General', 'multiple_event');
$dns_enable = $cfg->val('General', 'dns_enable');
$strip_domain = $cfg->val('General', 'strip_domain');
@@ -3569,11 +3949,16 @@
$dynamic_nodes = $cfg->val('General', 'dynamic_nodes');
$description_mode = $cfg->val('General', 'description_mode');
$description_clean = $cfg->val('General', 'description_clean');
- $unknown_trap_exec = $cfg->val('General', 'unknown_trap_exec');
+ $threads_enable = $cfg->val('General', 'threads_enable');
+ $threads_max = $cfg->val('General', 'threads_max');
+ $date_format = $cfg->val('General', 'date_format');
+ $time_format = $cfg->val('General', 'time_format');
+ $date_time_format = $cfg->val('General', 'date_time_format');
# DaemonMode
$daemon_fork = $cfg->val('DaemonMode', 'daemon_fork');
$daemon_uid = $cfg->val('DaemonMode', 'daemon_uid');
+ $pid_file = $cfg->val('DaemonMode', 'pid_file');
$spool_directory = $cfg->val('DaemonMode', 'spool_directory');
$sleep = $cfg->val('DaemonMode', 'sleep');
$use_trap_time = $cfg->val('DaemonMode', 'use_trap_time');
@@ -3583,6 +3968,8 @@
$stdout_enable = $cfg->val('Logging', 'stdout_enable');
$log_enable = $cfg->val('Logging', 'log_enable');
$log_file = $cfg->val('Logging', 'log_file');
+ $log_system_enable = $cfg->val('Logging', 'log_system_enable');
+ $log_system_file = $cfg->val('Logging', 'log_system_file');
$unknown_trap_log_enable = $cfg->val('Logging', 'unknown_trap_log_enable');
$unknown_trap_log_file = $cfg->val('Logging', 'unknown_trap_log_file');
$statistics_interval = $cfg->val('Logging', 'statistics_interval');
@@ -3609,6 +3996,9 @@
# Exec
$exec_enable = $cfg->val('Exec', 'exec_enable');
$pre_exec_enable = $cfg->val('Exec', 'pre_exec_enable');
+ $unknown_trap_exec = $cfg->val('Exec', 'unknown_trap_exec');
+ $unknown_trap_exec_format = $cfg->val('Exec', 'unknown_trap_exec_format');
+ $exec_escape = $cfg->val('Exec', 'exec_escape');
# SQL
$db_translate_enterprise = $cfg->val('SQL', 'db_translate_enterprise');
@@ -3619,6 +4009,7 @@
$mysql_dbi_database = $cfg->val('SQL', 'mysql_dbi_database');
$mysql_dbi_table = $cfg->val('SQL', 'mysql_dbi_table');
$mysql_dbi_table_unknown = $cfg->val('SQL', 'mysql_dbi_table_unknown');
+ $mysql_dbi_table_statistics = $cfg->val('SQL', 'mysql_dbi_table_statistics');
$mysql_dbi_username = $cfg->val('SQL', 'mysql_dbi_username');
$mysql_dbi_password = $cfg->val('SQL', 'mysql_dbi_password');
$mysql_ping_on_insert = $cfg->val('SQL', 'mysql_ping_on_insert');
@@ -3632,6 +4023,7 @@
$postgresql_dbi_database = $cfg->val('SQL', 'postgresql_dbi_database');
$postgresql_dbi_table = $cfg->val('SQL', 'postgresql_dbi_table');
$postgresql_dbi_table_unknown = $cfg->val('SQL', 'postgresql_dbi_table_unknown');
+ $postgresql_dbi_table_statistics = $cfg->val('SQL', 'postgresql_dbi_table_statistics');
$postgresql_dbi_username = $cfg->val('SQL', 'postgresql_dbi_username');
$postgresql_dbi_password = $cfg->val('SQL', 'postgresql_dbi_password');
$postgresql_ping_on_insert = $cfg->val('SQL', 'postgresql_ping_on_insert');
@@ -3641,6 +4033,7 @@
$dbd_odbc_dsn = $cfg->val('SQL', 'dbd_odbc_dsn');
$dbd_odbc_table = $cfg->val('SQL', 'dbd_odbc_table');
$dbd_odbc_table_unknown = $cfg->val('SQL', 'dbd_odbc_table_unknown');
+ $dbd_odbc_table_statistics = $cfg->val('SQL', 'dbd_odbc_table_statistics');
$dbd_odbc_username = $cfg->val('SQL', 'dbd_odbc_username');
$dbd_odbc_password = $cfg->val('SQL', 'dbd_odbc_password');
$dbd_odbc_ping_on_insert = $cfg->val('SQL', 'dbd_odbc_ping_on_insert');
@@ -3650,9 +4043,16 @@
$sql_win32_odbc_dsn = $cfg->val('SQL', 'sql_win32_odbc_dsn');
$sql_win32_odbc_table = $cfg->val('SQL', 'sql_win32_odbc_table');
$sql_win32_odbc_table_unknown = $cfg->val('SQL', 'sql_win32_odbc_table_unknown');
+ $sql_win32_odbc_table_statistics = $cfg->val('SQL', 'sql_win32_odbc_table_statistics');
$sql_win32_odbc_username = $cfg->val('SQL', 'sql_win32_odbc_username');
$sql_win32_odbc_password = $cfg->val('SQL', 'sql_win32_odbc_password');
+ @sql_custom_columns = $cfg->val('SQL', 'sql_custom_columns');
+ @sql_custom_columns_unknown = $cfg->val('SQL', 'sql_custom_columns_unknown');
+
+ $date_time_format_sql = $cfg->val('SQL', 'date_time_format_sql');
+ $stat_time_format_sql = $cfg->val('SQL', 'stat_time_format_sql');
+
# Debugging
if ($debugcmdline == 0) {
$DEBUGGING = $cfg->val('Debugging', 'DEBUGGING');
@@ -3669,6 +4069,11 @@
#
# Defaults Start
#
+ if ($snmptt_system_name eq "") {
+ if (hostname ne "") {
+ $snmptt_system_name = hostname;
+ }
+ }
if (! defined ($multiple_event)) { $multiple_event = 0} ;
if (! defined ($dns_enable)) { $dns_enable = 0} ;
if (! defined ($strip_domain)) { $strip_domain = 0} ;
@@ -3687,10 +4092,17 @@
if (! defined ($dynamic_nodes)) { $dynamic_nodes = 0} ;
if (! defined ($description_mode)) { $description_mode = 0} ;
if (! defined ($description_clean)) { $description_clean = 1} ;
- if (! defined ($unknown_trap_exec)) { $unknown_trap_exec = ''} ;
+ if (! defined ($threads_enable)) { $threads_enable = 0} ;
+ if (! defined ($threads_max)) { $threads_max = 10} ;
+ if (! defined ($date_format)) { $date_format = "%a %b %e %Y"} ;
+ if (! defined ($time_format)) { $time_format = "%H:%M:%S"} ;
+ if (! defined ($date_time_format)) { $date_time_format = ""} ;
+ if (! defined ($date_time_format_sql)) { $date_time_format_sql = ""} ;
+ if (! defined ($stat_time_format_sql)) { $stat_time_format_sql = ""} ;
if (! defined ($daemon_fork)) { $daemon_fork = 1} ;
if (! defined ($daemon_uid)) { $daemon_uid = ''} ;
+ if (! defined ($pid_file)) { $pid_file = ''} ;
if (! defined ($spool_directory)) { $spool_directory = ''} ;
if (! defined ($sleep)) { $sleep = 5} ;
if (! defined ($use_trap_time)) { $use_trap_time = 1} ;
@@ -3699,6 +4111,8 @@
if (! defined ($stdout_enable)) { $stdout_enable = 0} ;
if (! defined ($log_enable)) { $log_enable = 1} ;
if (! defined ($log_file)) { $log_file = ''} ;
+ if (! defined ($log_system_enable)) { $log_system_enable = 0} ;
+ if (! defined ($log_system_file)) { $log_system_file = ''} ;
if (! defined ($unknown_trap_log_enable)) { $unknown_trap_log_enable = 0} ;
if (! defined ($unknown_trap_log_file)) { $unknown_trap_log_file = ''} ;
if (! defined ($syslog_enable)) { $syslog_enable = 0} ;
@@ -3713,6 +4127,16 @@
if (! defined ($eventlog_system_enable)) { $eventlog_system_enable = 0} ;
if (! defined ($exec_enable)) { $exec_enable = 1} ;
if (! defined ($pre_exec_enable)) { $pre_exec_enable = 1} ;
+ if (! defined ($unknown_trap_exec)) { $unknown_trap_exec = ''} ;
+ if (! defined ($unknown_trap_exec_format)) { $unknown_trap_exec_format = ''} ;
+ if (! defined ($exec_escape)) {
+ if ($^O =~ /MSWin32/) {
+ $exec_escape = 0;
+ }
+ else {
+ $exec_escape = 1;
+ }
+ }
if (! defined ($db_translate_enterprise)) { $db_translate_enterprise = 0} ;
if (! defined ($db_unknown_trap_format)) { $db_unknown_trap_format = '$-*'} ;
if (! defined ($mysql_dbi_enable)) { $mysql_dbi_enable = 0} ;
@@ -3721,6 +4145,7 @@
if (! defined ($mysql_dbi_database)) { $mysql_dbi_database = ''} ;
if (! defined ($mysql_dbi_table)) { $mysql_dbi_table = ''} ;
if (! defined ($mysql_dbi_table_unknown)) { $mysql_dbi_table_unknown = ''} ;
+ if (! defined ($mysql_dbi_table_statistics)) { $mysql_dbi_table_statistics = ''} ;
if (! defined ($mysql_dbi_username)) { $mysql_dbi_username = ''} ;
if (! defined ($mysql_dbi_password)) { $mysql_dbi_password = ''} ;
if (! defined ($mysql_ping_on_insert)) { $mysql_ping_on_insert = 1} ;
@@ -3733,6 +4158,7 @@
if (! defined ($postgresql_dbi_database)) { $postgresql_dbi_database = ''} ;
if (! defined ($postgresql_dbi_table)) { $postgresql_dbi_table = ''} ;
if (! defined ($postgresql_dbi_table_unknown)) { $postgresql_dbi_table_unknown = ''} ;
+ if (! defined ($postgresql_dbi_table_statistics)) { $postgresql_dbi_table_statistics = ''} ;
if (! defined ($postgresql_dbi_username)) { $postgresql_dbi_username = ''} ;
if (! defined ($postgresql_dbi_password)) { $postgresql_dbi_password = ''} ;
if (! defined ($postgresql_ping_on_insert)) { $postgresql_ping_on_insert = 1} ;
@@ -3741,6 +4167,7 @@
if (! defined ($dbd_odbc_dsn)) { $dbd_odbc_dsn = ''} ;
if (! defined ($dbd_odbc_table)) { $dbd_odbc_table = ''} ;
if (! defined ($dbd_odbc_table_unknown)) { $dbd_odbc_table_unknown = ''} ;
+ if (! defined ($dbd_odbc_table_statistics)) { $dbd_odbc_table_statistics = ''} ;
if (! defined ($dbd_odbc_username)) { $dbd_odbc_username = ''} ;
if (! defined ($dbd_odbc_password)) { $dbd_odbc_password = ''} ;
if (! defined ($dbd_odbc_ping_on_insert)) { $dbd_odbc_ping_on_insert = 1} ;
@@ -3749,8 +4176,11 @@
if (! defined ($sql_win32_odbc_dsn)) { $sql_win32_odbc_dsn = ''} ;
if (! defined ($sql_win32_odbc_table)) { $sql_win32_odbc_table = ''} ;
if (! defined ($sql_win32_odbc_table_unknown)) { $sql_win32_odbc_table_unknown = ''} ;
+ if (! defined ($sql_win32_odbc_table_statistics)) { $sql_win32_odbc_table_statistics = ''} ;
if (! defined ($sql_win32_odbc_username)) { $sql_win32_odbc_username = ''} ;
if (! defined ($sql_win32_odbc_password)) { $sql_win32_odbc_password = ''} ;
+ if (! (@sql_custom_columns)) { @sql_custom_columns = ()} ;
+ if (! (@sql_custom_columns_unknown)) { @sql_custom_columns_unknown = ()} ;
if (! defined ($DEBUGGING)) { $DEBUGGING = 0} ;
if (! defined ($DEBUGGING_FILE)) { $DEBUGGING_FILE = ''} ;
@@ -3801,6 +4231,31 @@
}
+sub log_system {
+ my $message = $_[0];
+
+ my @localtime_array = localtime();
+ my $log_time;
+
+ if ($date_time_format eq "") {
+ $log_time = localtime();
+ }
+ else {
+ $log_time = strftime $date_time_format, @localtime_array;
+ }
+
+ if (open LOGSYSFILE, ">>$log_system_file")
+ {
+ print LOGSYSFILE $log_time." $message\n";
+ close LOGSYSFILE;
+ }
+ else
+ {
+ warn "Can not open log file $log_system_file: $!";
+ print "Can not open syslog. Message to be logged: $message\n" if ($DEBUGGING >= 1);
+ }
+}
+
sub eventlog_system {
my $message = $_[0];
my $eventid = $_[1];
@@ -3810,7 +4265,7 @@
my %event_entry = ('Source' => "SNMPTT",
'EventType' => $type,
- 'Category' => NULL,
+ 'Category' => '\0',
'EventID' => $eventid,
'Strings' => $message);
@@ -3935,6 +4390,7 @@
$noinf = 0;
while ($done)
{
+ my $found;
if ($string_temp =~ /(?<!\.)(?<!\d)(\d+\.\d+\.\d+\.\d+)(?!\.\d)(?!\d)/ ) { $found = 1; }
#if ($string_temp =~ /(?<!\.)(\d+\.\d+\.\d+\.\d+)(?!\.)/ ) { $found = 1; }
else { $found = 0; }
@@ -3966,6 +4422,7 @@
$noinf = 0;
while ($done)
{
+ my $found;
if ($string_temp =~ /(?<!\d)(\.\d+)+/) { $found = 1; } # don't match n.n.n but do match .n.n.n
else { $found = 0; }
@@ -4053,6 +4510,7 @@
$noinf = 0;
while ($done)
{
+ my $found;
if ($string_temp =~ /(?<!\.)(?<!\d)(\d+\.\d+\.\d+\.\d+)(?!\.\d)(?!\d)/ ) { $found = 1; }
#if ($string_temp =~ /(?<!\.)(\d+\.\d+\.\d+\.\d+)(?!\.)/ ) { $found = 1; }
else { $found = 0; }
@@ -4189,6 +4647,18 @@
($result == 1 ? "true" : "false") . "\n";
}
}
+ # Match is a bitwise and
+ elsif ($match =~ /&\d+/)
+ {
+ #print "Bitwise and detected\n";
+ $result = match_bitwise_and($value, $match);
+ $result = match_result($result, $not);
+ if ($DEBUGGING >= 1)
+ {
+ print " BITWISE AND: value=$value, match=" . ($not == 1 ? "!$match" : "$match") . " Result=" .
+ ($result == 1 ? "true" : "false") . "\n";
+ }
+ }
# Match is a number
elsif ($match =~ /\d+/)
{
@@ -4340,6 +4810,31 @@
return 0;
}
+sub match_bitwise_and
+{
+ my $value = shift;
+ my $match = shift;
+
+ # Return if value is not a number
+ if (! ($value =~ /\d+/)) {
+ return 0;
+ }
+
+ # Remove & from value
+ $match =~ s/^&//;
+
+ my $result;
+
+ # Make sure values are passed as numbers by adding 0 to each
+ my $temp = 0+$value & 0+$match;
+
+ if ($temp > 0)
+ {
+ return 1;
+ }
+ return 0;
+}
+
sub my_translateObj
{
my $oid = shift;
@@ -4400,9 +4895,9 @@
# If mode = 2, strip off the domains as listed in strip_domain_list in .ini file
elsif ($mode == 2 && !($name =~ /^\d+\.\d+\.\d+\.\d+$/))
{
- if (defined (@strip_domain_list))
+ if (@strip_domain_list)
{
- foreach $strip_domain_list_temp (@strip_domain_list)
+ foreach my $strip_domain_list_temp (@strip_domain_list)
{
if ($strip_domain_list_temp =~ /^\..*/) # If domain from list starts with a '.' then remove it first
{
@@ -4491,8 +4986,7 @@
my $nodes_list = shift;
my @nodes = ();
my @nodes2 = ();
- my %nodes_file_hash = ();
-
+
# print "Processing NODES\n";
# Put all the NODES entries into @nodes, and then go through them all and put
@@ -4508,7 +5002,7 @@
#print "!Dynamic enabled\n";
if (open NODESFILE, $a)
{
- while (defined($line = <NODESFILE>))
+ while (defined(my $line = <NODESFILE>))
{
chomp($line);
# Allow comment lines starting with a #
@@ -4645,6 +5139,10 @@
{
syslog_system("Total traps received=$g_total_traps_received,Total traps translated=$g_total_traps_translated,Total traps ignored=$g_total_traps_ignored,Total unknown traps=$g_total_traps_unknown");
}
+ if ($log_system_enable == 1)
+ {
+ log_system("Total traps received=$g_total_traps_received,Total traps translated=$g_total_traps_translated,Total traps ignored=$g_total_traps_ignored,Total unknown traps=$g_total_traps_unknown");
+ }
if ($eventlog_system_enable == 1)
{
my $message = "" . \
@@ -4656,6 +5154,82 @@
eventlog_system($message,1,$eventlog_information);
}
+ if ($mysql_dbi_enable == 1 && defined ($dbh_mysql) && $mysql_dbi_table_statistics ne "")
+ {
+ my $stat_time_temp;
+
+ if ($stat_time_format_sql eq "") {
+ $stat_time_temp = localtime();
+ }
+ else {
+ $stat_time_temp = strftime $stat_time_format_sql, localtime();
+ }
+
+ &mysql_insert($mysql_dbi_table_statistics,
+ "stat_time", $stat_time_temp,
+ "total_received", $g_total_traps_received,
+ "total_translated", $g_total_traps_translated,
+ "total_ignored", $g_total_traps_ignored,
+ "total_unknown", $g_total_traps_unknown);
+ }
+
+ if ($postgresql_dbi_enable == 1 && defined ($dbh_postgresql) && $postgresql_dbi_table_statistics ne "")
+ {
+ my $stat_time_temp;
+
+ if ($stat_time_format_sql eq "") {
+ $stat_time_temp = localtime();
+ }
+ else {
+ $stat_time_temp = strftime $stat_time_format_sql, localtime();
+ }
+
+ &postgresql_insert($postgresql_dbi_table_statistics,
+ "stat_time", $stat_time_temp,
+ "total_received", $g_total_traps_received,
+ "total_translated", $g_total_traps_translated,
+ "total_ignored", $g_total_traps_ignored,
+ "total_unknown", $g_total_traps_unknown);
+ }
+
+ if ($dbd_odbc_enable == 1 && defined ($dbh_odbc) && $dbd_odbc_table_statistics ne "")
+ {
+ my $stat_time_temp;
+
+ if ($stat_time_format_sql eq "") {
+ $stat_time_temp = localtime();
+ }
+ else {
+ $stat_time_temp = strftime $stat_time_format_sql, localtime();
+ }
+
+ &odbc_insert($dbd_odbc_table_statistics,
+ "stat_time", $stat_time_temp,
+ "total_received", $g_total_traps_received,
+ "total_translated", $g_total_traps_translated,
+ "total_ignored", $g_total_traps_ignored,
+ "total_unknown", $g_total_traps_unknown);
+ }
+
+ if ($sql_win32_odbc_enable == 1 && defined ($dbh_win32_odbc) && $sql_win32_odbc_table_statistics ne "")
+ {
+ my $stat_time_temp;
+
+ if ($stat_time_format_sql eq "") {
+ $stat_time_temp = localtime();
+ }
+ else {
+ $stat_time_temp = strftime $stat_time_format_sql, localtime();
+ }
+
+ &sql_win32_odbc_insert($sql_win32_odbc_table_statistics,
+ "stat_time", $stat_time_temp,
+ "total_received", $g_total_traps_received,
+ "total_translated", $g_total_traps_translated,
+ "total_ignored", $g_total_traps_ignored,
+ "total_unknown", $g_total_traps_unknown);
+ }
+
$g_last_statistics_logged = time();
}
@@ -4731,6 +5305,10 @@
{
syslog_system($msg);
}
+ if ($log_system_enable == 1)
+ {
+ log_system($msg);
+ }
if ($eventlog_system_enable == 1)
{
eventlog_system($msg,12,$eventlog_error);
@@ -4779,6 +5357,10 @@
{
syslog_system($msg);
}
+ if ($log_system_enable == 1)
+ {
+ log_system($msg);
+ }
if ($eventlog_system_enable == 1)
{
eventlog_system($msg,18,$eventlog_error);
@@ -4804,6 +5386,10 @@
{
syslog_system($msg);
}
+ if ($log_system_enable == 1)
+ {
+ log_system($msg);
+ }
if ($eventlog_system_enable == 1)
{
eventlog_system($msg,13,$eventlog_error);
@@ -4896,3 +5482,380 @@
}
}
+sub mysql_insert {
+ my $table = shift;
+ my @data = @_;
+
+ # If the number of elements in @data is odd, remove the last element
+ # Note: $# returns the last element # so it's reall #$data + 1
+ #print "mod :" . $#data % 2 . "\n";
+ if ($#data % 2 == 0) {
+ pop @data;
+ }
+
+ #print "------------------ mysql_insert ---------------\n";
+
+ my $sql_prepare = "INSERT INTO $table (";
+ my @sql_execute;
+
+ for (my $i = 0; $i < $#data;) {
+ #print $data[$i]. "\n";
+ $sql_prepare .= $data[$i];
+ push (@sql_execute, $data[$i+1]);
+
+ $i+=2;
+
+ if ($i < ($#data)) {
+ $sql_prepare .= ",";
+ }
+ }
+ $sql_prepare .= ") VALUES (?";
+ $sql_prepare .= ",?" x ($#data / 2);
+ $sql_prepare .= ")";
+
+ #foreach my $x (@sql_execute) {
+ # print "$x\n";
+ #}
+
+ #print "sql_prepare: $sql_prepare\n";
+ #print "sql_execute: @sql_execute\n";
+
+ # Make sure the connection is up
+ if ($mysql_ping_on_insert == 1) {
+ &mysql_ping();
+ }
+
+ if (defined ($dbh_mysql)) {
+ my $prepare_successful = 0;
+ my $do_successful = 0;
+
+ #my $sql_statement = "INSERT INTO $mysql_dbi_table (eventname, eventid,
+ #trapoid, enterprise, community, hostname, agentip, category, severity,
+ #uptime, traptime, formatline) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)";
+
+ my $sth_mysql = $dbh_mysql->prepare($sql_prepare);
+ unless (defined ($sth_mysql)) {
+ my $msg = "MySQL error " . $dbh_mysql->{'errno'} . ": Unable to perform PREPARE: ".$dbh_mysql->errstr;
+ warn $msg, "\n";
+
+ if ($DEBUGGING >= 1)
+ {
+ print $msg, "\n";
+ }
+
+ if ($syslog_system_enable == 1)
+ {
+ syslog_system($msg);
+ }
+ if ($log_system_enable == 1)
+ {
+ log_system($msg);
+ }
+ if ($eventlog_system_enable == 1)
+ {
+ eventlog_system($msg,23,$eventlog_error);
+ }
+ }
+ else {
+ $prepare_successful = 1;
+ }
+
+ if ($prepare_successful == 1)
+ {
+ unless (defined ($sth_mysql->execute(@sql_execute))) {
+ my $msg = "MySQL error " . $dbh_mysql->{'errno'} . ": Unable to perform INSERT INTO (EXECUTE): ".$dbh_mysql->errstr;
+ warn $msg, "\n";
+
+ if ($DEBUGGING >= 1)
+ {
+ print $msg, "\n";
+ }
+
+ if ($syslog_system_enable == 1)
+ {
+ syslog_system($msg);
+ }
+
+ if ($log_system_enable == 1)
+ {
+ log_system($msg);
+ }
+
+ if ($eventlog_system_enable == 1)
+ {
+ eventlog_system($msg,15,$eventlog_error);
+ }
+ }
+ else {
+ $do_successful = 1;
+ }
+ }
+
+ if ($do_successful == 1)
+ {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+sub postgresql_insert {
+ my $table = shift;
+ my @data = @_;
+
+ # If the number of elements in @data is odd, remove the last element
+ # Note: $# returns the last element # so it's reall #$data + 1
+ #print "mod :" . $#data % 2 . "\n";
+ if ($#data % 2 == 0) {
+ pop @data;
+ }
+
+ #print "------------------ postgresql_insert ---------------\n";
+
+ my $sql_prepare = "INSERT INTO $table (";
+ my @sql_execute;
+
+ for (my $i = 0; $i < $#data;) {
+ $sql_prepare .= $data[$i];
+ push (@sql_execute, $data[$i+1]);
+
+ $i+=2;
+
+ if ($i < ($#data)) {
+ $sql_prepare .= ",";
+ }
+ }
+ $sql_prepare .= ") VALUES (?";
+ $sql_prepare .= ",?" x ($#data / 2);
+ $sql_prepare .= ")";
+
+ #foreach my $x (@sql_execute) {
+ # print "$x\n";
+ #}
+
+ #print "sql_prepare: $sql_prepare\n";
+ #print "sql_execute: @sql_execute\n";
+
+ # Make sure the connection is up
+ if ($postgresql_ping_on_insert == 1) {
+ &postgresql_ping();
+ }
+
+ if (defined ($dbh_postgresql)) {
+ my $prepare_successful = 0;
+ my $do_successful = 0;
+
+# my $sql_statement = "INSERT INTO $postgresql_dbi_table (eventname, eventid,
+# trapoid, enterprise, community, hostname, agentip, category, severity,
+# uptime, traptime, formatline) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)";
+
+ my $sth_postgresql = $dbh_postgresql->prepare($sql_prepare);
+ unless (defined ($sth_postgresql)) {
+ my $msg = "Postgres error: Unable to perform PREPARE: ".$dbh_postgresql->errstr;
+ warn $msg, "\n";
+
+ if ($DEBUGGING >= 1)
+ {
+ print $msg, "\n";
+ }
+
+ if ($syslog_system_enable == 1)
+ {
+ syslog_system($msg);
+ }
+
+ if ($log_system_enable == 1)
+ {
+ log_system($msg);
+ }
+
+ if ($eventlog_system_enable == 1)
+ {
+ eventlog_system($msg,22,$eventlog_error);
+ }
+ }
+ else {
+ $prepare_successful = 1;
+ }
+
+ if ($prepare_successful == 1)
+ {
+ unless (defined ($sth_postgresql->execute(@sql_execute))) {
+ my $msg = "Postgres error: Unable to perform INSERT INTO (EXECUTE): ".$dbh_postgresql->errstr;
+ warn $msg, "\n";
+
+ if ($DEBUGGING >= 1)
+ {
+ print $msg, "\n";
+ }
+
+ if ($syslog_system_enable == 1)
+ {
+ syslog_system($msg);
+ }
+ if ($log_system_enable == 1)
+ {
+ log_system($msg);
+ }
+
+ if ($eventlog_system_enable == 1)
+ {
+ eventlog_system($msg,19,$eventlog_error);
+ }
+ }
+ else {
+ $do_successful = 1;
+ }
+ }
+
+ if ($do_successful == 1)
+ {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+sub odbc_insert {
+ my $table = shift;
+ my @data = @_;
+
+ # If the number of elements in @data is odd, remove the last element
+ # Note: $# returns the last element # so it's reall #$data + 1
+ #print "mod :" . $#data % 2 . "\n";
+ if ($#data % 2 == 0) {
+ pop @data;
+ }
+
+ #print "------------------ odbc_insert ---------------\n";
+
+ my $sql_statement = "INSERT INTO $table (";
+ my @sql_values;
+
+ for (my $i = 0; $i < $#data;) {
+ $sql_statement .= $data[$i];
+ push (@sql_values, $data[$i+1]);
+
+ $i+=2;
+
+ if ($i < ($#data)) {
+ $sql_statement .= ",";
+ }
+ }
+ $sql_statement .= ") VALUES (";
+
+ for (my $i = 0; $i <= $#sql_values;) {
+ $sql_statement .= "\'" . @sql_values[$i] . "\'";
+ $i++;
+
+ if ($i <= ($#sql_values)) {
+ $sql_statement .= ",";
+ }
+ }
+
+ $sql_statement .= ")";
+
+ #print "sql_statement: $sql_statement\n";
+
+ # Make sure the connection is up
+ if ($dbd_odbc_ping_on_insert == 1) {
+ &dbd_odbc_ping();
+ }
+
+ if (defined ($dbh_odbc)) {
+ unless (defined ($dbh_odbc->do($sql_statement)))
+ {
+ my $msg = warn "DBI DBD::ODBC error: Unable to perform INSERT INTO: ".$dbh_odbc->errstr;
+ warn $msg, "\n";
+
+ if ($DEBUGGING >= 1)
+ {
+ print $msg, "\n";
+ }
+
+ if ($syslog_system_enable == 1)
+ {
+ syslog_system($msg);
+ }
+ if ($log_system_enable == 1)
+ {
+ log_system($msg);
+ }
+
+ if ($eventlog_system_enable == 1)
+ {
+ eventlog_system($msg,16,$eventlog_error);
+ }
+ }
+ else
+ {
+ return 1;
+ }
+ return 0;
+ }
+}
+
+sub sql_win32_odbc_insert {
+ my $table = shift;
+ my @data = @_;
+
+ # If the number of elements in @data is odd, remove the last element
+ # Note: $# returns the last element # so it's reall #$data + 1
+ #print "mod :" . $#data % 2 . "\n";
+ if ($#data % 2 == 0) {
+ pop @data;
+ }
+
+ #print "------------------ sql_win32_odbc_insert ---------------\n";
+
+ my $sql_statement = "INSERT INTO $table (";
+ my @sql_values;
+
+ for (my $i = 0; $i < $#data;) {
+ $sql_statement .= $data[$i];
+ push (@sql_values, $data[$i+1]);
+
+ $i+=2;
+
+ if ($i < ($#data)) {
+ $sql_statement .= ",";
+ }
+ }
+ $sql_statement .= ") VALUES (";
+
+ for (my $i = 0; $i <= $#sql_values;) {
+ $sql_statement .= "\'" . @sql_values[$i] . "\'";
+ $i++;
+
+ if ($i <= ($#sql_values)) {
+ $sql_statement .= ",";
+ }
+ }
+
+ $sql_statement .= ")";
+
+ #print "sql_statement: $sql_statement\n";
+
+ if (defined ($dbh_win32_odbc)) {
+ if (defined ($dbh_win32_odbc->Sql($sql_statement)))
+ {
+ my $msg = "Win32::ODBC error: Unable to perform INSERT INTO: ".Win32::ODBC::Error();
+ warn $msg, "\n";
+
+ if ($DEBUGGING >= 1)
+ {
+ print $msg, "\n";
+ }
+
+ if ($eventlog_system_enable == 1)
+ {
+ eventlog_system($msg,17,$eventlog_error);
+ }
+ }
+ else
+ {
+ return 1;
+ }
+ return 0;
+ }
+}
|
|
[-]
[+]
|
Changed |
snmptt_1.2.tar.bz2/snmptt.ini
^
|
| @@ -1,10 +1,14 @@
#
-# SNMPTT v1.1 Configuration File
+# SNMPTT v1.2 Configuration File
#
# Linux / Unix
#
[General]
+# Name of this system for $H variable. If blank, system name will be the computer's
+# hostname via Sys::Hostname.
+snmptt_system_name =
+
# Set to either 'standalone' or 'daemon'
# standalone: snmptt called from snmptrapd.conf
# daemon: snmptrapd.conf calls snmptthandler
@@ -13,6 +17,8 @@
# Set to 1 to allow multiple trap definitions to be executed for the same trap.
# Set to 0 to have it stop after the first match.
+# This option should normally be set to 1. See the section 'SNMPTT.CONF Configuration
+# file Notes' in the SNMPTT documentation for more information.
# Note: Wildcard matches are only matched if there are NO exact matches. This takes
# into consideration the NODES list. Therefore, if there is a matching trap, but
# the NODES list prevents it from being considered a match, the wildcard entry will
@@ -183,6 +189,36 @@
# or SNMPTT.CONF description when description_mode is set to 1 or 2.
description_clean = 1
+# Warning: Experimental. Not recommended for production environments.
+# When threads are enabled, SNMPTT may quit unexpectedly.
+# Set to 1 to enable threads (ithreads) in Perl 5.6.0 or higher. If enabled,
+# EXEC will launch in a thread to allow SNMPTT to continue processing other
+# traps. See also threads_max.
+# Set to 0 to disable threads (ithreads).
+# Defaults to 0
+threads_enable = 0
+
+# Warning: Experimental. Not recommended for production environments.
+# When threads are enabled, SNMPTT may quit unexpectedly.
+# This option allows you to set the maximum number of threads that will
+# execute at once. Defaults to 10
+threads_max = 10
+
+# The date format for $x in strftime() format. If not defined, defaults
+# to %a %b %e %Y.
+#date_format = %a %b %e %Y
+
+# The time format for $X in strftime() format. If not defined, defaults
+# to %H:%M:%S.
+#time_format = %H:%M:%S
+
+# The date time format in strftime() format for the date/time when logging
+# to standard output, snmptt log files (log_file) and the unknown log file
+# (unknown_trap_log_file). Defaults to localtime(). For SQL, see
+# date_time_format_sql.
+# Example: %a %b %e %Y %H:%M:%S
+#date_time_format =
+
[DaemonMode]
# Set to 1 to have snmptt fork to the background when run in daemon mode
# Ignored by Windows. See documentation
@@ -192,8 +228,17 @@
# that snmptt should change to when running in daemon mode. Leave blank
# to disable. The user used should have read/write access to all log
# files, the spool folder, and read access to the configuration files.
+# Only use this if you are starting snmptt as root.
+# A second (child) process will be started as the daemon_uid user so
+# there will be two snmptt processes running. The first process will
+# continue to run as the user that ran snmptt (root), waiting for the
+# child to quit. After the child quits, the parent process will remove
+# the snmptt.pid file and exit.
daemon_uid = snmptt
+# Complete path of file to store process ID when running in daemon mode.
+pid_file = /var/run/snmptt.pid
+
# Directory to read received traps from. Ex: /var/spool/snmptt/
# Don't forget the trailing slash!
spool_directory = /var/spool/snmptt/
@@ -222,12 +267,21 @@
# Would normally be disabled unless you are piping this program to another
stdout_enable = 0
-# Set to 1 to enable text logging. Make sure you specify a logfile location
+# Set to 1 to enable text logging of *TRAPS*. Make sure you specify a log_file
+# location
log_enable = 1
# Log file location. The COMPLETE path and filename. Ex: '/var/log/snmptt.log'
log_file = /var/log/snmptt.log
+# Set to 1 to enable text logging of *SNMPTT system errors*. Make sure you
+# specify a log_system_file location
+log_system_enable = 0
+
+# Log file location. The COMPLETE path and filename.
+# Ex: '/var/log/snmpttsystem.log'
+log_system_file = /var/log/snmpttsystem.log
+
# Set to 1 to enable logging of unknown traps. This should normally be left off
# as the file could grow large quickly. Used primarily for troubleshooting. If
# you have defined a trap in snmptt.conf, but it is not executing, enable this to
@@ -304,6 +358,25 @@
# FORMAT line to use for unknown traps. If not defined, defaults to $-*.
db_unknown_trap_format = '$-*'
+# List of custom SQL column names and values for the table of received traps
+# (defined by *_table below). The format is
+# column name
+# value
+#
+# For example:
+#
+# binding_count
+# $#
+# uptime2
+# The agent has been up for $T.
+sql_custom_columns = <<END
+END
+
+# List of custom SQL column names and values for the table of unknown traps
+# (defined by *_table_unknown below). See sql_custom_columns for the format.
+sql_custom_columns_unknown = <<END
+END
+
# MySQL: Set to 1 to enable logging to a MySQL database via DBI (Linux / Windows)
# This requires DBI:: and DBD::mysql
mysql_dbi_enable = 0
@@ -325,6 +398,11 @@
# Note: unknown_trap_log_enable must be enabled.
mysql_dbi_table_unknown = snmptt_unknown
+# MySQL: Table to use for statistics
+# Note: statistics_interval must be set. See also stat_time_format_sql.
+#mysql_dbi_table_statistics = snmptt_statistics
+mysql_dbi_table_statistics =
+
# MySQL: Username to use
mysql_dbi_username = snmpttuser
@@ -381,6 +459,11 @@
# Note: unknown_trap_log_enable must be enabled.
postgresql_dbi_table_unknown = snmptt_unknown
+# PostgreSQL: Table to use for statistics
+# Note: statistics_interval must be set. See also stat_time_format_sql.
+#postgresql_dbi_table_statistics = snmptt_statistics
+postgresql_dbi_table_statistics =
+
# PostgreSQL: Table to use
postgresql_dbi_table = snmptt
@@ -425,6 +508,11 @@
# Note: unknown_trap_log_enable must be enabled.
dbd_odbc_table_unknown = snmptt_unknown
+# DBD:ODBC: Table to use for statistics
+# Note: statistics_interval must be set. See also stat_time_format_sql.
+#dbd_odbc_table_statistics = snmptt_statistics
+dbd_odbc_table_statistics =
+
# DBD:ODBC: Username to use
dbd_odbc_username = snmptt
@@ -452,6 +540,18 @@
# 30 minutes = 1800
dbd_odbc_ping_interval = 300
+# The date time format for the traptime column in SQL. Defaults to
+# localtime(). When a date/time field is used in SQL, this should
+# be changed to follow a standard that is supported by the SQL server.
+# Example: For a MySQL DATETIME, use %Y-%m-%d %H:%M:%S.
+#date_time_format_sql =
+
+# The date time format for the stat_time column in SQL. Defaults to
+# localtime(). When a date/time field is used in SQL, this should
+# be changed to follow a standard that is supported by the SQL server.
+# Example: For a MySQL DATETIME, use %Y-%m-%d %H:%M:%S.
+#stat_time_format_sql =
+
[Exec]
# Set to 1 to allow EXEC statements to execute. Should normally be left on unless you
@@ -467,6 +567,19 @@
# but without the newlines.
unknown_trap_exec =
+# FORMAT line that is passed to the unknown_trap_exec command. If not defined, it
+# defaults to what is described in the unknown_trap_exec setting. The following
+# would be *similar* to the default described in the unknown_trap_exec setting
+# (all on one line):
+# $x !! $X: Unknown trap ($o) received from $A at: Value 0: $A Value 1: $aR
+# Value 2: $T Value 3: $o Value 4: $aA Value 5: $C Value 6: $e Ent Values: $+*
+unknown_trap_exec_format =
+
+# Set to 1 to escape wildards (* and ?) in EXEC, PREEXEC and the unknown_trap_exec
+# commands. Enable this to prevent the shell from expanding the wildcard
+# characters. The default is 1.
+exec_escape = 1
+
[Debugging]
# 0 - do not output messages
# 1 - output some basic messages
|
|
[-]
[+]
|
Changed |
snmptt_1.2.tar.bz2/snmptt.ini-nt
^
|
| @@ -1,10 +1,14 @@
#
-# SNMPTT v1.1 Configuration File
+# SNMPTT v1.2 Configuration File
#
# Windows NT
#
[General]
+# Name of this system for $H variable. If blank, system name will be the computer's
+# hostname via Sys::Hostname.
+snmptt_system_name =
+
# Set to either 'standalone' or 'daemon'
# standalone: snmptt called from snmptrapd.conf
# daemon: snmptrapd.conf calls snmptthandler
@@ -13,6 +17,8 @@
# Set to 1 to allow multiple trap definitions to be executed for the same trap.
# Set to 0 to have it stop after the first match.
+# This option should normally be set to 1. See the section 'SNMPTT.CONF Configuration
+# file Notes' in the SNMPTT documentation for more information.
# Note: Wildcard matches are only matched if there are NO exact matches. This takes
# into consideration the NODES list. Therefore, if there is a matching trap, but
# the NODES list prevents it from being considered a match, the wildcard entry will
@@ -183,6 +189,36 @@
# or SNMPTT.CONF description when description_mode is set to 1 or 2.
description_clean = 1
+# Warning: Experimental. Not recommended for production environments.
+# When threads are enabled, SNMPTT may quit unexpectedly.
+# Set to 1 to enable threads (ithreads) in Perl 5.6.0 or higher. If enabled,
+# EXEC will launch in a thread to allow SNMPTT to continue processing other
+# traps. See also threads_max.
+# Set to 0 to disable threads (ithreads).
+# Defaults to 0
+threads_enable = 0
+
+# Warning: Experimental. Not recommended for production environments.
+# When threads are enabled, SNMPTT may quit unexpectedly.
+# This option allows you to set the maximum number of threads that will
+# execute at once. Defaults to 10
+threads_max = 10
+
+# The date format for $x in strftime() format. If not defined, defaults
+# to %a %b %e %Y.
+#date_format = %a %b %e %Y
+
+# The time format for $X in strftime() format. If not defined, defaults
+# to %H:%M:%S.
+#time_format = %H:%M:%S
+
+# The date time format in strftime() format for the date/time when logging
+# to standard output, snmptt log files (log_file) and the unknown log file
+# (unknown_trap_log_file). Defaults to localtime(). For SQL, see
+# date_time_format_sql.
+# Example: %a %b %e %Y %H:%M:%S
+#date_time_format =
+
[DaemonMode]
# Set to 1 to have snmptt fork to the background when run in daemon mode
# Ignored by Windows. See documentation
@@ -216,12 +252,21 @@
# Would normally be disabled unless you are piping this program to another
stdout_enable = 0
-# Set to 1 to enable text logging. Make sure you specify a logfile location
+# Set to 1 to enable text logging of *TRAPS*. Make sure you specify a log_file
+# location
log_enable = 1
-# Log file location. The COMPLETE path and filename. Ex: 'c:\\snmp\\snmptt.log'
+# Log file location. The COMPLETE path and filename. Ex: '/var/log/snmptt.log'
log_file = c:\\snmp\\snmptt.log
+# Set to 1 to enable text logging of *SNMPTT system errors*. Make sure you
+# specify a log_system_file location
+log_system_enable = 0
+
+# Log file location. The COMPLETE path and filename.
+# Ex: '/var/log/snmpttsystem.log'
+log_system_file = c:\\snmp\\snmpttsystem.log
+
# Set to 1 to enable logging of unknown traps. This should normally be left off
# as the file could grow large quickly. Used primarily for troubleshooting. If
# you have defined a trap in snmptt.conf, but it is not executing, enable this to
@@ -283,6 +328,25 @@
# FORMAT line to use for unknown traps. If not defined, defaults to $-*.
db_unknown_trap_format = '$-*'
+# List of custom SQL column names and values for the table of received traps
+# (defined by *_table below). The format is
+# column name
+# value
+#
+# For example:
+#
+# binding_count
+# $#
+# uptime2
+# The agent has been up for $T.
+sql_custom_columns = <<END
+END
+
+# List of custom SQL column names and values for the table of unknown traps
+# (defined by *_table_unknown below). See sql_custom_columns for the format.
+sql_custom_columns_unknown = <<END
+END
+
# MySQL: Set to 1 to enable logging to a MySQL database via DBI (Linux / Windows)
# This requires DBI:: and DBD::mysql
mysql_dbi_enable = 0
@@ -304,6 +368,11 @@
# Note: unknown_trap_log_enable must be enabled.
mysql_dbi_table_unknown = snmptt_unknown
+# MySQL: Table to use for statistics
+# Note: statistics_interval must be set. See also stat_time_format_sql.
+#mysql_dbi_table_statistics = snmptt_statistics
+mysql_dbi_table_statistics =
+
# MySQL: Username to use
mysql_dbi_username = snmpttuser
@@ -363,6 +432,11 @@
# Note: unknown_trap_log_enable must be enabled.
postgresql_dbi_table_unknown = snmptt_unknown
+# PostgreSQL: Table to use for statistics
+# Note: statistics_interval must be set. See also stat_time_format_sql.
+#postgresql_dbi_table_statistics = snmptt_statistics
+postgresql_dbi_table_statistics =
+
# PostgreSQL: Username to use
postgresql_dbi_username = snmpttuser
@@ -404,6 +478,11 @@
# Note: unknown_trap_log_enable must be enabled.
dbd_odbc_table_unknown = snmptt_unknown
+# DBD:ODBC: Table to use for statistics
+# Note: statistics_interval must be set.
+#dbd_odbc_table_statistics = snmptt_statistics
+dbd_odbc_table_statistics =
+
# DBD:ODBC: Username to use
dbd_odbc_username = snmptt
@@ -437,20 +516,37 @@
# WinODBC: Database to use
sql_win32_odbc_dsn = snmptt
-# WinWinODBC: Table to use
+# WinODBC: Table to use
sql_win32_odbc_table = snmptt
-# DBD:ODBC: Table to use for unknown traps
+# WinODBC: Table to use for unknown traps
# Leave blank to disable logging of unknown traps to DBD:ODBC
# Note: unknown_trap_log_enable must be enabled.
sql_win32_odbc_table_unknown = snmptt_unknown
+# WinODBC: Table to use for statistics
+# Note: statistics_interval must be set.
+#sql_win32_odbc_table_statistics = snmptt_statistics
+sql_win32_odbc_table_statistics =
+
# WinODBC: Username to use
sql_win32_odbc_username = snmptt
# WinODBC:: Password to use
sql_win32_odbc_password = password
+# The date time format for the traptime column in SQL. Defaults to
+# localtime(). When a date/time field is used in SQL, this should
+# be changed to follow a standard that is supported by the SQL server.
+# Example: For a MySQL DATETIME, use %Y-%m-%d %H:%M:%S.
+#date_time_format_sql =
+
+# The date time format for the stat_time column in SQL. Defaults to
+# localtime(). When a date/time field is used in SQL, this should
+# be changed to follow a standard that is supported by the SQL server.
+# Example: For a MySQL DATETIME, use %Y-%m-%d %H:%M:%S.
+#stat_time_format_sql =
+
[Exec]
# Set to 1 to allow EXEC statements to execute. Should normally be left on unless you
@@ -466,6 +562,19 @@
# but without the newlines.
unknown_trap_exec =
+# FORMAT line that is passed to the unknown_trap_exec command. If not defined, it
+# defaults to what is described in the unknown_trap_exec setting. The following
+# would be *similar* to the default described in the unknown_trap_exec setting
+# (all on one line):
+# $x !! $X: Unknown trap ($o) received from $A at: Value 0: $A Value 1: $aR
+# Value 2: $T Value 3: $o Value 4: $aA Value 5: $C Value 6: $e Ent Values: $+*
+unknown_trap_exec_format =
+
+# Set to 1 to escape wildards (* and ?) in EXEC, PREEXEC and the unknown_trap_exec
+# commands. Enable this to prevent the shell from expanding the wildcard
+# characters. The default is 0 for Windows as it is not usually needed.
+exec_escape = 0
+
[Debugging]
# 0 - do not output messages
# 1 - output some basic messages
|
|
[-]
[+]
|
Changed |
snmptt_1.2.tar.bz2/snmpttconvert
^
|
| @@ -1,8 +1,8 @@
#!/usr/bin/perl
#
-# SNMPTTCONVERT v1.1
+# SNMPTTCONVERT v1.2
#
-# Copyright 2002-2006 Alex Burger
+# Copyright 2002-2007 Alex Burger
# alex_b@users.sourceforge.net
#
# 4/11/2002
@@ -22,6 +22,8 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
##############################################################################
+use strict;
+
#
# http://www.sourceforge.net/projects/snmptt
#
@@ -32,13 +34,14 @@
# Set this to '' to have no default EXEC line added, or modify as needed.
#$defaultexec = '';
-$defaultexec = '#EXEC qpage -f TRAP notifygroup1 "';
+my $defaultexec = '#EXEC qpage -f TRAP notifygroup1 "';
if (DEBUGGING >= 1)
{
print "\nLoading @ARGV\n";
}
+my @trapdconf;
while (<>)
{
chomp; #remove <cr> at end of line
@@ -51,11 +54,13 @@
print "Finished loading\n\n";
}
-$currentline=0;
+my $currentline=0;
+my ($line, $line2, $line3, $line4);
+my $temp;
while ($currentline <= $#trapdconf)
{
- $line = @trapdconf[$currentline];
+ $line = $trapdconf[$currentline];
# $_ = 'COMPAQ_11001 {.1.3.6.1.4.1.232} 6 11001 A "LOGONLY" 1';
# enterprise = .1.3.6.1.4.1.232
@@ -77,7 +82,7 @@
print "$temp\n";
$currentline++; # Increment to the next line
- $line3 = @trapdconf[$currentline];
+ $line3 = $trapdconf[$currentline];
# FORMAT line
print "FORMAT $line3\n";
@@ -87,7 +92,7 @@
}
$currentline++; # Increment to the next line
- $line3 = @trapdconf[$currentline];
+ $line3 = $trapdconf[$currentline];
while ( ($currentline <= $#trapdconf) &&
!($line3 =~ /(\w+)\s+\{(.*)\}\s+(\d+)\s+(\d+)\s+([CAMcam])\s+(".+").*/ ) )
@@ -103,22 +108,22 @@
print "SDESC\n";
$currentline++; # Increment to the next line
- $line4 = @trapdconf[$currentline];
+ $line4 = $trapdconf[$currentline];
while (! ($line4 =~ /^EDESC/) )
{
print $line4,"\n";
$currentline++; # Increment to the next line
- $line4 = @trapdconf[$currentline];
+ $line4 = $trapdconf[$currentline];
}
print "EDESC\n";
}
$currentline++; # Increment to the next line
- $line3 = @trapdconf[$currentline];
+ $line3 = $trapdconf[$currentline];
}
$currentline--;
}
$currentline++; # Increment to the next line
- $line2 = @trapdconf[$currentline]; # Get next line
+ $line2 = $trapdconf[$currentline]; # Get next line
}
|
|
[-]
[+]
|
Changed |
snmptt_1.2.tar.bz2/snmpttconvertmib
^
|
| @@ -1,8 +1,8 @@
#!/usr/bin/perl
#
-# SNMPTTCONVERTMIB v1.1
+# SNMPTTCONVERTMIB v1.2
#
-# Copyright 2002-2006 Alex Burger
+# Copyright 2002-2007 Alex Burger
# alex_b@users.sourceforge.net
#
# 8/14/2002
@@ -26,21 +26,23 @@
# http://www.sourceforge.net/projects/snmptt
#
###############################################################################
+use strict;
+
#
# OPTIONS START
#
# Set this to '' to have no default EXEC line added, or modify as needed.
# Can also set on the command line with --exec='string'
-$defaultexec = '';
+my $defaultexec = '';
# Choose what type of quotes (if any) you want around the SUMMARY text pulled from the MIB.
#$defaultexecquote = ''; # no quotes
#$defaultexecquote = "\'"; # single (') quotes
-$defaultexecquote = "\""; # double (") quotes
+my $defaultexecquote = "\""; # double (") quotes
# Set this to 1 to have the --TYPE string prepended to the --SUMMARY string.
# Set to 0 to disable
-$prepend_type = 1;
+my $prepend_type = 1;
#
# OPTIONS END
@@ -48,12 +50,12 @@
#############################################################################
#
-$snmpttconvertmib_version = "v1.1";
+my $snmpttconvertmib_version = "v1.2";
sub showversion
{
print "\nSNMPTTCONVERTMIB $snmpttconvertmib_version\n";
- print "(c) 2002-2006 Alex Burger\n";
+ print "(c) 2002-2007 Alex Burger\n";
print "http://snmptt.sourceforge.net\n\n";
}
@@ -66,25 +68,25 @@
use File::Basename;
use File::Spec;
-$DEBUGGING = 0;
+my $DEBUGGING = 0;
-$version = 0;
-$debug = 0;
-$help = 0;
-$net_snmp_perl = 0;
-$in = '';
-$out = '';
-$nodes = '';
-$no_description = 0;
-$no_variables = 0;
-$no_format_summary = 0;
-$no_format_desc = 0;
-$format = 0;
-$format_desc = 0;
-$no_desc_wildcard = 0;
-$no_severity = 0;
-$severity = 'Normal';
-$exec = '';
+my $version = 0;
+my $debug = 0;
+my $help = 0;
+my $net_snmp_perl = 0;
+my $in = '';
+my $out = '';
+my $nodes = '';
+my $no_description = 0;
+my $no_variables = 0;
+my $no_format_summary = 0;
+my $no_format_desc = 0;
+my $format = 0;
+my $format_desc = 0;
+my $no_desc_wildcard = 0;
+my $no_severity = 0;
+my $severity = 'Normal';
+my $exec = '';
GetOptions ('version' => \$version,
@@ -137,14 +139,14 @@
}
# Get complete path of input file (MIB) in a portable way (needed for -m switch for snmptranslate)
-$dirname = dirname $in;
-$basename = basename $in;
-$input = File::Spec->catfile($dirname, $basename);
+my $dirname = dirname $in;
+my $basename = basename $in;
+my $input = File::Spec->catfile($dirname, $basename);
# Get complete path of output file (.conf) in a portable way
$dirname = dirname $out;
$basename = basename $out;
-$output = File::Spec->catfile($dirname, $basename);
+my $output = File::Spec->catfile($dirname, $basename);
if ($exec ne '')
{
@@ -160,6 +162,7 @@
}
print "\n\n***** Processing MIB file *****\n\n";
+my $snmptranslate_use_On;
check_snmptranslate_version();
@@ -182,6 +185,8 @@
die "Cannot open input file: $!";
}
+my @mibfile;
+
while (<INPUTFILE>)
{
chomp; # remove <cr> at end of line
@@ -194,7 +199,7 @@
print "Finished loading $input\n\n";
}
-$currentline=0;
+my $currentline=0;
unless (open OUTPUTFILE, ">>$output")
{
@@ -204,10 +209,10 @@
# A mib file can contain multiple BEGIN definitions. This finds the first on
# to make sure we have at least one definition.
# Determine name of MIB file
-$mib_name = '';
+my $mib_name = '';
while ($currentline <= $#mibfile)
{
- $line = $mibfile[$currentline];
+ my $line = $mibfile[$currentline];
if ($line =~ /(.*)DEFINITIONS\s*::=\s*BEGIN/)
{
$mib_name = $1;
@@ -247,7 +252,7 @@
while ($currentline <= $#mibfile)
{
- $line = $mibfile[$currentline];
+ my $line = $mibfile[$currentline];
if ($line =~ /(.*)DEFINITIONS\s*::=\s*BEGIN/)
{
@@ -266,9 +271,13 @@
#
# eg: 'mngmtAgentTrap-23003 TRAP-TYPE';
# eg: 'ciscoSystemClockChanged NOTIFICATION-TYPE';
- if ( $line =~ /(.*)\s+TRAP-TYPE.*/ || $line =~ /(.*)\s+(?<!--)NOTIFICATION-TYPE.*/ )
- {
- if ( $line =~ /(.*)\s+TRAP-TYPE.*/ )
+ if ( $line =~ /(.*)\s*TRAP-TYPE.*/ ||
+ $line =~ /(.*)\s*(?<!--)NOTIFICATION-TYPE.*/ )
+ {
+ my $trapname = $1;
+
+ my $trapversion;
+ if ( $line =~ /TRAP-TYPE/ )
{
$trapversion = 'TRAP';
}
@@ -281,18 +290,30 @@
if ($line =~/.*--.*TRAP-TYPE/ || $line =~/.*--.*NOTIFICATION-TYPE/)
{
# Comment line
+
$currentline++; # Increment to the next line
$line = $mibfile[$currentline]; # Get next line
next;
}
- $enterprisefound = 0;
+ my $enterprisefound = 0;
- @variables = ();
+ my @variables = ();
+
+ # Sometimes the TRAP-TYPE / NOTIFICATION-TYPE will appear on the line following the trap name
+ # Look for xxx-TYPE with nothing (white space allowed) around it and a previous line with only a single word
+ # with whitespace around it.
+ if ( ($currentline > 0 && $line =~ /^\s*TRAP-TYPE\s*$/ && $mibfile[$currentline-1] =~ /^\s*(\w+)\s*$/) ||
+ ($currentline > 0 && $line =~ /^\s*NOTIFICATION-TYPE\s*$/ && $mibfile[$currentline-1] =~ /^\s*(\w+)\s*$/) ) {
+ # We should have found the trap name
+ $trapname = $1;
+ print "split line TRAP-TYPE / NOTIFICATION-TYPE found ($1).\n";
+ }
# If the TRAP-TYPE / NOTIFICATION-TYPE line starts with white space, it's probably a import line, so ignore
- if ( $line =~ /^\s+TRAP-TYPE.*/ || $line =~ /^\s+NOTIFICATION-TYPE.*/ ||
- $line =~ /^.*,.*NOTIFICATION-TYPE.*/ )
+ elsif ( $line =~ /^\s+TRAP-TYPE.*/ ||
+ $line =~ /^\s+NOTIFICATION-TYPE.*/ ||
+ $line =~ /^.*,.*NOTIFICATION-TYPE.*/ )
{
print "skipping a TRAP-TYPE / NOTIFICATION-TYPE line - probably an import line.\n";
$currentline++; # Increment to the next line
@@ -300,8 +321,6 @@
next;
}
- $trapname = $1;
-
# Remove beginning and trailing white space
$trapname =~ /\s*([A-Za-z0-9_-]+)\s*/;
$trapname = $1;
@@ -319,9 +338,17 @@
}
$currentline++; # Increment to the next line
- $line3 = $mibfile[$currentline];
+ my $line3 = $mibfile[$currentline];
+
+ my $end_of_definition = 0;
- $end_of_definition = 0;
+ my $traptype = "";
+ my $trapsummary = "";
+ my @description = ();
+ my $trap_severity = $severity;
+ my $enterprise;
+ my @arguments;
+ my $formatexec;
while ( ($currentline <= $#mibfile) && !($line3 =~ /\s+END\s+/) && !($line3 =~ /(.*)\s+TRAP-TYPE.*/ )
&& !($line3 =~ /(.*)\s+NOTIFICATION-TYPE.*/) && ($end_of_definition == 0) )
@@ -391,7 +418,7 @@
if ($line3 =~ /DESCRIPTION(.*)/s)
{
- $temp1 = 0;
+ my $temp1 = 0;
# Start of DESCRIPTION
@@ -414,7 +441,7 @@
}
$currentline++; # Increment to the next line
- $line4 = $mibfile[$currentline];
+ my $line4 = $mibfile[$currentline];
# Assume the rest is the description up until a ::= or end of the file
while (! ($line4 =~ /::=/))
@@ -468,11 +495,26 @@
if ($line4 =~ /--#ARGUMENTS\s*{(.*)}/)
{
@arguments = split /,/, $1;
-
- for($i=0;$i <= $#arguments;$i++)
+
+ for(my $i=0;$i <= $#arguments;$i++)
{
+ # Most ARGUMENTS lines have %n where n is a number starting
+ # at 0, but some MIBS have an ARGUMENTS line that have $1, $2,
+ # etc and start at 1. These need to have the $ removed and
+ # the number downshifted so the FORMAT will be generated
+ # properly.
+ if ($arguments[$i] =~ /^\s*\$\d+/) {
+ $arguments[$i] =~ s/^\s*\$(\d+)/$1/;
+ $arguments[$i]--;
+ }
#print "argument $i: $arguments[$i]\n";
}
+
+
+ #for(my $i=0;$i <= $#arguments;$i++)
+ #{
+ #print "argument $i: $arguments[$i]\n";
+ #}
# Increment to next line and continue with the loop
$currentline++; # Increment to the next line
@@ -480,10 +522,10 @@
next;
}
# If next line is a --#SEVERITY, pull out the information and place in $trap_severity
- if ($line4 =~ /--#SEVERITY(.*)/)
+ if ($line4 =~ /--#SEVERITY\s+(.*)/ && ! ($line4 =~ /--#SEVERITYMAP/))
{
# Pull out text and remove beginning and trailing white space and quotes
- if ($line4 =~ /\s*--#SEVERITY\s*(.*)\s*/)
+ if ($line4 =~ /\s*--#SEVERITY\s+(.*)\s*/)
{
# Remove any quotes
$_ = $1;
@@ -565,6 +607,7 @@
$trapsummary = $traptype . ": " . $trapsummary;
}
+ my $trap_lookup;
if ($mib_name eq '')
{
$trap_lookup = $trapname;
@@ -575,6 +618,7 @@
}
print "Looking up via snmptranslate: $trap_lookup\n";
+ my $trapoid;
if ($snmptranslate_use_On == 1)
{
$trapoid = `snmptranslate -IR -Ts -On $trap_lookup`;
@@ -592,15 +636,14 @@
# Loop through trapsummary and replace the %s and %d etc with %1 to %n
- $j = $#arguments; # j is last element number
-
+ #$j = $#arguments; # j is last element number
#print "j is $j\n";
# Change the %s or %d etc into $1 etc (starts at $1)
$_ = $trapsummary;
- for ($j=0; $j<= $#arguments; $j++)
+ for (my $j=0; $j<= $#arguments; $j++)
{
- $variable = ($arguments[$j])+1;
+ my $variable = ($arguments[$j])+1;
s(%[a-zA-Z])(\$$variable);
}
@@ -608,7 +651,7 @@
$trapsummary = $_;
- $descriptionline1 = '';
+ my $descriptionline1 = '';
# Build description line for FORMAT / EXEC
if ($format_desc == 0) # First line of description
@@ -657,12 +700,12 @@
# There is no list of variables, so just put them in order starting at 1 and
# going up to 20
$_ = $descriptionline1;
- for ($j=1; $j<= 20; $j++)
+ for (my $j=1; $j<= 20; $j++)
{
s(%[a-zA-Z])(\$$j);
}
$descriptionline1 = $_;
- $descriptionlinehadvariables = 1;
+ #$descriptionlinehadvariables = 1;
}
else
{
@@ -754,7 +797,7 @@
{
print OUTPUTFILE "SDESC\n";
#print OUTPUTFILE "$descriptionline1\n";
- for ($i=0; $i <= $#description; $i++)
+ for (my $i=0; $i <= $#description; $i++)
{
print OUTPUTFILE "$description[$i]";
}
@@ -763,7 +806,7 @@
if (@variables && $no_variables == 0 && $net_snmp_perl == 1)
{
print OUTPUTFILE "Variables:\n";
- for ($i=0; $i <= $#variables; $i++)
+ for (my $i=0; $i <= $#variables; $i++)
{
printf OUTPUTFILE "%3d: %s\n",$i+1,$variables[$i];
printf OUTPUTFILE " Syntax=\"" . $SNMP::MIB{$variables[$i]}{type} . "\"\n";
@@ -780,7 +823,7 @@
$temphash{$value} = $key;
}
# Print out the entries in the hash
- foreach $c (sort keys %temphash)
+ foreach my $c (sort keys %temphash)
{
print OUTPUTFILE " " . $c . ": $temphash{$c}\n";
}
@@ -795,7 +838,7 @@
elsif (@variables ne "" && $no_variables == 0 && $net_snmp_perl == 0)
{
print OUTPUTFILE "Variables:\n";
- for ($i=0; $i <= $#variables; $i++)
+ for (my $i=0; $i <= $#variables; $i++)
{
print OUTPUTFILE " " . ($i+1) . ": " . $variables[$i] . "\n";
}
@@ -832,7 +875,7 @@
if (open SNMPTRANSLATE, "snmptranslate -V 2>&1|")
{
- $snmptranslatever = <SNMPTRANSLATE>;
+ my $snmptranslatever = <SNMPTRANSLATE>;
close SNMPTRANSLATE;
chomp ($snmptranslatever);
@@ -860,7 +903,7 @@
sub show_help
{
- $USAGE = qq/Usage:
+ my $USAGE = qq/Usage:
snmpttconvertmib --in= --out= [<options>]
Options:
--debug=n Set debug level (1 or 2)
|
|
[-]
[+]
|
Changed |
snmptt_1.2.tar.bz2/snmptthandler
^
|
| @@ -1,8 +1,8 @@
#!/usr/bin/perl
#
-# SNMPTTHANDLER v1.1
+# SNMPTTHANDLER v1.2
#
-# Copyright 2002-2006 Alex Burger
+# Copyright 2002-2007 Alex Burger
# alex_b@users.sourceforge.net
# 8/26/2002
#
@@ -45,52 +45,59 @@
# by the SNMPTT daemon.
#
##############################################################################
+use strict;
+
# Process command line arguments
use Getopt::Long;
use Time::HiRes qw(gettimeofday);
-$version = '';
-$debug = '';
-$help = '';
-$ini = '';
+my $version = '';
+my $debug = '';
+my $help = '';
+my $ini = '';
+my $debugfile = '';
GetOptions ('version' => \$version,
'debug:i' => \$debug,
'debugfile=s' => \$debugfile,
'help' => \$help,
'ini=s' => \$ini);
-if ($version == 1)
+if ($version)
{
&showversion;
exit(0);
}
-if ($help == 1)
+if ($help)
{
-$USAGE = qq/Usage:
+my $USAGE = qq/Usage:
snmptthandler [<options>]
Options:
- --debug Enable debug mode
+ --debug=n Set debug level (1 or 2)
--debugfile=filename Set debug output file
--help Display this message
--ini=filename Set configuration file to load
--version Display author and version information
/;
-
+
&showversion;
print $USAGE;
exit(0);
}
-if ($debug == 1)
+my $DEBUGGING;
+my $DEBUGGING_FILE;
+my $debugcmdline;
+my $debugfilecmdline;
+
+if ($debug >= 1)
{
$DEBUGGING = 1;
$debugcmdline = 1
}
-
if ($debugfile ne '')
{
$DEBUGGING_FILE = $debugfile; # commandline overpowers snmptt script
@@ -104,7 +111,9 @@
# For Linux / Unix, try /etc/snmp/snmptt.ini first, /etc/snmptt.ini second.
#
# For Windows, try %SystemRoot%\snmptt.ini only.
-#
+#
+my $configfile;
+
if ($ini ne '')
{
$configfile = $ini;
@@ -130,18 +139,19 @@
}
}
+my $spool_directory;
&loadsnmpttini;
##############################################################################
# Pull in passed SNMP info from snmptrapd via STDIN and place in the array @tempvar
# Create file in spool directory based on current time
-($s, $usec) = gettimeofday;
+my ($s, $usec) = gettimeofday;
# Pad the numbers with 0's to make sure they are all the same length. Sometimes the
# usec is shorter than 6.
-$s_pad = sprintf("%09d",$s);
-$usec_pad = sprintf("%06d",$usec);
+my $s_pad = sprintf("%09d",$s);
+my $usec_pad = sprintf("%06d",$usec);
if ($DEBUGGING >= 1)
{
@@ -160,13 +170,13 @@
print "Data received:\n\n";
}
-$spoolfile = $spool_directory.'#snmptt-trap-'.$s_pad.$usec_pad;
+my $spoolfile = $spool_directory.'#snmptt-trap-'.$s_pad.$usec_pad;
unless (open SPOOL, ">$spoolfile")
{
if ($DEBUGGING >= 1)
{
- print "Could write to file file $spoolfile! Trap will be lost!\n";
+ print "Could not write to file file $spoolfile! Trap will be lost!\n";
}
die "Could not write to file $spoolfile! Trap will be lost!\n";
}
@@ -174,7 +184,7 @@
print SPOOL time()."\n";
-while (defined($line = <>))
+while (defined(my $line = <>))
{
print SPOOL $line;
@@ -190,8 +200,8 @@
sub showversion
{
- printf "\nSNMPTTHANDLER v1.1\n";
- printf "(c) 2002-2006 Alex Burger\n\n";
+ printf "\nSNMPTTHANDLER v1.2\n";
+ printf "(c) 2002-2007 Alex Burger\n\n";
}
##############################################################################
@@ -215,8 +225,9 @@
else
{
if ($DEBUGGING >= 1) {
- print "Config file could not be loaded\n";
+ print "Config file ($configfile) could not be loaded\n";
}
+ warn "Config file ($configfile) could not be loaded\n";
exit(1);
}
|
