snmp-pdf

Tivoli IBM Tivoli Netcool/OMNIbus SNMP Probe

Reference GuideApril 30, 2009

Version 10.0.6299

SC23-6003-04

NoteBefore using this information and the product it supports, read the information in Notices and Trademarks, on page 23.

Edition notice

This edition applies to version 10.0.6299 of IBM Tivoli Netcool/OMNIbus SNMP Probe (SC23-6003-04) and to allsubsequent releases and modifications until otherwise indicated in new editions.

This edition replaces SC23-6003-03.

Copyright International Business Machines Corporation 2006, 2009.US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

ContentsDocument control page . . . . . . . . v

IBM Tivoli Netcool/OMNIbus SNMPProbe . . . . . . . . . . . . . . . . 1Summary . . . . . . . . . . . . . . . 1Features of the SNMP Probe . . . . . . . . . 3Internationalization support . . . . . . . . . 3

Example multi-byte character set on Solaris . . . 3Example multi-byte configuration on Windows . . 4

Installing the probe . . . . . . . . . . . . 4Installing the Configuration Analyser . . . . . . 4Running the Configuration Analyser . . . . . . 5Requirements . . . . . . . . . . . . . . 7SNMP V3 support . . . . . . . . . . . . 7

Adding new users to the configuration file . . . 7Traps and informs . . . . . . . . . . . 8Example usage . . . . . . . . . . . . 8Running the probe as SUID root . . . . . . . 8IP environment . . . . . . . . . . . . 9

Federal Information Processing Standards (FIPS)support . . . . . . . . . . . . . . . . 9

Data acquisition . . . . . . . . . . . . . 10Buffer settings . . . . . . . . . . . . 10Trap queue size . . . . . . . . . . . . 11Rules file . . . . . . . . . . . . . . 11IP address resolution . . . . . . . . . . 11Peer-to-peer failover functionality . . . . . . 11

Properties and command line options . . . . . 12Elements . . . . . . . . . . . . . . . 17

Static elements . . . . . . . . . . . . 17Dynamic elements . . . . . . . . . . . 19

Generic trap handling . . . . . . . . . . . 19Error messages . . . . . . . . . . . . . 20Error messages generated by the ConfigurationAnalyser . . . . . . . . . . . . . . . 21ProbeWatch messages . . . . . . . . . . . 22

Appendix. Notices and Trademarks . . 23Notices . . . . . . . . . . . . . . . . 23Trademarks . . . . . . . . . . . . . . 25

Copyright IBM Corp. 2006, 2009 iii

iv IBM Tivoli Netcool/OMNIbus SNMP Probe: Reference Guide

Document control pageUse this information to track changes between versions of this guide.

The IBM Tivoli Netcool/OMNIbus SNMP Probe documentation is provided insoftcopy format only. To obtain the most recent version, visit the IBM TivoliNetcool Information Center:

http://publib.boulder.ibm.com/infocenter/tivihelp/v8r1/index.jsp?topic=/com.ibm.tivoli.nam.doc/welcome_ptsm.htm

Table 1. Document modification historyDocumentversion

Publicationdate Comments

00 October 10,2007

First IBM publication.

01 December 29,2007

VRM number updated.

Summary table updated.

Note about the lack of support for V3 privacy on theWindows version of the probe removed. The Windowsversion of the probe now supports V3 privacy andauthentication.

List of supported traps and informs clarified.

List of statistics logged by the probe updated.

Tip about setting the TrapQueueMax property to avoiddropping events during a trap burst added.

02 July 25, 2008 Support for Linux for zSeries added.

IPv6 support information added.

Information about the compatibilty of the probe withFederal Information Protocol Standards (FIPS) added.

03 April 30, 2009 Support for the Configuration Analyser added.

Summary section updated.

Installing the probe topic added.

Installing the Configuration Analyser topic added.

Configuring the probe environment topic updated.

Running the Configuration Analyser topic added.

DSALog, DSAPeriod, and snmpv3ONLY propertiesadded.

New ProbeWatch message added.

Copyright IBM Corp. 2006, 2009 v

vi IBM Tivoli Netcool/OMNIbus SNMP Probe: Reference Guide

IBM Tivoli Netcool/OMNIbus SNMP ProbeThe IBM Tivoli Netcool/OMNIbus SNMP Probe monitors SNMP traps and informson both UDP and TCP sockets concurrently.

The following topics describe the probe and how it works:v Summaryv Features of the SNMP Probe on page 3v Internationalization support on page 3v Installing the probe on page 4v Installing the Configuration Analyser on page 4v Running the Configuration Analyser on page 5v Requirements on page 7v SNMP V3 support on page 7v Federal Information Processing Standards (FIPS) support on page 9v Data acquisition on page 10v Properties and command line options on page 12v Elements on page 17v Generic trap handling on page 19v Error messages on page 20v Error messages generated by the Configuration Analyser on page 21v ProbeWatch messages on page 22

SummaryEach probe works in a different way to acquire event data from its source, andtherefore has specific features, default values, and changeable properties. Use thissummary information to learn about this probe.

The following table summarizes the probe.

Table 2. SummaryProbe target SNMP traps and informs

Probe executable file name nco_p_mttrapd

mttrapd.check.jar (enables the probe to runwith the Configuration Analyser)

Patch number 10.0

Copyright IBM Corp. 2006, 2009 1

Table 2. Summary (continued)Probe supported on Solaris, HP-UX, AIX, Linux, Linux for

zSeries, Windows

For details of the operating system versionson which this probe is supported, see thefollowing page on the IBM Tivoli NetcoolInformation Center:

http://publib.boulder.ibm.com/infocenter/tivihelp/v8r1/index.jsp?topic=/com.ibm.netcool_OMNIbus.doc/Supported_Platforms.htm

Properties file $OMNIHOME/probes/arch/mttrapd.props(UNIX)

%OMNIHOME%\probes\arch\mttrapd.props(Windows)

Rules file $OMNIHOME/probes/arch/mttrapd.rules(UNIX)

%OMNIHOME%\probes\arch\mttrapd.rules(Windows)

Requirements A currently supported version of IBM TivoliNetcool/OMNIbus.

Note: To use the Configuration Analyser,you must be running Netcool/OMNIbusV7.0 or later and you must installtools-config-analyser-0.

probe-compatibility-3.x (UNIX only, onIBM Tivoli Netcool/OMNIbus 3.6)

common-libcrypt-1_0 package (for IBMTivoli Netcool/OMNIbus 7.1 and 7.2 only)

common-libcrypt-1_0 patch (for IBM TivoliNetcool/OMNIbus 7.0 only)

Connection method Listens for SNMP traps using UDP, TCP,UDPV6, and TCPV6

Remote connectivity Not available

Licensing Electronic licensing was deprecated with therelease of IBM Tivoli Netcool V7.2. All IBMTivoli Netcool V7.2 (and later) products usethe IBM software licensing process.

Peer-to-peer failover functionality Available

Internationalization support Available

2 IBM Tivoli Netcool/OMNIbus SNMP Probe: Reference Guide

Table 2. Summary (continued)IP environment For communications between the probe and

IBM Tivoli Netcool/OMNIbus V7.2, the IPv6environment is supported on UNIXplatforms only.

For communications between the probe andIBM Tivoli Netcool/OMNIbus V7.2.1, theIPv6 environment is supported on allplaforms.

For communications between the probe andthe device, the probe supports the IPv6environment on all platforms.

Federal Information Protocol Standards(FIPS)

The IBM Tivoli Netcool/OMNIbus SNMPProbe is compatible with FIPS.

Features of the SNMP ProbeThe IBM Tivoli Netcool/OMNIbus SNMP Probe has various features that allow itto handle generic traps.

The probe has the following features:v Handles a high volume and high rate of trapsv Receives traps independently of trap processing using an internal queuemechanism

v Handles high trap rates and high burst rates using two buffers: one buffer is forall of the sockets that the probe monitors, and the another buffer is an internalqueue between the reader and writer sides of the probe

v Supports SNMP V1 traps, V2c traps, and V3 trapsv Supports SNMP V2c and V3 traps and informsv Uses a USM-based V3 security model

Internationalization supportThe probe supports multibyte character sets. To view the character sets correctly,you must configure the locale settings on the host machine correctly. Eachmultibyte character set is configured slightly differently on each platform.

Example multi-byte character set on SolarisThe following steps describe how to configure Solaris to use the Japanese characterset:1. Install the necessary components for Japanese on to the host machine using the

Solaris CD.2. Set the LANG and LC_ALL environment variables to ja_JP PCK. This uses SJIS

encoding.

Note: You may have to set the LANG in the host machines default settings fileand reboot it to make the changes take effect.

3. Make sure that the file $OMNIHOME/platform/arch/locales/locales.dat has thefollowing entry:locale = ja_JP PCK, japanese, sjis

IBM Tivoli Netcool/OMNIbus SNMP Probe 3

where ja_JP PCK is the vendor locale, japanese is the Sybase language, andsjis is the Sybase character set.

Example multi-byte configuration on WindowsThe following steps describe how to configure Windows to use the Japanesecharacter set:1. Install the necessary language pack using the Control Panel.

Note: You must reboot the machine to make the character set available.2. Make sure the file,%OMNIHOME%\locales\locales.dat, has the following element:

locale = jpn, japanese, sjis

where jpn is the vendor locale, japanese is the Sybase language, and sjis isthe Sybase character set

Note: You must reboot the machine to be able to use the probe as a service in therequired locale.

Installing the probeAll probes follow a very similar installation procedure.

Installing the probe on UNIX platforms

To install the SNMP Probe on UNIX platforms, run the following command:$OMNIHOME/install/nco_patch -install patch

Where patch is the file name of the patch that you have downloaded.

Installing the probe on Windows platforms

To install the SNMP Probe on Windows platforms, use the following steps:1. Unzip the probe_zip_file file into a temporary location. (Where

probe_zip_file is the file name of the zip file that you downloaded.)2. Copy the binary (and .dll if present) into your probe binary directory.3. Copy the default .props and .rules into your probe binary directory if required.

To install the SNMP Probe as a Windows service, use the following steps:1. Register the probe with the Service Control Manager by running the following

command:probe_name.exe -install

(Where probe_name is the name of the executable in the zip file.)2. If you are running the probe on the same machine as the ObjectServer, run the

following command line to register the dependency of the probe on theObjectServer service:probe_name.exe -install -depend NCOObjectServer

3. Activate the probe by selecting Control Panel Services.

Installing the Configuration AnalyserThis version of the probe supports the Configuration Analyser. It is supplied in aseparate patch, and can be installed either before or after the probe.


The Configuration Analyser allows you to fine-tune the configuration of the probe.It checks all the probe settings and writes related messages about the configurationto the probe message log.

Installing the Configuration Analyser on UNIX platforms

To install the Configuration Analyser on UNIX platforms, use the following steps:1. Install Java 1.5 if it is not already installed on your system.2. Run the following command:

$OMNIHOME/install/nco_patch -install patch

Where patch is the name of the Configuration Analsyer patch that youdownloaded.

Installing the Configuration Analyser on Windows platforms

To install the Configuration Analyser on Windows platforms, use the followingsteps:1. Install Java 1.5 if it is not already installed on your system.2. Unzip the probe_zip_file file into a temporary location (where probe_zip_file

is the file name of the zip file that you downloaded)3. Copy jlog.jar to %OMNIHOME%\java\jars4. Copy ConfigAnalyser.jar to %OMNIHOME%\bin5. Copy configAnalyser.xsd to %OMNIHOME%\probes\win326. Copy run_analyser.bat to %OMNIHOME%\probes\win32

Running the Configuration AnalyserEach probe that supports the Configuration Analyser is supplied with a JAR file(probe_name.check.jar). This file contains details of the tests to be performed anda set of predefined messages library. Using this JAR file, the analyser runs the testsagainst the probe configuration test file, and writes the related messages takenfrom the messages library to the probe log file.

When the probe launches the Configuration Analsyer, the analyser runs a series ofchecks on the probe. The resultant output is displayed in real time on thecommand line and is stored in $OMNIHOME/logs/probe_name.check.log (the testfile).

The Configuration Analyser checks the syntax of the test file against the rulesdefined in the $OMNIHOME/arch/ConfigAnalyser.xsd file.

The Configuration Analyser then runs sequentially through all the tests detailed inthe xml file inside probe_name.check.jar, outputting any appropriate suggestionsfrom the internationalized message file also in the jar file.

Checks performed by the Configuration Analyser

The following is a list of the items that the Configuration Analyser checks for allprobes:v Whether the primary ObjectServer is running.v Whether the rules and properties files are present.v Whether the connection to a socket is working to verify the probe backupfunctionality.


v Whether a secondary ObjectServer is configured.v Whether the Probes Rules Syntax Checker is installed.v Whether the rules file is syntactically correct.v Whether there is space for log files.

All other tests that the analyser performs are specific to each individual probe.

Running the Configuration Analyser on UNIX platforms

To run the Configuration Analyser on UNIX platforms, run the probe from thecommand line using -check as an additional argument, as follows:

$OMNIHOME/probes/probe_bin -check

Where probe_bin is the name of the probe binary.

Note: You can specify additional arguments on the command line along with-check; these will override any equivalent settings found in the properties file.

Running the Configuration Analyser on Windows platforms

The way you run the Configuration Analsyer on Windows platforms depends onhow you run the probe.

If you run the probe using a batch file, run the following command:

%OMNIHOME%\probes\probe_batch -check

Where probe_batch is the name of the batch file that you use to run the probe.

Note: You can specify additional arguments on the command line along with-check; these will override any found in the properties file.

If you run the probe directly, without using a batch file, run the followingcommand:

%OMNIHOME%\probes\run_analyser.bat -probebin probe_exe -probenameprobe_name

Where probe_exe is the name of the probe executable and probe_name is the nameof the probe binary without the nco_p_ prefix.

Note: You can specify additional arguments on the command line; these willoverride any found in the properties file.

Configuration Analyser Log file

On completion of these tests, the Configuration Analyser outputs a status message.This status message states that either all the tests were successful, that details ofany configuration errors or suggestions have been written to the probe log fileprobe_name.log.

Consult the log file for information about how to correct or improve theconfiguration of the probe.


RequirementsThe probe must not be run on a machine where another trapd process is running(for example, HP NNM, or SunNet Manager), unless a different SNMP port isspecified in the command line or in the properties. When running the probe, theuser requires write access to the $OMNIHOME/var and the $OMNIHOME/log directories.

Note: If you want to use the Configuration Analyser, you must include the path toJava 1.5 in the $PATH environment variable.

SNMP V3 supportThe probe supports SNMP v3 traps and informs using USM for authentication andprivacy. Using USM, for each security name from which the probe receives traps,you must specify a user that can log on to the probe. You must also specify aunique user or engine ID for each trap source from which the probe receives traps.

Users are configured in the file Persistent_Dir/mttrapd.conf, wherePersistent_Dir is the name of the directory specified by the PersistentDirproperty (which defaults to $OMNIHOME/var). To create this configuration file,start and stop the probe after installation.

Note: This file also contains other SNMP V3 security information such as theengine ID for the probe and the number of SNMP engine boots.

Note: When the probe is running SNMP V3, it is only compatible with FIPS 140-2if it is using AES and SHA.

Adding new users to the configuration fileTo create a new user, you must shut down the probe and, for user anduser/engine ID from which the probe receives traps, add a line to theConfPath/mttrapd.conf file, where ConfPath is the directory specified by theConfPath property.

The line you must add is as follows:createUser [-e engineId] username authtype password [privtype privpassword]

After you have added the line for the new user, start the probe. The probegenerates the appropriate mttrapd.conf file in the PersistentDir directory, wherePersistentDir is the directory specified by the PersistentDir property.

Tip: To check that the user has been added correctly, look at the mttrapd.conf filein the PersistentDir directory after you have started the probe; there should be anentry for each user created at the end of this file, each such entry starts with thestring usmUser.

The following table describes the format of the createUser command in theconfiguration file.

Table 3. Format of the createUser commandItem Description

engineId Use this item to specify an optional engine ID oftrap source associated with the user.


Table 3. Format of the createUser command (continued)Item Description

username Use this item to specify the security name of theuser.

authtype Use this item to specify an authentication type(either MD5 or SHA).

password Use this item to specify the password (must be atleast eight characters).

privtype Use this item to specify the privacy type (eitherDES or AES).Note: DES uses a 16 byte key. The probetruncates the encrypted 20 byte key to 16 bytes touse it as the DES key.

privpassword Use this item to specify the privacy password (ifdifferent from password).

Traps and informsIn SNMP V3 USM, the probe is the authoritative security engine for traps. TheengineId argument is required for each SNMP trap source so that the trap can beauthenticated.

The sender of the SNMP informs is the authoritative security engine in SNMP V3USM. If informs are used, there is no requirement for the user to specify theengineId of the inform sender.

Example usageTo receive SNMP informs from any device with the security name jack, add thefollowing to the mttrapd.conf file:createUser jack MD5 password

To receive SNMP traps from a device with engineId 0x01020304050607 and thesecurity name jack, add the following line to the mttrapd.conf file:createUser -e 0x01020304050607 jack MD5 password

Once the probe starts, the user information within the file is encrypted andrewritten in the encrypted form, so plain text passwords are only held temporarily;this increases security.

Running the probe as SUID rootThe probe can be run as suid root without compromising system security. In thismode, the probe drops its root privileges once it has opened the SNMP session,and before the IBM Tivoli Netcool/OMNIbus probe library starts; this grantsprivileged port usage in this mode.

About this task

To run the probe as SUID root, perform the following steps:1. As root, change the owner of the probe binary using chown root

nco_p_mttrapd. (This must be done in the $OMNIHOME/probes/arch directory.)


2. As root, enable the probe binary to run as setuid root, using chmod +snco_p_mttrapd. (This must be done in the $OMNIHOME/probes/arch directory.)

3. Run the following command to register the OMNIbus library directory as atrusted directory: crle -s /usr/lib/secure:/opt/netcool/omnibus/platform/arch/lib

4. Run the probe as a normal user. (This must be done in the $OMNIHOME/probesdirectory.)

Note: As running a probe as suid root causes environment variables to beignored, this procedure only works if the IBM Tivoli Netcool/OMNIbusinstallation is on a local file system and installed in the default location.

AIX users

Problems regarding library paths and events not being read properly by the probehave been noted on the AIX platform. In some circumstances, this can be overcomeby running the probe from the $OMNIHOME/platform/arch/lib directory; forexample:1. Enter the following command:

cd /usr/Omnibus/platform/aix4/lib

2. Run the following command:$OMNIHOME/probes/nco_p_mttrapd options

Note: If running the probe from this directory does not overcome the problem,contact IBM Software Support.

IP environmentThe probe can run in either IPv4 or IPv6 environments. You must specify in whichenvironment the probe is running using the Protocol property. If the probe isrunning in an IPv4 environment, you must set the Protocol property to TCP, UDP,ALL or ANY. If running in an IPv6 environment, you must set the Protocolproperty to TCP6, UDP6, or ALLIPv6.

The IP address that you specify using the BindAddress property must be in aformat that matches the protocol specified by the Protocol property; for example, ifyou specify TCP, UDP, ALL, or ANY using the Protocol property, the IP addressthat you specify using the BindAddress property must be in IPv4 format. IPv4addresses are expressed in 32-bit decimal notation as four decimal numbersseparated by periods; for example, 121.2.6.81.

If you specify TCP6, UDP6, or ALLIPv6 using the Protocol property, the IP addressthat you specify using the BindAddress property must be in IPv6 format. IPv6addresses are expressed in 128-bit hexadecimal notation as eight hexidecimal fieldsseparated by colons; for example, 3ffe:ff9f:101::230:6eff:fe04:d9ff.

Federal Information Processing Standards (FIPS) supportFederal Information Processing Standards (FIPS) are standards and guidelines thatthe National Institute of Standards and Technology (NIST) issues for use in UnitedStates federal government computer systems.


This probe is compatible with the Federal Information Processing Standard 1402(FIPS 1402), which defines security requirements for cryptographic modules thatare used to protect sensitive information in computer and telecommunicationsystems.

Tivoli Netcool/OMNIbus uses the FIPS 1402 approved cryptographic providers,IBMJCEFIPS (certificate 376) or IBMJSSEFIPS (certificate 409), and IBM Crypto forC (ICC) (certificate 384), for cryptography. The certificates are listed on the NISTWeb site at http://csrc.nist.gov/cryptval/140-1/1401val2004.htm.

The FIPS 1402 approved cryptographic providers provide both cryptographicfunctions and Secure Sockets Layer (SSL) data protection, on both client and serverapplications. When Tivoli Netcool/OMNIbus is running in FIPS 1402 mode, allencryption and key generation functions are provided by the FIPS 1402 approvedcryptographic modules.

Data acquisitionEach probe uses a different method to acquire data. Which method the probe usesdepends on the target system from which it receives data.

The probe receives events by registering a callback function with the NET SNMPsubsystem. This function is called whenever the NET SNMP subsystem receives atrap or an inform.

The probe uses two directories: the ConfPath property points to one and thePersistentDir property points to the other. The probe reads the ConfPath propertyto locate the mttrapd.conf file and writes the processed file to the directoryspecified by the PersistentDir directory. In SNMPv3, the resultant file contains theencryption key.

Note: If the two directories are the same, the mttrapd.conf file will be constantlyoverwritten. To avoid this, the directories that you specify with the ConfPath andPersistentDir properties should be different.

Data acquisition is described in the following topics:v Buffer settingsv Trap queue size on page 11v Rules file on page 11v IP address resolution on page 11v Peer-to-peer failover functionality on page 11

Buffer settingsThe probe maintains a queue that stores raw SNMP traps before they are processedby the probe. When an event storm occurs, this queue can grow quicklyconsuming excessive amounts of memory. To prevent this, you can use theTrapQueueMax property to specify a maximum size up to which this queue cangrow before the probe starts to discard traps.

Note: The TrapQueueMax property is set to 20000 by default. If the value is set to0, the probe sends the following warning message: Memory growth of the probe isunbounded.


To increase the efficiency of sending alerts to the ObjectServer, the followingproperties are available:v Buffering - When set to 1, this property instructs the probe to send alerts whenthe internal alert buffer has reached the size specified by the BufferSizeproperty.

v BufferSize - This property specifies the size of the buffer that the probe uses tostore alerts before sending them to the ObjectServer.

v FlushBufferInterval - This property specifies an interval in seconds that theprobe waits before flushing the alerts to the ObjectServer. This property limitsthe time that alerts wait in the buffer when the buffer has yet to reach the sizespecified by the BufferSize property.

Example property file settings for performance tuningThe following example shows performance settings from the properties file of anSNMP Probe:TrapQueueMax : 1000BufferSize : 100Buffering : 1FlushBufferInterval : 10

These settings instruct the probe to store a maximum of 1000 raw traps prior toconverting them to ObjectServer alerts. When the internal alert buffer has 100 alertswaiting to be sent to the ObjectServer, or after 10 seconds have elapsed since thelast flush, the probe flushes the alerts in the buffer to the ObjectServer.

Note: The internal alert buffer contains alerts that have been derived from the rawSNMP traps.

Trap queue sizeWhen run in debug mode, the probe writes the queue size to the log file.

An event loss can occur when the number of traps in a queue exceeds the valueset for the TrapQueueMax property. For information about running the probe indebug mode, see the IBM Tivoli Netcool/OMNIbus Probe and Gateway GuideSC23-6373.

Rules fileAvoid using construct details ($*) in the rules file.

IP address resolutionIf the Domain Name Server (DNS) is not resolving IP addresses quickly, you canimprove performance by setting the NoNameResolution property to 0; this usesless memory.

To resolve the IP addresses in a Windows platform, set the NoNetbiosLookupsproperty to 0.

Peer-to-peer failover functionalityThe probe supports failover configurations where two probes run simultaneously.One probe acts as the master probe, sending events to the ObjectServer; the otheracts as the slave probe on standby. If the master probe fails, the slave probeactivates.


While the slave probe receives heartbeats from the master probe, it does notforward events to the ObjectServer. If the master shuts down, the slave probe stopsreceiving heartbeats from the master and any events it receives thereafter areforwarded to the ObjectServer on behalf of the master probe. When the master isrunning again, the slave continues to receive events, but no longer sends them tothe ObjectServer.

Example property file settings for peer-to-peer failoverYou set the peer-to-peer failover mode in the properties files of the master andslave probes. The settings differ for a master probe and slave probe.

The following example shows the peer-to-peer settings from the properties file of amaster probe:Server : "NCOMS"RulesFile : "master_rules_file"MessageLog : "master_log_file"PeerHost : "slave_hostname"PeerPort : 5555 # [communication port between master and slave probes]Mode : "master"

The following example shows the peer-to-peer settings from the properties file ofthe corresponding slave probe:Server : "NCOMS"RulesFile : "slave_rules_file"MessageLog : "slave_log_file"PeerHost : "master_hostname"PeerPort : 5555 # [communication port between master and slave probes]Mode : "slave"

Note: The properties file also contains all other properties required to configurethe probe.

Properties and command line optionsYou use properties to specify how the probe interacts with the device. You canoverride the default values by using the properties file or the command lineoptions.

The following table describes the properties and command line options specific tothis probe. For more information about generic properties and command lineoptions, see the IBM Tivoli Netcool/OMNIbus Probe and Gateway Guide, (SC23-6373).

Table 4. Properties and command line optionsProperty name Command line option Description

BindAddress string -bindaddress string Use this property to specify the IPaddress to which the probe binds.

The default is .

Note: The IP address can be in eitherIPv4 or IPv6 format depending on thesetting of the Protocol property.


Table 4. Properties and command line options (continued)Property name Command line option Description

ConfPath string -snmpconfpath string Use this property to specify the path ofdirectories that contain configurationinformation for the SNMP probeengine.

The default is $OMNIHOME/probes/arch/$OMNIHOME/var.

Note: The directories specified usingthis property must be separated by acolon (:) on UNIX or a semi-colon (;)on Windows. The configuration file isnamed either as mttrapd.conf orsnmp.conf.

DSALog integer -dsalog integer Use this property to specify whetherthe probe logs the traps that aredropped when trap queue is full:

0: The probe does not log the traps thatare dropped when the trap queue isfull.

1: The probe logs the traps that aredropped when the trap queue is full.

The default is 0.

DSAPeriod integer -dsaperiod integer Use this property to specify the period(in seconds) during which the probelogs dropped traps when the DSALogproperty is set to 1.

0: The probe does not log the traps thatare dropped when the trap queue isfull.

1: The probe logs the traps that aredropped when the trap queue is full.

The default is 30.

FlushBufferIntervalinteger

-flushbufferintervalinteger

Use this property to specify the interval(in seconds) that the probe waits beforeflushing the buffer contents to theObjectServer.

The default is 0.

Heartbeat integer -heartbeat integer Use this property to specify the length(in seconds) of the heartbeat period. Ifthe probe receives no traps for thislength of time, it sends a heartbeatProbeWatch message to theObjectServer.

The default is 60.



LogStatisticsIntervalinteger

-logstatisticsintervalinteger

Use this property to specify the interval(in seconds) at which the probe logsinternal probe statistics.

The statistics reported include thefollowing:

v the size of the trap queue and theinform queue

v the number of traps read since thelast rollover

v the number of traps processed sincethe last rollover

The default is 0 (does not log theinternal statistics).

MIBDirs string -mibdirs string Use this property to specify where theprobe searches for MIB modules. Thisis in the form of a colon-separated listof directories.

The default is $OMNIHOME/common/mibs.

Note: The directories specified usingthis property must be separated by acolon (:) on UNIX or a semicolon (;) onWindows.

MIBFile string -mibfile string Use this property to specify the nameof the MIB file.

The default is

$OMNIHOME/probes/arch/mib.txt.

Note: If you are using a rules filegenerated by the trapd converter, youmust set this property to point to anempty file; for example, /dev/null.

MIBs string -mibs string Use this property to specify which MIBmodules the probe loads. Your entryshould be in the form of acolon-separated list of modules.

The default is ALL (this instructs theprobe to load all modules available inthe list of directories specified by theMIBDirs property).

NoNameResolutioninteger

-nonameresolution(equivalent toNoNameResolutionwith a value of 1)

Use this property to specify whetherthe probe performs name resolution onIP addresses:

0: The probe performs name resolution.

1: The probe does not perform nameresolution.

The default is 0.



NoNetbiosLookupsinteger

-nonetbioslookupsinteger

(equivalent toNoNetbiosLookupswith a value of 1)

-usenetbioslookupsinteger

(equivalent toUseNetbiosLookupswith a value of 0)

Use this property to specify whetherthe probe performs netbios lookupsduring DNS queries:

0: The probe performs lookups

1: The probe does not perform netbioslookups

The default is 0.

Note: This property is only availableon the Windows platform.

NonPrintableAsHexinteger

-nonprintableashexinteger

Use this property to specify whetherthe probe sets non-printable charactersto their hexadecimal values:

0: The probe does not set non-printablecharacters to their hexadecimal values

1: The probe sets non-printablecharacters to their hexadecimal values

The default is 0.

PersistentDir string -persistentdir string Use this property to specify where thepersistent configuration information isstored.

The default is $OMNIHOME/var.

Port integer -port integer Use this property to specify the port towhich the probe listens for SNMPtraffic.

The default is 162.



Protocol string -protocol string

-udp (equivalent toProtocol with a value ofUDP or -protocol UDP)

-tcp (equivalent toProtocol with a value ofTCP or -protocol TCP)

-all (equivalent toProtocol with a value ofALL or -protocol ALL)

-any (equivalent toProtocol with a value ofANY or -protocol ANY)

-udp6 (equivalent toProtocol with a value ofUDPIPV6 or -protocolUDPIPV6)

-tcp6 (equivalent toProtocol with a value ofTCPIPV6 or -protocolTCPIPV6)

-allipv6 (equivalent toProtocol with a value ofTCPIPV6 and UDPIPV6or -protocol ALLIPV6)

Use this property to specify thenetwork protocol that the probe uses.

The default is UDP.

If the probe is running in an IPv4environment, specify one of thefollowing values:

v UDPv TCPv ALLv ANY

Note: The values ANY and ALL areinterchangeable.

If the probe is running in an IPv6environment, specify one of thefollowing values:

v UDPV6v TCPV6v ALLIPV6

QuietOutput integer -quietoutput (equivalentto QuietOutput with avalue of 1)

-noquietoutput(equivalent toQuietOutput with avalue of 0)

Use this property to specify whetherthe probe outputs tokens thatcorrespond to an OID with symbolicOID expansion:

0: The probe outputs tokens withsymbolic OID expansion.

1: The probe outputs tokens withoutsymbolic OID expansion.

The default is 1.

SleepTime integer -sleeptime integer Use this property to specify the polltime (in seconds) of the trap list. Ifthere are no traps to be processed, theprobe sleeps for this amount of timebefore polling the trap queue again.

The default is 1.



snmpv3ONLY integer -snmpv3only integer Use this property to specify that theprobe only processes the SNMPv3traps:

0: The probe processes all types ofSNMP traps.

1: The probe only processes SNMPv3traps.

The default is 0.

SocketSize integer -socketsize integer Use this property to specify the size (inbytes) of the kernel buffer on thesocket being used. This is set on aper-socket basis. A higher valueincreases the number of traps that theprobe can handle. For UDP traps, thisimproves performance.

The default is 8192.

Note: The minimum value for theSocketSize property is 128 bytes; thedefault is 8192 bytes. In the majority ofcases, the default size is recommended.

TrapQueueMax integer -trapqueuemax integer Use this property to specify themaximum number of traps that can bequeued for processing at any one time.The probe discards any traps receivedwhile the buffer is full.

The default is 20000.

Tip: To prevent the probe fromdropping events during a burst oftraps, you should set this property to ahigher value; for example, 50000.

ElementsThe probe breaks event data down into tokens and parses them into elements.Elements are used to assign values to ObjectServer fields; the field values containthe event details in a form that the ObjectServer understands.

This section describes the elements that the probe generates.

Static elementsThe following table describes the static elements that the probe generates:

Table 5. Static elementsElement name SNMP version Element description

$community V1 and V2c This element contains the SNMPcommunity string.


Table 5. Static elements (continued)Element name SNMP version Element description

$contextEngineID V3 This element identifies the engineassociated with the data.

$enterprise V1 This element contains the SNMPenterprise string.

$EventCount V1, V2c, and V3 This element displays the number oftraps processed during the currentexecution of the probe.

$generic-trap V1 This element contains the SNMPgeneric trap integer value.

$IPaddress V1, V2c, and V3 This element contains the IP address(origin of the SNMP trap).

$Node V1, V2c, and V3 This element contains the node name(origin of the SNMP trap).

IP address (if node name cannot beresolved).

$notify V2c and V3 This element displays the notify V2cspecific field.

$PeerAddress V1, V2c, and V3 This element contains the host name orIP address where the SNMP trap wasreceived from.

$PeerIPaddress V1, V2c, and V3 This element contains the IP addresswhere the SNMP trap was receivedfrom.

$Protocol V1, V2c, and V3 This element contains the protocol ofthe trap received. This can be eitherUDP or TCP.

$ReceivedPort V1, V2c, and V3 This element contains the port numberwhere the SNMP trap was receivedfrom. This is determined by the Portproperty.

$ReceivedTime V1, V2c, and V3 The time that the SNMP packet wasreceived from the network interface.

$ReqId V1 This element contains the SNMPrequest ID.

$securityEngineID V3 This element contains the engine ID ofthe authoritative SNMP entity. Forinforms, this is the engine ID of theprobe. For traps, this is the engine IDof the source of the trap.

$securityLevel V3 Security level of the trap or inform:

noAuth: The trap or inform had noauthentication and no privacy

authNoPriv: The trap or inform hadauthentication, but no privacy

authPriv: The trap or inform hadauthentication and privacy


Table 5. Static elements (continued)Element name SNMP version Element description

$securityName V3 This element contains the securityname used for trap authentication.

$SNMP_Version V1, V2c, and V3 This element contains the the value 1for SNMP V1 traps and the value 2 forSNMP V2c traps.

$specific-trap V1 This element contains the SNMPspecific trap integer value.

$Uptime V1 and V2c This element contains the SNMPuptime for traps expressed in theformat 0:00:00.

$UpTime V1 and V2c This element contains the SNMPuptime for traps expressed as aninteger.

Dynamic elementsThe other elements that the probe generates are created dynamically and areentirely dependent on the network devices. The varbind variables that aregenerated by the SNMP trap are mapped to elements called $1,$2,$3, and so on.For each varbind, the object ID is placed in a corresponding element called $OID1,$OID2, $OID3, and so on up to the number of varbind elements.

Note: Previous versions of the SNMP Probe (pre version 3.5) had no leading dot(.) in the $OIDn elements, whereas the latest probe does include the leading dot; ifyou are upgrading from an old version of the probe, your rules files may needupdating.

The probe can also generate the following elements from various representations ofthe varbind variables:v $n_raw - raw string representation of the varbind variables (containing all controlcharacters)

v $n_text - printable text representation of the varbind variables (withnon-printable characters replaced with periods)

v $n_hex - hexadecimal representation of the varbind variables

Note: The $n_raw, $n_text, and $n_hex elements are only available for SNMPvariables of type OCTET-STRING.

Generic trap handlingCertain devices generate traps of various generic types. How the probe handleseach trap depends on its type.


The following table describes the handling of each generic trap type.

Table 6. Generic trap handlingGeneric trap Handling

Generic trap-type 0- Cold Start Summary field set to Cold Start

AlertGroup field set to Generic

Severity field set to 4

Generic trap-type 1- Warm Start Summary field set to Warm Start



Generic trap-type 2 - Link Down Summary field set to Link Down

Alert Key set to the $1 varbind (ifIndex)



Identifier field set to Node name plus Agentplus generic trap plus specific trap plusifIndex.

Generic trap-type 3 - Link Up Summary field set to Link Up

Alert Key set to the $1 varbind (ifIndex)



Identifier field set to Node name plus Agentplus generic trap plus specific trap plusifIndex.

Generic trap-type 4 - Authentication By default, Authentication traps are notdiscarded.

Generic trap-type 5 - EGP Neighbor Loss Summary field set to EGP Neighbor Loss


Severity field set to 3.

Error messagesError messages provide information about problems that occur while running theprobe. You can use the information that they contain to resolve such problems.

The following table describes the error messages specific to this probe. Forinformation about generic error messages, see the IBM Tivoli Netcool/OMNIbusProbe and Gateway Guide, (SC23-6373).


Table 7. Error messagesError Description Action

Error: ipv6_address isnot a valid address

The IP address specified forthe BindAddress propertywas not in IPv4 format.

Check the value specified forthe BindAddress property; ifthe Protocol property is set toTCP, UDP, ALL, or ANY, thisIP address must be specifiedin IPv4 format.

Error: ipv4_address isnot a valid address

The IP address specified forthe BindAddress propertywas not in IPv6 format.

Check the value specified forthe BindAddress property; ifthe Protocol property is set toTCPV6, UDPV6, or ALLIPV6,this IP address must bespecified in IPv6 format.

Failed to parse SNMP PDU,Versionunrecongnised!!!PDUcommand was invalid

The probe failed to processthe traps.

Check that the device isrunning correctly.

protocol not known An invalid protocol has beenspecified.

Check the value specified forthe Protocol property.

UDP snmp_open: Unknownhost (Address already inuse) Failed to open UDPsessionUnable to get holdof session link pointer

As another process is runningon the port specified, it is notavailable for this session.

Specify a different port eitherusing the command line, orusing the Port property in theproperties file.

Error messages generated by the Configuration AnalyserThe following table describes the error messages generated by the ConfigurationAnalyser.

Table 8. Error messagesError message Description Action

An error has caused theprogram to terminateabnormally. Please re-runit and set CheckLevel toDEBUG_MIN in the probeproperties file, and thencheck $OMNIHOME/log/probe_name.check.log formore details.

There was an internal errorin the ConfigurationAnalyser.

Check the$OMNIHOME/log/probe_name.check.log filefor more details.

Parse Error: ****** There was a parsing error inthe test xml shipped with theprobe.

Check that$OMNIHOME/probes/arch/configAnalyser.xsd exists.

Check that$OMNIHOME/probes/arch/probe_name.check.jar exists.

If the problem persists acrossseveral probes, re-install theConfiguration Analyser.Otherwise, re-install theprobe.


Table 8. Error messages (continued)Error message Description Action

Undefined argument: -check An old fix pack has beeninstalled that has overwrittenthe nco_probe script installedwith the ConfigurationAnalyser.

Reinstall the ConfigurationAnalyser.

ProbeWatch messagesDuring normal operations, the probe generates ProbeWatch messages and sendsthem to the ObjectServer. These messages tell the ObjectServer how the probe isrunning.

The following table describes the raw ProbeWatch error messages that the probegenerates. For information about generic error messages, see the IBM TivoliNetcool/OMNIbus Probe and Gateway Guide, (SC23-6373).

Table 9. ProbeWatch messagesProbeWatch message Description Triggers or causes

Going Down The probe is shutting down. The probe is shutting downafter performing theshutdown routine.

Heartbeat Message The heartbeat message thatthe probe sends to theObjectServer.

The probe has not receivedany events for the timespecified by the Heartbeatproperty. This may be usefulfor debugging purposes.

Running ... The probe is runningnormally.

The probe has just beenstarted up.

Trapqueue limit hasexceeded so droppingtraps

The probe dropped trapswithout processing them.

The number of traps receivedhas exceeded the trap queuelimit set by theTrapQueueMax property.

Unable to get events A problem occurred whiletrying to listen for traps.

Either there was a probleminitializing the connection dueto insufficient memory or (ifthis message was sent aftersome events had been parsed)there was a connection failure.


Appendix. Notices and TrademarksThis appendix contains the following sections:v Noticesv Trademarks

NoticesThis information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the users responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not grant youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBMIntellectual Property Department in your country or send inquiries, in writing, to:

IBM World Trade Asia CorporationLicensing 2-31 Roppongi 3-chome, Minato-kuTokyo 106-0032, Japan

The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law:INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express orimplied warranties in certain transactions, therefore, this statement may not applyto you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Copyright IBM Corp. 2006, 2009 23

Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Websites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way itbelieves appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:

IBM CorporationSoftware Interoperability Coordinator, Department 49XA3605 Highway 52 NRochester, MN 55901U.S.A.

Such information may be available, subject to appropriate terms and conditions,including in some cases, payment of a fee.

The licensed program described in this information and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement, or any equivalent agreementbetween us.

Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environments mayvary significantly. Some measurements may have been made on development-levelsystems and there is no guarantee that these measurements will be the same ongenerally available systems. Furthermore, some measurements may have beenestimated through extrapolation. Actual results may vary. Users of this documentshould verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

All statements regarding IBMs future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.

All IBM prices shown are IBMs suggested retail prices, are current and are subjectto change without notice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject tochange before the products described become available.

This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.


COPYRIGHT LICENSE:

This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,modify, and distribute these sample programs in any form without payment toIBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operatingplatform for which the sample programs are written. These examples have notbeen thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs.

Each copy or any portion of these sample programs or any derivative work, mustinclude a copyright notice as follows:

(your company name) (year). Portions of this code are derived from IBM Corp.Sample Programs. Copyright IBM Corp. _enter the year or years_. All rightsreserved.

If you are viewing this information softcopy, the photographs and colorillustrations may not appear.

TrademarksIBM, the IBM logo, ibm.com, AIX, Tivoli, zSeries, and Netcool are trademarks ofInternational Business Machines Corporation in the United States, other countries,or both.

Adobe, Acrobat, Portable Document Format (PDF), PostScript, and all Adobe-basedtrademarks are either registered trademarks or trademarks of Adobe SystemsIncorporated in the United States, other countries, or both.

Intel, Intel Inside (logos), MMX, and Pentium are trademarks of Intel Corporationin the United States, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in theUnited States, other countries, or both.

Linux is a trademark of Linus Torvalds in the United States, other countries, orboth.

UNIX is a registered trademark of The Open Group in the United States and othercountries.

Other company, product, or service names may be trademarks or service marks ofothers.

Appendix. Notices and Trademarks 25

Printed in USA

SC23-6003-04

ContentsDocument control pageIBM Tivoli Netcool/OMNIbus SNMP ProbeSummaryFeatures of the SNMP ProbeInternationalization supportExample multi-byte character set on SolarisExample multi-byte configuration on Windows

Installing the probeInstalling the Configuration AnalyserRunning the Configuration AnalyserRequirementsSNMP V3 supportAdding new users to the configuration fileTraps and informsExample usageRunning the probe as SUID rootAIX users

IP environment

Federal Information Processing Standards (FIPS) supportData acquisitionBuffer settingsExample property file settings for performance tuning

Trap queue sizeRules fileIP address resolutionPeer-to-peer failover functionalityExample property file settings for peer-to-peer failover

Properties and command line optionsElementsStatic elementsDynamic elements

Generic trap handlingError messagesError messages generated by the Configuration AnalyserProbeWatch messages

Appendix. Notices and TrademarksNoticesTrademarks

Documents

snmp-pdf