[tkined] Using Trap Sink

WILLIAM LEWIS (WLEWIS@erac.com)
Mon, 1 Jun 1998 16:38:18 -0500

Hello,
I'm a very new user to tcl and Tkined. Currently I am trying to set up a
Linux 4.2 Red Hat box to receive and display a snmp trap stream from
several pieces of equipment. I have gone through the mail archive list
hopping to find a clue to solve my problem. Please forgive me is this has
already been hashed over previously. I have no problem getting the SNMP
MONITOR script up or getting trap sink set to listen, that all works great.
I am using scotty2.1.9 and tkined1.4.9.
Straps is listening on port 162. I have run Straps under strace and gotten
the following output. (ip addresses replaced with x)

write(2, "straps: unable to join multicast"..., 63straps: unable to join
multicast group: Protocol not available
) = 63
close(4) = 0
unlink("/tmp/.straps-162") = -1 ENOENT (No such file or
directory)
umask(0) = 022
socket(PF_UNIX, SOCK_STREAM, 0) = 4
bind(4, {sun_family=AF_UNIX, sun_path="/tmp/.straps-162"}, 18) = 0
listen(4, 5) = 0
sigaction(SIGPIPE, {0x8048964, [], SA_INTERRUPT|SA_NOMASK|SA_ONESHOT},
{SIG_DFL}) = 0
oldselect(1024, [3 4], NULL, NULL, NULL) = 1 (in [4])
accept(4, {sun_family=AF_UNIX, sun_path=""}, [3]) = 5
oldselect(1024, [3 4 5], NULL, NULL, NULL) = 1 (in [3])
recvfrom(3, "0\202\2\23\2\1\0\4\35[np=PES.net"..., 2048, 0,
{sin_family=AF_INET, sin_port=htons(1047), sin_addr=
inet_addr("xx.xx.xxx.xx")}, [16]) = 535
write(5, "\n1\340\33", 4) = 4
write(5, "\4\27", 2) = 2
write(5, "\27\2\0\0", 4) = 4
write(5, "0\202\2\23\2\1\0\4\35[np=PES.net"..., 535) = 535
oldselect(1024, [3 4 5], NULL, NULL, NULL) = 1 (in [3])
recvfrom(3, "0\202\2\23\2\1\0\4\35[np=PES.net"..., 2048, 0,
{sin_family=AF_INET, sin_port=htons(1047), sin_addr=
inet_addr("xx.xx.xxx.xx")}, [16]) = 535
write(5, "\n1\340\33", 4) = 4
write(5, "\4\27", 2) = 2
write(5, "\27\2\0\0", 4) = 4
write(5, "0\202\2\23\2\1\0\4\35[np=PES.net"..., 535) = 535
oldselect(1024, [3 4 5], NULL, NULL, NULL) = 1 (in [3])

While this was running I had tcpdump running on the interface with these
results for the above two traps.

10:56:25.786667 scpe1.1047 > kahn.snmp-trap: C=[np=PES.net=11.ncc=E1 NCC2
2] Trap(61) E:303.3.1.1.2.1 [xx.xx.xxx.xx]
enterpriseSpecific[specific-trap(1)!=0] 117849100 E:303.3.4.1.1.0=2
.iso.org.dod=[|snmp]
10:56:27.956667 scpe1.1047 > kahn.snmp-trap: C=[np=PES.net=11.ncc=E1 NCC2
2] Trap(61) E:303.3.1.1.2.1 [xx.xx.xxx.xx]
enterpriseSpecific[specific-trap(1)!=0] 117849300 E:303.3.4.1.1.0=2
.iso.org.dod=[|snmp]

If I stop trap sink and start cmu snmptrapd I see the following from the
trap source

xx.xx.xxx.xx: Enterprise Specific Trap (3) Uptime: 11 days, 5:52:56
enterprises.303.3.4.1.1.0 = 3
enterprises.303.3.4.1.2.0 = "01-JUN-98 16:01:30"
enterprises.303.3.4.1.3.0 = "PES_0AC2H"
enterprises.303.3.4.1.4.0 = "(3) ODLC Session Trap"
enterprises.303.3.4.1.5.0 = "ODLC_SESSION"
enterprises.303.3.4.1.6.0 =
"[np=PES.netid=11.remote=ENT058111.slot=1.port=2.remsessn=1]"
enterprises.303.3.4.1.7.0 = "HubSession = [np=PES.net=11.dpc=D1 DPC1
4.mmb=1.port=4.hubsessn=36], hub chassis/slot=01/04, remote odlc=9534H"
enterprises.303.3.4.1.8.0 = "LIM" Hex: 4C 49 4D
enterprises.303.3.4.1.9.0 = "[np=PES.net=11.dpc=D1 DPC 14.mmb=1]"
enterprises.303.3.4.1.10.0 = "No host SDLC activity"
enterprises.303.3.4.1.11.0 = "SFSM Event: No host activity on this Session
before timeout"

I had thought there was a problem with community but I can't seem to find
anything on community in the above traps. The configuration guide for the
software that produces the traps makes no mention of community. The MIB
supplied by the vendor loaded into tkined with no problem.
I'm stumped. Any input would be great.

Thanks Bill
wlewis@erac.com

--
!! This message is brought to you via the `tkined & scotty' mailing list.
!! Please do not reply to this message to unsubscribe. To subscribe or
!! unsubscribe, send a mail message to <tkined-request@ibr.cs.tu-bs.de>.
!! See http://wwwsnmp.cs.utwente.nl/~schoenw/scotty/ for more information.