Trapd
The Oracle Communications Unified Assurance Event Trap Aggregator is a generic SNMP trap message listener that receives messages from devices, parses the results with customizable rules and creates de-duplicated events within Unified Assurance.
A default installation includes a set of rules files for processing a variety of traps from numerous different vendors. The following documentation has information regarding supported devices and other useful information:
Contact Oracle Support if there are devices that are sending traps not processed by the default foundation rules.
You can run this application as a service using the Services UI.
Trap Aggregator Setup
-
Review the logic in the rules files referenced in the configuration to see the processing that will be done when traps are received:
-
LoadRules will be run during application startup to load data that might be needed during processing.
-
IncludeRules will be read during application startup to load additional files that might be called during processing.
-
BaseRules will be run for each trap that is received.
Update the logic as needed.
-
-
Enable the default Service, unless you need a specific configuration option.
See Services in Unified Assurance User's Guide for information about the Services UI.
-
Configure devices to send SNMP trap messages to the server where the Event Trap Aggregator has been started.
SNMPv3 Setup
You must create an SNMP access profile with the same credentials configured on the sending devices if the security level is authNoPriv or authPriv. You can set up multiple SNMP access profiles to match different credential sets.
-
Go to the SNMP Access UI:
From the Configuration menu, select Device Discovery, then select SNMP Access. See SNMP Access for information about this UI.
-
For each profile needed:
-
Security Level is always required
-
Username is always required
-
Authentication Protocol and Authentication Password are required if Security Level set to authNoPriv or authPriv
-
Privacy Protocol and Privacy Password are required if Security Level set to authPriv
-
Default Service
The following table shows the settings for the default service. Actual values are in bold, descriptions of values are in plaintext.
| Field | Default Value |
|---|---|
| Package | coreCollection-app |
| Name | Event Trap Aggregator |
| Program | bin/core/collection/Trapd |
| Arguments | This field is blank. There is no default value. |
| Description | Trapd Aggregator that runs on port 162/udp |
| Failover Type | Standalone (Supported: Standalone, Primary, Redundant/Backup) |
| Status | Disabled |
| Privileged | This option is selected. |
See Services in Unified Assurance User's Guide for general information about the settings for services.
See Using Application Primary/Backup Failover for more information about the different failover types.
Default Configuration
The following table shows the default configurations for the application. Actual values are in bold, descriptions of values are in plaintext.
| Name | Default Value | Possible Values | Notes |
|---|---|---|---|
| BaseRules | collection/event/trap/base.rules | Text, 255 characters | The relative path to the application Base Rules file. |
| BranchDir | core/default | Text, 255 characters | The relative path to the rules directory. |
| BulkInsert | Disabled | Enabled or Disabled | (Optional) If enabled, events are sent in bulk with multi-row database inserts. The BulkTime and Limit properties are also used. |
| BulkTime | 2 | An integer | (Optional) If BulkInsert is enabled, defines the maximum number of seconds to wait for the number of events specified in Limit. |
| IncludeRules | collection/event/trap/base.includes | Text, 255 characters | The relative path to the trap include rules. |
| Limit | 100 | An integer | (Optional) If BulkInsert is enabled, defines the maximum number of rows sent in each multi-row database insert. |
| LoadRules | collection/event/trap/base.load | Text, 255 characters | The relative path to the trap load rules. |
| LogFile | logs/EventTrapd.log | Text, 255 characters | The relative path to the Trapd log file. |
| LogLevel | ERROR | OFF, FATAL, ERROR, WARN, INFO, DEBUG | The logging level for the application. |
| ShardID | 1 | An integer | The database shard to use. |
| Threads | 3 | An integer | The number of process threads created. |
| Capture | Disabled | Enabled or Disabled | (Optional) If enabled, the raw messages are saved in the log. |
| DBThreads | A third, rounded up, of the Threads value. | An integer | (Optional) The number of database threads to create. |
| DisableDNS | Disabled | Enabled or Disabled | (Optional) If enabled, uses IP address instead of hostname for the event node. |
| FailoverBufferLimit | 0 | An integer | (Optional) If set to an integer greater than 0, a failover standby buffer keeps that number of seconds worth of syslogs and replays them when becoming failover active. Set to 0 to disable the buffer. See the descriptions of the $buffer and $received tokens in Tokens. |
| FieldSetFile | This field is blank. There is no default value. | Text, 255 characters | (Optional) The path to a CSV file containing a custom list of fields to use when inserting data. If you specify this, you must also specify InsertSQLFile. |
| Host | 0.0.0.0 | Text, 255 characters | (Optional) The DNS name or IP Address to receive traps on. NO RELOAD CONFIG SUPPORT |
| InsertSQLFile | This field is blank. There is no default value. | Text, 255 characters | (Optional) The path to the file containing a custom SQL Insert statement for handling event inserts. If you specify this, you must also specify FieldSetFile.) |
| Port | 162 | Text, 255 characters | (Optional) The port to receive traps on. NO RELOAD CONFIG SUPPORT |
| CheckTime | 0 | Integer | (Optional) The interval of time, in seconds, after which to update SNMPv3 profiles. Setting this to 0 means the profiles are loaded when the Event Trap Aggregator is started and are only updated when the service's configuration is reloaded. |
Best Practices
The following list shows the best practices for working with this application:
-
Depending on the server specifications and loads, you may need to increase the number of threads that the aggregator uses. However, too many threads can have negative effects.
-
By default, devices send SNMP trap Messages on UDP port 162. If messages are not reaching the Unified Assurance system, check firewall settings in the network.
-
SNMPv1 and SNMPv2 traps with any community string, and SNMPv3 traps with any username and security level of noAuthNoPriv are automatically accepted.
-
SNMPv3 traps require an SNMP access profile to exist with matching credentials if the security level is authNoPriv or authPriv. You may see the following errors in the log if something is misconfigured:
-
Missing profile with matching username: Error finding username in local configuration datastore [unknownSecurityName]: ...
-
Mismatch with authentication protocol and/or password: Error authenticating message [authenticationFailure]: ...
-
Mismatch with privacy protocol and/or password: Error decrypting PDU [decryptionError]: ...
See SNMP Access in Unified Assurance User's Guide for information about the UI for adding SNMP access profiles and Creating SNMP Access Profiles for an example.
-
-
If you have multiple SNMPv3 profiles with the same username (not typical), you must provide specific engine IDs to distinguish unique credentials.
-
Using different SNMPv3 profiles for polling and trap collection require a non-engine ID profile to have a higher priority (lower order number).
-
Reloading the configuration from the Services UI will update SNMP access profiles.
Rules
This aggregator uses the Unified Assurance standard rules architecture in Perl syntax. For information about creating rules, see the following in Unified Assurance Developer's Guide:
-
Core for information about core rules functions.
-
Events for information about Event rules functions.
For examples of enabling the Trap Aggregator, and explanation of how rules are applied, see Events Examples.
Tokens
The aggregator exposes the following tokens for rules processing.
| Token | Description |
|---|---|
| $AppConfig | Hash reference to the application configuration name-value pairs that were configured. (i.e. use $AppConfig->{'Host'} to retrieve the set value for 'Host'.) |
| $Event | Reference to the hash that is used to create and insert the Event data into the database. Keys map to the fields within the table used and values assigned are inserted in the database to that field. (e.g. $Event->{'IPAddress'} = '192.0.2.1' to assign the event IP address to '192.0.2.1') At least the 'Node' and 'Summary' fields must be set, or no event is inserted. |
| $count | Message Counter. |
| $timestamp | Human readable time of Trap. |
| $received | Epoch time SNMP trap was received by the aggregator. |
| $buffer | Flag for if was buffered during standby and was replayed (0 = No, 1 = Yes) |
| $ip | Sender IP Address |
| $node | Sender DNS Resolved Name |
| $cstring | Community String |
| $enterprise | Enterprise Identifier |
| $agent | SNMP Agent IP Address |
| $generic | Generic Trap ID |
| $specific | Specific Trap ID |
| $trapoid | Trap OID |
| $vars | Varbind Hash reference i.e. $value = $vars->{'1.3.6.3.4.5.3.3.3.1'};. If $value is an arrayref, then the array's elements are the ordered values of that repeated varbind key; otherwise $value is the value of that unique varbind key. |
| @varbinds | Varbind array containing the varbind OIDs parsed from the SNMP Trap in the order in which they were received by the aggregator i.e. $first_oid = $varbinds[0];. The value for this oid can be retrieved from the $vars hash as normal e.g. $first_oid_value = $vars->{$first_oid};. |
| $discard_flag | Flag for discard (0=No, 1=Yes) |
| $CustomHash | Custom key, value cache available across all rules. Contents commonly defined in Load Rules then used in Base or other rules. NOTE: This variable is a shared object and any additional sub hashes or arrays must be shared before use or it will cause the error: Invalid value for shared scalar. Instantiate the sub hash/array using '&share({})' e.g. $CustomHash->{SubObject} = &share({}); |
| $StorageHash | Internal cache used as the StorageHash option when calling rules functions such as FindDeviceID(). NOTE: The structure of this cache is subject to change! Not recommended for custom global storage or manual manipulation; use $CustomHash. |
Administration Details
The following list shows the technical details you will need for advanced administration of the application:
-
Package: coreCollection-app
-
Package:
./Trapd [OPTIONS] -
Options:
-c, --AppConfigID N Application Config ID (Service, Job, or Request ID) -?, -h, --Help Print usage and exit -
Threaded: Multithreaded