Catching SNMP traps on Linux nodes

Edit online

The ability to catch SNMP trap messages is only available on Linux® nodes. This capability is not available as part of the AIX® implementation of RSCT.

The Simple Network Management Protocol (SNMP), a standard operations and maintenance protocol, uses trap-directed notification for receiving information about managed devices. Instead of polling each managed device, which can be resource intensive, an agent on a managed device can send unsolicited messages when events of interest occur. These unsolicited messages are known as SNMP traps.

If you have an SNMP-managed network, you can use RMC on Linux nodes to catch SNMP traps. You can use RMC's event management capabilities to respond to the trap message as you would respond to a monitored event in RMC. The SNMP trap information is also entered into the audit log.

Do the following to catch SNMP traps:
  1. Run the cfgrmcsnmp command. This command will configure the node to receive SNMP traps. 
    cfgrmcsnmp
    The cfgrmcsnmp command is located in /opt/rsct/install/bin. Add this directory to your PATH, or specify the full path on the command line.
    When a node is configured to receive SNMP traps, a sensor object named SNMPTrap is added to the RMC subsystem. When an SNMP trap is received, the String dynamic attribute of the SNMPTrap sensor object will be updated to reflect the trap information. The String dynamic attribute will contain the trap origin, type, and value information separated by newline characters. For example, issuing the following command to generate a trap: 
    snmptrap -v 2c -c public localhost '' 0 0 s "Hello, this is an SNMP trap."
    would cause the String attribute of the SNMPTrap sensor to be updated. Using the generic RMC command lsrsrc, you can display the trap information. The command: 
    lsrsrc -s "Name='SNMPTrap'" IBM.Sensor String
    Would return: 
    Resource Persistent Attributes for IBM.Sensor
resource 1:
        String = SNMP Trap from localhost.localdomain (127.0.0.1)\nTrap Ty
pe: zeroDotZero\nOID: zeroDotZero VALUE: Hello, this is an SNMP trap.
  2. A predefined condition named SNMP trap detected will have been created when RSCT was installed. Use the mkcondresp command to associate this condition with a response of your choice. You can use one of the predefined responses, or you can create one of your own as described in Creating a response.

    The following example associates the SNMP trap detected condition with the predefined response Broadcast details of event any time.

    mkcondresp "SNMP trap detected" "Broadcast details of event any time"
  3. Start condition monitoring (SNMP trap detection) using the startcondresp command: 
    startcondresp "SNMP trap detected"
    To verify that the condition is being monitored, you can use the lscondition command: 
    lscondition
    Output is similar to: 
    Displaying condition information:
Name                 MonitorStatus
"SNMP trap detected" "Monitored"
To later stop SNMP trap detection, you can use the stopcondresp command: 
stopcondresp "SNMP trap detected"
To verify that the condition is no longer being monitored, you can use the lscondition command: 
lscondition
Output is similar to: 
Displaying condition information:
Name                 MonitorStatus
"SNMP trap detected" "Not monitored"
To unconfigure the ability to detect SNMP traps on the node, enter the cfgrmcsnmp command with its -u flag: 
cfgrmcsnmp -u

For detailed syntax information on the cfgrmcsnmp, mkcondresp, startcondresp, and stopcondresp commands, see their online man pages. For detailed syntax information, see the Technical Reference: RSCT for AIX or Technical Reference: RSCT for Multiplatforms guides.