Trapexploder PDF

®
eHealth TrapEXPLODER User Guide
MN-TRAPUGD-006
November 2004
Important Notice
Concord Communications, Inc., eHealth, eHealth Suite, the Concord Logo, eROI, AdvantEDGE, SystemEDGE, Live Health, Network Health, Live Status,
System Health, Application Health, Automating Technology Management, Constellation, Enterprise, Enterprise Monitor, Firstsense, FirstSense and
design, FirstSense Enterprise, Pulse, Pulsecheck, Token/Net, Token/Scope, We See It Happening, Fault Manager, Empire, Empire Technologies and/or
other Concord marks or products referenced herein are either registered trademarks or trademarks of Concord Communications, Inc. Other trademarks
are the property of their respective owners.
SMIC. Copyright 1992 SynOptics Communications, Inc. All Rights Reserved. SynOptics makes no representations about the suitability of this software
for any particular purpose. The software is supplied “as is”, and SynOptics makes no warranty, either express or implied, as to the use, operation,
condition, or performance of the software. SynOptics retains all title and ownership in the software.
eHealth incorporates compression code by the Info-ZIP group. There are no extra charges or costs due to the use of this code, and the original
compression sources are freely available from ftp://ftp.cdrom.com/pub/infozip/ on the Internet and from the Concord Communications Web site:
http://www.concord.com.
© Copyright Bigelow and Holmes 1986, 1985. Lucida is a registered trademark of Bigelow & Holmes. Sun Microsystems Inc., AT&T, and Bigelow &
Holmes make no representations about the suitability of the source code for any purpose. It is provided “as is” without express or implied warranty of
any kind.
General Notice: Some of the product names used herein have been used for identification purposes only and may be trademarks of their respective
companies.
Proprietary Notice
The information and descriptions contained herein are the property of Concord Communications, Inc. Such information and descriptions may not be
copied, disseminated, or distributed without the express written consent of Concord Communications, Inc. Concord Communications, Inc., assumes no
responsibility for any inaccuracies that may appear in this document. Concord Communications, Inc., reserves the right to improve its products and
change specifications at any time without notice.
U. S. Government Restricted Rights

Use, reproduction, and disclosure by the U.S. Government are subject to the restrictions set forth in FAR §52.227-19 (c) (1) and (2) and
DFARS §252.227-7013 (c) (1) (ii).
Patent Information
U. S. Patent 5,615,323
Patents Pending
© 2004 Concord Communications, Inc.

All Rights Reserved
Table of Contents
Preface 7
Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Revision Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Professional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 1 Introduction 11
Introducing eHealth TrapEXPLODER . . . . . . . . . . . . . . . . . . . . . . 11
Filtering Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Forwarding Traps to Other Trap Receivers . . . . . . . . . . . . . . . 14
Forwarding Traps to Element Managers . . . . . . . . . . . . . . . . . 14
Extending Fault Tolerance for Management Software . . . . . . 14
Forwarding Traps through TCP Connections . . . . . . . . . . . . . 15
TrapEXPLODER and eHealth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Chapter 2 Installing & Licensing eHealth TrapEXPLODER 19

Installing TrapEXPLODER for Solaris SPARC Systems . . . . . . . . 20
Installing TrapEXPLODER for Windows Systems. . . . . . . . . . . . . 21
Installing TrapEXPLODER for Linux Systems . . . . . . . . . . . . . . . . 23
Installing TrapEXPLODER for HP-UX Systems . . . . . . . . . . . . . . 24
TrapEXPLODER Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3
4 • Table of Contents
Files Installed for UNIX Systems . . . . . . . . . . . . . . . . . . . . . . . . 26

Files Installed for Windows Systems . . . . . . . . . . . . . . . . . . . . . 27
Startup Parameters for TrapEXPLODER on UNIX Systems. . . . . 27
Sample License File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Chapter 3 Configuring eHealth TrapEXPLODER 29

Editing the TrapEXPLODER Configuration File . . . . . . . . . . . . . . 29
Sample trapexploder.cf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Configuring Debug Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Configuring Receive Buffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Listening for Traps on UDP/TCP . . . . . . . . . . . . . . . . . . . . . . . 35
Setting a Log File Size Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Configuring Receive Buffer Size for eHealth . . . . . . . . . . . . . . 36
Minimizing Delay During Restarts of TrapEXPLODER . . . . . 36
Enabling Translation of SNMPv2c Traps to SNMPv1 Traps . 36
Configuring Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Formatting Filter Entries in the Configuration File. . . . . . . . . 37
Filtering Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Matching Trap PDUs from a Local Host . . . . . . . . . . . . . . . . . 43
Matching Authentication Failure Traps . . . . . . . . . . . . . . . . . . 43
Matching Private-Enterprise Traps . . . . . . . . . . . . . . . . . . . . . . 43
Matching Traps by Enterprise OID. . . . . . . . . . . . . . . . . . . . . . 43
Matching Traps by Enterprise OID and Executing a Script . . 44
Matching Traps by Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Matching Traps by Source IP Address . . . . . . . . . . . . . . . . . . . 44
Matching Traps by Agent IP Address . . . . . . . . . . . . . . . . . . . . 45
Filtering Traps to the AdvantEDGE View Traps Directory . . 45
Forwarding Traps through TCP Connections . . . . . . . . . . . . . 45
Forwarding Traps through UDP Connections. . . . . . . . . . . . . 46
Blind Forwarding of Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Error Codes (Windows Only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Using the sendtrap Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Specifying Variable Bindings for sendtrap . . . . . . . . . . . . . . . . 49
Sendtrap Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Sending an Enterprise-Specific Trap 4 PDU . . . . . . . . . . . . . . 50
Sending a MIB-II linkup(3) Trap . . . . . . . . . . . . . . . . . . . . . . . 50
Redirecting Variable Bindings from stdin into sendtrap. . . . . 50
TrapEXPLODER User Guide

Table of Contents • 5
Using the xtrapmon Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Index 53

6 • Table of Contents

Preface
This guide describes how to install and configure eHealth®

TrapEXPLODER for the following operating systems:
• Sun™ Solaris™ SPARC™ 2.6 through 2.9
• Windows NT® 4.0, Windows® 2000, Windows XP, and
Windows 2003
• Red Hat™ Linux™ Releases 6.0 through 9.0; Red Hat Enterprise
Linux ES 2.1 (x86 only); Red Hat Enterprise Linux WS/ES/AS
3.0 (x86 only)
• HP-UX™ 11.0 and 11i
Audience
This guide is intended for the person who is installing and
configuring TrapEXPLODER. To use TrapEXPLODER, you should
have a basic understanding of the Simple Network Management
Protocol (SNMP), traps, and your host’s operating system
environment.
About This Guide

This section describes the revision information for this guide and
the documentation conventions used in this guide.
7
8 • Preface
Revision Information
This version of the guide supports TrapEXPLODER Release 1.5
Patch level 1 or later. Since the last release, Chapter 4 has been
eliminated, and its content has been combined with Chapter 2.
Documentation Conventions
Table 1 lists the conventions used in this document.
Table 1. Documentation Conventions (Page 1 of 2)
Convention Description
)LOHRU'LUHFWRU\1DPH Text that refers to file or directory

names.
code Text that refers to system, code, or
operating system command line
examples.
emphasis Text that refers to guide titles or text

that is emphasized.
enter Text that you must type exactly as

shown.
Name Text that refers to menus, fields in
dialog boxes, or keyboard keys.
New Term Text that refers to a new term, that is,

one that is being introduced.
Variable Text that refers to variable values that
you substitute.
→ A sequence of menus or menu

options. For example, File → Exit
means “Choose Exit from the File
menu.”

Technical Support • 9
Table 1. Documentation Conventions (Page 2 of 2)
Convention Description
NOTE Important information, tips, or other

noteworthy details.
CAUTION Information that helps you avoid

data corruption or system failures.
WARNING Information that helps you avoid

personal physical danger.
Technical Support
If you have a Support Contract ID and password, you can
access our Support Express knowledgebase at the following
URL: http://search.support.concord.com.
If you have a software maintenance contract, you can obtain
assistance with eHealth. Have your Support Contract ID
available and contact Technical Support at the following:
Phone: (888) 832-4340
(508) 303-4300
E-mail: support@concord.com
Web site: http://www.concord.com
Professional Services
If you need any assistance with customizing this product,
contact Professional Services at the following:
Phone: (800) 851-8725
Fax: (508) 486-4555
E-mail: proserv@concord.com
Web site: http://www.concord.com

1
Introduction
This chapter provides an overview of eHealth TrapEXPLODER.
Introducing eHealth TrapEXPLODER

TrapEXPLODER is a Simple Network Management Protocol
version 1 (SNMPv1) management application that receives and
filters SNMP trap messages and forwards them to other
management applications on other hosts and ports. With
TrapEXPLODER, you can configure all devices to send traps to
a central machine that can “explode” the traps out to other
management stations. Figure 1 shows how TrapEXPLODER
can filter and forward traps from a variety of devices.
Figure 1. Filtering and Forwarding Traps
11
12 • Chapter 1 Introduction
TrapEXPLODER simplifies trap configuration and

management and allows you to focus your Information
Technology (IT) resources on more strategic activities.
TrapEXPLODER is especially useful in environments where
multiple management applications need to receive trap
messages from a diverse set of SNMP-capable devices that can
issue messages to only a limited number of SNMP managers.
You can use TrapEXPLODER for the following purposes:
• Filtering traps
• Forwarding traps to other trap receivers
• Forwarding traps to element managers, including eHealth
AdvantEDGE™ View
• Forwarding traps through TCP connections
• Extending fault tolerance for management software
NAT translates an IP address • Using Network Address Translation (NAT) to change the
that is used within one network to IP address from which the trap was sent
a different IP address that is
known within another network. NOTE
eHealth TrapEXPLODER uses User Datagram Protocol
(UDP) port 162. If you are using TrapEXPLODER with
other SNMP managers, you must configure the other
manager to use a different UDP port.
Filtering Traps
You can edit the TrapEXPLODER configuration file to filter
traps based on the following criteria:
• Date and time that the trap was received by
TrapEXPLODER
• IP address of the system from which the trap was received
• IP address of the agent that originated the trap
• Trap type (such as Cold Start, Link Down, Link Up,
Enterprise, and so on)

Introducing eHealth TrapEXPLODER • 13
• Specific trap type

• Enterprise object identifier (OID) 1
Matching Traps to Filters
When TrapEXPLODER matches a trap to one or more of these
filters, it can do any of the following:
• Log the trap to a file for later analysis.
• Forward traps over both TCP and UDP, to both the
standard SNMP trap port as well as user-defined ports.
• Forward the trap to other network management systems
(NMSs) that are listening on the standard SNMP trap port
(UDP/162) or a user-defined port (for example,
UDP/1162).
• Forward the trap to another TrapEXPLODER that is
running on another system.
• Invoke a local program or script to process the SNMP trap,
such as a program or script that an operator can use to
perform a diagnostic operation.
• Drop a trap to prevent future processing and forwarding.
• Use NAT to change the IP address from which the trap was
sent.
Trap Message Fields

Trap messages include the following fields. An asterisk (*)
indicates a field on which TrapEXPLODER can filter.
Trap
PDU
IP UDP
Date/Time Header Header Enterprise * Agent Generic Specific Agent Variable
Stamp* Address* Trap Trap Uptime Bindings
Type* Type*
Figure 2. Trap Message Format

NOTE
The IP header contains 14 fields, with information such as
source address, destination address, type of service, total
length, and so on. The UDP header contains four fields:
source port, destination port, length, and checksum. For
more information about these headers, refer to a general
networking reference guide.
Forwarding Traps to Other Trap Receivers

You can use TrapEXPLODER to forward traps to other trap
receivers so that you do not have to reconfigure destinations for
every agent in your enterprise. When you configure
TrapEXPLODER as the trap destination for all of your systems,
you can update trap destinations in the TrapEXPLODER
configuration file only—not on every agent.
Forwarding Traps to Element Managers

In an environment that includes several hundred systems that
can be managed by a Network Operations Center (NOC),
TrapEXPLODER can receive and forward traps to element
managers, including AdvantEDGE View. The managed devices
can send SNMP traps for the elements they monitor (including
Uninterrupted Power Supplies (UPS), routers, switches, or
Asynchronous Transfer Mode (ATM) services) to
TrapEXPLODER, which then filters and forwards those traps to
their appropriate element managers.
Extending Fault Tolerance for Management

Software
TrapEXPLODER is ideal for bringing fault tolerance to your
management environment. TrapEXPLODER can receive
SNMP traps and forward them to management station
software, which is often deployed in fault-tolerant pairs. This
deployment ensures that your traps will reach their destination,
even if one management station fails.

Introducing eHealth TrapEXPLODER • 15
Forwarding Traps through TCP Connections

TrapEXPLODER can forward traps through TCP connections 1
when you specify the hostname (or IP address), port, and
connection timeout value. When TrapEXPLODER matches a
trap, it establishes a connection with the remote end and keeps
the connection alive until no traps have been forwarded for the
amount of time specified in the timeout value. When the
connection has been inactive for the number of seconds
specified in the timeout value, TrapEXPLODER closes the
connection.
TrapEXPLODER provides two actions for forwarding traps
through TCP: tcp and tcpbuff. When you specify the tcp action
for trap filtering in theWUDSH[SORGHUFIfile, TrapEXPLODER
does not buffer the traps. In that case, if the trap receiver is
unavailable, TrapEXPLODER drops the traps.
When you specify the tcpbuff action, TrapEXPLODER can
queue the traps and then send them when the trap receiver
restarts, providing better management of TCP connections
than the tcp action provides. For more information, refer to
“Forwarding Traps through TCP Connections” on page 45.
NOTE
Forwarding traps through TCP does not provide security,
privacy, or authentication. It simply enhances the reliability
of the trap reception.
Sending Datagrams through TCP

For versions 1.5.3 and later, TrapEXPLODER binds to
UDP/162 (by default) to listen for incoming connection
requests. To send datagrame over TCP, you must edit the
WUDSH[SORGHUFI file and set the listen_for_tcp_traps
option to ON. The ability to t
The port number applies to both the UDP and TCP ports to
use. TrapEXPLODER does not support reception of traps on
different UDP and TCP ports.

TrapEXPLODER sends the trap (a UDP datagram) through

TCP, setting the TCP_NODELAY option (as it opens the
network socket) so that traps are sent immediately, with no
buffering by TCP. The trap receiver can decode the Trap
protocol description unit (PDU) as if it were received through
UDP.
NOTE
If the TCP connection is down or the trap receiver does not
support TCP, you can forward traps through UDP. For
more information, refer to “Forwarding Traps through
UDP Connections” on page 46.
TrapEXPLODER and eHealth

TrapEXPLODER is an integrated part of eHealth Live
Health™ — Fault Manager and of AdvantEDGE View. You can
also use it with other trap receivers. If you have a Fault Manager
license, you can use all features of TrapEXPLODER with Fault
Manager for forwarding and managing traps. If you have an
AdvantEDGE View license and not a Fault Manager license, you
can view the traps that TrapEXPLODER forwards to
AdvantEDGE View by clicking the Events icon from the AView
tab of the eHealth Web interface (shown in Figure 3).

TrapEXPLODER and eHealth • 17
Figure 3. AView Tab of the eHealth Web Interface
NOTE
If you have installed and licensed Fault Manager, the
Events icon in AdvantEDGE View is disabled.
You must configure TrapEXPLODER to send traps to

AdvantEDGE View. For more information, refer to “Filtering
Traps to the AdvantEDGE View Traps Directory” on page 45.
A receive buffer is the amount of You must also configure a receive buffer size of 256 KB when
space in the kernel that is devoted you are using TrapEXPLODER with eHealth. For more
to receiving packets for a information, refer to “Listening for Traps on UDP/TCP” on
particular socket. page 35.

2
Installing & Licensing eHealth

TrapEXPLODER
This chapter explains how to install eHealth TrapEXPLODER.

Use Table 2 to find the installation instructions for your
operating system.
Table 2. Installation Instructions
Operating System Section of This Chapter
Solaris 2.6 through 2.9 “Installing TrapEXPLODER for Solaris

SPARC Systems” on page 20
Windows NT 4.0, “Installing TrapEXPLODER for Windows

Windows 2000, Windows Systems” on page 21
XP, and Windows 2003
Red Hat™ Linux™ “Installing TrapEXPLODER for Linux

Releases 6.0 through 9.0; Systems” on page 23
Red Hat Enterprise Linux
ES 2.1 (x86 only); Red Hat
Enterprise Linux
WS/ES/AS 3.0 (x86 only)
HP-UX 11.0 and 11i “Installing TrapEXPLODER for HP-UX

Systems” on page 24
19
20 • Chapter 2 Installing & Licensing eHealth TrapEXPLODER
Installing TrapEXPLODER for Solaris SPARC Systems

This section explains how to install the TrapEXPLODER
distribution in Solaris package format.
To install TrapEXPLODER:
1. Log in as root to the system where you want to install

TrapEXPLODER.
2. Save the installation file as WUDS[SNJ.
3. Install the software with the pkadd utility by entering the
following:
pkgadd -d ./trapx.pkg
This command installs TrapEXPLODER inRSWWUDS[. It

copies the license and configuration files to the HWF
directory.
4. Edit the HWFWUDSH[SORGHUFIfile for your environment. For
more information, refer to Chapter 3, “Configuring
eHealth TrapEXPLODER.”
5. Change to the RSWWUDS[ directory:
cd /opt/trapx
6. Start TrapEXPLODER by entering the following:

bin/trapexploder -v
NOTE
NOTE
You must be logged in as root to start the software, and
you must specify the -v argument. TrapEXPLODER
displays an alphanumeric string (the public key for
licensing) and a message indicating that you need a
license.

Installing TrapEXPLODER for Windows Systems • 21
7. Request a license for TrapEXPLODER in one of the

following ways: 1
• E-mail the public key that TrapEXPLODER displays on
startup to licenses@concord.com.
• Complete the Web-based license form at
2
http://license.concord.com.
8. When you receive the generated license key from Concord,
copy it to the HWFWUDSH[SORGHUOLFfile, and save the file.
9. Restart TrapEXPLODER by entering the following:
bin/trapexploder
Installing TrapEXPLODER for Windows Systems

This section explains how to install TrapEXPLODER for
Windows NT 4.0, Windows 2000, Windows XP, and Windows
2003 systems. The Windows installation uses the setup utility.
You can use the following setup options:
• Use setup -i to install TrapEXPLODER.
• Use setup -l to obtain licensing information for
TrapEXPLODER.
• Use setup -r to remove TrapEXPLODER from the
system.
1. Log in as administrator to the system where you want to

install TrapEXPLODER.
2. Save the installation file asWUDS[H[H.
3. Enter the following command at the command prompt,
where c:\ is the directory in which you saved WUDS[H[H:
trapx.exe -dir c:\
The installation program extracts the distribution to the

F?WUDS[ directory.

4. Change to the F?WUDS[directory:
cd c:\trapx
5. To install the software, enter the following at the command

prompt:
setup -i
This setup copies theWUDSH[SORGHUH[H, WUDSH[SORGHUOLF,

and WUDSH[SORGHUFIfiles to 6\VWHP5RRW?V\VWHP. It
also sets the TrapPort registry key in the Windows registry
to a default value of 162 to enable the forwarding of traps
through TCP.
6. Edit the 6\VWHP5RRW?V\VWHP?WUDSH[SORGHUFI
configuration file for your configuration. For more
information, refer to Chapter 3, “Configuring eHealth
TrapEXPLODER.”
7. License TrapEXPLODER by running the setup program
with the -l option at the command prompt:
setup -l
NOTE
NOTE
You must be logged in as an administrator, and you
must specify the -l argument. TrapEXPLODER displays
an alphanumeric string (the public key for licensing)
and a message indicating that you need a license.

following ways:
9. Copy the generated license key to the
6\VWHP5RRW?V\VWHP?WUDSH[SORGHUOLFfile, and
save the file.

Installing TrapEXPLODER for Linux Systems • 23
net start trapexploder

1
To remove TrapEXPLODER: 2
1. Open a command prompt window and change to the
c:?WUDS[directory (where c: is the directory in which you
originally installed the TrapEXPLODER software).
2. Enter the following:
setup -r
Installing TrapEXPLODER for Linux Systems

distribution in tar format for Linux systems.

TrapEXPLODER.
2. Save the installation file as WUDS[WDU.
3. Create the XVUORFDOWUDS[directory:
mkdir /usr/local/trapx
4. Move theWUDS[WDUfile to this new directory:
mv trapx.tar /usr/local/trapx
5. Change to the XVUORFDOWUDS[directory:

cd /usr/local/trapx
6. Untar the file by entering the following:

tar xvof trapx.tar

7. Run the installation script by entering the following:

./Install
8. Edit theHWFWUDSH[SORGHUFI for your environment. For

bin/trapexploder -v
NOTE
NOTE
You must be logged in as root to start the software.
TrapEXPLODER displays an alphanumeric string (the
public key for licensing) and a message indicating that
you need a license.

following ways:
11. Copy the generated license key to the HWFWUDSH[SORGHUOLF
file, and save the file.
bin/trapexploder
Installing TrapEXPLODER for HP-UX Systems

software distribution for HP-UX systems.

TrapEXPLODER.

Installing TrapEXPLODER for HP-UX Systems • 25
2. Save the installation file as WUDS[GSW.

3. Use the HP-UX swinstall utility to install the software by 1
entering the following:
swinstall -x allow_incompatible=true -s /tmp/trapx.dpt trapx 2

4. Change to the RSWWUDS[directory:
cd /opt/trapx
5. Edit the HWFWUDSH[SORGHUFIfile for your environment. For

bin/trapexploder -v
NOTE
NOTE
You must be logged in as root to start the software. The
-v argument instructs TrapEXPLODER to display an
alphanumeric string (the public key for licensing) and a
message that indicates that you need a license.

following ways:
8. Copy the generated license key to the HWFWUDSH[SORGHUOLF
file, and save the file.
bin/trapexploder

TrapEXPLODER Files
This section describes the files that are installed with
TrapEXPLODER. For more information about these files, refer
to the UHDGPHW[W file that was installed in theRSWWUDS[RU
F?WUDS[directory.
Files Installed for UNIX Systems

Table 3 describes the TrapEXPLODER files that are installed on
UNIX systems. These files are installed in theRSWWUDS[
directory.
Table 3. Files Installed for UNIX Systems
Subdirectory File Name Description
ELQ WUDSH[SORGHU Executable for TrapEXPLODER

VHQGWUDS Executable for the sendtrap utility
[WUDSPRQ Executable for the xtrapmon utility
FRQILJ WUDSH[SORGHUFI Sample TrapEXPLODER configuration file
WUDSH[SORGHUOLF Sample TrapEXPLODER license file
GRF WUDSH[SORGHUSGI eHealth TrapEXPLODER User Guide
UHOHDVHQRWHVW[W Release Notes and change log
VFULSWV WUDS6FULSWVK Sample trap script that TrapEXPLODER can invoke
FDOOVHQGWUDSF Sample program for a fork/exec to call the sendtrap utility
WHVWWUDSGHI A sample trap definition file for use with Fault Manager.
WUDS6FULSWSO Sample Perl trap script that TrapEXPLODER can invoke,
which can map OIDs to MIB object names in Concord
MIBs
HPDLOH[H Sample program for use with action scripts that can send
e-mail notification when a trap is sent

Startup Parameters for TrapEXPLODER on UNIX Systems • 27
Files Installed for Windows Systems

Table 4 describes the TrapEXPLODER files that are installed on 1
Windows systems. These files are installed in the F?WUDS[
directory.
2
Table 4. Files Installed for Windows Systems
Subdirectory File Name Description
ELQ WUDSH[SORGHUH[H Executable service for TrapEXPLODER

VHQGWUDSH[H Executable for the sendtrap utility
[WUDSPRQH[H Executable for the xtrapmon utility
FRQILJ WUDSH[SORGHUFI Sample TrapEXPLODER configuration file
WUDSH[SORGHUOLF Sample TrapEXPLODER license file
GRF WUDSH[SORGHUSGI eHealth TrapEXPLODER User Guide
VFULSWV WUDS6FULSWVK Sample trap script that TrapEXPLODER can invoke
FDOOVHQGF Sample program for a fork/exec to call the sendtrap utility
WHVWWUDSGHI A sample trap definition file for use with Fault Manager.
WUDS6FULSWSO Sample Perl trap script that TrapEXPLODER can invoke,
which can map OIDs to MIB object names in Concord
MIBs
HPDLOH[H Sample program for use with action scripts that can send
e-mail notification when a trap is sent
Startup Parameters for TrapEXPLODER on UNIX

Systems
When you start TrapEXLODER on UNIX systems, you can
specify any of the following startup parameters:
[-f configfile] [-v] [-h] [-l licenseFile]

Table 5 describes the startup parameters.
Table 5. TrapEXPLODER Startup Options for UNIX Systems
Option Description
-f configfile Specifies the name of a configuration file to read. By default, TrapEXPLODER

searches the HWFWUDSH[SORGHUFIfile. For more information, refer to “Editing the
TrapEXPLODER Configuration File” on page 29.
-h Causes TrapEXPLODER to print out allowable options and then exit.
-l licenseFile Directs TrapEXPLODER to search the OLFHQVH)LOHfile for a program license. By

default, TrapEXPLODER searches theHWFWUDSH[SORGHUOLFfile for UNIX systems.
-v Places TrapEXPLODER in verbose mode. This mode causes the program to print
various debugging statements as it receives and filters trap messages. By default,
verbose output is not enabled.
Sample License File

The following is a sample TrapEXPLODER license file. A
pound character (#) in column 1 indicates that the entire line is
a comment.
# license file for TrapEXPLODER
# Copyright 2004 by Concord Communications, Inc.
# http://www.concord.com
#
# file /etc/trapexploder.lic or
# %SystemRoot%\system32\trapexploder.lic
# A valid license key has four parts of 8 characters per part
# parts are separated by space(s) with one license key per line
# trapexploder host sol2 5.8 807a3bc533e9fc2b 1.5 Patch level 1
e13311d3 0F2a7cb1 abC512dc fF8C923a

3
Configuring eHealth TrapEXPLODER
This chapter explains how to configure TrapEXPLODER to

filter and forward traps. TrapEXPLODER listens on the
standard SNMPv1 trap port (UDP/162 by default and
optionally on TCP). You must therefore run the
TrapEXPLODER software with root or administrator
permissions.
Editing the TrapEXPLODER Configuration File

You can configure TrapEXPLODER for your environment by
editing the TrapEXPLODER configuration file, WUDSH[SORGHUFI.
This configuration file specifies the destinations to which
TrapEXPLODER forwards traps, the filters to apply, and the
actions to execute when it matches traps. The syntax of the
configuration file consists of comments and filters. Lines that
begin with a pound sign (#) are comments.
TrapEXPLODER uses regular expressions for filter matching.
For more information about filters and actions, refer to
“Configuring Filters” on page 36.
CAUTION
Be careful to avoid trap loops when you are configuring
TrapEXPLODER. That is, make sure that you configure
TrapEXPLODER to forward trap messages to other
management applications—not to itself.
29
30 • Chapter 3 Configuring eHealth TrapEXPLODER
Sample trapexploder.cf File

The following is a sample WUDSH[SORGHUFI file.
# trapexploder.cf
# Copyright 2004 by Concord Communications, Inc
# http://www.concord.com/
#
# You can cause this file to be re-read by trapexploder by sending it
# the HUP signal: "kill -HUP pid" (UNIX only)
#
# TRAPEXPLODER GLOBAL OPTIONS ##########################################
# reuse_address
#
# This command sets the SO_REUSEADDR socket option, which eliminates the
# TIME_WAIT TCP state. This is useful if trapexploder is killed, and
# immediately needs to be restarted.
#
reuse_address
# translate_v2c_traps
#
# This command globally enables v2c -> v1 trap translation, following
# section 3 of RFC2576. Note that v2c traps that contain Counter64
# varbinds can not be translated. See RFC2576 and the TrapEXPLODER
# documentation for details.
#
# translate_v2c_traps
# so_rcvbuf <buffer-size-in-bytes>
#
# This command sets the size of the socket receive buffer. This applies
# to both the UDP and TCP listening sockets. The default is 128000
# bytes.
#
so_rcvbuf 128000
# listen_for_udp_traps <on|off>
#
# This command enables TrapEXPLODER to listen for traps on the UDP SNMP
# Trap port. Comment this out to close the UDP SNMP Trap port. Note
# that if the UDP and TCP SNMP Trap ports are both closed, TrapEXPLODER
# will not be able to receive any traps. The default is ’on’.
#
listen_for_udp_traps on

Editing the TrapEXPLODER Configuration File • 31
# listen_for_tcp_traps <on|off>
#
# This command enables TrapEXPLODER to listen for traps on the TCP SNMP
1
# Trap port. Set this to ’false’ to close the TCP SNMP Trap port. Note
# that if the UDP and TCP SNMP Trap ports are both closed, TrapEXPLODER
# will not be able to receive any traps. The default is ’off’.
#
listen_for_tcp_traps off
3
# tcp_receive_timeout <timeout-in-seconds>
#
# This command defines the timeout for recv() operations on the TCP
# listen socket, in seconds. Essentially, this keeps TrapEXPLODER from
# being indefinitely blocked by a rogue TCP connection. A value of 0
# disables the timeout, allowing TCP recv() operations to block
# indefinitely. This option only has an effect if listen_for_tcp_traps
# is set to ’on’. The default is 5 seconds.
#
tcp_receive_timeout 5
# TRAPEXPLODER FILTERS #################################################

# This section contains filter expressions for relaying/forwarding Trap
# messages based on agent addr, trap number, specific number and
# enterprise; you can filter on any combination but agent, trap type,
# specific type, and enterprise are combined using boolean ’and’. For
# each incoming trap, filters are processed in the order that they are
# listed in the config file. All matching filters for a given trap will
# be executed (unless one of the matching filters is a ’break’ action.
# In this case, no filters after the ’break’ will be processed).
#
#
# Filters take the following form:
#
# filter DateTime SrcIP Agent TrapType SpecificType Enterprise Action [option]
#
# - DateTime is a date/time regular expression
# - SrcIP is an IP address based regular expression
# - Agent is an IP address based regular expression
# - TrapType is an integer based regular expression
# - SpecificType is an integer based regular expression
# - Enterprise is an objectid (be sure to backslash ’.’ components)
# - Action is case-sensitive keyword:
# file, forward, exec, break, nat, tcp, aview, tcpbuff, blind
#
# - Option depends on the action:
# For file, option is name of file to log trap to. Optionally, a

# maximum file size may be specified.

# For forward, option is host:port combination or just host
# where host is an IP address or valid domain-name
# For exec, option is the name of a script or program and args that
# the Trap should be passed to. Trap script is invoked as:
# script [args] SrcIp Agent TrapType SpecificType Enterprise with
# the Trap PDU’s variable bindings passed as stdin
# For break, option is ignored
# For nat, option is host/ipaddr that Trap agent field is changed to
# For tcp, option is host:port timeout
# For aview, option is the AdvantEDGE View traps directory
# For tcpbuff, option is host:port bufsiz timeout
# For blind, option is host:port
#
# ’forward’ action: This action forwards the trap over UDP to another
# host. If no port is specified, the trap will be forwarded to the
# default SNMP Trap port (UDP/162).
# Format:
# forward host[:port]
# filter * * * * * * forward ehealth.company.com
# filter * * * * * * forward 1.2.3.4:5376
#
# ’tcp’ action:
# This action forwards a trap over TCP to another host. If no port is
# specified, the trap will be forwarded to the default SNMP Trap port
# (UDP/162).
# Format:
# tcp host[:port] timeout
# filter * * * * * * tcp nms.company.com 300
# filter * * * * * * tcp 1.2.3.4:162 300
#
# ’tcpbuff’ action:
# This action sets up and maintains a TCP connection to another host,
# and sends all traps over the TCP connection. If the connection to the
# remote host is ever broken, TrapEXPLODER queues up the traps until the
# connection can be re-established. This action replaces the ’eh’
# action for eHealth 5.5 and higher. The queue size is kilobytes. The
# trap age defines (in seconds) how long to keep a trap before purging
# it from the queue.
# Format:
# tcpbuff host:port queue-size-kb trap-age-sec
# filter * * * * * * tcpbuff 1.2.3.4:5058 60 300
#
#
# ’eh’ action:
# This action is used with eHealth 5.0 to forward traps to the eHealth

Editing the TrapEXPLODER Configuration File • 33
# trap receiver. This action is deprecated with eHealth 5.5 and higher.
#
#
filter * * * * * * eh 1.2.3.4:666 666 30
1
# ’blind’ action:
# This action blindly forwards traps without trying to decode them
# first. This is useful if you want to blindly forward traps with an
# unsupported protocol version, or malformed traps. However, since the
# traps are not decoded, only the SrcIp filter option is used.
# filter * * * * * * blind 1.2.3.4:162 3
#
# ’nat’ action:
# This action translates the agent-addr field in the trap to another IP
# address. Note that this action only does the address conversion. No
# forwarding is implied by this action. Therefore, place this rule
# before any forwarding rules that the nat action should effect.
# Format:
# nat new-agent-addr
# filter * * * * * * nat 1.2.3.4
#
# ’file’ action:
# This action logs the trap to a file in a human-readable format. The
# log-file option is the name of the file to log the trap to.
# max-file-size specifies the maximum size that the file can grow to, in
# kilobytes. When the <log-file> exceeds this size, it is renamed to
# <log-file>.bak, and a new <log-file> is created. If <log-file>.bak
# already exists when the switchover occurs, it is overwritten. If
# max-file-size is unspecified or set to 0, then the log file will grow
# indefinitely.
# Format:
# file log-file [max-file-size]
# filter * * * * * * file /tmp/traps.log 256
# filter * * * * * * file c:\temp\traps.log
#
# ’exec’ action:
# This action executes a program or script. The path to the script
# should be an absolute path, and the entire path and arguments must be
# enclosed in single quotes.
# Format:
# exec ’/path/to/script [arg1 [arg2...]]’
# filter * * * * * * exec ’/tmp/trapScript.pl 0 123 4321’
# filter * * * * * * exec ’c:\temp\trapScript.pl 0 123 4321’
#
# ’break’ action:
# This action causes no action to be taken for a given trap.
# Additionally, no further filter processing will be done for the trap.
# Any options to this action are ignored.

# Format:
# break
# filter * * * * * * break
#
# ’aview’ action:
# This action writes out traps in the aview format. This action will
# not work if TrapExploder is running on an eHealth machine with a
# FaultManager license present.
# filter * * * * * * aview /opt/aview/var/traps
# filter * * * * * * aview c:\aview\var\traps
Configuring Debug Mode

For both Windows and UNIX systems, you can add the debug
command to the WUDSH[SORGHUFIfile to enable debug mode. To
do so, enter the following:
debug
For UNIX systems, you can also toggle TrapEXPLODER in and

out of debug mode with the kill -USR1 signal. You can also
instruct TrapEXPLODER to reread the WUDSH[SORGHUFIfile with
the kill -HUP signal.
Configuring Receive Buffers

A receive buffer is the amount of You can set the size of the receiving socket buffer in the
space in the kernel that is devoted WUDSH[SORGHUFI configuration file with the so_rcvbuf
to receiving packets for a command. This command uses the following format:
particular socket.
so_rcvbuf size-in-bytes
The size-in-bytes value is the size in bytes of the receiving

socket’s receive buffer.
Use this command to set a buffer that is large enough to prevent
overloading of the main trap-receiving socket buffer for
TrapEXPLODER. (If this buffer is overloaded,
TrapEXPLODER could lose some traps.)

Configuring Receive Buffers • 35
On Solaris and Windows, the default for the receive buffer size
is 8192 bytes (8 KB). For larger networks, you can set this buffer 1
to a much higher number. The maximum receive buffer for
Solaris is 256 KB. Though Windows does not publish its
maximum receive buffer size, use 256 KB as your upper limit
for both Windows and Solaris.
NOTE 3
If you have enabled debugging as described in the previous
section, “Configuring Debug Mode,” TrapEXPLODER
returns the receive buffer size. Verify that the information
TrapEXPLODER returns matches the buffer size that you
have configured and that the size is valid.
Listening for Traps on UDP/TCP

By default, TrapEXPLODER listens for traps on the SNMP
UDP port. The SNMP TCP port is turned off (closed) by
default. To modify these settings and turn the UDP and/or the
TCP port on or off, edit the following settings in the
WUDSH[SORGHUFIfile to specify either on or off:
listen_for_udp_traps <on|off>
listen_for_tcp_traps <on|off>
The typical case is to set the UDP port to on and to have the
TCP port set to off. It is valid, however, to have both ports on.
Turning bothports off produces errors, however.
Setting a Log File Size Limit

The log-file option to the ILOH action is the name of the file to
write traps (in ASCII text).
The max-file-size option specifies the maximum length, in
kilobytes, for the log file. This file has no default limit. To limit
the log file size, edit following entry in the WUDSH[SORGHUFIfile:
file log-file [max-file-size]

Configuring Receive Buffer Size for eHealth

If you are using TrapEXPLODER with eHealth, configure a
receive buffer size of 256 KB by adding the following line to the
WUDSH[SORGHUFIfile:
so_rcvbuf 262144
Minimizing Delay During Restarts of

TrapEXPLODER
You can minimize delay in restarting TrapEXPLODER by
setting the reuse_address option. Setting this option prevents a
delay if TrapEXPLODER stops and needs to be restarted
immediately.
To set the option, add the following to the WUDSH[SORGHUFIfile:
reuse_address
Enabling Translation of SNMPv2c Traps to

SNMPv1 Traps
You can globally enable translation of SNMP v2c traps to
SNMPv1 traps by setting the translate_v2c_traps option. To do
so, add the following to the WUDSH[SORGHUFIfile:
translate_v2c_traps
Configuring Filters
You can set filters in the WUDSH[SORGHUFI configuration file.
Filter expressions for TrapEXPLODER use the following
format:
filter DateTime SrcIP Agent TrapType SpecificType Enterprise Action [Option]
Use an asterisk (*) as a placeholder in any field for which you

do not want to filter on a specific value.

Configuring Filters • 37
Formatting Filter Entries in the Configuration File

You can base filters on any combination of the following Trap 1
PDU fields:
• Date and time that the trap was received by
TrapEXPLODER
NOTE
NOTE
This field is different from the agent uptime in the Trap
3
PDU.
• Source IP address
• Agent IP address
• Trap type
• Specific type
• Enterprise Object Identifier (OID)
• Action
Enter one filter per line in the configuration file. For examples,
refer to “Sample trapexploder.cf File” on page 30 and “Filtering
Examples” on page 43.
SNMP Trap Format

Figure 4 shows the structure of an SNMPv1 Trap PDU. Fields
marked with an asterisk (*) are fields on which
TrapEXPLODER can filter.
Figure 4. Structure of an SNMP Trap

There is no practical limit to the number of filters that you can

apply to each Trap PDU, but you should organize the filters in
the configuration file in a manner that promotes best overall
performance. Filter optimization is beyond the scope of
TrapEXPLODER; you must do it yourself.
If the Trap PDU contains variable bindings, they are given to
the script as standard input, with each variable OID and value
on its own input line. For more information and an example,
refer to “Redirecting Variable Bindings from stdin into
sendtrap” on page 50 and the example script, WUDS6FULSWSO
which is located in the VFULSWVsubdirectory.
NOTE
TrapEXPLODER does not filter trap messages based on
variable bindings. For this type of filtering, you can match
particular trap messages and then invoke a shell script or
program to examine the Trap PDU’s variable bindings.
Using Action Commands with Filters

When you include an action command in your filter, you must
also set an option in the filter expression. The option depends
on the type of action you have specified. For more information,
refer to Table 6, which describes the fields of the filter
command.
Action commands take the following format:
command[args]
When executing an action script or program, TrapEXPLODER

writes the following two temporary files so that it can pass stdin
into the executed action script or program:
• WPSWUDSVFULSWLQSXWfor UNIX systems
• ?WHPS?VFULSWLQSfor Windows systems

NOTE
These filter fields are not backward-compatible with 1
versions of TrapEXPLODER earlier than 1.3. They are valid
only for TrapEXPLODER 1.3 and later.
Table 6. Filter Command Fields (Page 1 of 4) 3

Field Description
DateTime A regular expression indicating the date and time that the trap was received by
TrapEXPLODER. For example, Fri May 11 09:23:34 EDT 2001.
NOTE: This value does not necessarily indicate the time that the trap was sent by the
device.
SrcIP An IP address-based regular expression that TrapEXPLODER uses to match the

source IP, as in the IP packet header. The IP address from which the trap was received
is not always equivalent to the agent IP address that is contained in the Trap PDU.
The regular expression * indicates that any IP address will cause a match.
Agent An IP address-based regular expression that TrapEXPLODER uses to match the IP

address of the managed object that generated the trap (as in the Agent IP Address
field in the Trap PDU). Note that the IP address from which the trap was received is
not always equivalent to the agent IP address that is contained in the Trap PDU. The
regular expression *indicates that any IP address will cause a match.
NOTE: Be sure to add a backslash character (\) before any period (.) components
that appear within the IP address. The period (.) is a special character in
regular expression syntax.

Table 6. Filter Command Fields (Page 2 of 4)
Field Description
TrapType An integer-based regular expression that TrapEXPLODER compares to the Trap

PDU’s TrapType field. For an example of the SNMP Trap PDU format, refer to
Figure 4 on page 37.
Valid SNMPv1 TrapType values are the following:
• coldStart(0)
• warmStart(1)
• linkDown(2)
• linkUp(3)
• authenticationFailure(4)
• egpNeighborloss(5)
• enterpriseSpecific(6)
SpecificType An integer-based regular expression that TrapEXPLODER compares to the Trap

PDU’s SpecificType field. Any integer is a valid value for this field. For an example of
the SNMP Trap PDU format, refer to Figure 4 on page 37.
Enterprise An OID-based regular expression that TrapEXPLODER compares to the Trap PDU’s
enterprise field. For an example of the SNMP Trap PDU format, refer to Figure 4 on
page 37.
NOTE: Be sure to add a backslash character (\) before any period (.) components
that appear within the OID. The period (.) is a special character in regular
expression syntax.

Field Description 1
Action A keyword that indicates the action that TrapEXPLODER will perform:
• file – Log the Trap PDU to a file that is specified by the Option field.
TrapEXPLODER will create the file if it does not exist.
• forward – Forward the Trap PDU through UDP to a host that is specified by the
Option field. Use this option if the trap receiver does not support TCP or if the
3
TCP connection is broken.
• exec – Execute the program or script that is specified by the Option field with the
Trap PDU as input.
• break – Perform no further processing on the current Trap PDU, and do not
evaluate any remaining filters for the current Trap PDU.
• eh – Forward traps to the specified eHealth system specified by the Option field.
(Valid for eHealth Releases 5.0 and 5.5 only.)
• nat – Change the agent IP address that is contained in the SNMP Trap PDU to
the IP address that is specified in the Option field. This action changes only the
agent IP address.
• tcp – Forward traps through a TCP connection without buffering the traps. This
action drops the traps if TrapEXPLODER cannot connect to the remote trap
receiver.
• tcpbuff – Forward traps through a TCP connection. This action saves traps until
TrapEXPLODER is able to connect to the remote trap receiver (or until the
timeout limit is reached).
NOTE: If you are using the tcp or tcpbuff actions and you receive the error
message, “trapexploder: tcp forw detected a broken socket to
<IP>:[port],” the TCP connection is broken or invalid. Use the forward
action (which forwards traps through UDP) instead.
• aview – Write traps (one per file) in the format required by AdvantEDGE View.
• blind – Forward traps without parsing or decoding them first. This feature is
useful for forwarding malformed traps or unsupported SNMP versions (such as
SNMPv3). It enables filtering only on the source IP address.
NOTE: These values are case-sensitive.

Field Description
Option An optional, case-sensitive field that works with the Action field as follows:
• If Action is set to file, set Option to a valid file name to which TrapEXPLODER
can log the Trap PDU. To set the maximum size for the log file, use the
max-file-size argument to the log-file option.
• If action is set to forward, set Option to a valid IP address and (optionally) port
number.
• If Action is set to host, set Option to a valid host to which TrapEXPLODER can
forward the trap. A host can be an IP address or valid hostname. A host can also
specify a UDP port to which to send the trap if you want to use a port other than
the default, 162. You specify ports by appending a colon and the port number to
the name or IP address.
• If Action is set to break, TrapEXPLODER performs no further processing on the
Trap PDU and evaluates no further filters for that trap.
• If Action is set to eh, set Option to a valid IP address for an eHealth system. You
specify ports by appending a colon and the port number to the name or IP
address. (This action is valid for eHealth Releases 5.0 and 5.5 only.)
• If Action is set to exec, set Option to a valid file name of an executable script or
binary that can process the Trap PDU. The script is executed synchronously by
TrapEXPLODER because it is single-threaded.
• If Action is set to nat, set Option to the IP address with which you want to replace
the agent IP address that was sent in the SNMP Trap PDU.
• If Action is set to tcp, set Option to the IP address (or hostname) and port for the
trap receiver, and the timeout value for the TCP connection as follows:
host:port timeout
• If Action is set to tcpbuff, set Option to the IP address (or hostname) and port
for the trap receiver, the buffer size (in KB), and the timeout value for the TCP
connection as follows:
host:port bufferSize timeout
NOTE: The timeout value indicates how long TrapEXPLODER will keep traps in the
buffer. Adjust your buffer size and timeout values to match your
environment. For example, if you have a high volume of traps, set a large
buffer size; if your link typically goes down for several minutes, set a large
timeout value.
• If Action is set to aview, set Option to the AdvantEDGE View traps directory.
• If Action is set to blind, set Option to the hostname or IP address and optionally
the port for the trap receiver.
Filtering Examples • 43
Filtering Examples
This section includes sample filters that you can add to the 1
TrapEXPLODER configuration file, WUDSH[SORGHUFI. You can
use these examples to help design filters that are suitable for
your environment.
In these example, asterisks (*) indicate placeholders for fields
for which you do not want to filter on a specific value. 3
Matching Trap PDUs from a Local Host
To match all Trap PDUs from the local host, and to effectively
drop and suspend filter processing for them, enter the
following:
filter * * 127\.0\.0\.1 * * * break
Matching Authentication Failure Traps

To match all authenticationFailure(4) traps and forward them
to the system named concord at UDP port 162 (the default),
enter the following:
filter * * * 4 * * forward concord
Matching Private-Enterprise Traps

To match all private-enterprise traps of SpecificType 3 through
8 and forward them to the system named concord at UDP port
191, enter the following:
filter * * * 6 [3-8] * forward concord:191
Matching Traps by Enterprise OID

To match all traps that contain the enterprise OID
1.3.6.1.4.1.546.1.1 and forward them to the system named
ottoman at UDP port 162 (the default), enter the following:
filter * * * * * 1\.3\.6\.1\.4\.1\.546\.1\.1 forward ottoman

NOTE
A backslash character (\) appears before each period
character (.) to ensure that the period character is read
correctly as part of the enterprise ID and not as a regular
expression wildcard operation.
Matching Traps by Enterprise OID and Executing

a Script
To match all traps that contain the enterprise OID
1.3.6.1.4.1.546.1.1 and execute the trapScript.pl script (located
in the RSWWUDS[VFULSWVdirectory) with the trap as input, enter
the following:
filter * * * * * 1\.3\.6\.1\.4\.1\.546\.1\.1 exec

/opt/trapx/scripts/trapScript.pl
NOTE
You must specify the full pathname to the script.
Matching Traps by Date

To match all traps that TrapEXPLODER received on Friday and
forward them to the system named ottoman, enter the
following:
filter "Fri" * * * * * forward ottoman
Matching Traps by Source IP Address

To match all traps that originated from the source IP
199.250.183.215 and forward them to the system named
ottoman, enter the following:
filter * 199\.250\.183\.215 * * * * forward ottoman

Filtering Examples • 45
Matching Traps by Agent IP Address

To match all traps that were sent by a managed object with an 1
IP address of 199.250.183.215 and forward them to the system
named ottoman, enter the following:
filter * * 199\.250\.183\.215 * * * forward ottoman

3
Filtering Traps to the AdvantEDGE View Traps
Directory
To filter traps to the AdvantEDGE View traps directory (for
example,ehealthZHEDYLHZYDUWUDSV), enter the following:
filter * * * * * * aview /ehealth/web/aview/var/traps
NOTE
The ehealth variable represents the eHealth home
directory. If you are using the standalone version of
AdvantEDGE View, the AdvantEDGE View traps directory
is RSWDYLHZYDUWUDSV.
Forwarding Traps through TCP Connections

You can forward traps through TCP with or without buffering.
To buffer the traps (save them if the trap receiver is
unavailable), use the tcpbuff action. To filter traps without
buffering them, use the tcp action.
Filtering Traps through TCP with Buffering

To forward traps through a TCP connection to a system with a
hostname of violet on port 5058 with a buffer of 60 KB and a
timeout value of 300 seconds, enter the following:
filter * * * * * * tcpbuff violet:5058 60 300
TrapEXPLODER will filter traps of up to 60 KB for 300 seconds

before dropping them.

Filtering Traps through TCP without Buffering

To forward traps without buffering through a TCP connection
to a system with a hostname of electrode on port 162 with a
timeout value of 30 seconds, enter the following:
filter * * * * * * tcp electrode:162 30
When TrapEXPLODER is forwarding traps through TCP, it

maintains a TCP connection with the trap receiver. Before
TrapEXPLODER forwards a trap that it has received, it checks
to see if the TCP connection is still valid. If the connection is
broken, the following error message appears:
Error: "trapexploder: tcp forw detected a broken socket to <IP>:[port]"
The same error appears if the trap receiver does not support
TCP. If the trap receiver does not support TCP but does
support UDP, you can use the forward action, as described in
the next section.
Forwarding Traps through UDP Connections

To forward traps through a UDP connection to a system with a
hostname of orange on port 5058, enter the following:
filter * * * * * * forward orange:5058
Blind Forwarding of Traps

To forward traps to a system with a hostname of lemon on port
5058 without parsing or decoding, enter the following:
filter * * * * * * blind lemon:5058

Error Codes (Windows Only) • 47
Error Codes (Windows Only)

The TrapEXPLODER service can return the following error 1
codes to the Windows Service Control Manager:
• 1 - WinSock failed to initialize
• 2 - Error creating trap sockets
• 3 - Out of memory 3
• 4 - Fatal error in processing configuration file
• 5 - License verification failed
For more information about the errors, refer to the
WUDSH[SORGHUORJ file and to your Windows documentation.
Using the sendtrap Utility

The sendtrap utility is a command line utility that generates and
sends SNMPv1 trap messages. For each trap message, sendtrap
can accept up to 32 optional variable-bindings for inclusion in
the Trap PDU. Trap PDUs are sent to the SNMPv1 Trap port
(UDP/162) on the specified host. The Enterprise field for all
Trap PDUs that sendtrap sends is empire(546).9.6.
The format of the sendtrap command is as follows:
sendtrap host TrapType SpecificType < varbind-list-file
You can script this utility to redirect variable bindings from

standard input (stdin) to sendtrap. For an example, refer to
“Redirecting Variable Bindings from stdin into sendtrap” on
page 50. Table 7 describes the sendtrap fields.

NOTE
If you are not using input from a file, you must provide the
end-of-file character for each sendtrap command. Use ^Z
for Windows systems or ^d for UNIX systems.
Table 7. sendtrap Fields
Field Description
host Specifies the host to which sendtrap should send the resulting Trap PDU. This
parameter can be either a domain name or IP address.
TrapType Specifies the integer to use in the generic trap type field in the Trap PDU. Defined in
RFC 1157, this field can accept one of the following values:
• coldStart(0)
• warmStart(1)
• linkDown(2)
• linkUp(3)
• authenticationFailure(4)
• egpNeighborloss(5)
• enterpriseSpecific(6)
Values less than 0 cause sendtrap to print an error message and exit. Values larger
than 6 cause sendtrap to issue a warning message only.
SpecificType Specifies the integer to use in the enterprise-specific trap type field in the Trap PDU.
SpecificType values less than 0 cause sendtrap to print an error message and exit.
NOTE
The sendtrap utility reports 0 for the Trap PDU’s
time-stamp field because it cannot know the real value. Due
to internal limits, sendtrap can send a maximum of 32
variable bindings in a single Trap PDU. You must be able to
represent object values as an ASCII character string to

Using the sendtrap Utility • 49
enable sendtrap to read, convert, and send them within

Trap PDUs. sendtrap does not recognize or convert ASCII 1
strings for the TrapType or SpecificType arguments. You
can specify only integers for these fields.
Specifying Variable Bindings for sendtrap

You can specify optional variable bindings as standard input to
3
sendtrap. Variable bindings are data fields in the SNMPv1 Trap
PDU. Each variable binding associates a particular object
instance with its current value and contains an object-identifier,
an object type, and a value. Variable bindings are passed as
input to sendtrap as ASCII character strings. The sendtrap
utility converts them to SNMPv1 format.
You must enter each variable binding on a separate input line.
The variable-bindings list is terminated by an end-of-file (EOF)
character (^Z for Windows systems, or ^d for UNIX systems).
If you do not want to provide variable bindings to sendtrap,
redirect input from GHYQXOOor a zero-length file.
The OIDs are specified in dotted-notation format (for example,
1.3.6), and types are indicated from a set of constant,
case-insensitive strings. The type may be one of the following:
• ipaddr
• cntr
• gauge
• timeticks
• integer
• string
• objid
Values are dependent on the type and are converted
appropriately to internal format. If sendtrap encounters
conversion errors, it skips the current variable binding, rather
than abandoning trap generation.

Sendtrap Examples
This section includes sample filters that you can add to the
VHQGWUDSFIfile, if desired. Add these filters to your
TrapEXPLODER configuration file (WUDSH[SORGHUFI) to
perform the actions that they describe.
Sending an Enterprise-Specific Trap 4 PDU

To send an enterprise-specific Trap 4 PDU (without variable
bindings) to the local host, enter the following:
sendtrap 127.0.0.1 6 4 < /dev/null
Sending a MIB-II linkup(3) Trap

To send a MIB-II linkUp(3) Trap PDU to the local host with a
single variable binding that contains the integer 1, enter the
following for a Windows system:
sendtrap 127.0.0.1 3 0
1.3.6.1.2.1.2.2.1.1.1 integer 1
^Z
NOTE
For a UNIX system, use the ^d end-of-file character instead
of ^Z.
Redirecting Variable Bindings from stdin into

sendtrap
To redirect variable bindings from stdin into sendtrap, enter
the following:
sendtrap 127.0.0.1 6 321 <<!

1.3.6.1.2.1.4.20.1.1.5.5.5.5 ipaddr 5.5.5.5
1.3.6.1.2.1.4.20.1.1.6.6.6.6 ipaddr 6.6.6.6
1.3.6.1.2.1.4.20.1.1.127.0.0.1 ipaddr 127.0.0.1
!

Using the xtrapmon Utility • 51
NOTE
This command is invoked within the UNIX shell ELQVK, 1
and input/output redirection is specific to each shell. For
information about redirecting variable bindings with other
shells, consult the man pages for those shells.
If you want to invoke sendtrap from within another C program, 3

refer to the FDOOVHQGWUDSF(UNIX), or FDOOVHQGF(Windows)
sample file that is included in the VFULSWVsubdirectory. These
scripts show how to correctly invoke sendtrap and pass the
requested variable bindings.
Using the xtrapmon Utility

xtrapmon is an SNMPv1 trap monitor that receives trap
messages (and can log them to a text file for UNIX systems).
xtrapmon listens on the standard SNMPv1 trap port
(UDP/162), and displays a separate X popup window (for
UNIX) or separate command line window (for Windows) every
time it receives a trap message. If you have specified a log file
name, xtrapmon also logs traps to that file.
For Windows, xtrapmon runs in FPGH[H and prints to
standard output (stdout).
The format of the xtrapmon command is as follows:
xtrapmon [-l logFileName]
If you specify a file name with the -l option, xtrapmon opens

the specified file and appends a log of traps as they arrive, in
addition to displaying the popup window.
NOTE
If you require a log file without the popup window,
consider using TrapEXPLODER instead of xtrapmon.


Index
A E
aview action, configuring 41 eh action, configuring 41
eHealth 16
B email.exe file
blind action, configuring 41 UNIX systems 26
blind trap forwarding 46 Windows systems 27
break action, configuring 41 error codes 47
examples
C filtering 43
callsend.c file 27 sendtrap 50
call-sendtrap.c file 26 exec action, configuring 41
configuration file extending fault tolerance 14
editing 29
specifying 28 F
configuring features 12
actions 41 file action, configuring 41
address reuse 36 files installed
debug mode 34 UNIX systems 26
receive buffer 34 Windows systems 27
sendtrap 47 filtering
startup options 28 actions 41
translation of trap version 36 examples 43
TrapEXPLODER 29 fields 38
xtrapmon 51 formatting filters 37
options 42
traps 12
53
54 • Index
forward action, configuring 41 receive buffer 34

forwarding traps receiving socket 34
blindly 46 requesting a license
through TCP Internet 21, 22, 24, 25
description 15 restarts, minimizing delay 36
example 45 reuse_address option 36
through UDP 46
to element managers 14 S
to other trap receivers 14 searching for a license 28
sendtrap
G command format 47
generating a license 21, 22, 24, 25 fields 48
file 26
I options 49
installing TrapEXPLODER overview 47
HP-UX systems 24 sendtrap.exe file 27
Linux systems 23 SNMPv1 traps 36
Solaris SPARC systems 20 SNMPv2c traps 36
Windows systems 21 so_rcvbuf option 34
integrating with eHealth 16 socket buffer 34
specifying
L configuration file to read 28
license variable bindings 49
sample 28 startup parameters 27
searching 28
T
M tcp action, configuring 41
minimizing delay during restarts 36 TCP forwarding of traps 45
tcpbuff action, configuring 41
N Technical Support, contacting 9
nat action, configuring 41 translate_v2c_traps option 36
translating SNMPv2c traps to SNMPv1 traps
P 36
Professional Services, contacting 9 trap
filtering 12
R format 37
readme.txt file 26 forwarding to element managers 14

Index • 55
loops 29
message fields 13
pre-server 16
SNMP format 37
translating v2c to v1 36
trapexploder
file 26
trapexploder.cf file
editing 29
example 30
UNIX directory 26
Windows directory 27
trapexploder.exe file 27
trapexploder.lic file
UNIX 26
Windows 27
trapexploder.pdf file
UNIX 26
Windows 27
trapScript.pl file
UNIX 26
Windows 27
trapScript.sh file
UNIX 26
Windows 27
U
UDP forwarding of traps 46
V
variable bindings 49
X
xtrapmon utility 26, 51
xtrapmon.exe file 27

CONTACT CONCORD COMMUNICATIONS AT:
CONCORD COMMUNICATIONS, INC.

NORTH AMERICA
600 NICKERSON ROAD
MARLBORO, MASSACHUSETTS 01752
800-851-8725
P 508-460-4646
F 508-481-9772
CONCORD COMMUNICATIONS EUROPE

DELFTECHPARK 26
2628 XH DELFT
THE NETHERLANDS
P +31 (0) 15 2600 930
F +31 (0) 15 2600 929
CONCORD COMMUNICATIONS ASIA PACIFIC

LEVEL 7, 53 WALKER STREET
NORTH SYDNEY NSW 2060
AUSTRALIA
P 61-2-9965-0600
F 61-2-9929-0411
FRANCE: +33 (0) 1 4692 2420

GERMANY +49 (0) 89 944 90 105
UK: 00800 3283 2888
JAPAN 813-5778-7629
SINGAPORE: 65-4309533
CONCORD.COM

Trapexploder PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Trapexploder PDF

Uploaded by

Copyright:

Available Formats

®

eHealth TrapEXPLODER User Guide

U. S. Government Restricted Rights

© 2004 Concord Communications, Inc.

Chapter 2 Installing & Licensing eHealth TrapEXPLODER 19

Files Installed for UNIX Systems . . . . . . . . . . . . . . . . . . . . . . . . 26

Chapter 3 Configuring eHealth TrapEXPLODER 29

TrapEXPLODER User Guide

Using the xtrapmon Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

TrapEXPLODER User Guide

TrapEXPLODER User Guide

This guide describes how to install and configure eHealth®

About This Guide

Table 1. Documentation Conventions (Page 1 of 2)

)LOHRU'LUHFWRU\1DPH Text that refers to file or directory

emphasis Text that refers to guide titles or text

enter Text that you must type exactly as

New Term Text that refers to a new term, that is,

→ A sequence of menus or menu

eHealth TrapEXPLODER User Guide

Table 1. Documentation Conventions (Page 2 of 2)

NOTE Important information, tips, or other

CAUTION Information that helps you avoid

WARNING Information that helps you avoid

eHealth TrapEXPLODER User Guide

This chapter provides an overview of eHealth TrapEXPLODER.

Introducing eHealth TrapEXPLODER

Figure 1. Filtering and Forwarding Traps

TrapEXPLODER simplifies trap configuration and

eHealth TrapEXPLODER User Guide

• Specific trap type

Trap Message Fields

Figure 2. Trap Message Format

eHealth TrapEXPLODER User Guide

Forwarding Traps to Other Trap Receivers

Forwarding Traps to Element Managers

Extending Fault Tolerance for Management

eHealth TrapEXPLODER User Guide

Forwarding Traps through TCP Connections

Sending Datagrams through TCP

eHealth TrapEXPLODER User Guide

TrapEXPLODER sends the trap (a UDP datagram) through

TrapEXPLODER and eHealth

eHealth TrapEXPLODER User Guide

Figure 3. AView Tab of the eHealth Web Interface

You must configure TrapEXPLODER to send traps to

eHealth TrapEXPLODER User Guide

Installing & Licensing eHealth

This chapter explains how to install eHealth TrapEXPLODER.

Table 2. Installation Instructions

Operating System Section of This Chapter

Solaris 2.6 through 2.9 “Installing TrapEXPLODER for Solaris

Windows NT 4.0, “Installing TrapEXPLODER for Windows

Red Hat™ Linux™ “Installing TrapEXPLODER for Linux

HP-UX 11.0 and 11i “Installing TrapEXPLODER for HP-UX

Installing TrapEXPLODER for Solaris SPARC Systems

1. Log in as root to the system where you want to install

This command installs TrapEXPLODER inRSWWUDS[. It

6. Start TrapEXPLODER by entering the following:

eHealth TrapEXPLODER User Guide

7. Request a license for TrapEXPLODER in one of the

Installing TrapEXPLODER for Windows Systems

1. Log in as administrator to the system where you want to

This command installs TrapEXPLODER inRSWWUDS[. It

4. Change to the F?WUDS[directory:

This setup copies theWUDSH[SORGHUH[H, WUDSH[SORGHUOLF,

4. Move theWUDS[WDUfile to this new directory:

5. Change to the XVUORFDOWUDS[directory:

8. Edit theHWFWUDSH[SORGHUFI for your environment. For

2. Save the installation file as WUDS[GSW.

5. Edit the HWFWUDSH[SORGHUFIfile for your environment. For

ELQ WUDSH[SORGHUH[H Executable service for TrapEXPLODER