Traps

This section covers how to handle SNMP traps.

To accept SNMP traps from your devices, configure your devices
to send them to your deployment. The zentrap daemon will listen to the standard SNMP trap port of 162/udp and create an event for every trap that it receives.

However, without you giving Zenoss more information about the contents of those traps, the events will contain numeric OIDs and be nearly impossible for a human to decipher.

Importing MIBs

Let’s import the NETBOTZV2-MIB that we’ve been working with through these examples.

Copy the MIB to /z so containers can read it.

cp /usr/share/snmp/mibs/NETBOTZV2-MIB.mib /z

2. Import the MIB file.

zenmib run --keepMiddleZeros NETBOTZV2-MIB.mib

From which we should get the following output:

Found 1 MIBs to import.
Unable to find a file that defines SNMPv2-SMI
Unable to find a file that defines SNMPv2-TC
Parsed 214 nodes and 256 notifications from NETBOTZV2-MIB
Loaded MIB NETBOTZV2-MIB into the DMD
Loaded 1 MIB file(s)

Add the imported MIB to the NetBotz ZenPack.
1. In the browser interface, navigate to Advanced > MIBs.
2. Select NETBOTZV2-MIB.
3. From the gear menu at the bottom of the list, choose Add to ZenPack.
4. Choose the ZenPacks.training.NetBotz then click SUBMIT.

Simulating SNMP traps

To more easily configure and test trap handling, it’s useful to know how to simulate SNMP traps. The alternative is breaking your real devices in various ways and hoping to be able to get the device to send all of the traps you need. This isn’t always possible.

Let’s start by picking an SNMP trap to simulate.

In the browser interface, navigate to Advanced > MIBs.
Select NETBOTZV2-MIB.
From the drop-down box in the middle of the right panel, choose Traps.
In the list of traps, choose netBotzTempTooHigh.

We’ll now see information about this trap in the bottom-right panel. The first thing to note is the OID. This is all we need to get started.

Send a simple trap

Use the following steps to get your feet wet sending a basic trap.

Make sure the zentrap* service is running.

If you have stopped the zentrap service, or if you have it configured to manual launch mode, you will need to start it.
```
serviced service start zentrap
```
Identify the IP address to which traps should be sent to get to zentrap.

Control Center performs port forwarding on its host to route received SNMP traps to the zentrap container. We’re going to be sending simulated SNMP traps from a Control Center host, and will need to know what address to send traps to so they’re received by zentrap.

Run the following command to find the address.
```
sudo iptables -L FORWARD -n | grep 162
```
This will output something very close to the following:
```
ACCEPT   udp  --  0.0.0.0/0    172.17.0.29     udp dpt:162
```
We’ll be sending traps to that 172.17.0.29 address. It may be different on your system.
Send an SNMP trap.

Run the following snmptrap command on the Control Center host.
```
sudo snmptrap 172.17.0.29 0 NETBOTZV2-MIB::netBotzTempTooHigh
```
Find this netBotzTempTooHigh event in web interface’s event console.

Double-click the snmp trap netBotzTempTooHigh event in the event console to see its details. Look for the following details.
- eventClassKey: This should be netBotzTempTooHigh as decoded using the MIB.
- oid: This is the original undecoded OID.

Send a full trap

Now that we’ve proved out a simple trap, we should add variable bindings or varbinds to the trap. If you look at the netBotzTempTooHigh trap in the Zenoss web interface’s MIB explorer again, you’ll see that there’s an extensive list of Objects associated with the trap definition. These are variable bindings.

A variable binding allows the device sending the SNMP trap to attach additional information to the trap. In this example, one of the variable bindings for the netBotzTempTooHigh trap is netBotzV2TrapSensorID. This will give us a way to know which one of the sensors has exceeded it’s high temperature threshold.

Run the following snmptrap command.
```
sudo snmptrap 172.17.0.29 0 NETBOTZV2-MIB::netBotzTempTooHigh \
    NETBOTZV2-MIB::netBotzV2TrapSensorID s 'nbHawkEnc_1_TEMP1'
```
As you can see, this zentrap command starts exactly the same as in the example. We then add the following three fields.
1. NETBOTZV2-MIB::netBotzV2TrapSensorID (OID)
2. s (type)
3. 'nbHawkEnc_1_TEMP1' (value)
We can continue to add sets of these three parameters to add as many other variable bindings to the trap as we want.

Note that the only difference between this event and the simple event is the addition of the netBotzV2TrapSensorID field. So now you see how Zenoss takes the name/value pairs that are the SNMP trap’s variable bindings and turns them into name/value pairs within the resulting event.

Mapping SNMP trap events

Now that we’re able to create SNMP traps anytime we want, it’s time to use the event mapping system to make them more useful. The most important field on an incoming event when it comes to mapping is the eventClassKey field. Fortunately for us, SNMP traps get that great eventClassKey set that gives us a big head start.

Map the event.
1. In the browser interface, navigate to Events.
2. Select the netBotzTempTooHigh event you just created.
3. Click the toolbar button that looks like a hierarchy. If you hover over it, the tooltip will say Reclassify an event.
4. Choose the /Environ event class then click SUBMIT.
  
  Now the next time a netBotzTempTooHigh trap is received it will be put into the /Environ event class instead of /Unknown.
Enrich the event.
1. Click the Go to new mapping link to navigate to the new mapping.
2. In the left navigation pane, click Edit.
3. Set Transform* to the following:
```
evt.component = getattr(evt, 'netBotzV2TrapSensorID', '')
```
  This will use the name of the sensor as described by the netBotzV2TrapSensorID variable binding as the event’s component field.

There are endless possibilities of what you could do within the transform for this event and others. This is just one practical example.