on 06-19-2010 06:50 PM
Starting with the Embedded Event Manager (EEM) version 3.0, it is possible to generate a customized trap from an IOS device. This trap can either be an existing trap (e.g. one which the device already supports) or a completely new trap with a customized enterprise, trap Object Identifier (OID), and variable bindings (varbinds). Customized traps can be sent from both applet and Tcl policies. To determine if your device supports EEM 3.0, run the following command:
Router#show event manager version
The first line of the output is the EEM version. This must be 3.00 or higher.
To send a customized trap, one must first define the varbinds which will be included in the trap. All traps must have at least one varbind. Once the varbinds are defined, the trap can be sent by specifying the enterprise OID, trap OID, generic trap number, and specific trap number.
Understanding the Options
If you are not extremely familiar with the different attributes of an SNMP trap, the options required to build a trap may seem a bit daunting. Below is a quick reference to explain what the various options mean.
This example shows how to send a configuration change trap (ciscoConfigManEvent) from an EEM policy.
This policy uses the none event detector (ED) so it can be executed manually. The first thing to do is to declare a trap variable named vbinds. This name can be anything you want. The first varbind is ccmHistoryEventCommandSource which takes an integer value of 1. The 1 means that the command source was CLI.
The second varbind is ccmHistoryEventConfigSource which takes an integer value of 2. The 2 means that the configuration source is the command source (i.e. the CLI). Note how the vbinds variable is being reused. This is important. All of your varbinds must be assigned to the same trap variable.
The final varbind is ccmHistoryEventConfigDestination which takes an integer value of 3. The 3 means that the configuration destination is the running config.
Notice that all of the SNMP OIDs end in ".1". This trailing .1 is the instance of the objects. This instance number is defined by the object ccmHistoryEventIndex, and it must be an integer between 1 and 2147483647.
event manager applet send-cfg-change
event none
action 1.0 info type snmp var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.3.1 int 1
action 2.0 info type snmp var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.4.1 int 2
action 3.0 info type snmp var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.5.1 int 3
action 4.0 info type snmp trap enterprise-oid 1.3.6.1.4.1.9.9.43.2 generic-trapnum 6 specific-trapnum 1 trap-oid 1.3.6.1.4.1.9.9.43.2.0.1 trap-var vbinds
Execute this policy with the following command:
Router#event manager run send-cfg-change
::cisco::eem::event_register_none
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.3.1 int 1
sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.4.1 int 2
sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.5.1 int 3
sys_reqinfo_snmp_trap enterprise_oid 1.3.6.1.4.1.9.9.43.2 generic_trapnum 6 specific_trapnum 1 trap_oid 1.3.6.1.4.1.9.9.43.2.0.1 trap_var vbinds
Assuming this script was registered as send_cfg_change.tcl, it can be exected with the following command:
Router#event manager run send_cfg_change.tcl
In addition to sending a trap which is alrady been defined by a MIB supported by the device, you can send a trap with any enterprise, trap OID, and varbinds you like. For example, assume we want to send a trap with the enterprise 1.3.6.1.4.1.33333.1 and trap OID 1.3.6.1.4.1.33333.1.0.1. This trap will have two string varbinds. Since this is a completely customized trap, these varbinds can contain any values, and they can have any OIDs.
Since this an enterprise-specific trap, the generic trap number must be 6. The specific trap number will be 1 in this case, but it can be any value you like.
event manager applet send-custom-trap
event none
action 1.0
action 1.0 info type snmp var vbinds oid 1.3.6.1.4.1.33333.2.0 string "send-custom-trap"
action 2.0 info type snmp var vbinds oid 1.3.6.1.4.1.33333.3.0 string "This is a custom trap"
action 3.0 info type snmp trap enterprise-oid 1.3.6.1.4.1.33333.1 generic-trapnum 6 specific-trapnum 1 trap-oid 1.3.6.1.4.1.9.33333.1.0.1 trap-var vbinds
Execute this policy with the following command:
Router#event manager run send-custom-trap
::cisco::eem::event_register_none
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.33333.2.0 string "send_custom_trap.tcl"
sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.33333.3.0 string "This is a custom trap"
sys_reqinfo_snmp_trap enterprise_oid 1.3.6.1.4.1.33333.1 generic_trapnum 6 specific_trapnum 1 trap_oid 1.3.6.1.4.1.33333.1.0.1 trap_var vbinds
Assuming this script was registered as send_custom_trap.tcl, it can be exected with the following command:
Router#event manager run send_custom_trap.tcl
While you can reuse the same trap variable name in multiple EEM policies, you cannot reassign the value of a varbind within a trap variable. If you need change a varbind value in a given policy, you will need to create a new trap variable.
Hello Joseph,
I need some help out here..
Here is my config on my Nexus 7k
snmp-server enable traps event-manager
event manager applet P2P_Link_Failure
snmp-server enable traps event-manager
event syslog pattern "Neighbor 10.45.255.133 (Vlan777) is down"
action 1.0 snmp-trap strdata "Neighbor 10.45.255.133 (Vlan777) is down"
action 1.1 syslog priority Emergency msg "P2P Link Failure"
The trouble I have is in snmp-traps.. What kind of MIB should be enabled on the SNMP server to receive the traps..?
Since this is a customized one, do we have to define our own MIB values in the command..Please help
In the future, these questions should be asked in the discussion section of this community.
The MIB used by EEM is the CISCO-EMBEDDED-EVENT-MGR-MIB. It can be downloaded from ftp://ftp.cisco.com/pub/mibs/v2 .
Nice, thanks, how to correctly add custom SNMP trap for these TCL scripts ( i guess only need to add to tm script, as it is the one that disables interfaces):
"Inactive ports were DISABLED!"
TCL Scripts that you created:
tm_suspend_ports.tcl
sl_suspend_ports.tcl
Basically tm script will disable switchports that are inactive for 3 weeks, and when that happens I need it to generate Syslog msg and SNMP so that I see this notification in Zabbix.
Thanks!
Wanted to attach those script files but there is no option to upload file, just photo and/or video.
Basically for SNMP monitoring, added this after namespace:
sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.33333.2.0 string "Inactive ports were DISABLED!"
sys_reqinfo_snmp_trap enterprise_oid 1.3.6.1.4.1.33333.1 generic_trapnum 6 specific_trapnum 1 trap_oid 1.3.6.1.4.1.33333.1.0.1 trap_var vbinds
and looks like it did not work. Perhaps needed to configure snmp-server enable ... event manager , did that now, will see.
Regarding syslog, added also after namespace configuration like this:
action_syslog priority info msg "Inactive ports were DISABLED!"
It worked, but clock time was off, perhaps this must be added after this line:
set now [clock seconds]
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: