Dennis, The way to make Netcool work is usually: tuning the Netcool rules files. If you cannot do this, you're IMO massively busted in a Netcool environment.
The only easy option could be: have your router send traps from the IETF-BGP (or vendor-BGP) MIB state-change traps to Netcool directly, bypassing the Syslog server. I'd say: if sending traps directly from the router does not work for you: insist on tuning of the rules files, and indeed add a custom variable. I do not know why you cannot adapt the rules, but if this is because the BGP rules are used by other parties as well that are not to be "disturbed", you could alternatively consider making a fully cusomised trap, or even: some equipment provides means to send the SYSLOG message encapsulated in trap directly from the router (which would then need "syslog-in-snmp" rules separate from the native BGP rules). From a totally different perspective: on the Netcool server, you'll find a tool called "nco_postmsg". This allows to inject events directly into the Netcool database. Or else, on the GAT site, you'll find the "perl-omnibus" package setting libraries to connect and act upon the Omnibus database from within a perl script. This would mean than you'll need a script that can read the syslog files, extract BGP messages, does the event normalisation, and put events directly into Omnibus. Not necessarily recommended by IBM, and you may need to check license policies of IBM, but for low event loads it may work, Sufficient options, I guess, to not poke around anti-spoofing filters and security policies (that would consider spoofing as hostile to start with). This post should have been sent to the NetcoolUsers list BTW. ________________________________ From: Dennis Perisa [mailto:dennis.per...@gmail.com] Sent: 06 September 2010 12:04 To: net-snmp-users@lists.sourceforge.net Subject: SNMP v2 trap - how to spoof the source address? Hi folks, [I have had difficulty searching the mail archives so apologies if this has been answered previously] Consider the following: Routers send their syslog messages to a FreeBSD syslog server which runs a parsing script to detect BGP up/down events. On detection of such events, the script generates a BGP trap using Net-SNMP tools towards a Netcool probe. [Router]----syslog---->[syslog server]----trap---->[Netcool probe] Now the problem is that the trap contains the source address of the syslog server. However, the Netcool system needs to know the source of the original message (i.e. the router) for assurance purposes. We considered an SNMP v1 trap and setting the agent address to that of the router, but the BGP v1 MIB does not contain the required bgpPeerRemoteAddr varbind. So we must use v2 traps. We are also prevented from making changes to the Netcool rules file so adding custom varbinds is not an option. Is there a way to spoof the source address of an SNMP v2 trap with Net-SNMP? Regards Dennis **** DISCLAIMER **** http://www.belgacom.be/maildisclaimer
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
