Hi Dan, Presuming the answer on your question is no, I ‘ll hope to have an answer on that from others. In the past it was NO, so we have a situation like you. Lot of elements behind NAT, but small locations to install SS or SDM locally. We use indeed trapexploder with a simple filter for every element in Spectrum. The filter is simple, translate the agent source in the trap pdu to the Ethernet source. Filter entries look like this. So twice the address you have in Spectrum. You do not need the original address.
filter * "207\.209\.133\.62$" * * * * nat 207.209.133.62
You do not have to manage them individual, just write a script, like below
which extract all primary addresses via CLI spectrum script, and creates, push
to trapexploder server, and restart. We use two exploders for redundancy
with the same config. I already have ran instance with more then 10000 lines,
Works like a sharm. Currently 4781 lines. We even add elements which are not
natted and send traps directly to Spectrum, it does not matter, because the PDU
has already the Ethernet source address. We run the script every night, or
manually when needed.
cat /etc/trapexploder.cf | wc
4781 42951 257618
I also have a log entry before and after the trapexploder translation, for
debug of incoming traps.
filter * * * * * * file /var/log/ehealth/trapsReceived2_beforeNAT.log
…
…
filter * * * * * * file /var/log/ehealth/trapsReceived2.log
Script
-sh-3.2$ cat export.sh
#! /bin/sh
#----------------------------------------------------------------------------------------------------------------------------------
# Script to export Spectrum devices directly into trapexploder format
#----------------------------------------------------------------------------------------------------------------------------------
#Standard connect procedure for CLI
if [ -z "$CLIPATH" ]
then
CLIPATH=/spectrum/vnmsh
export CLIPATH
fi
CLISESSID=$$
export CLISESSID
$CLIPATH/connect
#Bind dir to variable mydir
if [ -z "$MYDIR" ]
then
MYDIR=/data/orsns/specuser/SISTOOLS/TRAPEXPLODER/
export MYDIR
fi
#Wait 3 seconds, otherwise it goes too fast
sleep 3
if [ $? -ne 0 ]
then
echo "Error: could not connect. Exiting"
exit 0
fi
#Query the ModelHandler for each device
$CLIPATH/show devices | egrep -v MHandle | cut -c0-9 > $MYDIR/devices.list
#Create array of these ModelHandlers
devices=( `cat $MYDIR/devices.list | tr '\n' ' '`)
#Query attributes using the ModelHandler for each device
for (( i = 0 ; i<=${#devices[@]} ; i++ ))
do
#Query IP ADDRESS
$CLIPATH/show attributes -e attr=0x12d7f mh=${devices[$i]} | egrep -v Value |
cut -c68-100 >> $MYDIR/temporary.list
done
#Create array of IP-addresses
netaddr=( `cat $MYDIR/temporary.list | tr '\n' ' '`)
#Change syntax of file
for (( i = 0 ; i<=${#netaddr[@]} ; i++ ))
do
case ${netaddr[$i]} in
"10.63.194.2" | "10.63.194.104" | "10.63.194.117" | "10.63.194.118")
echo "${netaddr[$i]}" >> $MYDIR/tmp_trapex.ignored
;;
*)
echo "filter * \"${netaddr[$i]}\$\" * * * * nat ${netaddr[$i]}" >>
$MYDIR/tmp_trapex.temp
;;
esac
done
#Perform changes to syntax
sed -e 's/\./\\/' -e 's/\./\\/' -e 's/\./\\/' $MYDIR/tmp_trapex.temp >
$MYDIR/tmp2_trapex.temp
#Perform changes to syntax
sed -e 's/\\/\\./g' $MYDIR/tmp2_trapex.temp > $MYDIR/tmp3_trapex.temp
#Transform to trapexploder.cf file
sed '$d' $MYDIR/tmp3_trapex.temp | sort > $MYDIR/trapexploder.cf
#Add final lines to trapexploder.cf file
echo "" >> $MYDIR/trapexploder.cf #INSERT BLANK LINE
#Remove all temporary files
rm -f $MYDIR/tmp_trapex.temp
rm -f $MYDIR/tmp2_trapex.temp
rm -f $MYDIR/tmp3_trapex.temp
rm -f $MYDIR/temporary.list
rm -f $MYDIR/devices.list
rm -f $MYDIR/tmp_trapex.ignored
#Disconnect from CLI
$CLIPATH/disconnect
exit 1
-sh-3.2$
Then push it to the correct place, and restart trapexploder
Regards, Erwin
Met vriendelijke groeten, | Best regards, | Bien à vous,
De Munter Erwin - Дэ Мюнтер Эрвин
Business technologist Network & Operations Mngnt
* +32 253-67474
* +32 473-974699
[antenna] on4cgd - jo21if
* [email protected]<mailto:[email protected]>
Atealaan 34
B-2200 Herentals
http://www.atos.net<http://www.atos.net/>
From: White Dan [mailto:[email protected]]
Sent: zaterdag 3 december 2011 15:32
To: spectrum
Subject: [spectrum] Spectrum handling traps using IP header source address not
Trap PDU Agent address?
For incoming traps, can Spectrum (be configured to) use the source IP address
in the IP header, rather than the Agent Address inside the Trap's PDU, for
determining the source device for posting the event to the device’s model?
Context: large Spectrum about to be deployed in environment with all devices
beyond a static NAT layer which translates IP header source and dest IPs (but
not the Agent address inside trap PDU of course). There are overlapping IPs
between all the 100 or so customer networks beyond the NAT. We shall be
modelling all devices using their public (NAT'ted) addresses therefore. ( We
know to discover using seedlist etc not range autodiscovery). SNMP versions
in use for traps at the moment are 1 and 2c.
If answer to main question above is no, any thoughts on best solution?
TrapExploder with ‘nat’ action? (but will need an individual ‘filter….nat IP’
entry per every device that’s out there �C so 1000s of lines in the cf file to
maintain!)
*Sourceforge looperng?
**Ncomtech’s trapfwd?
Supplementary question: Does Spectrum handle SNMPv3 traps - InformRequests ?
Does anyone know?
We did some tests and it seems to ignore them…
Any input gratefully received!
Cheers
Dan.
*http://www.ncomtech.com/trapfwd.html
**http://sourceforge.net/projects/looper/files/looperng/2.0b1/
Dan White
Senior Consultant
Service Assurance
[Devoteam]
Tel. : +44 (0)20 7288 2822
[email protected]<mailto:[email protected]>
[http://www.devoteam.com/images/environment.gif]Please consider the environment
- do you really need to print this email ?
* --To unsubscribe from spectrum, send email to
[email protected]<mailto:[email protected]> with the body: unsubscribe spectrum
[email protected]<mailto:[email protected]>
---
To unsubscribe from spectrum, send email to [email protected] with the body:
unsubscribe spectrum [email protected]
<<inline: image001.png>>
<<inline: image002.gif>>
<<inline: image003.gif>>
<<inline: image004.jpg>>
![http://www.devoteam.com/images/environment.gif]Please](http://www.devoteam.com/images/environment.gif]Please){kind=link}