3

I'm trying to understand the format of SNMP traps. I'm porting a piece of code from windows to linux that sends SNMP traps. The windows code uses a built in library ( some functions include SnmpStartup, SnmpSetRetransmitMode. Might be called WinSNMP ), so there is no way to keep that code when porting to Linux.

I found a nice library called SNMP++ that has the ability to send SNMP traps easily.

From my understanding, the first two variable binding (vb) fields of an SNMP trap must meet a specific format. The first vb is the sysuptime (basically, the timestamp of the trap), and it has the well known OID of 1.3.6.1.2.1.1.3.0.

The second vb is the ID of the trap. I can't find any documentation on it anywhere, but SNMP++ gives the ID of the trap an OID of 1.3.6.1.6.3.1.1.4.1.0 (it's value is the OID of the trap we are sending). It gets set using pdu.set_notify_id function.

Is this another well known OID that must be present when sending a Trap? The windows library doesn't use this OID at all. It sets the OID of the ID field to the OID that we are sending, so the OID and its value are set to the same thing. It looks like it is being done manually though, so the format might not have been well understood by the original coder.

So, which of these is correct?

windows:
1.3.6.1.4.1.XXXX.2.1.51 -> 1.3.6.1.4.1.XXXX.2.1.51

SNMP++:
1.3.6.1.6.3.1.1.4.1.0 -> 1.3.6.1.4.1.XXXX.2.1.51

And why can't I find any documentation on this 1.3.6.1.6.3.1.1.4.1.0 value? It doesn't seem to be in any RFCs that I've read. Googling that OID gives results, but they don't explain its use.

Jolta
  • 2,620
  • 1
  • 29
  • 42
Brian Schlenker
  • 4,966
  • 6
  • 31
  • 44

2 Answers2

3

For any SNMP questions, please start from IETF SNMP RFC documents. Clearly TRAP v2 must have the two objects, as described on page 22 of RFC 3416,

https://www.rfc-editor.org/rfc/rfc3416#page-22

I can only say if WinSNMP does not follow the convention, it is not standard compliant, and should be fixed by Microsoft.

Mark Amery
  • 143,130
  • 81
  • 406
  • 459
Lex Li
  • 60,503
  • 9
  • 116
  • 147
  • So I guess I can assume snmpTrapOID.0 corresponds to 1.3.6.1.6.3.1.1.4.1.0. The RFC you linked talks about snmpTrapOID.0 but never says what it's value is. – Brian Schlenker Dec 16 '13 at 16:42
  • Clearly RFC3416 refers to RFC3418. `snmpTrapOID` is defined in RFC3418. – Lex Li Dec 16 '13 at 20:44
-1
/**
 * TrapType defines the type of SNMPv2/SNMPv3 trap,
 * this is defined in the SNMPv2-MIB as snmpTrapOID.0
 * (.1.3.6.1.6.3.1.1.4.1.0) with an OID value of one
 *  of the following
 */
public static final String SNMP_TRAP_OID = "1.3.6.1.6.3.1.1.4.1.0";

/** coldStart OID */
public static final String COLDSTART_OID = "1.3.6.1.6.3.1.1.5.1";

/** warmStart OID */
public static final String WARMSTART_OID = "1.3.6.1.6.3.1.1.5.2";

/** linkDown OID */
public static final String LINKDOWN_OID = "1.3.6.1.6.3.1.1.5.3";

/** linkUp OID */
public static final String LINKUP_OID = "1.3.6.1.6.3.1.1.5.4"

http://www.netwatcher.jp/snmp/snmp_err_oid.html

phs
  • 10,687
  • 4
  • 58
  • 84
user4052120
  • 1
  • 1
    This code may answer the question, but it would be more useful if you added comments or some explanation to give it context. If the link contains the explanation, you should summarize the linked content in your answer in case the link destination changes or becomes unreachable. – skrrgwasme Sep 17 '14 at 21:39