SNMP Quick Start Guide - SevOne NMS 5.7

SevOne Documentation

All SevOne user documentation is available online from the SevOne Support customer portal.

All right, title, and interest in and to the software and documentation are and shall remain the exclusive property of SevOne and its respective licensors. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of SevOne.

In no event shall SevOne, its suppliers, nor its licensors be liable for any damages, whether arising in tort, contract, or any other legal theory even if SevOne has been advised of the possibility of such damages, and SevOne disclaims all warranties, conditions, or other terms, express or implied, statutory or otherwise, on software and documentation furnished hereunder including without limitation the warranties of design, merchantability, or fitness for a particular purpose, and noninfringement.

All SevOne marks identified or used on the SevOne website, as updated by SevOne from time to time, may be, or are, registered with the U.S. Patent and Trademark Office and may be registered or pending registration in other countries. All other trademarks or registered trademarks contained and/or mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective companies.

Introduction

SNMP, or Simple Network Monitoring Protocol, is an application layer protocol used for monitoring devices on a network. It facilitates the monitoring of such devices as servers, routers, switches, workstations, and printers, to name a few. It's used for reporting statistics on packet loss, bandwidth, CPU usage, disk space, memory usage, and many more factors that affect network performance. It's used on networks of all shapes and sizes and supported by pretty much all operating systems. What's more, SNMP is vendor-neutral, so you can use it just about anywhere.

In this document, we'll explore the following SNMP topics.mi

SNMP settings at the cluster level and the device level
SNMP object types, indicator types, and object subtypes
OIDs and MIBs
Device types
SNMP walks
SNMP traps

Prerequisites

There are a couple of things you'll need to have ready before starting. First, you''ll need to make sure your target devices can send SNMP data to SevOne NMS. You'll also want to have some information handy. The following subsections will help you prepare for configuring SNMP in SevOne NMS.

Enable Devices to Send SNMP Data to SevOne NMS

You'll need to enable your devices to allow SevOne NMS to use the version-specific SNMP commands listed below during device discovery. The steps for enabling devices to send SNMP data can vary from one device to another, and you may need to refer to your device manufacturer's documentation for specific instructions on enabling SNMP.

As an example, the following commands can be used to enable a Cisco router to send SNMP data.

router(config)# snmp-server community <YourReadCommunityStringHere> ro
router(config)# snmp-server community <YourWriteCommunityStringHere> rw
router(config)# snmp-server location <Your location here>
router(config)# snmp-server contact <yourAdmin@yourServer.com>

Enter the following command to verify the operation.

router(config)# show snmp

SNMP Commands

SNMP Version 1

snmpget operation: SNMP_MSG_GET
snmpset operation: SNMP_MSG_SET
snmpwalk operation: SNMP_MSG_GETNEXT

SNMP Version 2c

snmpget operation: SNMP_MSG_GET
snmpset operation: SNMP_MSG_SET
snmpwalk operation: SNMP_MSG_GETBULK
- non repeaters: 0
- max repetitions: 20

SNMP Version 3

snmpget operation: SNMP_MSG_GET
snmpset operation: SNMP_MSG_SET
snmpwalk operation: SNMP_MSG_GETBULK
- non repeaters: 0
- max repetitions: 20

SNMP Timeouts

When a timeout happens, polling for the indicator stops and no data for the indicator is inserted into the database. Due to this, there will be a gap in the reports as no database operation happens during the timeout. There are 5 retries allowed to poll for the indicator.

Timeout: 1 second
Retries: 5

Things You'll Need to Know

Make sure to have the following bits of information handy before we configure SNMP in SevOne NMS.

Port number. Which port should SevOne NMS use to poll SNMP data? The default port is 161.
SNMP version. You'll need to know which version of SNMP your device uses. There are currently three versions–1, 2c, and 3.
Read community string (SNMP versions 1 and 2c). This is pretty much like a password. When SevOne NMS sends get-requests to a device, it uses the read community string for authentication purposes. Community strings are used in SNMP versions 1 and 2c. Version 3, on the other hand, uses a user name/password combination and, optionally, an encryption key.
Write community string (SNMP versions 1 and 2c). This is similar to the concept of a read community string. In this case, however, the write community string acts as a password when set-requests are sent. Although this is defined for the SNMP plugin, it's actually used by other plugins, such as IP SLA and Proxy Ping, which use SNMP set commands to create the tests that these plugins measure.
User name and password (SNMP version 3). You'll need to have a user name and password for authentication purposes if you use SNMP version 3.
Authentication type (SNMP version 3). This is optional. If you decide to use authentication, you can choose from MD5 or SHA.
Encryption type (SNMP version 3). This is optional, too. If you selected either MD5 or SHA as your authentication type, you can choose to use either AES or DES encryption.
Encryption key (SNMP version 3). If you're using AES or DES encryption, you'll need to have an encryption key.

Configuration Steps

Cluster-level Settings

When you specify settings cluster-wide, SevOne NMS applies those to your SNMP-enabled devices as a rule. If you want to apply specific settings for some of your devices, but not all, you can easily edit SNMP settings at the device level, which we'll talk about next.

Perform the following steps to configure cluster-level settings using the Cluster Manager.

From the navigation bar, click Administration and select Cluster Manager.
Select the Cluster Settings tab.
On the left, select the SNMP subtab.
Select the Strictly Support RFC 2233 check box to enforce strict support of RFC 2233. Selecting this option means two things. First, interfaces under 20 Mbps won't support 64-bit counters when 32-bit counters are available. Second, interfaces over 20 Mbps won't support 32-bit counters when 64-bit counters are available.

Certain combinations of Strictly Support RFC 2233 and Prefer 64-bit (mentioned below) can result in data loss.
Select the SNMP Version Lock check box to use the version of SNMP that you specify. This keeps SevOne NMS from trying to determine the proper version if the version you specified fails.
Select the Discover Max PDUs for Devices check box to attempt to discover the maximum data packet size allowed by devices.

SNMP Protocol Data Unit, or SNMP PDU, data types are complex and specific to SNMP. The PDU field contains the body of an SNMP message. SevOne NMS uses two PDU types, GetRequest and SetRequest, which hold the necessary data to get and set parameters .
Click the Counter Preference drop-down and select one of the following options. This setting defines how SNMP discovery determines which counter type (32-bit or 64-bit) to choose. If you select the Strictly Support RFC 2233 check box, this setting doesn't apply to in and out utilization for interfaces.

Certain combinations of Strictly Support RFC 2233 and Prefer 64-bit can result in data loss.
- Allow Both - use both 64-bit and 32-bit counters for an object.
- Prefer 64-bit - prevent interfaces under 20 Mbps from supporting 64-bit counters when 32-bit counters are available, and prevent interfaces over 20 Mbps from supporting 32-bit counters when 64-bit counters are available.
- Prefer 32-bit - use 32-bit counters.
The Synchronization Objects section lets you specify whether to poll objects that are administratively or operationally down. You can override these settings on a per-object basis using the Object Manager. Perform the following actions.

The OIDs that specify the administrative and operational status of an object are part of the object type definition.
1. Select the Administrative State check box if you want to hide and not poll objects that are administratively down. Leave this check box clear to poll administratively down objects.
2. Select the Operational State check box if you want to hide and not poll objects that are operationally down. Leave this check box clear to poll operationally down objects.
The Default Community Strings section displays the SNMP community strings. These fields enable you to define the read only strings and the read/write strings to use during discovery.

The field on the left, Read Community Strings, displays the list of read only strings in sequence of precedence. The field on the right, Write Community Strings, displays read/write strings in sequence of precedence. When SevOne NMS discovers a device and attempts to poll SNMP data, the first string in the list is tested. If that string fails, the subsequent strings are tested, in sequence, until a string is successful. The successful community string appears on the Edit Device page for the device.
Perform the following actions to add community strings.
1. In the Read Community Strings field and the Write Community Strings field, click Add to display a text field.
2. Enter the community string in the text field.
3. Click Update.
4. To move the string to a different position in the list, hover over the string and use the up or down arrow under Actions.
Click Save.

Device-level Settings

When you add a new device to SevOne NMS, the SNMP plugin is automatically enabled. This means that SevOne NMS can discover and monitor SNMP indicators for object types as long as you haven't disabled those object types. You can use the Edit Device page under the Device Manager to disable/enable and configure the SNMP plugin for each device.

Perform the following steps to configure the SNMP plugin for a device.

From the navigation bar, click Devices and select Device Manager.
Select a device and click to display the Edit Device page.
The plugin section appears in the lower half of the page. It's set to SNMP by default.
Select the SNMP Capable check box to enable discovery of SNMP object types and to poll SNMP data on the device. To disable SNMP for this device, clear the check box.
Click the Version drop-down and select an SNMP version. If the version you select isn't compatible with the device, SevOne NMS will try a lower SNMP version (unless you select the Lock Version check box in the next step).
Select the Lock Version check box to use the SNMP version that you specified in the previous step. This keeps SevOne NMS from trying to determine the proper version if the version you specified fails.
In the SNMP Port field, enter the port number on the device for SevOne NMS to poll SNMP data. The default port number is 161.
If you selected version 1 or version 2c above, perform the following actions. Otherwise, skip ahead to the next step.
1. Leave the Read Community String field empty to use the Cluster Manager entry. If you want to use something different than the one provided in the Cluster Manager, enter the read only community string that SevOne NMS needs to authenticate onto the device.
2. Leave the Write Community String field empty to use the Cluster Manager entry. If you want to use something different than the one provided in the Cluster Manager, enter the read/write community string that SevOne NMS needs to authenticate onto the device.
  
  If you plan to use the Proxy Ping plugin or the IP SLA plugin, you'll need to add the read/write community string. SevOne NMS uses SNMP SET commands with both of these plugins.
If you selected version 3 above, perform the following actions. If you selected version 1 or version 2c, disregard this step and continue to the next step.
1. In the Username field, enter the user name that SevOne NMS needs to authenticate onto the device.
2. In the Password field, enter the password that SevOne NMS needs to authenticate onto the device.
3. Click the Authentication Type drop-down and select one of the following options.
  - NONE (usmNoAuthProtocol) - don't use an authentication method to send or receive messages.
  - MD5 (usmHMACMD5AuthProtocol) - use the MD5 authentication protocol for messages.
  - SHA (usmHMACSHAAuthProtocol) - use the SHA authentication protocol for messages.
4. If you selected NONE for Authentication Type, stop here and move on to the next step (Test OID). Otherwise, if you selected MD5 or SHA, click the Encryption Type drop-down and select one of the following options.
  - NONE - don't use encryption.
  - AES - use the Advanced Encryption Standard encryption method.
  - DES - use the Data Encryption Standard encryption method.
5. In the Encryption Key field, enter the localized key that the authentication protocol on the device requires to authenticate messages. This applies if you selected AES or DES for Encryption Type.
In the Test OID field, enter the OID to use for verifying the SNMP settings. The default is .1.3.6.1.2.1.1.1.0, which is the value for sysDescr.0.
In the Query Delay field, enter the number of seconds to wait after each SNMP command or query during discovery and polling.

The SNMP plugin issues a series of SNMP queries to discover and poll objects on the device. Some devices can't handle the frequency at which SevOne NMS issues these queries. This option enables you to slow down the query frequency. You should consider this setting based on the number of SNMP objects for the device. For example, if you set the query delay to 20 seconds for a device with a few objects, discovery might be pretty quick. However, if you set the query delay to 20 seconds for a device with hundreds of objects, discovery could take weeks.
In the Query Delay (on failure) field, enter the number of seconds to wait after a failure of an SNMP command or query. Occasionally an SNMP query will fail during SNMP discovery and polling. This field lets you specify how long the SNMP plugin should wait before issuing the next query.
Clicking the Test this device's saved settings link brings up the SNMP Walk page, where you can perform an SNMP walk. We'll talk about SNMP walks a little later.
Click the Synchronize Interface Administrative Status drop-down and choose one of the following options.
- Auto - use the setting from the Cluster Manager.
- On - disable and hide administratively down interfaces, and enable and show administratively up interfaces.
- Off - poll all interfaces by default.
To the right, click the Synchronize Interface Operational Status drop-down and select one of the following options.
- Auto - use the setting from the Cluster Manager.
- On - disable and hide operationally down interfaces, and enable and show operationally up interfaces.
- Off - poll all interfaces by default.
Click the Strict RFC 2233 Support drop-down and select one of the following options.
- Auto - use the setting from the Cluster Manager.
- No - don't use strict RFC 2233 Support.
- Yes - prevent interfaces under 20 Mbps from supporting 64-bit counters when 32-bit counters are available, and prevent interfaces over 20 Mbps from supporting 32-bit counters when 64-bit counters are available.
Click the Prefer 64-bit Counters drop-down and select one of the following options.
- Auto - use the setting from the Cluster Manager.
- Allow Both - use both 64-bit and 32-bit counters for an object.
- Prefer 64-bit - prevent interfaces under 20 Mbps from supporting 64-bit counters when 32-bit counters are available, and prevent interfaces over 20 Mbps from supporting 32-bit counters when 64-bit counters are available.
- Prefer 32-bit - use 32-bit counters.
Certain combinations of Strictly Support RFC 2233 and Prefer 64-bit can result in data loss.
Select the IP/Interface Correlation check box to walk the ipAdEntAddr-like entries for IP address information. Some SNMP agents don't support this. Also, some devices have quite a lot of IP addresses, and this can substantially increase discovery time. This information helps monitor flow technologies but it's not required.
Click the Trap Destination Discovery drop-down and select one of the following options.
- Auto - use the setting from the Cluster Manager.
- Off - disable the discovery of trap destinations for the device.
- On - enable the discovery of trap destinations for the device.
Some SNMP agents don't support this and might have issues. Some devices have many destinations, and this can increase discovery time. We'll talk more about trap destinations a little later.
To the right, you'll see the View Device Trap Des tination Associations link. By clicking on it, you can see the trap destinations available for the device on the Trap Destination Associations page. We'll talk about SNMP traps a little later.
Click the Max PDU Discovery drop- down and select one of the following options.
- Auto - use the setting from the Cluster Manager.
- Off - limit the number of PDUs to find on the device. If you select Off, the Max PDU field will appear. Enter the maximum number of PDUs to discover on the device.
- On - attempt to discover the maximum size of PDUs allowed for this device.
Click the SNMP Walk Max Repetitions drop-down to choose either Default or Manual. If you choose the Manual option, Max Repetitions field becomes available which allows you to specify the maximum number of iterations over the repeating variables. Max Repetitions must be a positive integer between 1 and 30.
In the bottom left corner of the page, click Save before continuing.
Click Edit Indicator Types to Monitor to display the Indicator Type Map page. On this page, you can enable and disable the SNMP indicator types to poll on the device. The legend at the top of the page provides information about the status of the indicators.
Select the check box for each individual indicator to attempt to poll on the device.
At the top of the page, click Save Changes.
If you want to return to the previous page, click Device Editor at the top of the page.

Manage SNMP Object Types

In this section, we'll look at the Object Types page, where you can manage SNMP object types and indicator types. SevOne NMS provides a starter set object types for the SNMP plugin to poll, and SNMP object types are enabled by default. On the Object Rules page, you can define rules to disable the polling of objects. Use Object Manager to manage the objects on each device.

Perform the following steps to add and edit object types.

From the navigation bar, click Administration and select Monitoring Configuration, then Object Types.
The Filter drop-down is set to SNMP Poller by default. In the Object Types hierarchy on the left, you'll see the object types that the SNMP plugin can poll.
Click Add to display the Add SNMP Object Type pop-up. To edit an existing object type, select the object type and click under Actions.

Most of the fields in the pop-up are greyed-out. By selecting the check boxes next to these fields, you can override the inherited values and specify your preferred values
In the Name field, enter the object type name.
Next to Indexed By, click to display the SNMP OID Browser. Perform the following actions.
1. Navigate the OID tree hierarchy to select an index OID.
2. On the right side of the page, click Select OID.
Select the Reverse Engineer check box if you want instances of this object type to be uniquely identified by evaluating the OID of the SNMP object from the Indexed By field. If you don't select the check box, the instances of the object type will be identified by its value instead. You should leave this check box selected for most object types. The index values encoded within the OID are evaluated based on the configuration of the Index Keys field (next step).
The Index Keys fields let you select the index keys to determine how to treat the remaining octets after the index. In the Possible Values field, select index keys to assign to the object type. Then click to move the selected keys to the Index Keys field. Index keys in the Index Keys field display in the order listed. Use the up and down arrows to change their order.
The following are possible values.
- Integer - a single number indicating that there's a constant amount of numbers following each OID.
- String - a string prefixed with the string length. This typically appears with double quotes.
- String (implied) - a string with no length information. This must only occur as the last index value.
- Variable - a variable amount of numbers prefixed with the amount of items. This is typically used for IPv4 versus IPv6 indexes.
- Variable (implied) - a variable amount of numbers but with no length information. This must occur as the last index value. This can be used to "eat up" the remainder of the index.
Next to Name Expression, click to display the SNMP OID Browser. Perform the following actions.
1. Navigate the OID tree hierarchy to select an OID that results in a unique name for all objects on a device.
2. On the right side of the page, click Select OID.
Next to Description Expression, click to display the SNMP OID Browser. Perform the following actions.
1. Navigate the OID tree hierarchy to select an OID to add additional information about the object type.
2. On the right side of the page, click Select OID.
Next to Subtype, click to display the SNMP OID Browser. Perform the following actions.
1. Navigate the OID tree hierarchy to select an OID to define a subtype for the object type.
2. On the right side of the page, click Select OID.
This is used for thresholds and reports and can generate the following variables:
- - [TYPE]: The numerical value of the subtype.
- - [TYPE]: The name of the subtype.
- - [TYPE]: The description of the subtype.
Next to Assert, click to display the SNMP OID Browser. Perform the following actions.
1. Navigate the OID tree hierarchy to select an OID to use in the assert expression that generates a list of individual object indexes.
2. On the right side of the page, click Select OID.
This is skipped if the object doesn't pass the assert expression. In that case, no variables are generated. For example, to match only Ethernet interfaces and ignore everything else, enter the following statement:

ifType == 6

This separates memory from disks in the Host Resources MIB. Both use hrStorageIndex, but each has a different value for hrStorageType. You shouldn't modify the default Interface definition.
Next to Last-change OID, click to display the SNMP OID Browser. Perform the following actions.
1. Navigate the OID tree hierarchy to select an OID that the SNMP plugin can use to determine whether a change was made to the object type since it was last polled. If the object type has changed, the SNMP plugin will invalidate the current data.
2. On the right side of the page, click Select OID.
Next to Admin-status, click to display the SNMP OID Browser. Perform the following actions.

The Admin-status and Oper-status values define the values that will be used for the Synchronize Objects settings configured in Cluster Settings.
1. Navigate the OID tree hierarchy to select an OID for the SNMP plugin to use to determine the administrative status of the object.
2. On the right side of the page, click Select OID.
Next to Oper-status, click to display the SNMP OID Browser. Perform the following actions.
1. Navigate the OID tree hierarchy to select an OID for the SNMP plugin to use to determine the operational status of the object.
2. On the right side of the page, click Select OID.
In the Variable field, enter the variables, expressions, and operators that you want the SNMP plugin to evaluate first for use with the other fields.
Select the check box for the Note field to enable it for editing. Enter any additional information you would like to include.
Click Edit Subtypes to display the Object Subtype Manager, where you can manage the object subtypes. We'll take a closer look at the Object Subtype Manager in just a bit.
Click Save.

Manage SNMP Indicator Types

In this section, we'll walk through the steps for adding (and editing) indicator types. Every indicator of an object needs an indicator type. SevOne NMS plugins–such as SNMP – use indicator types to collect data from indicators on the objects that you monitor. There are two categories of indicator types : atomic and synthetic. Atomic indicator types are measured directly by plugins. Synthetic indicator types , on the other hand, calculate values based on the values resulting from other indicator types .

SNMP Atomic Indicator Types

Perform the following steps on the Object Types page to add and edit SNMP atomic indicator types.

In the Object Types hierarchy on the left, select the object type that you would like to create an indicator type for.
On the right side of the page, under Indicator Types, click Add Atomic Indicator Type to display th e Add SNMP Indicator Type pop-up . To edit an existing indicator type , select the indicator type and click under Actions .
In the Indicator Name field, enter the name of the indicator type.

We recommend using the name of the OBJECT-TYPE definition from the MIB where this indicator is defined.
In the Description field, enter the name to display.

You'll see the indicator description displayed in reports and elsewhere in the UI. Keep this in mind when creating the indicator description. For example, when you look at an object's indicators, you'll notice that they're listed based on the first word of their description. If you have the two indicators Queued Bytes and Tr ansmitted Bytes, they won't appear together. However, if you use the descriptions Bytes Queued and Bytes Transmitted, the indicators will appear in close proximity to each other.
In the Indexed By field, you'll see the OID that you defined for the object type. This field can't be edited.
For certain 64-bit OIDs, you can click the OID (high bits) to display the SNMP OID Browser, where you'll select an OID to describe the top 32 bits on the OID. Otherwise, this field will be greyed-out.
OID High Bits - SNMP version 1 specifications allow for-32 bit, unsigned integer counters. A 32-bit counter increments up to around four billion, then wraps back to zero, and continues. SNMP version 2 introduced 64-bit unsigned integer counters, which can count much higher. 64-bit counters are far more powerful and accurate than 32-bit counters. Manufacturers had two options to incorporate 64-bit counters:
- Create a new 64-bit OID to represent the same thing as the 32-bit version.
- Create a second 32-bit OID that represents the high bits of the 64-bit version.
Next to OID, click to display the SNMP OID Browser. Perform the following actions.
1. Navigate the OID tree hierarchy to select an OID to describe the object type expression.
2. On the right side of the page, click Select OID.
Click the Indicator Type drop-down and select one of the following options:
- GAUGE - for indicators that have specific values when polled.
- COUNTER32 - for 32-bit indicators that continue to increment. If you select this option, you can select the Has Precalculated Deltas check box to total the delta/differences between polls. This provides the ability to graph things like the number of errors in a day, for example.
- COUNTER64 - for 64-bit indicators that continue to increment. If you select this option, you can select the Has Precalculated Deltas check box.
Click the Measured As drop-down and select a data unit.
Click the Display As drop-down and select a display unit.
Next to Max Value Expression, click to display the SNMP OID Browser. Perform the following actions.

When an indicator is reported as a percentage, this value is used to determine utilization percentages. If utilization values don't look right, make sure to double-check your input here.
1. Navigate the OID tree hierarchy to select an OID to be the maximum value for the indicator type.
2. On the right side of the page, click Select OID.
Click the Measured As drop-down and select a data unit.
Select the Default allowed for new devices check box to have the plugin poll this indicator type by default when the object type is enabled and when the plugin for a device is enabled.
In the Note field, enter any additional information you would like to include.
Click Save As New.

SNMP Synthetic Indicator Types

Using synthetic indicator types, you can create your own key performance indicators (KPIs) even when those KPIs–such as Percent Usage, Percent Loss, Percent Error, and Percent Idle–don't exist on a device. For example, let's say that you want to monitor voice gateways to find out which primary rate interface (PRI) is getting the most usage. Typical poll metrics can tell you the busy status of individual bearer channels, or B channels, but they can't tell you the sum of the statuses for all the B channels. This makes it difficult to find out the total usage of a particular PRI.

In SevOne NMS, you can create a single indicator type that tells you what percentage of a PRI is being used.

First, we need the following:

An existing indicator type that tells us how many busy B channels there are for a given PRI. Let's call this BChannelsBusy.
The total number of B channels for our PRI. That number is 23.

Using this information, we can create a synthetic indicator type with an expression to perform the following calculation:

(BChannelsBusy*23)/100

Now we have a new indicator type–a synthetic indicator type–that tells us what percentage of the PRI is being used. There's no need to look up the number of busy B channels and perform calculations manually.

Since synthetic indicator types are based on existing indicator types–either synthetic or atomic–there must already be at least one existing indicator type in order for you to create a new synthetic indicator type.

Perform the following steps on the Object Types page to add and edit SNMP synthetic indicator types.

If you're not already on the Object Types page, go there.
In the Object Types hierarchy on the left, c lick on an object type to display its indicator types on the right. If the object type doesn't have any indicator types, the Add Synthetic Indicator Type button won't appear.
Click Add Synthetic Indicator Type to display the Add Synthetic Indicator Type pop-up. To edit an existing synthetic indicator type, select the indicator type and click under Actions.
In the Indicator Name field, enter the name of the synthetic indicator type.
In the Description field, enter the name to display.
The Synthetic Indicator Expression field is where you define the calculation. Perform the following actions to create the expression for this field.

A red border around the Synthetic Indicator Expression field indicates that your calculation is invalid. This also means that your graph results will be incorrect.
1. In the Available Source Indicators field on the right, select an indicator type to use in the expression. Drag and drop it into the Synthetic Indicator Expression field.
  
  The Available Source Indicators field contains the indicator types for the object type that you selected a few steps ago.
2. Next, enter the applicable operators to formulate your calculation in the Synthetic Indicator Expression field. For a list of available operators, see Acceptable Operators below.
3. Drag any additional indicator types from the Available Source Indicators field and enter additional mathematical symbols to complete the expression in the Synthetic Indicator Expression field.
The Maximum Value Expression field lets you define a maximum value calculation for the indicator type. Perform the following actions to create the expression for this field.
1. In the Available Source Indicators field on the right, select an indicator type to use in the expression. Drag and drop it into the Maximum Value Expression field.
2. Next, enter the applicable operators to formulate your calculation in the Maximum Value Expression field. For a list of available operators, see Acceptable Operators below.
3. Drag any additional indicator types from the Available Source Indicators field and enter additional mathematical symbols to complete the expression in the Maximum Value Expression field.
Click the Measure As drop-down and select a data unit.
Click the Display As drop-down and select a display unit.
Select the Default allowed for new devices check box to have the plugin poll this indicator type by default when the object type is enabled and when the plugin for a device is enabled.
In the Note field, enter any additional information you would like to include.
Click Save As New.

Acceptable Operators

Your expression formula can include the following characters:

+ add
- subtract
* multiply
/ divide
&& logical AND
|| logical OR
<= less than or equal to
>= greater than or equal to
! not equal to
== equal to
> greater than
< less than
^ raise x to the power of y
% modulus
?: if...then...else
isnan is Not a Number. This evaluates to 1 if the value is not a number. Otherwise, it evaluates to 0.
isValid is valid. This evaluates to 1 if the value has been discovered and is not isnan. Otherwise, it evaluates to 0.
useIfValid use if valid. This evaluates to the value if it has been discovered and is not isnan. It evaluates to the second argument otherwise.

If your calculation results in either of the following invalid values, there will be a gap in your graph:

Not a Number (NAN)
Infinity (+/-INF).

The following describes how SevOne NMS attempts to prevent invalid values. These are listed in the order that they're processed.

Zero divided by zero results in NAN.
Any positive value divided by zero results in +INF.
Any negative value divided by zero results in -INF.
Zero multiplied by +/-INF results in NAN.
Any value added to, subtracted from, multiplied by, divided by, or divided from NAN results in NAN.
Any value compared to NAN (<, <=, ==, >=, >) results in 0. NAN != NAN.
Any value compared to +INF is less than +INF, except that +INF == +INF
Any value compared to -INF is greater than -INF, except that -INF == -INF
Any value added to or subtracted from +INF results in +INF
Any positive value multiplied by +/-INF results in +/-INF
Any value divided by +/-INF results in 0

Manage SNMP Object Subtypes

With SevOne NMS, you can manage the object subtypes that group the objects you want the SNMP plugin to poll. You can access the Object Subtype Manager from the Object Types page when you add or edit an object type. You can also access it from the navigation bar.

Perform the following steps to manage SNMP object subtypes using the Object Subtype Manager.

From the navigation bar, click Administration and select Monitoring Configuration, then Object Subtype Manager.
The Plugin drop-down is set to SNMP Poller by default.
Click the Object Type drop-down and select an object type to display its object subtypes in the list.
Click Add Subtype to display the Add Object Subtype pop-up. To edit an object subtype, select the object subtype and click under Actions.
In the Name field, enter the name of the object subtype.
In the Description field, enter the object subtype description.
Select the Is Common check box to enable the object subtype to appear in lists of common object subtypes.
Under Rules, click Add to add a new line to the Rules list. You can define multiple rules for each object subtype. Each rule is evaluated, and appropriate rules are applied.
In the Identifier field, enter the string to match in order to apply the rule.
Click Update to save the rule.
Click Save to save the new object subtype.

SNMP OIDs and MIBs

Object Identifiers (OIDs) are strings of numbers used for naming objects. For example, .1.3.6.1.2.1.1.1 is the OID of the object sysDescr. MIBs are the files that enable the raw machine generated OIDs to display in a way that's more understandable to users. SevOne NMS groups OIDs under the guise of an object. An object is defined by an index value and may have multiple OIDs. Each of these OIDs uses the object's index to resolve its values, and each OID under an object is known as an indicator.

For example, SevOne NMS conceptually creates an object outlined as follows:

Object

Index 1
- Indicators
  
  RFC1213-MIB::ifIndex
  
  RFC1213-MIB::ifDescr
  
  RFC1213-MIB::ifType
  
  RFC1213-MIB::ifSpeed
  
  RFC1213-MIB::ifPhysAddress
  
  RFC1213-MIB::ifAdminStatus
  
  RFC1213-MIB::ifOperStatus
  
  RFC1213-MIB::ifInOctets
  
  RFC1213-MIB::ifInDiscards
  
  RFC1213-MIB::ifOutOctets
  
  RFC1213-MIB::ifOutDiscards

Each interface object typically has the same definition but a different index value. This means that all interfaces to the system are closely related. SevOne NMS monitors every SNMP item that is part of an object.

Each entry in the SNMP structure is a series of numbers, such as .1.3.6.1.2.1.1.1. As you read the number, each number to the right is more specific than the number to its left. Each number to the right is thought of as a child of the number to its left. A string of such numbers is known as an OID because it defines a unique identifier for a particular thing, or object.

MIBs define textual names for OIDs. Manufacturers tend to have their own MIBs to describe specific things about their systems.

SNMP OID Browser

The SNMP OID Browser enables you to select the OID you use to create SNMP object types and SNMP traps. You can access the SNMP OID Browser from an SNMP object type definition workflow or from a trap event configuration workflow. In fact, we worked with the SNMP OID Browser a bit earlier when we looked at object types. You can also access the SNMP OID Browser from the navigation bar.

Perform the following steps to explore the SNMP OID Browser.

From the navigation bar, click Administration and select Monitoring Configuration, then SNMP OID Browser.
Notice the OID Tree section, which displays the OID hierarchical structure. The Search field allows you to filter the list of OIDs by name or by number.
Navigate the OID tree hierarchy and select an OID to display more information on the right. The following is an example of the OID information section.

The OID information section provides the following information.
- [Name] - the OID name, which appears at the top of the section.
- OID - the OID number.
- Access - the type of access available for the OID, such as Read, Read/Write, etc.
- Type - how the OID is encoded into various SNMP structures, for example, as String, Integer, etc.
- Status - the OID status, for example, Current, Deprecated, or 0 (no status).
- Description - the OID description.

MIB Manager

The Management Information Base (MIB) is a hierarchical database shared between the SNMP agent and the SNMP manager. It contains managed objects for devices, and OIDs are used to uniquely identify each object in the MIB. The MIB Manager enables you to view MIB details and to add MIBs.

Perform the following steps to view and manage MIBs.

Explore the MIB Manager

From the navigation bar, click Administration and select Monitoring Configuration, then MIB Manager.
The MIB list includes the following information about the MIBs.
- MIB Name - displays the MIB name.
- File Size - displays the size of the MIB file.
- Revision - displays the number of times you've uploaded the MIB to SevOne NMS.
- Date Added - displays the date the MIB was added.
- Date Updated - displays the date the MIB was most recently edited.
Perform the following actions to search for specific MIBs.
1. Click the Search drop down and select the check box for each column that you would like to include in the search. By default, all columns are selected.
2. In the Search text field, enter all or part of the text to search for in the column(s) that you specified.
Click on any MIB in the MIB Name column to view information about it in the MIB Viewer pop-up.

Upload MIBs

At the top of the page, click Add MIBs to display the MIB Uploader pop-up.
Click Select MIB(s)... to display the file uploader pop-up.
Navigate the folder structure and select a MIB. To add multiple MIBs, zip the MIB files into a .zip file and select that .zip file.
After selecting a file, click Open.
On the MIB Uploader pop-up, click Upload.
A green bar will appear at the top of the page to confirm your upload. It may take up to thirty minutes for the change to take effect.

Download MIBs

Select the check box next to the MIB you want to download.
Right-click on the selected MIB to display options.
Select Download.

To download multiple MIBs, select the check box for each MIB. Then click images/download/attachments/33033241/image2015-12-17-14_49_37.png at the top of the page and select Download Selected MIBs. To download all of the MIBs, click and select Download All MIBs.

Delete MIBs

Select the check box for the MIB that you want to delete.
Right-click on the selected MIB to display options.
Select Delete.

To delete multiple MIBs, select the check box for each MIB. Then click images/download/attachments/33033241/image2015-12-17-14_49_37.png at the top of the page and select Delete Selected MIBs.

images/download/attachments/33033241/downloadMultiOrAllMIBs.png

Device Types

Device types are a way of classifying devices. This method of device classification is used to determine which object types to discover for a given device. Device types are hierarchical. A device type can have child device types, and those child device types can have child device types of their own. For example, if you create a device type called Server, you might create a couple of child device types called Cisco and Dell.

Server/
	/Cisco
	/Dell

Under the Cisco child device type, you might create a couple more child device types called B-Series and C-series, for example.

Server/
	/Cisco/
		/B-Series
		/C-Series
	/Dell

Child device types inherit object types from their parent. When you add object types to Server–such as CPU, Disk, and Fan Condition, for example–Cisco and Dell will automatically have these same object types. B-Series and C-Series would also inherit the object types that were handed down from Server. They would additionally inherit any object types that you create specifically for Cisco.

Using Device Types

The device type concept lets you organize devices for polling purposes. This expedites policy definition and allows you to run manufacturer-independent reports for similar but not identical objects. By using device types, you can associate a collection of object types to multiple devices. Each device can belong to multiple device types. For end users, device types appear in all device group lists and provide an additional method to secure, sort, and filter devices.

You can define rules to automatically add devices–across multiple manufacturers/products–that implement the same MIBs to device types. When you create device types, you specify the metrics that you want to poll. During discovery, the device type rules add these devices.

The Device Type Hierarchy

Let's take a look at the Device Type hierarchy.

From the navigation bar, click Administration and select Monitoring Configuration, then Device Types.
The Device Type hierarchy appears on the left.
Next to Generic, click to expand the section.

You can drag and drop device types to move them to different locations within the device type hierarchy.

Add a Device Type

Perform the following steps to add a device type.

Select the device type that you'd like to add a new device type under.
At the top of the page, click Add Device Type to display the Add Device Type pop-up.
In the Device Type Name field, enter the device type name.
Click Save.

To edit a device type name or delete a device type, select the device type and click either images/download/attachments/18554389/icon_wrench_blueBackground.png or images/download/attachments/33033241/image2015-12-17-14_52_49.png under Actions.

Manage Metadata Values

Perform the following steps to edit a device type's metadata values. For more information on SevOne NMS Metadata, please see our documentation on the topic.

Select a device type and click to display the Edit Metadata pop-up.
Select the attribute that you'd like to edit, then click under Actions to edit the the Value field.
Click Update to save the value.
Click Save.

Device Type Membership Rules

Perform the following steps to manage device type membership rules.

In the Device Type hierarchy on the left, select a device type.
In the upper right part of the page, view existing device type rules.
Click Add Rule to display the Add Device Type Membership Rule pop-up.
Provide input for one (or more) of the following fields.

Each rule requires input for only one field. If you populate several fields for a single rule, the device being added will have to meet the criteria of ALL those fields. For example, let's say you've entered Remote in the Device Name field and ^192\.168 in the Management IP Address field for a rule. Because you entered both of these in the same row, the device must have both Remote in the name and an IP address that starts with 192.168 to be added to the device type.
- Device Name - the device name (wild cards are implied).
- Device Description - the device description.
- Management IP Address - the IP address of the device (^192\.168 adds any device whose IP address starts with 192.168).
- sysDescr - the text you get when you SNMP walk the sysDescr OID.
- sysContact - the text you get when you SNMP walk the sysContact OID.
- sysLocation - the text you get when you SNMP walk the sysLocation OID.
- sysName - the text you get when you SNMP walk the sysName OID.
- sysObjectID - the text you get when you SNMP walk the sysObjectID OID.
- Walkable OID - the number of the OID to walk. Make sure that the OID can actually be walked. You may be able to get an OID and get a response. However, if you walk an OID and the result from the snmpgetnext falls outside of the OID tree, discovery won't add the device to the device type.
  
  Example:
  
  getnext .1.3.6.1.2.1.1.1.0 – get .1.3.6.1.2.1.1.2.0 - doesn't match the pattern .1.3.6.1.2.1.1.1.0.X
  
  getnext .1.3.6.1.2.1.1.1 – get .1.3.6.1.2.1.1.1.1 - does match the pattern .1.3.6.1.2.1.1.1.X
Click Save.

Object Types tab

Use the Object Types tab to associate the SNMP object types that you want the SNMP plugin to try to poll on the devices that are members of a given device type.

In the Device Type hierarchy on the left, select a device type.
In the lower right part of the page, the Object Types tab displays by default.
Select the check box for each object type to poll on the devices that are members of the device type.
Click Associate to associate the object types to the device type.

Device Type Membership tab

When you select a device type in the Device Type hierarchy, the Device Type Membership tab displays a list of its member devices. You can pin devices to device types. You can also create a rule to add device types, as we looked at earlier (in the Device Type Membership Rules section). When you add a device by pinning it, its membership isn't affected by rules. To remove a pinned device, you'll need to manually unpin it. On the other hand, devices that are added by a rule can automatically be removed if you change that rule later.

images/download/attachments/18554389/image2015-11-13-12_39_10.png

Next to each device, under Pin, you'll see one of the following icons. These indicate how the device became a member of the device type.

- indicates that the device was pinned to the device type at this level.
- indicates that the device was added by a device type membership rule at this level.

Membership Management

You can pin devices that are already members of the device type. You can also can pin devices that aren't members of the device type.

Pin member devices

In the Device Type hierarchy on the left, select a device type.
In the lower right part of the page, select the Device Type Membership tab.
Member devices are listed on the tab. Select the check box for each device that you want to pin to the device type.
Click and select Pin Selected Devices.

Pin non-member devices

In the Device Type hierarchy on the left, select a device type.
In the lower right part of the page, select the Device Type Membership tab.
Click Pin Devices to display the Pin Devices pop-up, which lists all devices in SevOne NMS.
Select the check box for each device that you want to pin to the device type.
Click Pin to Type.

Unpin devices

Select the check box for each device that you want to unpin.
Click Unpin Devices.
When the Remove From Membership pop-up appears, click Yes to unpin and remove the selected devices.

If you pin a device that was added by a rule, the device is removed from the membership list when you unpin it. If you don't change that rule, the device appears in the list again upon the next discovery.

View Metadata

To view metadata information for a device, select the device and click images/download/attachments/18554389/image2015-11-13-15_4_34.png under Actions.

SNMP Walk

The snmpwalk command automatically executes a series of getnext commands to collect information. It iterates, or walks, within the range of the OID that you specify. In this section, we'll talk about SNMP walking in SevOne NMS.

The following are a few common SNMP commands.

snmpget - queries a device for an OID.
snmpwalk - queries a device for an OID and all of its conceptual children.
snmpset - sets the value for an OID on a device.

Before we go on, let's look at the format of OIDs. The textual name of an OID is only unique in the MIB to which it belongs. So, OIDs are accurately written as follows:

In the case of interfaces (and most SNMP objects), an OID is dedicated to providing the index number. For example, walking ifIndex yields the following information:

RFC1213-MIB::ifIndex.1 = INTEGER: 1

RFC1213-MIB::ifIndex.2 = INTEGER: 2

RFC1213-MIB::ifIndex.8 = INTEGER: 8

The value of each OID is also the index, making it simpler to obtain the proper indexes.

The SNMP Walk page enables you to walk MIBs. This is useful when you want to certify a MIB. The MIB doesn't have to be in SevOne NMS to perform a walk. Perform the following steps to do an SNMP walk.

From the navigation bar, click Devices and select SNMP Walk.
In the IP Address / Hostname field, enter the IP address or hostname of the device.
In the SNMP Port field, enter the port that the device is listening on for SNMP traffic.
Click the Version drop-down and select the SNMP version of the device.
For version 1 or version 2c: Leave the Read Community String field empty to use the Cluster Manager entry. If SevOne NMS needs a read only string other than the one provided in the Cluster Manager, enter the string here.

If you selected version 3, skip this step.
For version 3: Perform the following actions.
1. In the Username field, enter the user name that SevOne NMS needs to authenticate onto the device.
2. In the Password field, enter the password that SevOne NMS needs to authenticate onto the device.
3. Click the Authentication Type drop-down and select one of the following options.
  - NONE (usmNoAuthProtocol) - don't use an authentication method to send or receive messages.
  - MD5 (usmHMACMD5AuthProtocol) - use the MD5 authentication protocol for messages.
  - SHA (usmHMACSHAAuthProtocol) - use the SHA authentication protocol for messages.
4. If you selected NONE for Authentication Type, stop here and move on to the next step (SNMP Command). Otherwise, if you selected MD5 or SHA, click the Encryption Type drop-down and select one of the following options.
  - NONE - don't use encryption.
  - AES - use the Advanced Encryption Standard encryption method.
  - DES - use the Data Encryption Standard encryption method.
5. In the Encryption Key field, enter the localized key that the authentication protocol on the device requires to authenticate messages. This applies if you selected AES or DES for Encryption Type.
Click the SNMP Command drop-down and select one of the following options.
- snmpget - query the device for an OID.
- snmpwalk - query a device for an OID and all of its conceptual children.
In the OID field, enter the OID to walk. If you leave the default OID, the walk may take a while. Try to be specific with your search. We recommend using ".1.3" or ".1.3.6" to avoid partial or broken walks.
Click the Output Format drop-down and select one of the following options.
- Default - display OIDs in text format (for example, IF-MIB::ifInErrors.1).
- Default With Numeric Indexes - translate strings into ASCII numeric values.
- Numeric OIDs - translate OIDs into numeric format (for example, .1.3.6.1.2.1.2.2.1.14.2).
- Certification Walk - translate OIDs into a format that SevOne Support Engineers can use to perform device certifications.
Click the Source Peer drop-down and select the peer to perform the walk.
Click Walk to perform the SNMP walk. The results will appear at the bottom of the page, under Results.
After the walk is completed, click Select All Text (under Results) to copy the results to your clipboard so you can paste them into an e-mail, document, etc.
Click Download Walk to convert the walk results to a .txt file, which you can save to your local machine.

SNMP Walk Output

The following is a sample SNMP walk of the RFC1213 MIB for a particular device to illustrate what an SNMP walk might look like.

RFC1213-MIB::ifIndex.1 = INTEGER: 1
RFC1213-MIB::ifIndex.2 = INTEGER: 2
RFC1213-MIB::ifIndex.8 = INTEGER: 8
RFC1213-MIB::ifDescr.1 = STRING: "Ethernet3/0"
RFC1213-MIB::ifDescr.2 = STRING: "Serial3/0"
RFC1213-MIB::ifDescr.8 = STRING: "Loopback0"
RFC1213-MIB::ifType.1 = INTEGER: ethernet-csmacd(6)
RFC1213-MIB::ifType.2 = INTEGER: frame-relay(32)
RFC1213-MIB::ifType.8 = INTEGER: softwareLoopback(24)
RFC1213-MIB::ifSpeed.1 = Gauge32: 10000000
RFC1213-MIB::ifSpeed.2 = Gauge32: 1544000
RFC1213-MIB::ifSpeed.8 = Gauge32: 4294967295
RFC1213-MIB::ifPhysAddress.1 = Hex-STRING: 00 30 80 F3 1F F1
RFC1213-MIB::ifPhysAddress.2 = ""
RFC1213-MIB::ifPhysAddress.8 = ""
RFC1213-MIB::ifAdminStatus.1 = INTEGER: up(1)
RFC1213-MIB::ifAdminStatus.2 = INTEGER: up(1)
RFC1213-MIB::ifAdminStatus.8 = INTEGER: up(1)
RFC1213-MIB::ifOperStatus.1 = INTEGER: up(1)
RFC1213-MIB::ifOperStatus.2 = INTEGER: down(2)
RFC1213-MIB::ifOperStatus.8 = INTEGER: up(1)
RFC1213-MIB::ifInOctets.1 = Counter32: 1890978658
RFC1213-MIB::ifInOctets.2 = Counter32: 0
RFC1213-MIB::ifInOctets.8 = Counter32: 0
RFC1213-MIB::ifInDiscards.1 = Counter32: 85
RFC1213-MIB::ifInDiscards.2 = Counter32: 0
RFC1213-MIB::ifInDiscards.8 = Counter32: 0
RFC1213-MIB::ifOutOctets.1 = Counter32: 2071381140
RFC1213-MIB::ifOutOctets.2 = Counter32: 0
RFC1213-MIB::ifOutOctets.8 = Counter32: 2819292
RFC1213-MIB::ifOutDiscards.1 = Counter32: 0
RFC1213-MIB::ifOutDiscards.2 = Counter32: 0
RFC1213-MIB::ifOutDiscards.8 = Counter32: 0

All of these OIDs refer to three interfaces, identified by the final number of each OID. In this case, these include 1 (for Ethernet3/0), 2 (for Serial3/0), and 8 (for Loopback0). The information about each particular interface is interleaved with that of the others.

If you wanted to find out whether Ethernet3/0 is up or down, for example, you would perform the following steps.

Search every ifDescr entry until you find the one whose value matches Ethernet3/0.
Remember the index (the last number) for it.
Check the value for ifOperStatus using that index.

SNMP Traps

An SNMP trap is a notification indicating events or changes in status, such as power outages, authentication failures, cold starts, warm starts, interface status, and voltage changes, for example. SNMP traps enable a device to send information. T raps include events, such as when a new interface is added or a device is restarted. Trap events enable you to assign real meaning to SNMP traps. SevOne NMS provides several common trap events. The Trap Event Editor lets you define trap events specific to your environment.

Logged Traps

When SevOne NMS receives SNMP traps that you've defined a trap event for, these traps appear in the Logged Trap page. Logged traps have a trap event. The Cluster Manager enables you to define how long to save logged traps.

Let's look at the Logged Traps page. From the navigation bar, click Events and select Archives, then Logged Traps.

images/download/attachments/18554389/image2015-11-13-15_49_23.png

Filter

Using filters lets you limit the traps that appear in the list. All filters are optional and cumulative.

Traps

The logged traps list displays logged traps from most recent to oldest. The following information is provided in the log.

IP Address - displays the IP address that the trap was sent from.
Time - displays the time that SevOne NMS received the trap.
OID - displays the OID that met the conditions for the trap event.
Variable Number - displays the number of variable conditions associated with the trap.

Variables

Click on a trap to display the following information in the Variables section, which appears to the right of the Traps log.

Variable - displays the name of the variable.
Type - displays the variable type.
Value - displays the value that triggers the trap.

Unknown Traps

There are some SNMP traps that no trap events apply to. These traps appear on the Unknown Traps page and are less meaningful than traps that you define a trap event for. As we mentioned earlier, when you define a trap, you assign real meaning to it. You can define trap events for the traps on this page that are specific to your environment. The Cluster Manager enables you to define how long to save unknown traps.

Let's look at the Unknown Traps page. From the navigation bar, click Events and select Archives, then Unknown Traps.

images/download/attachments/18554389/image2015-11-13-16_18_16.png

The sections Filter, Traps, and Variables contain the same fields as the Logged Traps page, which we just looked at.

Configure Trap Event

On the lower half of the page, under Trap Manager, there's a Configure Trap Event button. When you click on a trap from the list, the button becomes available.

images/download/attachments/18554389/image2015-11-13-16_19_33.png

If you click on the Configure Trap Event button, the Edit Trap Event pop-up appears, where you can define a trap event for the trap that you selected. Once you've defined a trap event for it, the trap is handled in the way you specify, and future trap occurrences appear on the Logged Traps page, when applicable. We'll look at the Trap Event Editor next.

images/download/attachments/18554389/image2015-11-13-16_24_6.png

Trap Event Editor

Using the Trap Event Editor, you can configure how SevOne NMS handles traps. Traps that you associate to a trap event can appear on the Logged Traps page, while traps without a trap event appear on the Unknown Traps page. SevOne NMS provides a collection of common default trap events.

Let's look at the Trap Event Editor. From the navigation bar, click Events and select Configuration, then Trap Event Editor.
images/download/attachments/18554389/image2015-11-13-16_59_12.png

Filter

Using filters lets you limit the traps that appear in the list. All filters are optional and cumulative. Each trap has a primary OID, which designates the trap type. Each trap event has a target OID. When the primary OID of the trap matches the target OID of the trap event–as well as any trap event variable conditions you define–the trap triggers the trap event.

Add a trap event

There are a couple ways to add trap events. You can add a new trap event, or you can define a trap event for an unknown trap (from the Unknown Traps page, which we just looked at).

Perform the following steps to add (or edit) a trap event.

On the lower half of the page, under Events, click Add Trap Event to display the Add Trap Event pop-up. To edit an existing trap event, select the trap event and click under Actions.
Select the Enabled check box to enable the trap event. If you leave the box clear, the trap event won't be applied, and applicable traps will appear on the Unknown Traps page.
The Match section enables you to apply the trap event to a specific OID as well as specific device groups/device types and devices. Matching is a logical OR option, meaning that the trap primary OID must come from the specified device group/device type or device to trigger the trap event. To make the trap event applicable for all device groups/device types and devices, don't define any Match options. The following options are available.
- Target OID. Click to access the SNMP OID Browser, where you can select the target OID for the trap event. When you edit a trap event or access the Trap Event Editor from the Unknown Traps page, this field displays the name of the OID you select. You can manually enter the OID name in this field if you know it.
- Device Groups. Click the drop-down to display device groups and device types. Then select the check boxes for the device groups/device types that you want to associate with the trap event.
- Devices. Click the drop-down to display devices. Then select the check boxes for the devices that you want to associate with the trap event.
The Variable Conditions field enables you to define the conditions that the trap event is applicable for. Perform the following actions to add a condition.
1. Click Add to add a row to the table and to define a new variable condition.
2. Under OID, click to display the SNMP OID Browser, where you select the trap target OID.
3. Click the Op drop-down and select a comparison operator.
4. In the Value field, enter the value that has to be met to associate the trap to the trap event.
5. Click Update to save the variable condition.
6. Repeat to add additional variable conditions. All variable conditions for a trap event are ANDed together.
The Unique OIDs field enables you to designate unique OIDs to associate to the trap event. Perform the following actions to add a condition.
1. Click Add to add a row to the table and to add an OID.
2. Under OID, click to display the SNMP OID Browser, where you select the OID.
1. Click Update to save the OID with the trap event.
2. Repeat to add additional OIDs.
On the right side of the pop-up, under Actions, select the Log check box to display the trap on the Logged Traps page.

As a rule, all traps received appear on either the Unknown Traps page or the Logged Traps page. To prevent a trap from appearing on either of these pages, define an enabled trap event and leave this check box clear. While there's plenty of benefit in logging traps, you may choose not to log particular traps. For example, let's say that you've set up specific devices to send traps when traffic is denied through a firewall rule. A logged trap is useful here because it lets you trace the events to a firewall in order to determine what caused the missed traffic. There are other cases when you might not want to log traps. For instance, frequent but irrelevant traps, such as those that occur each time a new IP address is leased via DHCP, may not be useful.
Select the Alert check box to have the trap trigger an alert and perform the following actions.
1. Next to Alert, click the drop-down and select the alert severity to display.
2. Below that, in the text field, enter the message to appear for the trap when the trap event triggers. You can use the following variables in the message. This field contains a default message. Hover over the message to display a legend containing information about the available variables. You can change this message or replace it with new text to suit your specific needs.
- $dev - to display the name of the device that the trap came from.
- $oid - to display the trap target OID in name format.
- $oidnum - to display the trap target OID in number format.
- $var - to display the variable condition for the trap in name format.
- $varnum - to display the variable condition for the trap in number format.
- $n - where n is an integer representing a variable binding, or varbind, to display the varbind received in the trap. For example, $1 would display the first varbind. $2 would display the second varbind, and $3, the third, etc.
- ${numericOID} - to display the value of the varbind represented by the numeric OID that you specify. Replace numericOID with the full numeric representation of the OID, including the leading dot, for example: ${.1.3.6.1.4.1.4055.1.2.1}.
- ${alphaOID} - to display the value of the varbind represented by the alphanumeric OID that you specify. Replace alphaOID with the name of the object identifier that represents the value, for example: ${ifName} . Note that the appropriate MIB must be loaded on the SevOne appliance for a varbind to be represented by an alphanumeric name as opposed to a numeric OID.
  
  When specifying variable OIDs (varbinds), it is helpful to review Unknown Traps. From there you can search for and identify any previous traps that have been received and the variables (varbinds) that were received with the trap.
Select the Email check box to enable the Email fields and perform the following actions.
1. Select the Mail Once check box to send one email when a trap triggers the first occurrence of the trap event. Subsequent occurrences won't be emailed.
2. Click the Users drop-down and select the users who will receive an email when the trap event triggers.
3. Click the Roles drop-down and select the user roles to receive an email when the trap event triggers.
4. In the Email Addresses field, click Add to enter the email addresses where an email is to be sent when the trap event triggers.
5. Click Update.
Click Save.

Trap Destinations

The Trap Destination page lets you specify where SevOne NMS sends traps to. Trap destinations can be third-party applications, such as your company’s event console or fault management system, for example. Each trap can be sent to multiple destinations.

Perform the following steps to add (or edit) a trap destination.

From the navigation bar, click Events and select Configuration, then Trap Destinations.
Click and select Add New Destination to display the Trap Destination Settings pop-up. To edit an existing destination, select the check box for it, click , and select Edit Selected.
In the Destination Name field, enter the trap destination name.
In the IP Address field, enter the IP address of the trap destination device.
In the Port Number field, enter the port number to send the trap to.
In the SNMP Read Community String field, enter the read community string that SevOne NMS needs to authenticate onto the device.
Click the SNMP Version drop-down and select an SNMP version.
Select the Default check box to send traps to the destination by default. You can designate multiple default trap destinations. You can also define individual thresholds and policies to not use a default destination for specific traps.
Select the Enable check box to enable the trap destination.
Click Save.

Trap Destination Associations

The Trap Destination Associations page lets you associate devices or device groups/device types with the trap destinations you define on the Trap Destinations page. SevOne NMS sends traps from devices or device groups/device types to their associated trap destinations.

Perform the following steps to configure trap destination associations.

From the navigation bar, click Events and select Configuration, then Trap Destination Associations.
Click the Grouping drop-down and select one of the following options.
- Device Group - to associate all the devices in a device group or device type to trap destinations.
- Device - to associate an individual device to trap destinations.
To the right of that, click the Device Group or Device drop-down and select the device group/device type or the device that you want to associate the trap destinations to.
In the Unassigned Trap Destinations field, select the trap destinations to associate to the device group/device type or device.
Click to move the trap destinations you select to the Assigned Trap Destinations field. Traps are sent from the device group/device type or device to the trap destinations listed in the Assigned Trap Destinations field.
In the Assigned Trap Destinations field, select a trap destination and click one of the following buttons.
- Enable - to enable the association of a trap destination that's currently disabled.
- Disable - to save the trap association but suspend sending traps to the destination. Disabled trap destinations appear in light text.

Additional Information about SNMP

SNMP as Seen by SevOne NMS

SevOne SNMP Scripting (S3) is a scripting language developed by SevOne to enable the SNMP plugin to discover complex SNMP objects. The primary purpose of S3 is to describe an SNMP OID in relation to other SNMP OIDs. S3 creates text that relates to and is based on OIDs in order to create more user-friendly SNMP object names and descriptions. S3 also relates OIDs to each other via logical and mathematical expressions to store the resultant values for later use, such as to cross-reference OIDs across a device SNMP tree and to gather descriptive information about a particular object.

The SNMP plugin uses S3 to do the following:

Define an object name.
Define an object description.
Define an object type.
Determine which objects to include.
Define an indicator.

SNMP Object Naming Process

The SNMP plugin uses the following scoring formula to name a newly discovered object.

Assume that the best score to begin is 0.

Go through all of the objects for the device.
If the existing object’s object type is the wrong name, skip.
- The best possible score is 5.
Assume that the new object description is valid.
- If the new object description is the same as the object type name, then the object description is no good.
- If two things that the SNMP plugin already found have the object description, then the object description is no good.
Assume that the old description is valid.
- If the existing object description is the same as the object type name, then the object description is no good.
- If two existing objects already have that object description, then the object description is no good.
  
  If either object description is no good, then the best possible score is now 4.
  The current score is 0.
If the object names are the same, then increase the current score by 3.
- Otherwise, if the new object description is good and the existing object name is the same as the new object description, then increase the current score by 1.
If both object descriptions are good and the same, then increase the score by 1.
- Otherwise, if the existing object description is good and the existing object description is the same as the new object name, then increase the current score by 1.
If the SNMP indexes are the same, then increase the current score by 1.
If the score is at least 2, and the score is better than the best score so far, consider the objects the same.

Human breakdown

// Scoring analysis.
//
// Possible scores: / Current name matches existing name. [+3]
// 3,1,0 | Current description is good.
// \ Current description matches existing name. [+1]
//
// Possible scores: / Existing description is good.
// 1,0 | Current description is good.
// | Existing description matches current description. [+1]
// \ Existing description matches current name. [+1]
//
// Possible scores: / Current index matches existing index. [+1]
// 1,0 \
//
// So, when are things the same?
// 1. The names are the same.
// 2. The description (if good) matches an existing name AND the descriptions (if good) are the same.
// 3. The description (if good) matches an existing name AND the name is matches an existing description (if good).
// 4. The description (if good) matches an existing name AND the indexes are the same.
// 5. The name is matches an existing description (if good) AND the indexes are the same.

So what does this mean? Let's consider the following example.

SevOne NMS discovers and polls a router with two network cards with two ports on each.

All objects belong to the Interfaces object type.

Each port is an object.

Object Name	Object Description	SNMP Index	Note	Score
Eth0	Internet Access	1	Existing object with poll data	n/a
Eth1	Interface	2	Existing object with poll data	n/a
Eth2	Site One	3	Existing object with poll data	n/a
Eth3	Back Link	4	Existing object with poll data	n/a

You rename the ports on the router. Upon rediscovery, the SNMP plugin continues to poll the objects with no change or data loss as long as you don't change the object description or the SNMP index.

Object Name	Object Description	SNMP Index	Note	Score
Ethernet0	Internet Access	1	No data lost, polled as if it were still Eth0	x
Ethernet1	Interface	2	No data lost, polled as if it were still Eth1	x
Ethernet2	Site One	3	No data lost, polled as if it were still Eth2	x
Ethernet3	Back Link	4	No data lost, polled as if it were still Eth3	x

You remove the first card from the router. The router automatically renames each port. Upon rediscovery, the SNMP plugin continues to poll the objects with no change or data loss as long as you don't change the description or the index.

Object Name	Object Description	SNMP Index	Note	Score
~~Ethernet0~~	~~Internet Access~~	1	Data stored for the number of Days Until Delete setting in the Cluster Manager	x
~~Ethernet1~~	~~Interface~~	2	Data stored for the number of Days Until Delete setting in the Cluster Manager	x
Ethernet0	Site One	3	No data lost, polled as if it were still Ethernet2	x
Ethernet1	Back Link	4	No data lost, polled as if it were still Ethernet3	x

You add the card back to the router within the number of Days Until Delete setting in the Cluster Manager. The router automatically changes the object name.

Object Name	Object Description	SNMP Index	Note	Score
Ethernet0	Internet Access	1	Data gap for when the card was removed but otherwise no data lost, polled as if it were still Ethernet0	x
Ethernet1	Interface	2	Data gap for when the card was removed but otherwise no data lost, polled as if it were still Ethernet1	x
Ethernet2	Site One	3	No data lost, polled as if it were still Ethernet0 from previous discovery.	x
Ethernet3	Back Link	4	No data lost, polled as if it were still Ethernet1 from previous discovery.	x

You decide to rename port four and change its description.

Object Name	Object Description	SNMP Index	Note	Score
Ethernet0	Internet Access	1	No data lost, polled as if it were still Ethernet0 from previous discovery.	x
Ethernet1	Interface	2	No data lost, polled as if it were still Ethernet1 from previous discovery.	x
Ethernet2	Site One	3	No data lost, polled as if it were still Ethernet2 from previous discovery.	x
Eth3	Site Three	4	*New object* created and new poll data collected. Existing data stored for the number of Days Until Delete** setting in the Cluster Manager.	x

Anatomy of SNMP Data

At a very high level, SevOne NMS groups each SNMP object by an SNMP object type. Each object has indicators that are grouped by indicator type. SNMP objects are composed of OIDs which, in turn, break down into MIBs.

How OIDs Are Indexed

Device manufacturers name SNMP OIDs using a series of numbers. For example, the OID sysDescr is .1.3.6.1.2.1.1.1. Everything that comes after a named OID is the OID index. System-wide information is usually denoted as .0 information. The .0 generally means there is only one instance of the OID. For example, the sysDescr index is always .0. The OID ifDescr is indexed by a single number that is not 0. For example, the description of an Ethernet card in a server might be ifDescr.3. There's no limit to the count of numbers that follow an OID. Some manufacturers use integer indexes that have a constant amount of numbers following each OID, and some manufacturers use string indexes for readability. A string index represents a piece of text (the string) as a series of characters where each character is represented as its ASCII value. String indexes are sometimes prefixed with the length of the string.

Index Types

Integer - A single number of any size.

For example, this could be a simple integer, such as 7, which could be used for an interface index.

String (with length) - A string of text, prefixed with the number of characters and followed by the ASCII value of each character.

For example, the text CPU is the number of characters (3) followed by the ASCII value of each, which would be 3.67.80.85.

String (no length) - A string where the length is not prefixed.

For example, the text CPU in ASCII values without the number of characters would be 67.80.85. Compare to the previous example.

Number (with length) - A string index where the numbers don't have an ASCII meaning.

For example, the IP address 4.192.158.0.1 includes its length (4) before the octets.

Number (no length) - A string index with no length and where the numbers don't have an ASCII meaning.

For example, the IP address 192.158.0.1 appears as a series of integer indexes and contains no information about its length. Compare to the previous example.

How S3 Handles SNMP

S3 uses the full numeric OID representation (starting with .1) to remove the dependency on the MIBs and to remove potential ambiguity of the OID. This makes the object definition fully portable to another system because different MIBs can arbitrarily redefine OIDs.

Another S3 feature is that white space characters such as spaces, tabs, and new line characters are optional and exist for readability. All of the following are equivalent:

7+9
7 + 9
7
+9

7
+
9

Scripts

An S3 script is a sequential evaluation of one or many statements. Each statement is executed in sequence. The only logic provided by S3 comes from flavors of the ternary operator, which acts like an IF statement. The final result of the script is the result of the final statement in the script.

Examples

Example 1:

Statement 1

Example 2:

Statement 1
Statement 2
Statement 3

Statements

A statement is the atomic unit of a script. A statement can assign a value to a variable, or a statement can be an expression that evaluates to some value. Each statement evaluates to some value upon execution. For example, in the case of a variable assignment, the value of the statement is the value of the variable.

Statements are lists of expressions. Expression chains may be very complex and long. All S3 statements must end in a semicolon (;). The last statement in a script may omit the semicolon.

Simple statement:

Expression ;

List statement where the final value is the concatenation of both expressions:

Expression 1 Expression 2 ;

Expressions

An expression is the atomic unit of a statement. S3 is an OID-evaluation language and a text-creation language. Multiple expressions can lie next to each other, and their results are concatenated together. This differs from more logical and mathematical languages.

Example: 1 + 2 3 + 4

In C, there needs to be a joining operation between the 2 and the 3 because they're considered two disjointed expressions–which would result in a syntax error.
In S3, this is seen as two separate expressions next to each other: 1 + 2 and 3 + 4. The result of the statement is 37. The white space doesn't matter unless it's enclosed in quotes.

An expression is anything that evaluates to a value. This value doesn't have to be numeric. A piece of text evaluates to itself. An expression might be the number 7, the word Hello, or a complex mathematical formula. Expressions can be chains of symbols and operators as long as the entire expression evaluates to a single value.

Number

7

String:

'Hello'

Complex Formula:

( ( 1 + 2 ) / 12 + 34 ) * 10

Variable or OID that evaluates to a number or string:

[INDEX]
.1.3.6.1.2.1.1.1.0

Multiple grouped expressions (enclosed within parentheses) concatenated together:

( 7 'Hello' ( ( 1 + 2 ) / 12 + 34 ) * 10 [INDEX] .1.3.6.1.2.1.1.1.0 )

Variables

Variables are evaluated as OIDs to store the value of an expression. S3 has two types of variables: scalars and vectors.

Scalar - Anything that is a single number or some text.
Vector - An array of things. Vectors in S3 are different from vectors in normal scripting languages. In S3, vectors are geared toward OIDs because an individual OID is represented as .<number> and a full OID is a series of .<numbers>s one after another. S3 breaks down variables into vectors by the . character.

A variable is a name surrounded by square brackets. Variable names consist of the following characters: a-z, A-Z, 0-9, and - .

[Variable Name]

A variable assignment is an expression. The evaluation of the assignment is the new variable value. A variable assignment uses the = operator.

[Variable name] = Expression

S3 uses the following conventions to differentiate SevOne system variables from user variables. This prevents user variables from overwriting system variables. There is no rule to enforce this.

SevOne system variables use capital letters and underscores for spaces. [MY_VARIABLE]
User variables use lowercase letters, a capital letter in the next word, and no underscore for spaces. [myVariable]

S3 can treat and evaluate variables as OIDs. Each variable must be declared before use. There's no special declaration syntax, but a variable must have an assigned value before being used in an expression. Both scalar variables and vector variables are evaluated and inserted raw into the expression.

S3 does nothing special to scalar variables when scalar variables are evaluated.

When a vector variable is evaluated, each of the vector variable's components is written and separated by . . Elements in vector variables are zero-indexed numerically. The first element starts at 0, and the second starts at 1, etc. To access a particular element of a vector variable, surround the element index in curly braces after the variable.

[Variable Name ]{Index number }

A variable can't be used as an index number. The index number must be an actual number.

Each element in a vector variable is usually a scalar variable. However, there are exceptions when an element in a vector variable is another vector variable.

Some variables shouldn't be evaluated as an OID. Enclose the variable in backticks (`) to prevent the variable from being evaluated as an OID. If a variable simply contains a number, the variable is treated as a normal number if not backticked. However, it's always safe to backtick a variable to prevent improper evaluation. Text evaluates to itself. Text is considered anything enclosed in quotes. Backticks may be in a single quoted string, and that single quote string may be in a backtick quoted string.

Single quotes (') - Single quotes are used for raw text. The content of the text is not processed in any way, for example, 'Anything here'.
Backticks (`) - Backticks are used for variable interpolation. Any variables present in the text is evaluated, for example, `Anything here, including variables`.

S3 OID Handling

OIDs are evaluated. Anything that isn't text, a variable, an operator, a normal number, or otherwise a special symbol is considered an OID. When an OID is evaluated, it evaluates to the value of the OID on the current device. If the OID isn't present on the device, the OID, followed by the default SNMP index, is used instead. If the OID can't be evaluated, it evaluates to the empty string.

It's critical to note here that a variable without backticks around it is treated exactly as it would be if the value of the variable were to be used instead. This means that a variable that contains a string representation of an OID is evaluated as that OID when it's encountered.

The following example might not work as anticipated.

1 [test] = 'test';
2 [test1] = [test] 1;

You might expect the value of [test1] to be test1. However, since [test] isn't backticked, it's treated as if the text test were present. As such, S3 tries to get the value of the OID whose name is test. Since there isn't one, it returns the empty string. This means that the final value is actually 1.

The proper way to do this is:

1 [test] = 'test';
2 [test1] = `[test]` 1;

This example backticks the variable to prevent it from being evaluated as an OID.

Indexing

When an OID is encountered, S3 tries to evaluate it. If S3 can't evaluate the OID, then S3 adds the value of the default index to the OID, which for SNMP discovery is [INDEX]. If S3 still can't evaluate the OID, then the OID evaluates to the empty string. This allows for human-readable and human-understandable definitions of objects and indicators. However, it also results in the loss of stringent definitions.

If an OID already has .[INDEX] appended to it, then the OID saves S3 the step.

Symbols

Symbols are special tokens (characters or collections of characters) that have a special function in S3.

Grouping

Parentheses group expressions to define the sequence that they should be evaluated in. This is commonly used in mathematical applications.

Example

1 + 2 * 3

(which is 7)

Is not the same as:

( 1 + 2 ) * 3

(which is 9).

Parentheses can change two expressions into one expression.

Example:

( 1 + 2 3 + 4 )

Evaluates to the single value 37, which could be used by further expressions.

Operators

Operators are any symbols that act on an expression. There are three types of operators:

Unary operators - act on one value only (for example, Not).
Binary operators - act on two values (for example, Addition).
Ternary operators - act on three values (for example, ... ? ... : ... is a ternary operator in C).

Math

The common mathematical operators are applied with the usual precedence. Mathematical operators have full floating point support.

Multiplication (Standard multiplication)

Left expression * Right expression

Division (Standard division)

Left expression / Right expression

Addition (Standard addition)

Left expression + Right expression

Subtraction (Standard subtraction)

Left expression - Right expression

Because MIB names can contain a dash, -, which is the same as the minus symbol, -, all subtraction mathematical operators must have a blank space before and after the minus symbol.

Comparison

Comparison operators compare two expressions that return 1 if the comparison is true or 0 if the comparison is false.

Equal to, Boolean == returns 1 if the left and right side are equal.

Left expression == Right expression

Not equal to, Boolean != returns 1 if the left and right side are not equal.

Left expression != Right expression

Less than, Boolean < returns 1 if the left side is less than the right side.

Left expression < Right expression

Less than or equal to, Boolean <= returns 1 if the left side is less than or equal to the right side.

Left expression <= Right expression

Greater than, Boolean > returns 1 if the left side is greater than the right side.

Left expression > Right expression

Greater than or equal to, Boolean >= returns 1 if the left side is greater than or equal to the right side.

Left expression >= Right expression

Logic

Logical operators generally perform true/false operations. S3 uses the following logical operators.

Binary

Binary logical operators operate on two expressions.

Logical AND, Boolean && returns 1 if the left and right side evaluate to true. Otherwise, it returns 0.

Left expression && Right expression

Logical OR, Boolean || returns 1 if the left side evaluates to true, the right side evaluates to true, or both evaluate to true. Otherwise, it returns 0.

Left expression || Right expression

Bamboo, ||| is actually a shortcut for a particularly common case of the ?? ternary operator. It returns the value on the left if it is set. Otherwise, it returns the value on the right regardless of its value.

Left expression ||| Right expression

This is equivalent to the following:

Left expression ?? Left expression : Right expression

Ternary

Ternary logical operators operate on three expressions. S3 has two ternary operators.

Logical ternary operator, ? evaluates the left expression for a test that's greater than 0 (numerically) or for a string that has length and isn't 0. Otherwise, it evaluates the right expression. For this reason, the test is usually a logical Boolean expression that returns 0 or 1, guaranteed.

test ? Left expression : Right expression

Existential ternary operator, ?? evaluates the left expression for a test that has a value that isn't the empty string. Otherwise, it evaluates the right expression.

test ?? Left expression : Right expression

test ?? test : Right expression

is equivalent to:

test ||| Right expression

Count

The result of a walk, #count walks the specified OID and returns the count of the occurrences of an OID. This doesn't resolve the OID in the manner that other naked OIDs are resolved to get the OID value. This #count resolves the OID count immediately. This differs from the way that an OID is resolved via an OID walk.

Example

To count the number of CPUs on a Linux device to determine what the maximum CPU utilization could be: net-snmp returns up to 800% utilization for a box with eight CPUs.

#count OID

Example:

#count .1.3.6.1.2.1.25.3.3.1.2

Can evaluate to 8.

Conversion

Since OIDs may be indexed by numbers, strings, or variably-sized components, S3 uses conversion operators that operate on a single expression.

Conversion from OID

OID-to-ASCII-string (with length), $s converts the expression to an ASCII string.

$s Expression

The expression should be an OID with the following format:

n.ASCII 1.ASCII 2.....ASCII n

Example:

$s '5.72.101.108.108.111'

Evaluates to Hello.

OID-to-ASCII-string (no length), $S converts the expression to an ASCII string.

$S Expression

The expression should be an OID with the following format:

ASCII 1.ASCII 2

Example:

$S '72.101.108.108.111'

Evaluates to Hello.

OID-to-numbers (with length), $v converts the expression to a string.

$v Expression

The expression should be an OID with the following format:

n.Number 1.Number 2.....Number n

Example:

$v '4.192.168.0.1'

Evaluates to 192.168.0.1.

OID-to-numbers (no length), $V Identity operation. The value should be the same as the expression.

$V Expression

This converts the expression to a string. The expression should be an OID with the following format:

Number 1.Number 2.

Example:

$V '192.168.0.1'

Evaluates to 192.168.0.1.

Conversion to OID

String-to-OID (with length), #s converts the expression to an OID with the length prefixed. The expression should be ASCII text.

#s Expression

Example:

#s 'Hello'

Evaluates to 5.72.101.108.108.111.

String-to-OID (no length), $s converts the expression to a string with no length information. The expression should be ASCII text.

#S Expression

Example:

#S 'Hello'

Evaluates to 72.101.108.108.111.

Numbers-to-OID (with length), #v converts the expression to an OID with the length prefixed. The expression should be text consisting of numbers separated by the use of . .

#v Expression

Example:

#v '192.168.0.1'

Evaluates to 4.192.168.0.1.

Numbers-to-OID (no length), #V Identity operation. The value should be the same, as the expression converts the expression to an OID with no length information. The expression should be text consisting of numbers separated by the use of . .

#V Expression

Example:

#V '192.168.0.1'

Evaluates to 192.168.0.1.

Grouping

Parameters to the conversion operators should be enclosed in parentheses to avoid confusion.

To get the OID index representation of the text 37 (which is 2.51.55), you can try:

#s 1 + 2 3 + 4

However, the #s only applies to the 1 which yields 1.49. (49 is ASCII for 1). The value of that is added to 2 (1.49 + 2 = 3.49), which is then concatenated with 7 (to yield 3.497). You must use parentheses:

#s ( 1 + 2 3 + 4 )

Evaluates to 2.51.55 (which, as a string, is 37).

Precedence

The precedence of operators and symbols is as follows. When given the choice (that is, when parentheses aren't used), S3 evaluates operations in the following sequence.
The normal mathematical operator precedence (* / + -) is preserved in this list.

'text' `text`
()
#s #S #v #V $s $S $v $V
* /
+ -
== != > >= < <=
&&
||
|||
:
? ??
=

Variable Assignment Example

The following examples assign the proper values to variables. The name of each variable matches its value.

[one] = 1;
[two] = 1 + 1;
[two] = `[one]` + `[one]` - 1 + 1;
[ten] = ( 2 + 1 ) * 3 + 1;

The following example sets all three variables equal to 12.

1 [x] = [y] = [z] = 12;

Logic

The following examples demonstrate Boolean logic.

[bothXandY] = `[x]` && `[y]`;
[eitherXorYorBoth] = `[x]` || `[y]`;
[eitherXorY] = ( `[x]` && (`[y]` ? 0 : 1) ) || ( `[y]` && (`[x]` ? 0 : 1) );
[notX] = `[x]` ? 0 : 1;

The following example selects the value of ifName if it's present. Otherwise, it selects the he value of ifDescr.

[bamboo] = ifName ||| ifDescr;

The following examples demonstrate the use of the ternary operator.

[sevenOrEight1] = `[x]` ? 7 : 8;
[sevenOrEight2] = `[x]` ? 6 + 1 : 2 * 2 + 4;

Conversion

The following examples convert the text CPU into an OID index. The ASCII values for the individual letters are C=67, P=80, and U=85.

#s 'CPU'

The result of this is 3.67.80.85 (includes a length prefix).

#S 'CPU'

The result of this is 67.80.85 (no length prefix).

The following examples convert the specified OID indexes into strings.

$s '3.67.80.85'

The result of this is CPU.

$S '67.80.85'

The result of this is also CPU.

Full Examples

VACM Entry

The Net-SNMP agent supports the NET-SNMP-VACM-MIB, which provides some information about Net-SNMP's View Access Control Model (VACM).

The following is a sample walk of nsVacmAccessEntry (.1.3.6.1.4.1.8072.1.9.1.1)

NET-SNMP-VACM-MIB::nsVacmContextMatch."grpcomm1"."".0.noAuthNoPriv."read"
= INTEGER: prefix(2)
NET-SNMP-VACM-MIB::nsVacmContextMatch."grpcomm1"."".0.noAuthNoPriv."write"
= INTEGER: prefix(2)
NET-SNMP-VACM-MIB::nsVacmContextMatch."grpcomm1"."".0.noAuthNoPriv."notify"
= INTEGER: prefix(2)
NET-SNMP-VACM-MIB::nsVacmContextMatch."grpsnmpUser"."".3.authNoPriv."read"
= INTEGER: prefix(2)
NET-SNMP-VACM-MIB::nsVacmContextMatch."grpsnmpUser"."".3.authNoPriv."write"
= INTEGER: prefix(2)
NET-SNMP-VACM-MIB::nsVacmContextMatch."grpsnmpUser"."".3.authNoPriv."notify"
= INTEGER: prefix(2)
NET-SNMP-VACM-MIB::nsVacmViewName."grpcomm1"."".0.noAuthNoPriv."read"
= STRING: all
NET-SNMP-VACM-MIB::nsVacmViewName."grpcomm1"."".0.noAuthNoPriv."write"
= STRING: none
NET-SNMP-VACM-MIB::nsVacmViewName."grpcomm1"."".0.noAuthNoPriv."notify"
= STRING: none
NET-SNMP-VACM-MIB::nsVacmViewName."grpsnmpUser"."".3.authNoPriv."read"
= STRING: all
NET-SNMP-VACM-MIB::nsVacmViewName."grpsnmpUser"."".3.authNoPriv."write"
= STRING: all
NET-SNMP-VACM-MIB::nsVacmViewName."grpsnmpUser"."".3.authNoPriv."notify"
= STRING: all
NET-SNMP-VACM-MIB::nsVacmStorageType."grpcomm1"."".0.noAuthNoPriv."read"
= INTEGER: permanent(4)
NET-SNMP-VACM-MIB::nsVacmStorageType."grpcomm1"."".0.noAuthNoPriv."write"
= INTEGER: permanent(4)
NET-SNMP-VACM-MIB::nsVacmStorageType."grpcomm1"."".0.noAuthNoPriv."notify"
= INTEGER: permanent(4)
NET-SNMP-VACM-MIB::nsVacmStorageType."grpsnmpUser"."".3.authNoPriv."read"
= INTEGER: permanent(4)
NET-SNMP-VACM-MIB::nsVacmStorageType."grpsnmpUser"."".3.authNoPriv."write"
= INTEGER: permanent(4)
NET-SNMP-VACM-MIB::nsVacmStorageType."grpsnmpUser"."".3.authNoPriv."notify"
= INTEGER: permanent(4)
NET-SNMP-VACM-MIB::nsVacmStatus."grpcomm1"."".0.noAuthNoPriv."read"
= INTEGER: active(1)
NET-SNMP-VACM-MIB::nsVacmStatus."grpcomm1"."".0.noAuthNoPriv."write"
= INTEGER: active(1)
NET-SNMP-VACM-MIB::nsVacmStatus."grpcomm1"."".0.noAuthNoPriv."notify"
= INTEGER: active(1)
NET-SNMP-VACM-MIB::nsVacmStatus."grpsnmpUser"."".3.authNoPriv."read"
= INTEGER: active(1)
NET-SNMP-VACM-MIB::nsVacmStatus."grpsnmpUser"."".3.authNoPriv."write"
= INTEGER: active(1)
NET-SNMP-VACM-MIB::nsVacmStatus."grpsnmpUser"."".3.authNoPriv."notify"
= INTEGER: active(1)

And with numeric OIDs:

.1.3.6.1.4.1.8072.1.9.1.1.2.8.103.114.112.99.111.109.109.49.0.0.1.4.114.101.97.100
= INTEGER: prefix(2)
.1.3.6.1.4.1.8072.1.9.1.1.2.8.103.114.112.99.111.109.109.49.0.0.1.5.119.114.105.116.101
= INTEGER: prefix(2)
.1.3.6.1.4.1.8072.1.9.1.1.2.8.103.114.112.99.111.109.109.49.0.0.1.6.110.111.116.105.102.121
= INTEGER: prefix(2)
.1.3.6.1.4.1.8072.1.9.1.1.2.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.4.114.101.97.100
= INTEGER: prefix(2)
.1.3.6.1.4.1.8072.1.9.1.1.2.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.5.119.114.105.116.101
= INTEGER: prefix(2)
.1.3.6.1.4.1.8072.1.9.1.1.2.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.6.110.111.116.105.102.121
= INTEGER: prefix(2)
.1.3.6.1.4.1.8072.1.9.1.1.3.8.103.114.112.99.111.109.109.49.0.0.1.4.114.101.97.100
= STRING: all
.1.3.6.1.4.1.8072.1.9.1.1.3.8.103.114.112.99.111.109.109.49.0.0.1.5.119.114.105.116.101
= STRING: none
.1.3.6.1.4.1.8072.1.9.1.1.3.8.103.114.112.99.111.109.109.49.0.0.1.6.110.111.116.105.102.121
= STRING: none
.1.3.6.1.4.1.8072.1.9.1.1.3.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.4.114.101.97.100
= STRING: all
.1.3.6.1.4.1.8072.1.9.1.1.3.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.5.119.114.105.116.101
= STRING: all
.1.3.6.1.4.1.8072.1.9.1.1.3.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.6.110.111.116.105.102.121
= STRING: all
.1.3.6.1.4.1.8072.1.9.1.1.4.8.103.114.112.99.111.109.109.49.0.0.1.4.114.101.97.100
= INTEGER: permanent(4)
.1.3.6.1.4.1.8072.1.9.1.1.4.8.103.114.112.99.111.109.109.49.0.0.1.5.119.114.105.116.101
= INTEGER: permanent(4)
.1.3.6.1.4.1.8072.1.9.1.1.4.8.103.114.112.99.111.109.109.49.0.0.1.6.110.111.116.105.102.121
= INTEGER: permanent(4)
.1.3.6.1.4.1.8072.1.9.1.1.4.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.4.114.101.97.100
= INTEGER: permanent(4)
.1.3.6.1.4.1.8072.1.9.1.1.4.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.5.119.114.105.116.101
= INTEGER: permanent(4)
.1.3.6.1.4.1.8072.1.9.1.1.4.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.6.110.111.116.105.102.121
= INTEGER: permanent(4)
.1.3.6.1.4.1.8072.1.9.1.1.5.8.103.114.112.99.111.109.109.49.0.0.1.4.114.101.97.100
= INTEGER: active(1)
.1.3.6.1.4.1.8072.1.9.1.1.5.8.103.114.112.99.111.109.109.49.0.0.1.5.119.114.105.116.101
= INTEGER: active(1)
.1.3.6.1.4.1.8072.1.9.1.1.5.8.103.114.112.99.111.109.109.49.0.0.1.6.110.111.116.105.102.121
= INTEGER: active(1)
.1.3.6.1.4.1.8072.1.9.1.1.5.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.4.114.101.97.100
= INTEGER: active(1)
.1.3.6.1.4.1.8072.1.9.1.1.5.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.5.119.114.105.116.101
= INTEGER: active(1)
.1.3.6.1.4.1.8072.1.9.1.1.5.11.103.114.112.115.110.109.112.85.115.101.114.0.3.2.6.110.111.116.105.102.121
= INTEGER: active(1)

Indexing

S3 has two options to properly index entries:

S3 can choose a variable-length index (with no length prefix). However, this provides S3 no insight as to the components of the index. There are no OIDs available to determine a proper name for any of the entries to enter into the system as objects.
S3 can explicitly define each index component, which allows S3 to reference each component individually to properly name objects.

The index is composed of the following types of fields.

Example

"grpcomm1"."".0.noAuthNoPriv."read"

String (for example, grpcomm1) - According to the MIB, this is the name of the group for this entry.
String (for example, "") - According to the MIB, this is the prefix that a name must match to gain access rights.
Integer (for example, 0) - According to the MIB, this is the security model in use. This roughly corresponds with the SNMP version (where 0 = any).
Integer (for example, noAuthNoPriv, which is, 1) - According to the MIB, this is the minimum level of security required to gain access rights.
String (for example, read) - According to the MIB, this is the type of processing to apply the specified view to.

S3 has the following information:

[INDEX] is 8.103.114.112.99.111.109.109.49.0.0.1.4.114.101.97.100.
[INDEX]{0} is 8.103.114.112.99.111.109.109.49.
[INDEX]{1} is 0.
[INDEX]{2} is 0.
[INDEX]{3} is 1.
[INDEX]{4} is 4.114.101.97.100.

Naming

S3 uses the following information to name an object for a VACM entry.

Group group name [ matching prefix ] using {any version|security model } with security level , providing processing

S3, revision 1

The security level is an enumeration. S3 creates a variable with the appropriate textual representation for its value.

Necessary S3:

[securityLevel] = ( `[INDEX]{3}` == 1 ? 'noAuthNoPriv' : ( `[INDEX]{3}` == 2
? 'authNoPriv' : ( `[INDEX]{3}` == 3 ? 'authPriv' : '(unknown)' ) ) );

Name:

'Group '( $s `[INDEX]{0}` )( ($s `[INDEX]{1}`) ?? (' matching '($s `[INDEX]{1}`)) : '')
'using'( `[INDEX]{2}` ? `v[INDEX]{2}` : 'any version' )` with [securityLevel], providing`
( $s `[INDEX]{4}` )

Evaluates to:

Group grpcomm1 uses any version with noAuthNoPriv, providing read

S3, revision 2

The first Name S3 is too long and is not very readable. In the second revision, S3 assigns various parts of the name to variables and links the names at the end.

Necessary S3:

[groupName] = ( $s `[INDEX]{0}` );
[matchText] = ( ($s `[INDEX]{1}`) ?? (' matching '($s `[INDEX]{1}`)) : '' );
[versionText] = ( `[INDEX]{2}` ? `v[INDEX]{2}` : 'any version' );
[securityLevel] = ( `[INDEX]{3}` == 1 ? 'noAuthNoPriv' : ( `[INDEX]{3}` == 2 ? 'authNoPriv' :
( `[INDEX]{3}` == 3 ? 'authPriv' : '(unknown)' ) ) );
[processingText] = ( $s `[INDEX]{4}` );

Name:

`Group [groupName][matchText] using [versionText] with [securityLevel], providing [processingText]`

Evaluates to:

Group grpcomm1 using any version with noAuthNoPriv, providing read

The end result is the same, but the name is easier to read and understand. The difference is that each component S3 is broken up into separate variables. This allows the name to be a single interpolated string.

Context

S3 evaluates OIDs. Evaluation must take place in the context of a certain SNMP agent.

S3 is used at the SNMP discover time for a particular device. All S3 statements are executed in the context of that device. This means that every time an OID is encountered, the device is queried for its value, and that value is returned to the S3 statement.

Object Context

The main purpose of S3 is to define ways to describe specific objects from a generic set of rules. As the SNMP discover script goes through the possible object types, it generates a list of individual object indexes for each object type. The rules for that object type are applied to each index that it encounters in order to generate a unique object per index.

The following SNMP Object Editor fields are evaluated, in order, for each object.

Variables
- A mini S3 script generates variables for later use.
- Variables generated:
  - (Any present)
Subtype expression
- Determines the subtype of the object.
- Variables generated:
  - [TYPE]: The numerical value of the subtype (if any).
  - [TYPE NAME]: The name of the subtype (if any).
  - [TYPE DESCRIPTION]: The description of the subtype (if any).
Assert expression
- Skipped if an object doesn't pass the assert expression.
- Should not define any variables.
Name expression
- Uniquely identifies an object across the SNMP plugin for the device in question.
- Should not define any variables.
Description expression
- Should provide an informative description of the object. If it's not set, then use the object type.
- Should not define any variables.

Before any evaluation happens, the [INDEX] variable is set to the SNMP index of the current object. This is a vector variable. Each index in the vector corresponds with each specific index key defined for this object type. Each of those could also be a vector. Because of the sequence that the system variables are generated in, S3 generates an error if a variable is used before it's generated.

Indicator Context

The Expression field in the SNMP Indicator Editor for a particular indicator is also an S3 expression. Indicators should not set variables. The Maximum Value Expression field is also an S3 expression.

An indicator expression and maximum value expression can use any of the variables defined above for the object, including any user-defined variables in the Variables field.

This enables an indicator definition to get around any strange indexing (including out-of-order indexing) by using S3 to assemble the OID to poll as necessary.

Synthetic Indicators

Indicator expressions are unique because they're handled in a two-pass system. The SNMP plugin doesn't implement S3. It implements a simple mathematical library. Any OIDs present in the data that is passed to the poller must be fully expanded with their index information. To accomplish this, two passes are used on the indicator expression.

The text-conversion functions of S3 doesn't work in either pass.

First Pass

The first pass is an expansion pass. It expands any OID encountered by adding the full index value to the end of it. This is equivalent to having every OID end in .[INDEX]. The result of this pass is saved and no real values should be generated.

Second Pass

The second pass then evaluates (normally) the results of the first pass. If this pass results in a numeric value, then the indicator is presumed to exist. The results of the first pass are stored for use by the poller.

It's important to use standard mathematical expressions (and not the extra S3 operations) to perform indicator expressions. These expressions must conform to normal mathematical rules (for example, you can't have two expressions next to each other with no joining operator). These expressions may include the following operators:

/ + -

And the following grouping symbols:

( )

It's possible to get around the OID expansion in the first pass. The entire results of the evaluated first pass are passed to the second pass. Any text in the first pass doesn't have its quotes in the second pass. As a result, an OID may be quoted and used exactly as quoted in the second pass. The whole first pass could be quoted to prevent S3 from taking any intelligent action.

To have every interface report, as an indicator, the total number of interfaces on the device (multiplied by 10), the following indicator expression doesn't work:

ifNumber.0 * 10

ifNumber.0 is expanded with the default index, which in this case could be .2, for example (yielding ifNumber.0.2, which is not the desired outcome):

ifNumber.0.2 * 10

However, the following tricks the system into accepting the OID:

`ifNumber.0` * 10

This yields:

ifNumber.0 * 10

This is the desired outcome.

Summary of the Two-Pass System

Pass 1
1. OIDs are expanded.
2. Text is unquoted.
Pass 2
1. Pass 1 is evaluated.

Note

Do not use text-conversion functions.

ASCII Table

The following lists the first 128 ASCII values and the corresponding character value for each.

images/download/attachments/33033241/snmp_asciiTable.png

Troubleshooting

Below are a few tips for troubleshooting SNMP-related issues. It's a good idea to start with the basics. Depending on the nature of your problem, you may want to confirm that your device is up and pingable.

I Can't See Interfaces

If you're having trouble seeing an interface, it's possible that SevOne NMS isn't able to SNMP walk the device due to an incorrect community string. Perform the following steps to verify that the SNMP community strings for the device are correct.

Go to the Device Manager (Devices -> Device Manager).
Select the the device in question and click to display the Edit Device page.
In the SNMP plugin section, verify that the community string and SNMP version are correct.
If both are correct, log on to the device and enter the following command to walk the device.

snmpwalk -v<version> -c<community string> <ip address>
If the command fails, then SevOne NMS can't SNMP walk the device. Try to walk the device from another location to ensure that the device is properly configured.

Common reasons for not being able to SNMP walk a device include the following.

Routing - there's no route from SevOne NMS to the device.
Firewall - a router between SevOne NMS and the device is blocking SNMP traffic.

I'm Not Receiving Alerts

SevOne NMS collects all traps and provides a collection of common trap events. Traps that have a corresponding trap event appear on the Logged Traps page. Traps that don't have a corresponding trap event appear on the Unknown Traps page. The Unknown Traps page has a Configure Trap Events button to provide access to the Trap Event Editor, where you configure trap events for your particular network.

If you think you should receive an alert on a trap from a particular device, go to the Unknown Traps page and use the filters to search by the IP address of the device.

If a trap doesn't resolve to an OID name, then the MIB for the trap isn't included in SevOne NMS. SevOne NMS still processes the trap, and the trap appears as an OID number instead of a name.

Access Lists

If you're having trouble getting SNMP data from a device, an access list is another possible cause. An SNMP access list can be used to limit SNMP data only to specific IP addresses. If you've confirmed that your SNMP settings in SevOne NMS are correct and that there aren't any issues with the devices that you're trying to get SNMP data from, make sure that SevOne NMS isn't being excluded as a result of an access list configuration.

Terms

Authentication Protocol	A protocol used by one network entity to confirm its identity to another network identity.
Community String	A text string that functions as a password and is used to authenticate messages sent between an SNMP agent and an SNMP manager.
Localized Key	A secret key shared between a user and an SNMP engine.
Protocol Data Unit (PDU)	A unit of data in a particular protocol layer. The unit represented by a PDU varies according to which layer of the OSI model it's in. For example, it's considered a frame in Layer 2 and a packet in Layer 3.

Table of Contents (Start)

SNMP Quick Start Guide - SevOne NMS 5.7

Introduction

Prerequisites

Enable Devices to Send SNMP Data to SevOne NMS

SNMP Commands

Things You'll Need to Know

Configuration Steps

Cluster-level Settings

Device-level Settings

Manage SNMP Object Types

Manage SNMP Indicator Types

SNMP Atomic Indicator Types

SNMP Synthetic Indicator Types

Manage SNMP Object Subtypes

SNMP OIDs and MIBs

SNMP OID Browser

MIB Manager

Device Types

Using Device Types

The Device Type Hierarchy

Add a Device Type

Manage Metadata Values

Device Type Membership Rules

Object Types tab

Device Type Membership tab

Membership Management

SNMP Walk

SNMP Walk Output

SNMP Traps

Logged Traps

Unknown Traps

Trap Event Editor

Trap Destinations

Trap Destination Associations

Additional Information about SNMP

SNMP as Seen by SevOne NMS

SNMP Object Naming Process

Human breakdown

Anatomy of SNMP Data

How OIDs Are Indexed

How S3 Handles SNMP

Scripts

Statements

Expressions

Variables

S3 OID Handling

Indexing

Symbols

Grouping

Operators

Math

Comparison

Logic

Ternary

Count

Conversion

Conversion to OID

Grouping

Precedence

Variable Assignment Example

Logic

Conversion

Full Examples

VACM Entry

Indexing

Context

Object Context

Indicator Context

Synthetic Indicators

Summary of the Two-Pass System

ASCII Table

Troubleshooting

I Can't See Interfaces

I'm Not Receiving Alerts

Access Lists

Terms