Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
20973
Views
5
Helpful
3
Comments

How To Send a Customized Trap Using EEM

Joe Clarke
Cisco Employee
Cisco Employee

on ‎06-19-2010 06:50 PM

Starting with the Embedded Event Manager (EEM) version 3.0, it is possible to generate a customized trap from an IOS device.  This trap can either be an existing trap (e.g. one which the device already supports) or a completely new trap with a customized enterprise, trap Object Identifier (OID), and variable bindings (varbinds).  Customized traps can be sent from both applet and Tcl policies.  To determine if your device supports EEM 3.0, run the following command:

Router#show event manager version

The first line of the output is the EEM version.  This must be 3.00 or higher.

To send a customized trap, one must first define the varbinds which will be included in the trap.  All traps must have at least one varbind.  Once the varbinds are defined, the trap can be sent by specifying the enterprise OID, trap OID, generic trap number, and specific trap number.

Understanding the Options

If you are not extremely familiar with the different attributes of an SNMP trap, the options required to build a trap may seem a bit daunting.  Below is a quick reference to explain what the various options mean.

  • variable type : the type of the variable binding.  This can be one of the following values:
    • int : for a 32-bit signed integer
    • uint : for a 32-bit unsigned integer
    • string : for an ASCII character string
    • counter : for a 32-bit counter
    • gauge : for a 32-bit gauge
    • octet : for a string of bytes
    • ipv4 : for an IPv4 address
  • enterprise-oid : The enterprise or organization of the agent that originates the trap.  For an existing trap, this is typically the OID branch from which the trap is defined.  For a customized trap, this can be anything you want.
  • generic-trapnum : An integer denoting the generic trap ID.  This must be one of the following values:
    • 0 : Used when sending a coldStart trap
    • 1 : Used when sending a warmStart trap
    • 2 : Used when sending a linkDown trap
    • 3 : Used when sending a linkUp trap
    • 4 : Used when sending an authenticationFailure trap
    • 5 : Used when sending an egpNeighborLoss trap
    • 6 : Enterprise-specific (use this for customized traps)
  • specific-trapnum : Used for enterprise-specific traps (otherwise it should be 0).  For existing traps, this must be the trap number defined in the MIB.  For customized traps this can be any value you want.
  • trap-oid : The fully-qualified trap OID.  This is used instead of the generic-trapnum and specific-trapnum when sending SNMPv2 notifications.  It is generally a combination of the enterprise-oid and the specific-trapnum.

Existing Trap

This example shows how to send a configuration change trap (ciscoConfigManEvent) from an EEM policy.

This policy uses the none event detector (ED) so it can be executed manually.  The first thing to do is to declare a trap variable named vbinds.  This name can be anything you want.  The first varbind is ccmHistoryEventCommandSource which takes an integer value of 1.  The 1 means that the command source was CLI.

The second varbind is ccmHistoryEventConfigSource which takes an integer value of 2.  The 2 means that the configuration source is the command source (i.e. the CLI).  Note how the vbinds variable is being reused.  This is important.  All of your varbinds must be assigned to the same trap variable.

The final varbind is ccmHistoryEventConfigDestination which takes an integer value of 3.  The 3 means that the configuration destination is the running config.

Notice that all of the SNMP OIDs end in ".1".  This trailing .1 is the instance of the objects.  This instance number is defined by the object ccmHistoryEventIndex, and it must be an integer between 1 and 2147483647.

Applets

event manager applet send-cfg-change
 event none
 action 1.0 info type snmp var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.3.1 int 1
 action 2.0 info type snmp var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.4.1 int 2
 action 3.0 info type snmp var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.5.1 int 3
 action 4.0 info type snmp trap enterprise-oid 1.3.6.1.4.1.9.9.43.2 generic-trapnum 6 specific-trapnum 1 trap-oid 1.3.6.1.4.1.9.9.43.2.0.1 trap-var vbinds

Execute this policy with the following command:

Router#event manager run send-cfg-change

Tcl

::cisco::eem::event_register_none
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.3.1 int 1
sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.4.1 int 2
sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.9.9.43.1.1.6.1.5.1 int 3
sys_reqinfo_snmp_trap enterprise_oid 1.3.6.1.4.1.9.9.43.2 generic_trapnum 6 specific_trapnum 1 trap_oid 1.3.6.1.4.1.9.9.43.2.0.1 trap_var vbinds

Assuming this script was registered as send_cfg_change.tcl, it can be exected with the following command:

Router#event manager run send_cfg_change.tcl

Customized Trap

In addition to sending a trap which is alrady been defined by a MIB supported by the device, you can send a trap with any enterprise, trap OID, and varbinds you like.  For example, assume we want to send a trap with the enterprise 1.3.6.1.4.1.33333.1 and trap OID 1.3.6.1.4.1.33333.1.0.1.  This trap will have two string varbinds.  Since this is a completely customized trap, these varbinds can contain any values, and they can have any OIDs.

Since this an enterprise-specific trap, the generic trap number must be 6.  The specific trap number will be 1 in this case, but it can be any value you like.

Applet

event manager applet send-custom-trap
 event none
 action 1.0
 action 1.0 info type snmp var vbinds oid 1.3.6.1.4.1.33333.2.0 string "send-custom-trap"
 action 2.0 info type snmp var vbinds oid 1.3.6.1.4.1.33333.3.0 string "This is a custom trap"
 action 3.0 info type snmp trap enterprise-oid 1.3.6.1.4.1.33333.1 generic-trapnum 6 specific-trapnum 1 trap-oid 1.3.6.1.4.1.9.33333.1.0.1 trap-var vbinds

Execute this policy with the following command:

Router#event manager run send-custom-trap

Tcl

::cisco::eem::event_register_none
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.33333.2.0 string "send_custom_trap.tcl"
sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.33333.3.0 string "This is a custom trap"
sys_reqinfo_snmp_trap enterprise_oid 1.3.6.1.4.1.33333.1 generic_trapnum 6 specific_trapnum 1 trap_oid 1.3.6.1.4.1.33333.1.0.1 trap_var vbinds

Assuming this script was registered as send_custom_trap.tcl, it can be exected with the following command:

Router#event manager run send_custom_trap.tcl

Caveats

While you can reuse the same trap variable name in multiple EEM policies, you cannot reassign the value of a varbind within a trap variable.  If you need change a varbind value in a given policy, you will need to create a new trap variable.

Labels:
Comments
Vinayaka Raman
Level 1
Level 1
‎11-17-2011 09:04 AM

Hello Joseph,

I need some help out here..

Here is my config on my Nexus 7k


snmp-server enable traps event-manager

event manager applet P2P_Link_Failure  
snmp-server enable traps event-manager
  
event syslog pattern "Neighbor 10.45.255.133 (Vlan777) is down" 
action 1.0 snmp-trap strdata "Neighbor 10.45.255.133 (Vlan777) is down"
action 1.1 syslog priority Emergency msg "P2P Link Failure"

The trouble I have is in snmp-traps.. What kind of MIB should be enabled on the SNMP server to receive the traps..?

Since this is a customized one, do we have to define our own MIB values in the command..Please help

Joe Clarke
Cisco Employee
Cisco Employee
‎11-17-2011 09:57 AM

In the future, these questions should be asked in the discussion section of this community.

The MIB used by EEM is the CISCO-EMBEDDED-EVENT-MGR-MIB.  It can be downloaded from ftp://ftp.cisco.com/pub/mibs/v2 .

mattphews
Level 1
Level 1
‎06-02-2020 06:53 AM

Nice, thanks, how to correctly add custom SNMP trap for these TCL scripts ( i guess only need to add to tm script, as it is the one that disables interfaces):

"Inactive ports were DISABLED!"

TCL Scripts that you created:

tm_suspend_ports.tcl

sl_suspend_ports.tcl

 

Basically tm script will disable switchports that are inactive for 3 weeks, and when that happens I need it to generate Syslog msg and SNMP so that I see this notification in Zabbix.

Thanks!

Wanted to attach those script files but there is no option to upload file, just photo and/or video.

Basically for SNMP monitoring, added this after namespace:

sys_reqinfo_snmp_trapvar var vbinds oid 1.3.6.1.4.1.33333.2.0 string "Inactive ports were DISABLED!"
sys_reqinfo_snmp_trap enterprise_oid 1.3.6.1.4.1.33333.1 generic_trapnum 6 specific_trapnum 1 trap_oid 1.3.6.1.4.1.33333.1.0.1 trap_var vbinds

and looks like it did not work. Perhaps needed to configure snmp-server enable ... event manager , did that now, will see.

 

Regarding syslog, added also after namespace configuration like this:

action_syslog priority info msg "Inactive ports were DISABLED!"

 

It worked, but clock time was off, perhaps this must be added after this line:

set now [clock seconds]

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents