Core issue

When using signature auto-update in NM-CIDS modules running 5.1(1), you do not receive any Simple Network Management Protocol (SNMP) traps when an update completes. But  SNMP trap messages can be recieved when a signature update fails.

Resolution

SNMP Trap: SNMP protocol have 5 basic message types, SNMP Trap is one of them.

Why SNMP trap is unique from all other message types?

• It is the only scenario where SNMP agent in the field initiates the communication with SNMP Manager. Remaining 4 types of SNMP message types are initiated by the SNMP manager or issued in response to an SNMP manager's message. A trap is a way of notifying the SNMP manager that "something is wrong".

When using signature auto-update in NM-CIDS modules running 5.1(1), you do not receive any Simple Network Management Protocol (SNMP) traps when an update completes. But  SNMP trap messages can be recieved when a signature update fails.

CISCO-CIDS-MIB defines the ciscoCideError notification when there is an error on the sensor, as shown in this example:

CiscoCidsError NOTIFICATION-TYPE

cidsGeneralEventId,
cidsGeneralLocalTime,
cidsGeneralUTCTime,
cidsGeneralOriginatorHostId,
cidsErrorSeverity,
cidsErrorName,
cidsErrorMessage


Since the sigupdate fail is an evError, it is sent as a trap. A successful update is not considered an error, and therefore no error warning is generated when an update is completed.

Protocol / Ports

Simple Network Management Protocol (SNMP)