What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Using MIB file with NOTIFICATION-TYPE snmp definitions

Votes:

0

I am trying to set up an SNMP Trap Receiver for a Sophos UTM appliance (formerly Astaro). The MIB file provided only defined NOTIFICATION-GROUP and NOTIFACTION-TYPE definitions, with no OBJECT-TYPE defintions. No other examples you have provided seems to cover this scenario. I am struggling to get the MIB more than add it's name into the SNMP message in PRTG. And I can't do anything with it once it's there. An example below is an HA event I would like to alert on. The SNMP trap received is using OID 1.3.6.1.4.1.9789.1500.1.83

Below are the relevant parts of the MIB defining the SNMP OID :

...
::= { enterprises 9789 }

notification OBJECT IDENTIFIER ::= { astaro 1500 }
notificationGroup OBJECT IDENTIFIER ::= { astaro 1501 }

--
-- Notification severity
--

debug OBJECT IDENTIFIER ::= { notification 0 }
info  OBJECT IDENTIFIER ::= { notification 1 }
warn  OBJECT IDENTIFIER ::= { notification 2 }
crit  OBJECT IDENTIFIER ::= { notification 3 }
...

The example below is for event 83, which happens when I force a failover between the HA nodes. The extract of the notification is below:

sophosUTMNotificationINFO083 NOTIFICATION-TYPE
    STATUS current
    DESCRIPTION
          "HA System is active and fully functional"
::= { info 83 }

Without the MIB defined the Agent and Enterprise fields are empty, and the Bindings field contains:

SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-SMI::enterprises.9789.1500.1.83 SNMPv2-SMI::enterprises.9789.1500.1.83 = [wn1vaproxy.ad.ccdhb.health.nz][INFO][083]

With the MIB defined the response if fairly similiar:

SNMPv2-MIB::snmpTrapOID.0 = ASTARO-MIB::sophosUTMNotificationINFO083 ASTARO-MIB::sophosUTMNotificationINFO083 = [wn1vaproxy.ad.ccdhb.health.nz][INFO][083]

As you can see it identifies the MIB notification type OK, but I still cannot get it to WARN on this event. It would also be nice to get it to separate the message into the columns, including the GenTrap and SpecTrap columns, which have numbers assigned but they seem to be unrelated to anything in the MIB. Ideally I would like to use these to generate the notifications to our support staff.

oid snmp sophos

Created on Feb 13, 2017 2:41:55 AM



1 Reply

Votes:

0

Hi there,

To get a warning in case of an occurrence of:
SNMPv2-MIB::snmpTrapOID.0 = ASTARO-MIB::sophosUTMNotificationINFO083 ASTARO-MIB::sophosUTMNotificationINFO083 = [wn1vaproxy.ad.ccdhb.health.nz][INFO][083]

Add something like this to the "Warning Filter" field within the sensor settings of the "SNMP Trap Receiver": bindings[SUBSTRING-OF-THE-TRAP-MESSAGE] This is also described on this site.

Best regards.

Created on Feb 16, 2017 1:02:45 PM by Dariusz Gorka [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.