Contents • • • • • • • • • • • • • • Introduction Windows can be configured to send SNMP traps when certain messages appear in the Windows Event Log. This article will walk the reader through the process of configuring these traps to be sent and up to the point of configuring OpenNMS to turn them into events. Tools on the Windows side There is a pair of utilities that ship with Windows that are used to define and export the mappings and to import the exported mappings and configure the actual sending of traps: evntwin GUI tool for defining mappings of event log messages to SNMP traps evntcmd CLI tool for importing the definitions created by evntwin and configuring the actual sending of traps Documentation about these tools is almost nonexistent on Microsoft's sites, but they seem to be supported. Tools on the OpenNMS side Normally, when you are creating these traps on a Windows box, the traps won't be defined in an existing MIB, meaning you need to manually define them. When you first generate an undefined trap, OpenNMS will log an 'Enterprise Default' trap event against the node. These 'Enterprise Default' traps provide all the information you need to generate a definition. While you can create a new events xml file, you might find it easier to add these definitions to an existing file.
So you have a new Windows Server 2008 R2 installed and now you'd like to start gathering statistics about how it's performing. The SNMP protocol is a great way to get started. In this tutorial I will install the SNMP agent service on a Windows server and configure it to allow queries from a SNMP based. Act labs force News; Evntwin windows 2008. Published: 18:40. Evntwin windows 2008. «Evntwin windows 2008» in pictures. HP ProLiant サーバー - Windows Server 2012 での SNMP サービスの; Start/Stop SNMP Trap service in Windows 7 from Services, Regedit; SNMP Traps in Windows Server Networking.
If you do go down the route of creating your own file, remember that it needs to appear at the bottom of the eventconf.xml file, but ABOVE the default.events.xml line - otherwise you will only ever get 'Enterprise Default' traps displayed, and not your own customized ones! Configuring the Windows side Defining and exporting mappings with evntwin Start the evntwin utility from the Start ->Run menu or from a DOS prompt. In the initial window, click the radio button for Custom under Configuration type. Then click the Edit >>button to expand the list of event sources.
The window will now look like this: Browse the list of event sources, or use the Find button, to track down the event source that you're interested in. It helps at this stage to have the Windows Event Viewer open and displaying details on the event log entry for which you want to configure trap mappings. Cebuano Tagalog Dictionary Free Download there. The Event ID will line up between the Event Viewer and evntwin. As an example, we will configure a trap mapping for an event in the Security log whose source is Security and whose event ID is 520; this event is a success audit event informing us that the system time was changed. Here this event is highlighted in the evntwin utility: Click the Add. Button and a dialog pops up identifying the enterprise OID and trap specific ID of the mapped trap. Here you can tweak the conditions under which traps should be sent if you want.
This dialog also shows the message body as it would appear in the Event Log, only with the dynamic information tokenized in the form of%1,%2, and so on. These tokens will be helpful in identifying the information contained in the varbinds of the resulting trap: Note that the value in the enterprise OID text field will very likely overflow the width of the field, so you'll need to use Ctrl+A or right-click and Select All to get the whole thing onto the clipboard. The OID will be of the form: 1.3.6.1.4.1.311.1.13.8.83.101.99.117.114.105.116.121 The 1.3.6.1.4.1.311 part will be familiar to some people as Microsoft's private enterprise MIB branch. The 1 after this prefix is for software, and the 13 doesn't seem to be defined anywhere, but we'll presume it to be the root OID where Event Log mapped trap OIDs live. The remainder of this OID is an encoding of the Event Log source name; the 8 encodes the length in octets, and the following eight octets are the ASCII (or presumably Unicode) character codes for the characters comprising the source name.
See for a quick reference to ASCII character codes. Note on Windows 2000 On Windows 2000 without Service Pack, the enterprise OIDs that evntwin generates are not properly nested under the Microsoft private enterprise MIB branch. Instead they use a truncated prefix of 1.3. Plus the encoded source name. These OIDs are not canonically valid as SNMP object identifiers, but OpenNMS should handle them. See at Microsoft for a description and workaround. Click OK and your first mapping will appear in the main evntwin window.
Once you're done adding mappings, click the Apply button in the main evntwin window. Then highlight all the mappings (this is important!) and click the Export.
Choose a location and filename to save the event-to-trap mapping definitions: The exported event-to-trap mappings will be a text file whose contents look like this: #pragma add Security 'Security' 520 1 0 This would appear to map as follows: #pragma add ' Importing exported definitions with evntcmd Now open an elevated command prompt and change to the directory where you exported the event-to-trap mappings. Run the evntcmd utility, giving it the name of your exported mappings file as its only argument. The output should look like this: C: Documents and Settings admin My Documents>evntcmd events.cnf Microsoft (R) Event To Trap Translator; Configuration Tool v2.00 Copyright (c) Microsoft Corporation 1998. All rights reserved. [Wrn05] Command line parsed successfully. [Wrn05] Configuration file 'events.cnf' parsed successfully. [Wrn05] Registry connected to 'localhost'.
[Wrn05] Commands processed successfully. Note on distributed use of evntcmd It appears it's possible to give this utility -s sysname on its command line to have it connect to remote systems and configure them in the same manner, but I have not tested this. Set the trap sink At this point, you're done configuring the Windows side, unless you haven't yet configured the SNMP service to send traps to your OpenNMS server.
This is done from the Services MMC snap-in, SNMP service properties, Traps tab. Generate a test trap For this example, we can simply change the system time to generate a trap. We'll switch over to the OpenNMS side to continue. Configuring the OpenNMS side Now that we've generated a test trap by changing the system time, we should see a Microsoft 'enterprise default' event of indeterminate severity in the OpenNMS event browser: Remainder left as an exercise to the reader There is plenty of existing documentation on creating event definitions for OpenNMS. All the information needed to build a definition for this trap is available by looking at the enterprise-default event depicted above.
Common Issues and Answers We identify any issues that arises when setting up a trap using evntwin Negative Trap Specific ID There are times, when the specific trap ID given by evntwin is not the same as the trap that OpenNMS sees. This is not a bug in OpenNMS, as this is the same ID that Windows sends out.
It's difficult to say why, at this point, but it seems to only happen when the specific trap ID is greater than 2^31 (). If the trap ID is greater than 2^31, then there is a simple formula you can use. Just subtract 2^32 from the specific trap ID. PYTHON (assuming specific ID =, the received ID = -): >>>4-(2**32) - JAVA (assuming specific ID =, the received ID = -): System.out.printf('%f n',L-(Math.pow(2, 32))); How does Windows auto-create the OID? I want to map all traps from a certain application Windows uses the Application Name as the OID.
All OID's for Microsoft, begins with 1.3.6.1.4.1.311. After that, 13.1 shows the evntwin definition traps (i.e. After that, the application definition begins. The next digit defines the number of characters in the application name.
So, if we are talking about the application (source) MSExchangeIS, the number of characters would be 12 for XX. Thus we would have: 1.3.6.1.4.1.311.13.1.12.x.x.x.x.x.x After that, Microsoft then spells out the Application Name using ASCII character numbers (). 1.3.6.1.4.1.311.13.1.12.77.83.69.120.99.104.97.110.103.101.73.83 M S E x c h a n g e I S Examples •.
Parameter Description /s Specifies, by name, the computer on which you want to configure the translation of events to traps, trap destinations, or both. If you do not specify a computer, the configuration occurs on the local computer. /v Specifies which types of status messages appear as traps and trap destinations are configured. This parameter must be an integer between 0 and 10. If you specify 10, all types of messages appear, including tracing messages and warnings about whether trap configuration was successful. If you specify 0, no messages appear. /n Specifies that the SNMP service should not be restarted if this computer receives trap configuration changes.
Specifies, by name, the configuration file that contains information about the translation of events to traps and trap destinations you want to configure. Displays Help at the command prompt. • If you want to configure traps but not trap destinations, you can create a valid configuration file by using Event to Trap Translator, which is a graphical utility.
If you have the SNMP service installed, you can start Event to Trap Translator by typing evntwin at a command prompt. After you have defined the traps you want, click Export to create a file suitable for use with evntcmd. You can use Event to Trap Translator to easily create a configuration file and then use the configuration file with evntcmd at the command prompt to quickly configure traps on multiple computers. • The syntax for configuring a trap is as follows: #pragma ADD [ []] • The text #pragma must appear at the beginning of every entry in the file. • The parameter ADD specifies that you want to add an event to trap configuration.
• The parameters EventLogFile, EventSource, and EventID are required. The parameter EventLogFile specifies the file in which the event is recorded. The parameter EventSource specifies the application that generates the event. The EventID parameter specifies the unique number that identifies each event. To find out what values correspond to particular events, start Event to Trap Translator by typing evntwin at a command prompt. Click Custom, and then click Edit.
Under Event Sources, browse the folders until you locate the event you want to configure, click it, and then click Add. Information about the event source, the event log file, and the event ID appear under Source, Log, and Trap specific ID, respectively. • The Count parameter is optional, and it specifies how many times the event must occur before a trap message is sent.
If you do not use the Count parameter, the trap message is sent after the event occurs once. • The Period parameter is optional, but it requires you to use the Count parameter. The Period parameter specifies a length of time (in seconds) during which the event must occur the number of times specified with the Count parameter before a trap message is sent. If you do not use the Period parameter, a trap message is sent after the event occurs the number of times specified with the Count parameter, no matter how much time elapses between occurrences. • The syntax for removing a trap is as follows: #pragma DELETE • The text #pragma must appear at the beginning of every entry in the file. • The parameter DELETE specifies that you want to remove an event to trap configuration.
• The parameters EventLogFile, EventSource, and EventID are required. The parameter EventLogFile specifies the log in which the event is recorded.
The parameter EventSource specifies the application that generates the event. The EventID parameter specifies the unique number that identifies each event. Brave Dwarves 2 Download Full Version Free.
• The syntax for configuring a trap destination is as follows: #pragma ADD_TRAP_DEST • The text #pragma must appear at the beginning of every entry in the file. • The parameter ADD_TRAP_DEST specifies that you want trap messages to be sent to a specified host within a community.
• The parameter CommunityName specifies, by name, the community in which trap messages are sent. • The parameter HostID specifies, by name or IP address, the host to which you want trap messages to be sent. • The syntax for removing a trap destination is as follows: #pragma DELETE_TRAP_DEST • The text #pragma must appear at the beginning of every entry in the file. • The parameter DELETE_TRAP_DEST specifies that you do not want trap messages to be sent to a specified host within a community. • The parameter CommunityName specifies, by name, the community in which trap messages are sent. • The parameter HostID specifies, by name or IP address, the host to which you do not want trap messages to be sent.