Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Network Node Manager i Software10.30

Administer > Configure Incidents > Configure Trap Logging > Trap Logging Configuration Form

Trap Logging Configuration Form

[This is the context-sensitive help for the Trap Logging Configuration form.]

NNMi enables you to configure the logging format for SNMP traps that you want to appear in the trap.log and trap.csv log files. You can also override these trap logging configurations on a Node Group basis. This feature is useful when you want to track your trap history as well as customize a trap's message format and resolve varbind values.

The trap.log and trap.csv files are located in the following directories (see Manage environment variables):

Windows

%NnmDataDir%\log\nnm

Linux

$NnmDataDir/log/nnm

See the "NNMi Incidents" chapter of the Network Node Manager i Software Deployment Reference for more information about configuring these file properties.

Tip To display the associated SNMP Trap Incident configuration, if any, use Actions > Show SNMP Trap Configuration.

To configure Trap Logging:

Navigate to the Incidents folder:
1. From the workspace navigation pane, select the Configuration workspace.
2. Expand the Incidents folder.
Expand the Trap Server folder.
Select Trap Logging Configuration.
Do one of the following:
- To add a configuration, click the New icon, and continue.
- To edit a configuration, double-click the row representing the configuration you want to edit, and continue.
- To delete a configuration, select a row, and click the Delete icon.
Make your Basic configuration choices (see table).
Make your Log Configuration choices (see table).
Click Save and Close to save your changes and return to the previous form.

Note See Manage Incoming SNMP Traps for information about the criteria NNMi uses to determine when to receive or discard traps.

Name Description

Name

The name is used to identify the logging configuration and must be unique. Use a name that will help you to remember the purpose or kind of SNMP trap for which you are configuring this log information.

Valid characters include alphanumeric, dash (-), slash (/), colon (:), and underscore(_).

Trap Object ID

Specify the Object Identifier of the trap you want to log.

You can obtain the OID value from the trap.log or trap.csv log file.

Note NNMi automatically logs the OID for any undefined traps to these files.

Note You can use a wildcard character (*) in the Trap Object ID attribute to create an SNMP Trap Incident configuration for multiple OIDs. This feature enables you to use the same SNMP Trap Incident Configuration for similar traps. For example, you might have a device class for which you might want to capture a particular kind of trap as an SNMP Trap Incident and ignore the rest.

When using the wildcard (*) character in the Trap Object ID (OID) attribute, note the following:

The OID must be unique.
Only one wildcard character is permitted within the Trap Object ID (OID) attribute.
The wildcard must appear at the end of an OID. For example .1.3.6.1.4.1.* is valid; however, .1.3.6.1.4.*.2 is NOT valid.
NNMi permits wildcards only in OIDs beginning with .1.3.6.1.4 (private MIBs).
The wildcard character is not valid for an SNMPv1 generic trap because these traps do not begin with .1.3.6.1.4.
When checking whether an SNMP Trap Incident Configuration exists, NNMi’s TrapFilter uses only implicit matching when checking generic SNMPv1 traps OIDs. See About the Trap Service Stages for more information about TrapFilter.

NNMi matches the OID value using the longest match. Specific OID matches take precedence over an OID that is matched using the wildcard character.

Click here for an example:

The following table provides an example of precedence between a specific OID and one that includes a wildcard. This example also illustrates how NNMi uses the longest match.

Example of Matching Incoming SNMP Traps Using Specific and Longest Match Criteria
SNMP OID Attribute Configuration	Incoming SNMP Trap	Match Criteria
.1.3.6.1.4.1.2.3	.1.3.6.1.4.1.2.3	Specific OID takes precedence over the wildcard OID configuration.
.1.3.6.1.4.1.*	.1.3.6.1.4.1.2	The wildcard OID takes precedence because it is the longest match.
.1.3.6.1.4.*	Using the specific OID and longest match criteria, this configuration is not the best match for these incoming traps.	See above.

NNMi handles each OID as if it contains an implicit wildcard. For example, when NNMi receives a trap whose OID is .1.3.6.1.6.3.1.1.5.4.100, NNMi logs the trap as SnmpLinkUp (.1.3.6.1.6.3.1.1.5.4) and generates an SNMPLinkUp incident.

If a trap's OID matches both an implicit and explicit wildcard, the longer one is used. If the length is the same, NNMi uses the implicit OID.

Click here for an example:

The following table provides an example of precedence between implicit and explicit wildcards.

Example of Matching Incoming SNMP Traps Using Implicit and Explicit Wildcard Criteria
SNMP OID Attribute Configuration	Incoming SNMP Trap	Match Criteria
.1.3.6.1.4.1.2.3.*	.1.3.6.1.4.1.2.3.4	The longest OID takes precedence.
.1.3.6.1.4.1.2	.1.3.6.1.4.1.2.3	The implicit OID takes precedence.
.1.3.6.1.4.1.*	Using the length and implicit criteria, this configuration is not the best match for these incoming traps.	See above.

Trap Logging

If the Enabled options is selected, NNMi logs this SNMP Trap to the trap.log and trap.csv log files for the nodes in the specified Node Group.

If the Disabled option is selected, NNMi does not log the specified SNMP Trap configuration to the trap.log and trap.csv log files in the specified Node Group.

Name Description

Log Message Format

Specify the information you want NNMi to include in the SNMP Trap's Message attribute value. You can use any combination of valid parameter strings and Custom Incident attributes to configure the Message.

Note The Log Message limit is 1024 characters. If the returned values exceed this limit, NNMi truncates the value starting from the end of the returned text string.

For more information, see:

Valid Parameters for Trap Logging Messages

Include varbinds in Your Log Message Format

Use the SNMP Trap Incident Configuration values

Specifies that you want the values from the associated SNMP Trap Incident Configuration to be used for the following attributes:

Severity
Category
Family
Incident Message Format

If selected , you are not able to provide values for the attributes listed

Severity

The Severity represents the seriousness calculated for the SNMP trap. Use the Severity attribute to specify the Severity that should be assigned to the SNMP trap when it appears in the trap.log and trap.csv log files.

Possible values are described in the following table.

Incident Severity Values
Attribute	Description
Normal	Indicates there are no known problems related to the associated object. This severity is meant to be informational. Generally, no action is needed for these incidents.
Warning	Indicates there might be a problem related to the associated object.
Minor	Indicates NNMi has detected problems related to the associated object that require further investigation.
Major	Indicates NNMi has detected problems related to the associated object to be resolved before they become critical.
Critical	Indicates NNMi has detected problems related to the associated object that require immediate attention.

See Monitor Incidents for Problems for more information about these severity values.

Category

The Category attribute helps you organize your SNMP Traps. Select the category that you want to be associated with this SNMP Trap when it appears in the trap.log and trap.csv log files.

Each of the possible Category values is described in the following table.

Incident Categories Provided by NNMi
Category	Description
Accounting	Used to indicate problems related to usage statistics and allocation of costs associated with the billing of time and services provided by devices. This category is not used by NNMi with default configurations, but it is available for incidents you define.
Application Status	Indicates there is a problem with the health of the NNMi software. Examples of these kinds of events include license expiration (see Extend a Licensed Capacity) or that a certain NNMi process or service lost connection to the Process Status Manager (see Stop or Start an NNMi Process and Stop or Start NNMi Services).
Configuration	Indicates there is a problem with the configuration of a managed device. For example, there is a physical address mismatch.
Fault	Indicates a problem with the network, for example Node Down.
Performance	Indicates a Monitored Attribute value crossed a configured threshold. For example, Disk Space Utilization exceeds the configured threshold criteria for High Value = 90 percent .
Security	Indicates there is a problem related to authentication. For example, an SNMP authentication failure.
Status	Indicates some kind of status message. Examples of these kinds of incidents include "SNMP Link Up" or an "HSRP Group status Normal" message.

Family

You can use Family values to further categorize the types of SNMP Traps that might be generated. Select the Family that you want to be associated with this SNMP Trap when it appears in the trap.log and trap.csv log files.

Each of the possible Family values are described in the following table.

Incident Family Attribute Values Provided by NNMi
Family	Description
Address	Indicates the incident is related to an address problem.
Aggregated Port	Indicates the incident is related to a Split Link Aggregation or Split Link Aggregation problem.
BGP	Indicates the incident is related to a problem with BGP (Border Gateway Protocol). This family is not used by NNMi with default configurations, but it is available for incidents you define.
Board	Indicates the incident is related to a board problem. This family is not used by NNMi with default configurations, but it is available for incidents you define.
Card	Indicates the incident is related to a card problem. This family is not used by NNMi with default configurations, but it is available for incidents you define.
Chassis	Indicates the incident is related to a chassis problem.
Component Health	Indicates the incident is related to Node Sensor or Physical Sensor data collected by NNMi.
Connection	Indicates the incident is related to a problem with one or more connections.
Correlation	Indicates the incident has additional incidents correlated beneath it. These incidents are associated with a duplicate count so that you can determine the number of correlated incidents associated with it.
Custom Poller	Indicates the incident is related to the NNMi Custom Poller feature.
HSRP	(NNMi Advanced) Indicates the incident is related to a problem with Hot Standby Router Protocol (HSRP).
Interface	Indicates the incident is related to a problem with one or more interfaces.
IP Subnet	Indicates the incident is related to a problem with the IP Subnet.
License	Indicates the incident is related to a licensing problem.
NNMi Health	Indicates the incident is related to NNMi Health.
Node	Indicates the incident is related to a node problem.
OSPF	Indicates the incident is related to an OSPF problem. This family is not used by NNMi with default configurations, but it is available for incidents you define.
RAMS	Indicates the incident is related to a Router Analytics Management System problem.
RMON	Indicates the incident is related to a Remote Monitor (IETF standard, RFC 1757) problem. This family is not used by NNMi with default configurations, but it is available for incidents you define.
RRP	(NNMi Advanced) Indicates the incident is related to a problem with a Router Redundancy Protocol configuration.
STP	Indicates the incident is related to Spanning-Tree Protocol problem. This family is not used by NNMi with default configurations, but it is available for incidents you define.
Syslog	NNMi does not use this Family with default configurations. It is available for incidents you define.
System and Applications	Indicates the incident is related to a problem with a system or application in your environment that is configured to send traps to the NNMi server, for example your corporate database application.
Trap Analysis	Requires Network Node Manager iSPI Network Engineering Toolset Software (NNM iSPI NET). Indicates the incident is related to an SNMP trap storm.
VLAN	Indicates the incident is related to a problem with a virtual local area network.
VRRP	(NNMi Advanced) Indicates the incident is related to a problem with Virtual Router Redundancy Protocol (VRRP).

Incident Message Format Displays the Message Format for the associated SNMP Trap Incident Configuration, if any.

Trap Enabled Displays whether the associated SNMP Trap Incident Configuration, if any, is Enabled.

Author

See Author form for important information.

Caution If the Author attribute value is Network Node Manager, any changes are at risk of being overwritten in the future.

Click the Lookup icon and select Show Analysis to display details about the currently selected Author, select Quick Find to access the list of existing Author values, or click New to create one.

Send Help Center feedback