Name

hosted-object-trapstorm.conf — Configuration file for hosted object trap storm detection and suppression. Block sets of traps by a hosted object's overall trap rate.

SYNOPSIS

hosted-object-trapstorm.conf

DESCRIPTION

Use the hosted-object-trapstorm.conf file to configure filters to block traps from hosted objects. Configure groups of trapOID to varbindOID pairs for blocking. When a trap is processed by this filter, the trap's source device is resolved by the configured varbindOID. The statistical tracker for the resolved hosted object is checked to ensure that its trap rate is below a configurable threshold. If the trap rate is above the threshold, the trap is dropped.

A message is logged to nnm-trace.#.#.log when a trap is dropped. Traps blocked by the hosted-object-trapstorm.conf file do not get stored in the trap binary store. Traps blocked by the hosted-object-trapstorm.conf file do not affect trap rates. NNMi does not store traps blocked by the hosted-object-trapstorm.conf file.

Configuration blocks are used to accomplish configuration, and can span multiple lines. Configuration blocks consist of the following comma separated values: GroupID, TrapOID, VarbindOID.

The format of a configuration block is as follows:

<GroupID, TrapOID, VarbindOID [,TrapOID, VarbindOID]*>

The following rules govern configuration blocks: 

1. All entries are separated by ","
2. Never start a configuration line with a ","
3. If a configuration line does not end with a "," then a comma is implied.
4. Any text following "#" is considered a comment and will not be parsed.
5. Comments are allowed within the configuration block.
6. Configuration blocks must contain a GroupID; this is the first entry in the configuration block.
7. Configuration blocks may contain one or more TrapOID, VarbindOID pairs.

GroupID is the first entry in the configuration block. If a GroupID contains a "," or ">" these symbols must be preceded by "/". GroupIDs may not contain "#". The GroupID does not have to be unique. However, to avoid inconsistent mapping it is recommended that all configuration blocks start with a unique GroupID.

TrapOID / VarbindOID are OIDPattern pairs. A TrapOID is always followed by a VarbindOID. The OIDPattern format follows: 

1. The pattern must be a Valid OID (Numbers separated by ".")
2. The pattern can optionally contain 1 range (Low#-High#)
3. The pattern can optionally contain 1 wild card "*". A wild card can only occur at the END of the pattern.
     Example OID Patterns:
          .1.3.6.1.1-6.4.6.*
          .1.3.6.1.5.4.6.*
          .1.3.6.1.5.4.6
     Invalid OID Patterns:
          .* (Which matches all OIDs is not allowed)
          .1.3.5-4.3.1 (Range must be low to high)
          .1.3.4-5.3.1-3 (Contains 2 ranges)
          .1.3.*.4.1 (wild cards can only occur at the end of the pattern)

For generic traps like linkUp, you can append the enterprise OID of the vendor to the trap OID for configuration to a specific vendor. Conversely, to configure a generic trap from all vendors you need to append a wild card to the trap OID.

Resolving all traps is not allowed. So the following OIDPattern is ignored: .*

EXAMPLES

The following configuration will allow the filter to detect trap storms from CiscoModuleDown traps, on a ModuleIndex basis. 

< ModuleID=, .1.3.6.1.4.1.9.5.0.4, .1.3.6.1.4.1.9.5.1.3.1.1.1.* >

The following configuration will allow the filter to detect trap storms from both CiscoModuleDown and CiscoModuleUp traps. Like the first example, these traps are normalized to the ModuleIndex 

< ModuleID=, .1.3.6.1.4.1.9.5.0.4, .1.3.6.1.4.1.9.5.1.3.1.1.1.*
.1.3.6.1.4.1.9.5.0.3, .1.3.6.1.4.1.9.5.1.3.1.1.1.*  >

The following configuration will allow the filter to detect trap storms from both CiscoModuleDown and CiscoModuleUp traps. This configuration is less verbose than the previous example. 

< ModuleID=, .1.3.6.1.4.1.9.5.0.3-4, .1.3.6.1.4.1.9.5.1.3.1.1.1.* >

This configuration will allow the filter to detect trap storms from both CiscoModuleDown and CiscoModuleUp traps, this configuration will also block all sub CiscoModule Down/Up traps. It is recommended that this pattern be followed. Devices sometimes append additional information on to the trapOID. Without this wild card those traps would not be considered for trap storm analysis. 

< ModuleID=, .1.3.6.1.4.1.9.5.0.3-4.*, .1.3.6.1.4.1.9.5.1.3.1.1.1.* >

The default configuration, which spans multiple lines and has embedded comments, follows. This configuration allows the filter to detect the 2 generic SNMP traps: snmpLinkUp and snmpLinkDown, on an InterfaceIndex basis. 

< 
     InterfaceID=
           #Trap configuration to detect trap storms on link up/down based off of the source's IfIndex
          .1.3.6.1.6.3.1.1.5.3-4.*, .1.3.6.1.2.1.2.2.1.1.* 
>

AUTHOR

hosted-object-trapstorm.conf was developed by Hewlett Packard Enterprise.

FILES

$NnmDataDir/shared/nnm/conf/hosted-object-trapstorm.conf

SEE ALSO

nnmtrapconfig.ovpl(1M).

Return to Reference Pages Index