Brocade Fibre Channel Networking Community

Expand all | Collapse all

MAPS unwanted SNMP traps

  • 1.  MAPS unwanted SNMP traps

    Posted 02-16-2015 06:37 AM

    Hello Community!

     

    On the FOS 7.2 switches we have MAPS with active policy that have many rules with action SNMP.  For the moment we don't want to receive any SNMP traps, therefore we have configured only RASlog action allowed on the switch level:

     

    > mapsconfig --show
    Configured Notifications:       RASLOG
    Mail Recipient:                 XXXXXXXXXXXXXXXXXXXXXX
    Paused members :
    ===============
    PORT :
    CIRCUIT :
    SFP :

     

    Surprisingly, SNMP traps for MAPS events keep arriving at SNMP server.

     

    Would anyone have any idea why this works in such way?


    #BrocadeFibreChannelNetworkingCommunity


  • 2.  Re: MAPS unwanted SNMP traps

    Posted 02-17-2015 02:04 AM

    Mika,

     

    the answer is in the question.

     

    Since you have configured MAPS for Raslog only, you need just to work with the command's "snmpconfig" and/or "snmptraps" and disable the rule.


    #BrocadeFibreChannelNetworkingCommunity


  • 3.  Re: MAPS unwanted SNMP traps

    Posted 05-05-2015 03:01 PM

    Hi Antonio,

     

    the situation is actually more complex. In our environment we don't want to have MAPS SNMP traps not used at all. We only want to be able to use what the MAPS Admin Guide "promised", i.e. to be able to decide for which rule SNMP traps are sent and for which not. Also, to be able to disable MAPS SNMP traps for the whole switch (disable SNMP on global actions level) temporarily when needed .

     

    I did some testing with CPU > 80 % rule.

     

    1.) When the Raslog action was turned ON and SNMP action was turned ON on the rule level for CPU > 80%, then the incoming SNMP traps were of type: mapsTrapAM

    for example:

    id    26020601
    logtime    2015-02-25 13:29:27
    fetchtime    2015-02-25 13:29:23
    eventtime    Wed Feb 25 13:29:22 2015
    hostip    172.23.148.145
    hostname    76802c1
    source    SNMPTRAP
    severity    CRITICAL
    category    Status Events
    message    Trap to be send for MAPS threshold events. defCHASSISCPU_80 12 1 2 1 CPU,3,80.00 3 CHASSIS(CPU>=80.00) 19 17 Switch Resource
    msglong    Trap to be send for MAPS threshold events. defCHASSISCPU_80 12 1 2 1 CPU,3,80.00 3 CHASSIS(CPU>=80.00) 19 17 Switch Resource
    msgcomment    msgread    0
    snmp_eventname    mapsTrapAM
    snmp_eventid    .1.3.6.1.4.1.1588.3.1.4.0.1
    snmp_trapoid    .1.3.6.1.4.1.1588.3.1.4.0.1
    snmp_enterprise    .1.3.6.1.4.1.1588.3.1.4
    snmp_community    XXXXX
    snmp_uptime    44:23:22:52.00
    snmp_formatline    Trap to be send for MAPS threshold events. defCHASSISCPU_80 12 1 2 1 CPU,3,80.00 3 CHASSIS(CPU>=80.00) 19 17 Switch Resource


    2.) After the SNMP action was turned OFF (Raslog still ON) on the rule level for CPU > 80%, the incoming traps type changed to: swEventTrap

    for example:

    id 72552245
    logtime 2015-05-04 22:23:19
    fetchtime 2015-05-04 22:23:15
    eventtime Mon May 4 22:23:14 2015
    hostip 172.23.148.145
    hostname 76802c1
    source SNMPTRAP
    severity WARNING
    category Status Events
    message A firmware event has been logged: Event Index 29: 2015/05/04-22:23:14 (severity level 3) - MAPS-1003 Chassis, Condition=CHASSIS(CPU>=80.00), Current Value:[CPU,90.00 %], RuleName=CHASSISCPU_USAGE_80, Dashboard Category=Switch Resource . SSN is #17
    msglong A firmware event has been logged: Event Index 29: 2015/05/04-22:23:14 (severity level 3) - MAPS-1003 Chassis, Condition=CHASSIS(CPU>=80.00), Current Value:[CPU,90.00 %], RuleName=CHASSISCPU_USAGE_80, Dashboard Category=Switch Resource . SSN is #17
    msgcomment
    msgread 0
    snmp_eventname swEventTrap
    snmp_eventid .1.3.6.1.4.1.1588.2.1.1.1.0.4
    snmp_trapoid .1.3.6.1.4.1.1588.2.1.1.1.0.4
    snmp_enterprise .1.3.6.1.4.1.1588.2.1.1.1
    snmp_community XXXXXX
    snmp_uptime 113:7:14:20.00
    snmp_formatline A firmware event has been logged: Event Index 29: 2015/05/04-22:23:14 (severity level 3) - MAPS-1003 Chassis, Condition=CHASSIS(CPU>=80.00), Current Value:[CPU,90.00 %], RuleName=CHASSISCPU_USAGE_80, Dashboard Categ


    As I understand, the mechanism of swEventTrap "ignores" that I don't want SNMP  being sent for some MAPS rules and it makes SNMP traps from the entries that MAPS wrote to the Raslog.

     

    Do you know if there's a way to exclude MAPS raslog messages from being converted to swEventTrap SNMP traps?


    #BrocadeFibreChannelNetworkingCommunity


  • 4.  Re: MAPS unwanted SNMP traps

    Posted 05-10-2015 05:58 PM

    MAPS merily makes use of SNMP and is not the driving force behind it. If you don;t have any MAPS rules enabled SNMP will still send out traps based on events ciriticality. You can set these with the "snmpconfig --set mibcapability" command.

     

    To turn off MAPS traps you can use "snmpconfig --disable mibcapabiltity -mib_name BROCADE-MAPS-MIB"

    Or if you want to go via the menu driven route use "snmpconfig --set mibcapability" and the command takes you thru the list of traps you may want to enable or disable.

     

    Hope this helps.

     

     PS. you can also adjust the swEventTrap severity level if you want to but I've found the default to be working well.


    #BrocadeFibreChannelNetworkingCommunity


  • 5.  Re: MAPS unwanted SNMP traps

    Posted 05-19-2015 11:34 AM

    Thank you Erwin,

     

    I would not like to turn off MAPS traps altogether.

     

    I would just like to be able to decide (using mapsrule --config) for which rules there will be Raslog + SNMP actions, and for which only Raslog entry will be created.

     

    Is this what I can achieve using "snmpconfig --disable mibcapabiltity -mib_name BROCADE-MAPS-MIB" ?


    #BrocadeFibreChannelNetworkingCommunity


  • 6.  Re: MAPS unwanted SNMP traps

    Posted 05-21-2015 06:17 PM

    That last command removes all SNMP OID from the MIB trap database ie it will not send out any MAPS related SNMP trap.

     

    Be aware that events themselves maybe trapped by snmp but unless they trigger a MAPS rule you will not see a MAPS trap.

     

     


    #BrocadeFibreChannelNetworkingCommunity


  • 7.  Re: MAPS unwanted SNMP traps

    Posted 06-18-2015 12:53 PM

    We have a similar, if not the same, issue. We have MAPS enabled and have some rules that write to the RASLOG and send SNMP traps, while other rules are configured to only write to the RASLOG. However we have found that because in the SNMP config it has a severity level of 3 set, any warning messages sent to the RASLOG also have SNMP traps sent from swEvent.

    What we would like is just to have SNMP traps from MAPS rules that are configured as such and not just for all entries written to teh RASLOG with a warning status or above.

    So at present it is clear that due to the snmponfig setting we are getting traps for any raslog entry with a severity of warning or above, but it is not clear if I change the severity level in the snmpconfig to 0 or 1. will that also prevent any traps including from MAPS being sent if they have a warning severity.

    There are also alerts from other areas not covered by MAPS, such as bottleneckmon that we dont want to lose.

    Is anyone able to assist please?


    #BrocadeFibreChannelNetworkingCommunity