Manual Chapter : SNMP Trap Configuration

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Manual Chapter

Overview: SNMP trap configuration

SNMP traps are definitions of unsolicited notification messages that the BIG-IP® alert system and the SNMP agent send to the SNMP manager when certain events occur on the BIG-IP system. Configuring SNMP traps on a BIG-IP system means configuring how the BIG-IP system handles traps, as well as setting the destination to which the notifications are sent.

The BIG-IP system stores SNMP traps in two specific files:

/etc/alertd/alert.conf
Contains default SNMP traps.
Important: Do not add or remove traps from the /etc/alertd/alert.conf file.
/config/user_alert.conf
Contains user-defined SNMP traps.

Task summary

Perform these tasks to configure SNMP traps for certain events and set trap destinations.

Enabling traps for specific events

You can configure the SNMP agent on the BIG-IP® system to send, or refrain from sending, notifications to the traps destinations.

  1. On the Main tab, click System > SNMP > Traps > Configuration .
  2. To send traps when an administrator starts or stops the SNMP agent, verify that the Enabled check box for the Agent Start/Stop setting is selected.
  3. To send notifications when authentication warnings occur, select the Enabled check box for the Agent Authentication setting.
  4. To send notifications when certain warnings occur, verify that the Enabled check box for the Device setting is selected.
  5. Click Update.
The BIG-IP system automatically updates the alert.conf file.

Setting v1 and v2c trap destinations

You specify the IP address of the SNMP manager in order for the BIG-IP® system to send notifications.

  1. On the Main tab, click System > SNMP > Traps > Destination .
  2. Click Create.
  3. For the Version setting, select either v1 or v2c.
  4. In the Community field, type the community name for the SNMP agent running on the BIG-IP system.
  5. In the Destination field, type the IP address of the SNMP manager.
  6. In the Port field, type the port number on the SNMP manager that is assigned to receive the traps.
  7. For the Network setting, select a trap network.
    The BIG-IP system sends the SNMP trap out of the network you select.
  8. Click Finished.

Setting v3 trap destinations

You specify the destination SNMP manager to which the BIG-IP® system sends notifications.

  1. On the Main tab, click System > SNMP > Traps > Destination .
  2. Click Create.
  3. For the Version setting, select v3.
  4. In the Destination field, type the IP address of the SNMP manager.
  5. In the Port field, type the port number on the SNMP manager that is assigned to receive the traps.
  6. For the Network setting, select a trap network.
    The BIG-IP system sends the SNMP trap out of the network you select.
  7. From the Security Level list, select the level of security at which you want SNMP messages processed.
    Option Description
    Auth, No Privacy Process SNMP messages using authentication but without encryption. When you use this value, you must also provide values for the Security Name, Authentication Protocol, and Authentication Password settings.
    Auth and Privacy Process SNMP messages using authentication and encryption. When you use this value, you must also provide values for the Security Name, Authentication Protocol, Authentication Password, Privacy Protocol, and Privacy Password settings.
  8. In the Security Name field, type the user name the system uses to handle SNMP v3 traps.
  9. In the Engine ID field, type an administratively unique identifier for an SNMP engine. (This setting is optional.) You can find the engine ID in the /config/net-snmp/snmpd.conf file on the BIG-IP system.
    Note that this ID is identified in the file as the value of the oldEngineID token.
  10. From the Authentication Protocol list, select the algorithm the system uses to authenticate SNMP v3 traps.
    When you set this value, you must also enter a value in the Authentication Password field.
  11. In the Authentication Password field, type the password the system uses to handle an SNMP v3 trap.
    When you set this value, you must also select a value from the Authentication Protocol list.
    Note: The authentication password must be at least 8 characters long.
  12. If you selected Auth and Privacy from the Security Level list, from the Privacy Protocol list, select the algorithm the system uses to encrypt SNMP v3 traps.
    When you set this value, you must also enter a value in the Privacy Password field.
  13. If you selected Auth and Privacy from the Security Level list, in the Privacy Password field, type the password the system uses to handle an encrypted SNMP v3 trap.
    When you set this value, you must also select a value from the Privacy Protocol list.
    Note: The authentication password must be at least 8 characters long.
  14. Click Finished.

Viewing pre-configured SNMP traps

Verify that your user account grants you access to the advanced shell.

Pre-configured traps are stored in the /etc/alertd/alert.conf file. View these SNMP traps to understand the data that the SNMP manager can use.

Use this command to view the SNMP traps that are pre-configured on the BIG-IP® system: cat /etc/alertd/alert.conf.

Creating custom SNMP traps

Verify that your user account grants you access to tmsh.
Create custom SNMP traps that alert the SNMP manager to specific SNMP events that occur on the network when the pre-configured traps do not meet all of your needs.
  1. Log in to the command line.
  2. Create a backup copy of the file /config/user_alert.conf, by typing this command: cp /config/user_alert.conf backup_file_name
    For example, type: cp /config/user_alert.conf /config/user_alert.conf.backup
  3. With a text editor, open the file /config/user_alert.conf.
  4. Add a new SNMP trap.
    The required format is:
    alert alert_name "matched message" {     
        snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.XXX"
       }
    • alert_name represents a descriptive name. The alert_name or matched_message value cannot match the corresponding value in any of the SNMP traps defined in the /etc/alertd/alert.conf or /config/user_alert.conf file.
    • matched_message represents the text that matches the Syslog message that triggers the custom trap. You can specify either a portion of the Syslog message text or use a regular expression. Do not include the Syslog prefix information, such as the date stamp and process ID, in the match string.
    • The XXX portion of the OID value represents a number that is unique to this OID. Specify any OID that meets all of these criteria:
      • Is in standard OID format and within the range .1.3.6.1.4.1.3375.2.4.0.300 through .1.3.6.1.4.1.3375.2.4.0.999.
      • Is in a numeric range that can be processed by your trap receiving tool.
      • Does not exist in the MIB file /usr/share/snmp/mibs/F5-BIGIP-COMMON-MIB.txt.
      • Is not used in another custom trap.

    As an example, to create a custom SNMP trap that is triggered whenever the system logs switchboard failsafe status changes, add the following trap definition to /config/user_alert.conf.

    alert SWITCHBOARD_FAILSAFE_STATUS "Switchboard Failsafe (.*)" {
             snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.500"
        }
        
    This trap definition causes the system to log the following message to the file /var/log/ltm, when switchboard failsafe is enabled: Sep 23 11:51:40 bigip1.askf5.com lacpd[27753]: 01160016:6: Switchboard Failsafe enabled.
  5. Save the file.
  6. Close the text editor.
  7. Restart the alertd daemon by typing this command: bigstart restart alertd
    If the alertd daemon fails to start, examine the newly-added trap entry to ensure that the format is correct.