How to use the TrapEXPLODER forwarding and filtering mechanisms (Legacy KB ID CNC TS8728 )

Document ID : KB000051778
Last Modified Date : 14/02/2018
Show Technical Document Details
The TrapExploder utility utilizes a system of filters and destinations to propagate received traps to various destinations. The filters are configured in the trapexploder.cf file which can be found in the /etc directory on UNIX based systems or the %SystemRoot%\system32 directory on Windows systems.

The format and syntax of entries to this file should be made using the following format:


filter DateTime, SrcIP, Agent, TrapType, Specific Type, Enterprise, Action [Option]


The fields listed above are described as follows:

DateTime need be an date/time regular expression
SrcIP need be an IP address based regular expression 
Agent need be an IP address based regular expression
TrapType is an integer based regular expression
SpecificType is an integer based regular expression
Enterprise is an objectid (be sure to backslash '.' components)
Action is case-sensitive keyword: file, forward, exec, break, nat, eh

Option depends on Action :


For file, option is name of file to log trap to
For forward, option is host:port combination or just host here host is an IP address or valid domain-name

For exec, option is name of script or program and args that the Trap should be passed to.


Trap script is invoked as: script [args] SrcIP agent-ip Trap-type Spec-type Enter-OID with the Trap PDU's variable bindings passed as stdin


For break, option is ignored


For nat, option is host/ipaddr that Trap agent field is changed to

Given the above descriptions, a standard filter to forward all traps received to the eHealth system ( with a hostname of ehSystem ) would appear as:

                          filter * * * * * * forward ehSystem

                                         * NOTE: The ehSystem hostname must be resolvable
                                                       by the TrapExploder system or the system's 
                                                       IP address can be utilized.

A more specific example where only traps with TrapType of 6, Specific Type of 16, and Enterprise OID of 546.1.1 will be forwarded to the ehealth system would appear as:

                         filter * * * 6 16 546\.1\.1 forward ehSystem

                                         * NOTE: Escape characters (\) must be utilized to disable
                                                      the regular expression character match functionality
&n.bsp;                                                     of the '.' symbol present in the Enterprise OID.


To match on the first octet in the agent IP address use a ^ at the beginning of the search string as:                   


                     filter * * ^205\. * * * file /opt/EMPtrapx/logs/205.filtered


This will match on any IP that starts with 205.


For more information please consult the examples present in the trapexploder.cf file or the TrapEXPLODER user's guide.

.

Related Issues/Questions:
How to use the TrapEXPLODER forwarding and filtering mechanisms
How to forward a trap to an alternative system using TrapEXPLODER
How to use the TrapEXPLODER forwarding and filtering mechanisms
How to forward a trap to an alternative system using TrapEXPLODER

Problem Environment:
TrapEXPLODER


(Legacy KB ID CNC TS8728 )