To edit the Operations Sentinel Trap Service database, use Microsoft Access to open the file “SpoTrapService.mdb.” To edit the mappings, open the table “Trap Mappings.”
The default database is set up so that an alert event report is generated whenever a defined SNMP trap is received. A severity (SEV) attribute-value pair is supplied to signify the importance of the SNMP trap. See 15–3 for examples.
You can automatically clear any outstanding Operations Sentinel alert if an appropriate SNMP trap is received. Do this by specifying “sev=clear” in the SPO Event Report box for the SNMP trap.
Figure 15–3 shows a small portion of the default database supplied with Operations Sentinel.
Note: Only portions of the columns Agent OID, Trap number, Text, and SPO Event Report are visible.
Each row of the table represents a unique trap. The columns in this table are as follows:
| Agent OID | The agent object identifier, or the word GENERIC. Specify GENERIC if the SNMP trap contains any of the following trap types:
|
| Trap number | This value identifies each unique trap. These values are defined in a Management Information Base (MIB) that is implemented by an SNMP agent running on each managed node. |
| Text | This value is the trap beautification message used when the SNMP trap occurs. Each value in this column can span up to multiple lines. |
| SPO Event Report | This value provides the event report that is generated on an occurrence of the trap. You can specify any type of event report in this box. As a convenience for defining Operations Sentinel event reports, you can specify predefined variables to create several of the required and optional boxes of the event report. Enclose these variable references in backslashes (\). |
The following table lists the predefined variables. You can specify these variables in all lowercase or uppercase, but not in mixed case.
| Predefined Variable | Description |
|---|---|
| \_alert\ or \_ALERT\ | “TYPE=AL | CLASS=host | INSTANCE=managed-system-name | APPL=SPO Trap Service | APPLQUAL=trap-service-system-name | TEXT=text | variable-bindings” You must also specify attribute-value pairs for SEV and ALERTID, in the SPO Event Report box, as shown in Figure 15–3. Attribute-value pairs you supply in the SPO Event Report box can override the values shown above for CLASS and INSTANCE. |
| \_log\ or \_LOG\ | “TYPE=LG | CLASS=host | INSTANCE=managed-system-name | APPL=SPO Trap Service | APPLQUAL=trap-service-system-name | TEXT=text” See “Examples of Operations Sentinel Event Reports” for an example. Attribute-value pairs you supply in the SPO Event Report box can override the values shown above for CLASS and INSTANCE. |
| \_attributechange\ or \_ATTRIBUTECHANGE\ | “TYPE=AC | CLASS=host | INSTANCE=managed-system-name | APPL=SPO Trap Service | APPLQUAL=trap-service-system-name | HOST=managed-system-name” In the SPO Event Report field, you must also specify attribute-value pairs that describe either standard attributes recognized by Operations Sentinel or site-defined attributes defined for the class you specify. See “Examples of Operations Sentinel Event Reports” for an example. Attribute-value pairs you supply in the SPO Event Report box can override the values shown above for CLASS, INSTANCE, and HOST. |
| \_command\ or \_COMMAND\ | “TYPE=CO | CLASS=host | INSTANCE=managed-system-name | APPL=SPO Trap Service | APPLQUAL=trap-service-system-name” You must also specify the COMMAND attribute in the SPO Event Report box. See “Examples of Operations Sentinel Event Reports” for an example. Attribute-value pairs you supply in the SPO Event Report box can override the values shown above for CLASS and INSTANCE. |
| \_deleteobject\ or \_DELETEOBJECT\ | “TYPE=DE | CLASS=host | INSTANCE=managed-system-name | APPL=SPO Trap Service | APPLQUAL=trap-service-system-name” See “Examples of Operations Sentinel Event Reports” for an example. Attribute-value pairs you supply in the SPO Event Report box can override the values shown above for CLASS and INSTANCE. |
The following are the other variables referred to in the preceding table:
| Variables | Descriptions |
|---|---|
| managed-system-name | The first part of the system name for the trap sender. The Operations Sentinel Trap Service creates this by doing a reverse DNS lookup of the IP address of the trap sender and truncating the name at the at symbol (@). For example, if 123.45.678.910 is jrc3@unisys.com, managed-system-name has the value jrc3. If aliases (multiple names for the same IP address) are used in the network, the correct managed system name may not be returned during the reverse DNS lookup. You might need to update the system name specified in Operations Sentinel to match the name that is returned. |
| trap-service-system-name | The computer name for the event report sender (that is, the Windows system that is running the Operations Sentinel Trap Service.). |
| variable-bindings | Each variable binding for the trap is represented by the following three attribute-value pairs: VAR BIND # number NAME = variable-binding-name | VAR BIND # number OID = variable-binding-OID | VAR BIND # number VALUE = variable-binding-value where number in each attribute-value pair is replaced by the integer that identifies the variable binding. See Figure 15–1. |
| text | The Text box for the trap entry from the Operations Sentinel Trap Service database. |