Novell Documentation: Novell Audit 2.0

6.14 SNMP

The SNMP channel allows the logging server to send filtered events to an SNMP management system.

A decoded SNMP trap appears as follows:

Figure 6-4 Decoded SNMP Trap

The trap values are explained in following table.

Table 6-16 SNMP Trap Values

SNMP Value	Description
SNMP Version	The trap’s SNMP version. The Novell Audit SNMP driver sends SNMPv1 traps.
Community	The string, or password, needed to access the SNMP management system.
Command	The SNMP command. This is always Trap.
Enterprise	The Enterprise that sent the event is always 2.16.840.1.113719.1.347.3.1.
Network address	The IP address of the logging server that sent the trap.
Generic trap	The Generic Trap field is always 6 (Enterprise specific).
Specific trap	The Specific Trap field always contains the Event ID of the event that triggered the trap.
Time Ticks	The time the event was sent in seconds since 1970.
Object	The Object ID specified in the SNMP Channel object. If no Object ID is specified, the Novell Audit internal OID is used (2.16.840.1.113719.1.347.3.1).
Value	The Value associated with the Object is the message configured in the SNMP Channel object.

6.14.1 SNMP Channel Driver

The SNMP driver, lgdsnmp, sends SNMPv1 traps.

The SNMP driver does not buffer traps that are undeliverable because of a misconfiguration or a server failure.

6.14.2 SNMP Channel Object

The SNMP Channel object stores the information the SNMP driver needs to send traps to an SNMP management system.

The following table provides a description of each Channel object attribute.

IMPORTANT:You must restart the logging server to effect any changes in Channel object configuration. For more information, see Section H.3, Secure Logging Server Startup Commands

Table 6-17 SNMP Channel Object Attributes

Attribute	Description
Configuration
Send trap to host	The host name or IP address of the SNMP management system. If a host name is specified, only the first address associated with that name is used.
Community string for trap	The community string (password) needed to access the SNMP management system. If no community string is specified, the driver defaults to public.
Object ID	The object you wish to associate with this message. You should provide your own asn1 object id. If no Object ID is specified, the Novell Audit internal OID is used (2.16.840.1.113719.1.347.3.1). The Novell Audit OID is under the CCITT/US/novell tree.
Message	The text that appears in the message body for all traps sent from this SNMP Channel object. Because SNMP specifications require that an SNMP packet can be no larger than 500 bytes, the message body is limited to 300 bytes. The SNMP driver simply truncates anything over 300 bytes. The message body can contain event variables. The SNMP driver replaces these variables with a value from the event’s designated field. For a listing of event variables, see Section A.3, Managing Event Data. This field is optional.
Status	Allows you to enable or disable the Channel object. By default, all Channel objects are enabled. This means that the logging server loads the Channel object’s configuration in memory at startup. The Channel object must be located in a supported Channel container for the logging server to use it. For more information on the logging server’s Channel Container property, see Logging Server Object Attributes . If you select the Disabled option, you must restart the Secure Logging Server for the setting to become effective. Thereafter, the logging server cannot load the object’s configuration until you select Enabled. For information on unloading the logging server, see Section H.3, Secure Logging Server Startup Commands.