Previous | Table of Contents | Next |
Trace 7.11c. RMON alarmTable initialization
Sniffer Network Analyzer data from 21-Feb at 16:47:08, file TRAP.ENC, Page 1 -------------------------- Frame 21 ---------------------------- SNMP: ----- Simple Network Management Protocol (Version 1) ----- SNMP: SNMP: Version = 0 SNMP: Community = public SNMP: Command = Set request SNMP: Request ID = 918004693 SNMP: Error status = 0 (No error) SNMP: Error index = 0 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.2.29148} (rmon.3.1.1.2.29148) SNMP: Value = 5 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.3.29148} (rmon.3.1.1.3.29148) SNMP: Value = {1.3.6.1.4.1.209.2.2.1.2.1} SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.4.29148} (rmon.3.1.1.4.29148) SNMP: Value = 1 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.4.29148} (rmon.3.1.1.4.29148) SNMP: Value = 1 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.7.29148} (rmon.3.1.1.7.29148) SNMP: Value = 1 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.8.29148} (rmon.3.1.1.8.29148) SNMP: Value = 1 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.10.29148} (rmon.3.1.1.10.29148) SNMP: Value = 0 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.9.29148} (rmon.3.1.1.9.29148) SNMP: Value = 31860 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.11.29148} (rmon.3.1.1.11.29148) SNMP: Value = FM/X (XXX.YYY.135.195) : PID 3632 ID 0x008a0310 SNMP:
In Frame 23, the Manager sets the alarmStatus object to a value of 1 (valid, per RFC 1757), which is confirmed in Frame 24.
The network does exceed the threshold of network utilization that was specified; as a result, the Probe issues a trap in Frame 33 (Trace 7.11d). Note that this is an enterprise-specific trap, and that the trap reports the values of some objects from the alarmTable {1.3.6.1.2.1.16.3.1}. These objects are:
Object | OID | Value |
---|---|---|
alarmIndex | {rmon.3.1.1.1} | 29148 |
alarmVariable | {rmon.3.1.1.3} | { 1.3.6.1.4.1.209.2.2.1.2.1 } |
alarmSampleType | {rmon.3.1.1.4} | 1 |
alarmValue | {rmon.3.1.1.5} | 3 |
alarmRisingThreshold | {rmon.3.1.1.7} | 1 |
The alarmIndex object uniquely identifies an entry in the alarm table; its value is a random value that was originally determined by the Manager (review Frame 19). The alarmVariable object identifies the OID of the variable to be sampled. In this case, the variable is derived from a Private MIB (enterprise 209 is assigned to ProTools, now part of Network General Corp.). The alarmSampleType specifies the method of sampling the selected variable and calculating the value to be compared against the thresholds. The value of 1 specifies an absolute value, meaning that the value of the selected variable will be compared directly with the thresholds at the end of the sampling interval. The alarmValue object is the value of the statistic during the last sampling period. Finally, the alarmRisingThreshold is a threshold for the sampled statistic. According to RFC 1757, when the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single event will be generated.
Trace 7.11d. Trap sent in response to an excessive network condition.
Sniffer Network Analyzer data from 21-Feb at 16:47:08, file TRAP.ENC, Page 1 -------------------------- Frame 33 --------------------------- SNMP: ----- Simple Network Management Protocol (Version 1) ---- SNMP: SNMP: Version = 0 SNMP: Community = public SNMP: Command = Trap SNMP: Enterprise = {1.3.6.1.2.1.16} SNMP: Network address = [XXX.YYY.135.11], Probe SNMP: Generic trap = 6 (Enterprise specific) SNMP: Specific trap = 1 SNMP: Time ticks = 69788 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.1.29148} (rmon.3.1.1.1.29148) SNMP: Value = 29148 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.3.29148} (rmon.3.1.1.3.29148) SNMP: Value = {1.3.6.1.4.1.209.2.2.1.2.1} SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.4.29148} (rmon.3.1.1.4.29148) SNMP: Value = 1 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.5.29148} (rmon.3.1.1.5.29148) SNMP: Value = 3 SNMP: SNMP: Object = {1.3.6.1.2.1.16.3.1.1.7.29148} (rmon.3.1.1.7.29148) SNMP: Value = 1 SNMP:
The next step is for the Manager to retrieve the values from the logTable (recall that the eventType object set in Frame 11 specified a log-and-trap event, event type = 4). Frames 3536 read the values from this logTable, and Frames 3738 (which are not shown in the trace) merely confirm that all entries in that table have been read (see Trace 7.11e). Frame 36 contains the entries of the logTable, indexed by the random number initially selected by the Manager (31860):
Object | OID | Value |
---|---|---|
logTime | {rmon.9.2.1.3} | 69788 |
logDescription | {rmon.9.2.1.4} | % Network usage 3. |
Over threshold of (1) | ||
Trace 7.11e. Reading the logTable
Sniffer Network Analyzer data from 21-Feb at 16:47:08, file: TRAP.ENC, Page 1 ------------------------- Frame 35 ---------------------------- SNMP: ----- Simple Network Management Protocol (Version 1) ----- SNMP: SNMP: Version = 0 SNMP: Community = public SNMP: Command = Get next request SNMP: Request ID = 918004699 SNMP: Error status = 0 (No error) SNMP: Error index = 0 SNMP: SNMP: Object = {1.3.6.1.2.1.16.9.2.1.3.31860} (rmon.9.2.1.3.31860) SNMP: Value = NULL SNMP: SNMP: Object = {1.3.6.1.2.1.16.9.2.1.4.31860} (rmon.9.2.1.4.31860) SNMP: Value = NULL SNMP: -------------------------- Frame 36 --------------------------- SNMP: ----- Simple Network Management Protocol (Version 1)----- SNMP: SNMP: Version = 0 SNMP: Community = public SNMP: Command = Get response SNMP: Request ID = 918004699 SNMP: Error status = 0 (No error) SNMP: Error index = 0 SNMP: SNMP: Object = {1.3.6.1.2.1.16.9.2.1.3.31860.1} (rmon.9.2.1.3.31860.1) SNMP: Value = 69788 (time ticks) SNMP: SNMP: Object = {1.3.6.1.2.1.16.9.2.1.4.31860.1} (rmon.9.2.1.4.31860.1) SNMP: Value = % Network usage 3. Over threshold of (1) SNMP:
Previous | Table of Contents | Next |