SNMP notification processing
SNMP notification processing is defined in RFC 3413, and the data tables are defined in the SNMP-NOTIFICATION-MIB, the SNMP-TARGET-MIB and the NOTIFICATION-LOG-MIB.
The SNMP-TARGET-MIB contains tables for defining transport addresses and parameters to be used for generating and sending SNMP messages. The SNMP-TARGET-MIB::snmpTargetAddrTable defines the basic parameters for sending a SNMP message to a host: the address, the timeout and the number of times to retry a message. The detailed parameters, such as the message processing model (e.g. SNMPv1, SNMPv3) and security parameters, are found by using the snmpTargetAddrParams column to index into the SNMP-TARGET-MIB::snmpTargetParamsTable.
The target address table is indexed by an administrative name, which means that the same host may appear in the table multiple times, with different parameters. Other tables that reference the target table generally do so by specifying a SnmpTagValue to search for in the snmpTargetAddrTagList column.
SnmpTagValue and SnmpTagList objects are simply administrative names used to establish relationships between tables. A tag could be an indication of a device type (e.g. 'router'), an organization (e.g. 'IT-department'), a physical location (e.g. 'headquarters') or any other value that helps you establish the relationships you need.
Tags do not need to be unique, so a single tag may select multiple rows in the target table, which may be different hosts, or even the same host with different parameters.
The SNMP-NOTIFICATION-MIB::snmpNotifyTable is used to select the targets for a notification and identifies the type of notification to be sent (a trap or an inform). The snmpNotifyTag column is used to select targets from the snmpTargetAddrTable, which contains a SnmpTagList for each row. A snmpNotifyTag may selected multiple destinations.
Before a notification is sent to a particular target, the device must check the notification filter tables, SNMP-NOTIFICATION-MIB::snmpNotifyFilterProfileTable and SNMP-NOTIFICATION-MIB::snmpNotifyFilterTable, to determine if the notification may be sent to the target.
The snmpNotifyFilterProfileTable table is indexed by the snmpTargetParamsName from the SNMP-TARGET-MIB::snmpTargetParamsTable, and the snmpNotifyFilterProfileName column is used as the first index into the snmpNotifyFilterTable. The second table index, snmpNotifyFilterSubtree, is an OID that identifies an object or a subtree that will be included or excluded. The snmpNotifyFilterMask, if it is not a zero length string, must be applied to the filter subtree OID (as specified in its description clause) before the subtree is compared with the current notification.
Note that all rows matching the snmpNotifyFilterProfileName should be checked, as a subtree that is excluded by one row may have a subtree or object lower in the tree explicitly included (or vice-versa).
Notification Log Processing
The NOTIFICATION-LOG-MIB is used to maintain one or more logs of notifications that have been sent or received by a device. A device that supports multiple logs will have a unique name for each log. A device the only supports a single name will use a zero length string as the log name.
The SNMP-NOTIFICATION-MIB::snmpNotifyFilterTable is used to include and exclude notifications from a particular log.
There are two global configuration variables in the notification log mib, in addition to the individual log configuration variables.
The nlmConfigGlobalEntryLimit object defines the maximum number of entries that all combined logs may potentially contain. Limited system resources may prevent the maximum number of entries from being stored, but in no event should the total number of entries exceed this limit. When new notifications are received, the oldest notifications must be discarded to make space for the new log entries.
The nlmConfigGlobalAgeOut defines the time (in minutes) that a log entry should be kept before it is automatically removed. Limited system resources, the global entry limit or an individual named log entry limit may result in older entried being dropped before the age out value.
Named Log Configuration
The NOTIFICATION-LOG-MIB::nlmConfigLogTable is used to configure the named logs for a device. The table is indexed by the log name (which will be a zero length string for devices which do not support named logs).
The nlmConfigLogFilterName column specifies the filter profile name to be used as the primary index into the SNMP-NOTIFICATION-MIB::snmpNotifyFilterTable.
The nlmConfigLogEntryLimit column specifies the maximum number of entires that the named log may contain. System resources or the nlmConfigGlobalEntryLimit may limit the table to fewer entries.
The nlmConfigLogAdminStatus column allows a log to be disabled without deleting the row. No new entries in the log will be created while the row is disabled.
Log entries are contained in two tables. The NOTIFICATION-LOG-MIB::nlmLogTable contains the notification ID (OID), time, engine and context information. The NOTIFICATION-LOG-MIB::nlmLogVariableTable contains the varbinds included with a notification. These tables are pretty self- explanitory, so I won't cover them in detail. Consult the MIB for detailed descriptions of each object.