Help decoding UDPSocket trap data

Hi Ruby Forum,

I have a script that opens a UDPSocket on port 162 and listens for traps
which are then sent to STDOUT for now.

I am seeing data strings coming in that are in a format that I need to
decode somehow. I have read through all the doco on UDPSocket and
BasicSocket and Socket and don’t see any way to decode the data being
sent in the traps.

Here is an example of what I’m seeing from my Cisco devices:

[“0\201\351\002\001\000\004\02087”, [“AF_INET”, 51709, “10.1.1.1”,
“10.1.1.1”]]

The first numbers enclosed in the first set of parenthesis contain the
data in the trap.

Does anyone know how I would go about decoding these?

Thanks in advance

jackster.mobi

On Jan 16, 8:26 am, jackster the jackle [email protected]
wrote:

Here is an example of what I’m seeing from my Cisco devices:

jackster.mobi

Posted viahttp://www.ruby-forum.com/.

I’m not sure, but the data format is probably dependent on the Cisco
devices. I would check their documentation for more info.

You might also want to check out Ruby SNMP -
http://snmplib.rubyforge.org/

  • rather than writing your own socket routines.

On Jan 16, 10:23 am, jackster the jackle [email protected]
wrote:

I copied the basic TrapListener script as follows and am receiving traps
puts logger.value
log = Logger.new(STDOUT)
output from “code one” for instance:
----------------------code three ------------
@value=“Interface GigabitEthernet7/12, changed state to down”,

thanks

jackster.mobi

Posted viahttp://www.ruby-forum.com/.

Sorry, but I’m not seeing much difference between one & two. Where is
the local variable logger defined? If “log.info trap.inspect” is
printing the type of data you want, I would think that trap.inspect is
what you would want to operate on.

yermej wrote:

I’m not sure, but the data format is probably dependent on the Cisco
devices. I would check their documentation for more info.

You might also want to check out Ruby SNMP -
http://snmplib.rubyforge.org/

  • rather than writing your own socket routines.

Good call yermej…thanks.

I copied the basic TrapListener script as follows and am receiving traps
that are readable:
-----------code one ---------------
require ‘snmp’
require ‘logger’

log = Logger.new(STDOUT)
m = SNMP::TrapListener.new do |manager|
manager.on_trap_default do |trap|
log.info trap.inspect
puts “------------------”
puts logger.value
end
end
m.join

Interestingly enough, if I change the code a bit and print out
“logger.value”,
you see the exact type of trap formatting that I originally asked about
in my initiail request:
-------------code two ----------------
log = Logger.new(STDOUT)
m = SNMP::TrapListener.new do |manager|
manager.on_trap_default do |trap|
log.info trap.inspect
puts logger.value
end
end
m.join

What is the best way to get my logger values out if “code one” listed
above so that I can manipulate them? I’d like to be able to access this
output from “code one” for instance:
----------------------code three ------------
@value=“Interface GigabitEthernet7/12, changed state to down”,

thanks

jackster.mobi

yermej wrote:

On Jan 16, 10:23 am, jackster the jackle [email protected]
wrote:

I copied the basic TrapListener script as follows and am receiving traps
puts logger.value
log = Logger.new(STDOUT)
output from “code one” for instance:
----------------------code three ------------
@value=“Interface GigabitEthernet7/12, changed state to down”,

thanks

jackster.mobi

Posted viahttp://www.ruby-forum.com/.

Sorry, but I’m not seeing much difference between one & two. Where is
the local variable logger defined? If “log.info trap.inspect” is
printing the type of data you want, I would think that trap.inspect is
what you would want to operate on.

if you do:
puts logger.value

you will see the encoding I’m talking about.

I was able to get some of the specifics out with:
trap.source_ip
and
trap.timestamp

if I do:
trap.value

I get the encoding again.

On Jan 16, 2008, at 12:13 PM, jackster the jackle wrote:

if I do:
trap.value

I get the encoding again.

Well I just perused the documentation at: <http://
snmplib.rubyforge.org/doc/index.html>

It looks like a trap object holds a collection of snmp variables you
could get at the info like this:

trap.each_varbind { |v|
puts v.name
puts v.value
puts v.value.asn1_type # or maybe v.asn1_type
}

or something close to that. I’m just reading the docs, not running
the software.

Gary W.

Gary W. wrote:

On Jan 16, 2008, at 12:13 PM, jackster the jackle wrote:

if I do:
trap.value

I get the encoding again.

Well I just perused the documentation at: <http://
snmplib.rubyforge.org/doc/index.html>

It looks like a trap object holds a collection of snmp variables you
could get at the info like this:

trap.each_varbind { |v|
puts v.name
puts v.value
puts v.value.asn1_type # or maybe v.asn1_type
}

or something close to that. I’m just reading the docs, not running
the software.

Gary W.

thank alot Gary…that works…

jackster.mobi

Hi guys,

I know that isn’t the thread to ask this, but this is the closest I got
after reading the forum for several hours.

I am trying to use the trap listener and had no success so far. I have
no clue about what is going on here.

My code so far:

require ‘rubygems’
require ‘snmp’
require ‘logger’

log = Logger.new(STDOUT)
m = SNMP::TrapListener.new(:Port => 1062) do |manager|
manager.on_trap_default do |trap|
trap.each_varbind { |v|
puts v.name
puts v.value
}
end
end
m.join

I tried many others codes from the internet and cannot make any
progress. I get a “while true” script that shows me nothing.

The equipment here is from my company so I am not using any loaded mib
(it has a different mib). I tested it with a java traps_listener made
with “SNMP4J” (plus wireshark) and the traps are there on port 1062.

Jackster or anyone else, do you see the traps coming with this code?

thanks

I was able to get my version to work but I have to look back now and
find the exact code.

The first thing I notice is that you are listening on port 1062 and it
should be 162, please try and change that and see if that helps.

jackster

jackster the jackle wrote:

I was able to get my version to work but I have to look back now and
find the exact code.

The first thing I notice is that you are listening on port 1062 and it
should be 162, please try and change that and see if that helps.

jackster

Hello!

We got the things going here. Thanks all.

Jackster, I can configure witch port I want to use (default is 162, but
in linux only the root user has access to that port).

The problem was the ip address. I believe that linux by default doesn’t
address ‘localhost’ to eth2 (localhost binds with some line in some
/etc/net/config.blabla) and because of that I wasn’t receiving any
messages.

Here is the code that I am using now. Note the exact ip address on it:

m = SNMP::TrapListener.new(:Host => ‘192.168.31.5’, :Port => 2062) do
|manager|
manager.on_trap_default do |trap|
trap.each_varbind { |v|
puts 'OID: ’ + v.name.to_s + ’ Value: ’ + v.value.to_s
}
end
end
m.join

This code give me this answer:

OID: 1.3.6.1.6.3.1.1.4.1.0 Value: 1.3.6.1.4.1.xxxx.6.1.2.2.13.7
OID: 1.3.6.1.2.1.1.5 Value: Equip_name
OID: 1.3.6.1.4.1.xxxx.6.1.2.2.3.3.1.2 Value: 2
OID: 1.3.6.1.4.1.xxxx.6.1.2.2.3.3.1.3 Value: 2
OID: 1.3.6.1.2.1.1.3.0 Value: 5 days, 01:17:22.37
OID: 1.3.6.1.6.3.1.1.4.1.0 Value: 1.3.6.1.4.1.xxxx.6.1.2.2.13.15

Where xxxx is the company register on IANA.

Thanks guys. Ruby forums are a very good source of solutions.

Joao P.

Chandra S. wrote in post #991736:

I am new to ruby.
With above example, tried Trap Listener on windows machine. However I
didn’ see the traps.

(1) Are the trap packets arriving? Run Wireshark to look for them.

(2) You probably need to set up your TrapListener with a community
string, and your trap sender to use that same community string (for SNMP
v2c anyway).

The example in the source code at
http://snmplib.rubyforge.org/svn/trunk/lib/snmp/manager.rb
suggests you need to add something like :Community=>“public”

Hi,

I am new to ruby.
With above example, tried Trap Listener on windows machine. However I
didn’ see the traps.

My code given below:

require “rubygems”
require ‘snmp’
require ‘logger’

m = SNMP::TrapListener.new(:Host => ‘myPcIp’, :Port => 162) do
|manager|
manager.on_trap_default do |trap|
trap.each_varbind { |v|
puts 'OID: ’ + v.name.to_s + ’ Value: ’ + v.value.to_s
}
end
end
m.join

Can anybody help on this?

Note: My PC runs on windows XP

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs