Disclaimer: All postings are provided "AS IS" with no warranties, and confer no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Because a weblog is intended to provide a semi-permanent point-in-time snapshot, you should not consider out of date posts to reflect current thoughts and opinions.
What is an SNMP Trap?
It’s nothing but an alert message with abstract information about an event sent from an SNMP agent to its configured SNMP manager. It notifies the administrators about an event that occurred in the SNMP agent. There is separate service called SNMP Trap service which runs in Microsoft operating systems and listens for traps on UDP port 162 by default.
How to install it?
When you install the SNMP service on any Microsoft Windows operating system except Windows Vista and Windows Server 2008, the SNMP Trap service is installed along with the SNMP Service. In Windows Vista and Windows Server 2008, the SNMP Trap service is by default installed but set to manual and is thus in a stopped state.
The SNMP Trap service runs using the Local Service account in Windows. The SNMP Trap service was dependent on the Event Log service up until Windows Server 2003 but since Windows Vista and Windows Server 2008, the SNMP Trap service has been independent.
I want my SNMP manager to listen for SNMP Traps on a different UDP port. Is this possible?
Yes, open the file named “Services”, which is located in %systemroot%\system32\drivers\etc.
Edit the port number on the following line on the file with your customized port numbers.
snmptrap 162/udp snmp-trap #SNMP trap
Save the file as it was with no extension. Restart the SNMP Trap service. Run the following command in a Command Prompt: Netstat -ano and you should see the SNMP Trap service listening on the new port number.
What does “Send Authentication Trap” mean?
An SNMP agent sends Authentication traps to its configured trap destination List in the following situations:
An agent traps all the trap destinations of all the communities, provided these community names are configured in the Security tab of an agent. So if multiple trap destinations are configured with multiple community names, then a trap message is sent to all the destinations of all the communities specified on the trap tab. This happens three times in succession after each access violation. However a trap message to a trap destination will have the community name specified in the SNMP agent for that trap destination.
Make sure of following things:
How do I test if my SNMP Manager is able to receive SNMP Traps?
You may have 3rd party applications which make use of the built-in SNMP trap service to receive traps and then react to the trap. If you find that your SNMP manager application is not receiving traps, first make sure the built in SNMP Trap Service is able to receive traps. If the SNMP Trap service is able to receive traps then it’s the application which is not working the way it should.
To check the functionality of the built-in SNMP Trap service, do the following:
snmputil: listening for traps... Incoming Trap: generic = 0 specific = 0 enterprise = .iso.org.dod.internet.private.enterprises.microsoft.software.syst ems.os.windowsNT.server agent = 10.10.10.100 source IP = 10.10.10.100 community = public Incoming Trap: generic = 3 specific = 0 enterprise = .iso.org.dod.internet.private.enterprises.microsoft.software.syst ems.os.windowsNT.server agent = 10.10.10.100 source IP = 10.10.10.100 community = public variable = interfaces.ifTable.ifEntry.ifIndex.1 value = Integer32 1 Incoming Trap: generic = 3 specific = 0 enterprise = .iso.org.dod.internet.private.enterprises.microsoft.software.syst ems.os.windowsNT.server agent = 10.10.10.100 source IP = 10.10.10.100 community = public variable = interfaces.ifTable.ifEntry.ifIndex.262147 value = Integer32 262147
Below are different types of traps that are built-in and are enabled by default in Windows:
Refer http://support.microsoft.com/kb/172879 for some more information on SNMP traps.
- Arun Kumar (P)
Are traps always sent in SNMPv1 form?
Maybe you could write about the level of SNMPv2/SNMpv3 support in Windows. I haven't been watching closely to see if anything has changed recently. :-)
Hello Friends,
I work with a very large network's Server Management Team. Our servers are configured with default SNMP strings. Some of our Servers are sending snmp requests to some devices on the network even if the SNMP Services (SNMP Service and SNMP Trap Service) are disabled. I could find no resolution. Any help would greatly be appreciated.
Regards,
Sid.
Arun,
Can a SNMP agent specify different trap destinations for different traps? Say I have created two communities, machine-hardware-community and apps-community. So can I send hardware issue related traps to some trap destinations (under machine-hardware-community) and any software issue related traps to another set of destination (under apps-community).
Yes the traps are always sent V1 Form.Windows supports SNMP V2C and SNMP V3 is not yet supported.
Can a SNMP agent specify different trap destinations for different traps?
No this is not possible with avilable default features. but yes progrmatically possible.
Does the trap destination include port?
Can a SNMP agent send trap to port 8000?
If you would like to receive an email when updates are made to this post, please register here
Subscribe to this post's comments using RSS