CA API Gateway 9.1

9.4 9.1

Send SNMP Trap Assertion

The Send SNMP Trap assertion allows you to instruct the Gateway to broadcast a Simple Network Management Protocol (SNMP) trap. When the Send SNMP Trap assertion is encountered in a policy execution path, an SNMP trap event will be broadcast to a predefined network address. The assertion is typically used to trigger an alert based on the result of a previous assertion.
gateway90
The
Send SNMP Trap
assertion allows you to instruct the Gateway to broadcast a Simple Network Management Protocol (SNMP) trap. When the Send SNMP Trap assertion is encountered in a policy execution path, an SNMP trap event will be broadcast to a predefined network address. The assertion is typically used to trigger an alert based on the result of a previous assertion.
For example, two assertions can be combined into a logical "At least one assertion must evaluate to true"assertion folder, the first assertion requiring validation, the later being the Send SNMP Trap assertion. If the assertion requiring validation fails, then the Send SNMP Trap assertion will execute, hence broadcasting the alert.
There are two types of SNMP traps: v1 and v2. The Send SNMP Trap assertion sends a "v2" trap.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the SNMP Properties automatically appear; when modifying the assertion, right-click
    Send SNMP Trap to...
    in the policy window and select
    SNMP Trap Properties
     or double-click the assertion in the policy window. The assertion properties are displayed.
  3. Configure the properties as follows:
    Setting
    Description
    SNMP Hostname
    Enter the network address that should receive the SNMP alert. You may reference context variables.
    SNMP Port
    The default SNMP trap destination port is set to "162". This is the IANA (Internet Assigned Numbers Authority) standard SNMP trap port. To configure a different port, select the
    Custom
     option and enter an alternate port number.
    SNMP Community
    Optionally enter the SNMP community that should be used by the SNMP trap. You may reference context variables.
    By default, the community name is obfuscated to protect your privacy. To see the actual name, select the [
    Show community
    ] check box.
    Although you may enter the actual community name here, it is recommended that you define the name as a secure password reference instead , for improved security. (An on-screen warning reminds you of this.) To do this, enter the community name through the Manage Stored Passwords task and then reference it here using the
    ${secpass.<name>.plaintext}
     context variable. This will prevent attackers from capturing the community name and then sending traps impersonating the Gateway.
    Text to Send
    Optionally enter some text to send in the SNMP trap. You may reference context variables within the trap message, if necessary.
    OID to Send
    Complete the OID of the SNMP trap. This is used for identification purposes on a network. You may reference context variables.
    If the OID entered is invalid, a value of '
    1
    ' will be used instead.
  4. Click [
    OK
    ]
     
    when done.

Content feedback and comments