Features News Prerequisites Download Registration Installation FAQ User's Guide Buy Now

FAQ

We answer the most common questions about Trap Console here:

• Are there any built-in accounts in Trap Console?
• How can I change my password?
• Can I start Trap Console on a port, other than the default 6610?
• Can I start Trap Console to listen on a port other than the default 162?
• How can Trap Console cooperate with a syslog daemon?
• How is Trap Console licensed?
• What is the Trap Console license key?
• How can I add a new license key to Trap Console?
• How are handled traps over the license?
• How to stop Trap Console?
• Is it possible to install Trap Console as a Microsoft Windows NT service?
• How to code expressions in rules?

---

Are there any built-in accounts in Trap Console ?

Trap Console comes pre-configured with two accounts:

1. One is the built-in administrator account. After installation, the administrator account is used as the default user for Trap Console. This account has an empty password at this time. It enables you to get in easily with complete access rights. User logged in under the administrator account has the complete access to Trap Console. He/she is able to create new user accounts and delete the existing ones. The administrator may create new rules and actions or delete/modify previously created ones. He/she can add new MIBs to Trap Console and compile them.
2. The other account is guest with an empty password. Guests cannot change this password. In addition, guests cannot create, modify or delete rules and/or actions, use the MIB compiler or change Trap Console settings.

NOTES:

• It is strongly recommended to change the administrator password right after the installation.
• Administrator can delete the guest account.

---

How can I change my password ?

1. Make sure that you are not logged in as guest. Guests are not allowed to change their password.
2. From the main menu, select Preferences, then the Password tab.
3. Enter the current password to the Old Password line.
4. Enter the new password into the New Password edit line and retype it into the Retype New Password edit line.
5. Click the Change Password button.

Trap Console displays the result of the operation, with the possible error message, or "OK" if the password has been changed.

---

Can I start Trap Console on a port, other than the default 6610 ?

Yes! Trap Console's Web server listens on the TCP port 6610 by default. It is possible to start Trap Console on other port. Modify the command line arguments and add the parameter "-p <port number>":

   java -cp tc.jar Main -p 80

The command line above will start Trap Console and let it listen on the default HTTP port 80.

Note: You must restart Trap Console for this change to take effect.

---

Can I start Trap Console to listen on a port, other than the default 162 ?

Yes! Trap Console listens for SNMP traps on the default UDP/TCP trap port 162. It is possible to let Trap Console listen for SNMP traps on another port.

From the main menu, select Runtime and choose the tab for the appropriate trap receiver. Enter new port number in the Receiver Port edit line and click Set. Receiver will restart if already running. No application restart is needed.

---

How can Trap Console cooperate with a syslog daemon?

Trap Console action "Send syslog message" allows to forward selected trap information to a remote syslog server. Define outgoing syslog message parameters, specify remote syslog server and add the action to an existing or new trap rule.

Trap Console itself can act like a syslog server. Syslog message reception is initially disabled. Go to the Runtime/Syslog UDP(TCP) Receiver page, select the port number to bind, click Set and Start Receiver. Trap Console will start converting received syslog messages into traps, processing them the same way as regular SNMP originated traps. Trap Console syslog converter uses included MIB (CSCARE-SYSLOG-MIB) to build trap PDU containing variables with syslog message attributes as their values.

To receive any syslog message, setup forwarding at your syslog daemon or any other source of syslog messages to a remote syslog server. In this case specify Trap Console host and syslog receiver port as the destination. Trap Console supports BSD syslog protocol (RFC 3164). Include csSyslogTrap in a rule to match received syslog messages (converted into traps). It is defined in CSCARE-SYSLOG-MIB under csSyslogEnterprise.

• Setting up conventional syslog daemon

Linux stock syslog daemon syslogd has the facility to receive messages from the network, using an internet domain socket. Usually it is disabled initially, enable it using "-r" command line option. Inspect syslogd service script for a method how to specify additional options (in /etc/init.d/syslog). For example, RedHat linux script reads /etc/sysconfig/syslog and uses SYSLOGD_OPTIONS variable as the syslogd command line.

Syslogd can forward received messages to a remote server, including Trap Console with syslog reception activated. Edit its configuration file /etc/syslog.conf and add an entry with an action part containing a host name prepended with a "@"

#forward ALL messages to a remote host
*.*	@hostname

or more specifically

#forward all kernel messages to a remote host
kern.*	@hostname

• Setting up syslog-ng

Syslog-ng is a common replacement for syslogd. Remote syslog reception is active by default. Configuration file /etc/syslog-ng.conf contains source definition

source net	{ udp (); tcp (); };

Forwarding to a remote host is enabled by destination definition:

destination trapconsole_udp	{ udp("tchost" port(1514)); };
destination trapconsole_tcp	{ tcp("tchost" port(514)); };
	
#forward local user messages to trap console host
log { source(sys); filter(f_user); destination(trapconsole_udp); };

---

How is Trap Console licensed ?

The primary task of Trap Console is to receive SNMP traps being sent to Trap Console from some SNMP agents residing in your network. Thus, Trap Console is licensed according to the maximum count of different SNMP agents it can receive traps from.

For example: If you want to handle SNMP traps from 10 different devices in your network (for instance 3 servers, 5 switching hubs and 2 print servers), you need 10 Trap Console licenses.

Trap Console logs dynamically the first 10 different IP addresses. All traps received from different IP addresses subsequently are indicated as License Overflow.

---

What is the Trap Console license key?

Trap Console licenses are being distributed in the form of license keys. License key is a string holding encoded serial number and a specific number of Trap Console licenses. You can combine more license keys in Trap Console. It is also perfectly possible to add new license keys at any time there is a need to extend capabilities of Trap Console without stopping Trap Console operations.

You can enter license keys into Trap Console after logging in with your Web browser, see the next paragraph.

---

How can I add a new license key to Trap Console ?

The Trap Console license key can be entered in the Web browser as follows:

1. From the main menu, select Preferences, then the Licensing tab.
2. Type the license key into the New License Key edit box.
3. Click the Add button.

The new license key is added to the Registered Serial Keys list. There you can find serial number keys and the number of licenses of each entered license key. In addition, you can also see the total number of your Trap Console licenses.

Note: The above described license key manager is available only in the commercial version of Trap Console.

---

How are traps over the license handled ?

Traps over the license were just logged into the application log file and discarded in Trap Console version less than 1.3. This caused problems when a new SNMP agent started to send traps to Trap Console. Its traps were discarded unless you have added new licenses. In such case you could not control this SNMP agent by means of Trap Console.

Starting from the version 1.3 such traps are handled as the others under the license. In addition, Trap Console executes several notification procedures to warn the administrator that the license is exceeded.

Trap Console provides following notification procedures:

• Writes traps over the license to the application log file.
• Writes the warning into the Trap Console's console window.
• Writes the warning on Web browser page.
• Can send a License Overflow notification message to the Trap Console administrator Notifications are controlled by L/O Notifications checkbox on the Preferences/E-mail page.

---

How to stop Trap Console ?

Trap Console can be stopped as follows:

• from its Java console, typing 'q' and pressing Enter
• from Web browser, accessing the Runtime/Console page, typing 'q' in the provided edit line and pressing Submit. This option is available only for the administrator.
• if Trap Console works as NT service, it can be stopped in the 'Services' applet in Administrative Tools, right-clicking on the Trap Console row in the list and choosing stop from the pop-up menu, or clicking the stop button in the main toolbar.
• Trap Console can be stopped using the command line switch

  -stop [<timeout-seconds>]

  where timeout is in seconds and is optional. If the timeout is not defined, the default value (5 seconds) is used. Let's presume that Trap Console is running. It can be stopped by starting a new instance with parameter -stop, e.g.

  java -jar tc.jar -stop 2

  where the already running instance of Trap Console will be stopped in 2 seconds provided the both instances were started from the same working directory.

• if Trap Console is installed as system daemon on Linux with System V init (default with RPM package and optional with other installers) it can be stopped using script installed in /etc/init.d/trapconsole. Invoke it directly

  sh /etc/init.d/trapconsole stop

  or using your distribution's service utility e.g.

  service trapconsole stop

---

Is it possible to install Trap Console as a Microsoft Windows NT service ?

When installing Trap Console using the installation executable for Microsoft Windows platform, the installation wizard recognizes whether the operating system supports NT services. If so, then Trap Console is installed automatically as an NT service.

Later, the Trap Console service may be manipulated in the standard way like any other NT services. From the Control Panel - Services applet you can specify its startup mode, start and stop the service.

---

How to code expressions in rules ?

Expressions if evaluate to true can activate a set action. The following examples presume that the used traps are allowed for the rule.

• contains(alarmName, "fan")

This expression evaluates to true if the following condition is fulfilled: the value of the 'alarmName' variable ('csCareTrap' trap) contains a substring: fan. The 'substring' function is case sensitive.

---

• contains(alarmName, "'fan'")

Let's assume that in the 'alarmName' variable there is a string: Server 'fan'; 2. To match the substring ('fan') including the single quotes, the whole searched substring must be placed in double quotes in the 'contains' function's second argument: "'fan'".

---

• contains(alarmName, "\"fan\"")

An example of searching for a substring with double quotes. This example evaluates to true if the 'alarmName' variable contains the following substring including double quotes: "fan".

---

• substring(alarmName, 4, 7) == "off"

If there is a need to search for a substring at an exact position in the value string (of the 'alarmName' variable in this case), use the 'substring' function. The expression above evaluates to true if the substring which starts with a character at position '4' and ends with the 7-th character in the 'alarmName' variable matches the 'off' string.

Note: The position of the first character in a string is indexed as '0'. If we have an expression: substring(variable, 4, 7), and the variable has a value: 0123456789, then the substring above returns: 456.

---

• startsWith(trapName, "link") && ifIndex == 3

This expression evaluates to true only if the incoming trap's name starts with the 'link' substring (linkUp, linkDown, ...) and in the same time the trap's 'ifIndex' variable has a value that equals to 3.

---

• mib && length(trapDescr) > 30

This expression evaluates to true if a trap is resolved (it has a MIB) and the length of the trap description (i.e. the number of characters in 'trapDescr' variable value) is greater than 30.

---

• trapName == "egpNeighborLoss" && substring(egpNeighAddr, 0, 7) == "10.0.0."

This expression evaluates to true only if the incoming trap is named 'egpNeighborLoss', and in the same time, the EGP neighbor IP address substring is exactly '10.0.0.' and starts with the first character (argument '0') and ends with the 7-th character (argument '7') in the 'egpNeighAddr' string.

---

• containsVariable("nodeName") && !contains(nodeName, "PROXY")

  or

  containsVariable("nodeName") && indexOf(nodeName, "PROXY") == -1

The both expressions are equal and evaluate to true if an incoming trap contains a 'nodeName' variable and in the same time the 'nodeName' variable doesn't contain the 'PROXY' substring.

---

• equals(trapName, "serviceFailure") && equalsIgnoreCase(cswServiceName, "FTP") && endsWithIgnoreCase(cswServiceHost, "acme.com")

Presumably, the csWatchTrap enterprise is allowed for this rule. The above-mentioned expression evaluates to true if an incoming trap is named 'serviceFailure', is sent from an ftp server, and the host's domain address ends with the 'acme.com' string. The case of the 'ftp' string and the domain address string is ignored.

---

• equalsIgnoreCase(enterprise, "snmp") || trapName == "csCareTrap" || equals(trapName, "serviceFailure")

This expression allows finer selection of traps than a rule filter can do. The equality operator '==' performs the same way as the 'equals' function, but it cannot ignore the case (in contrary with 'equalsIgnoreCase').