I'm trying to understand the format of SNMP traps. I'm porting a piece of code from windows to linux that sends SNMP traps. The windows code uses a built in library ( some functions include SnmpStartup, SnmpSetRetransmitMode. Might be called WinSNMP ), so there is no way to keep that code when porting to Linux.
I found a nice library called SNMP++ that has the ability to send SNMP traps easily.
From my understanding, the first two variable binding (vb) fields of an SNMP trap must meet a specific format. The first vb is the sysuptime (basically, the timestamp of the trap), and it has the well known OID of 1.3.6.1.2.1.1.3.0
.
The second vb is the ID of the trap. I can't find any documentation on it anywhere, but SNMP++ gives the ID of the trap an OID of 1.3.6.1.6.3.1.1.4.1.0
(it's value is the OID of the trap we are sending). It gets set using pdu.set_notify_id function.
Is this another well known OID that must be present when sending a Trap? The windows library doesn't use this OID at all. It sets the OID of the ID field to the OID that we are sending, so the OID and its value are set to the same thing. It looks like it is being done manually though, so the format might not have been well understood by the original coder.
So, which of these is correct?
windows:
1.3.6.1.4.1.XXXX.2.1.51 -> 1.3.6.1.4.1.XXXX.2.1.51
SNMP++:
1.3.6.1.6.3.1.1.4.1.0 -> 1.3.6.1.4.1.XXXX.2.1.51
And why can't I find any documentation on this 1.3.6.1.6.3.1.1.4.1.0
value? It doesn't seem to be in any RFCs that I've read. Googling that OID gives results, but they don't explain its use.
For any SNMP questions, please start from IETF SNMP RFC documents. Clearly TRAP v2 must have the two objects, as described on page 22 of RFC 3416,
https://www.rfc-editor.org/rfc/rfc3416#page-22
I can only say if WinSNMP does not follow the convention, it is not standard compliant, and should be fixed by Microsoft.