Opennms and snmp traps

Let's open BEA.events.xml for example and take the first event

The mask element point to .1.3.6.1.4.1.140.625

CODE

maskelement>
   <mename>id</mename>
   <mevalue>.1.3.6.1.4.1.140.625</mevalue>
</maskelement>

Let's find out on bea's support page what this OID is about:
From http://e-docs.bea.com/wls/docs81/admin_ref/snmpcli5.html

QUOTE

Specifies the value of the trap's enterprise field, which contains the beginning portion of the OID for all WebLogic Server traps.

So


.1.3.6.1.4.1.140.625 is just the root OID for all weblogic server

traps. Looking in the file shows this maskelement as the only one

around.

So the diference between all the traps sended by BEA WLS

are based on the generic and specific stuff! Well , only the specific

as generic is always 6, but why?

Let's find out what generic is:

reading this page explains that

QUOTE

Standard generic traps are: coldStart, warmStart, linkDown, linkUp, authenticationFailure, egpNeighborLoss (...skipping....) For vendor specific traps, Generic trap type field is set to enterpriseSpecific(6)

Ok now we understand the 6 repeating over and over again

So the only way to differenciate traps comming from the same snmp agent is by reading the specific value!!!

It looks like we understand it all.

SURPRISE, on snmp version 2c generic and specifics doesn't exists anymore!!!
ARGGGG so how does opennms differenciate version 2c traps if no specific exists.

To


find the answer I travel around the web and the opennms code to find

out that all snmp v2c (and v3) traps are (sor of) converted to v1 traps.

How does opennms convert a V2c trap in a V1 trap:
reading some documentation
the first varbind in a V2c trap is the sysUpTimeOid used in the V1 traps
the last varbind is the snmp full trap OID (snmpTrapOID)

QUOTE

snmpTrapOID—Trap identification field. For generic traps, values are defined in RFC 1907, for vendor specific traps snmpTrapOID is essentially a concatenation of the SNMPv1 Enterprise parameter and two additional sub-identifiers, '0', and the SNMPv1 Specific trap code parameter.

Based on the opennms source code and comment on this page

QUOTE

The snmp trap enterprise OID, which if present in a V2 trap is the last
     * varbind.
     * 
     * ref - book 'SNMP, SNMPv2, SNMPv3..' by William Stallings, third edition,
     * section 13.1.3

The snmpTrapOID can be divided in 3 parts:
lastVarBind = enterpriseOID.subID1.subID2


if the trap is a standard generic one, so snmpTrapOID is a know and standard one, then
generic = last subID of the trapId - 1 (why minus one, don't know and too lazy to find out now)
specific = 0

if the trap is a non standard one ( enterprise one )
generic = 6
specific = last sub-identifier (subID2)
the enterprise oid is extracted from the trapId minus subID2 and subID1 if subID1 is 0 (enterprise OID never ends with a 0)