Asp Forum - Help decoding UDPSocket trap data

jackster the jackle

1/16/2008 2:27:00 PM

Hi Ruby Forum,

I have a script that opens a UDPSocket on port 162 and listens for traps
which are then sent to STDOUT for now.

I am seeing data strings coming in that are in a format that I need to
decode somehow. I have read through all the doco on UDPSocket and
BasicSocket and Socket and don't see any way to decode the data being
sent in the traps.

Here is an example of what I'm seeing from my Cisco devices:

["0\201\351\002\001\000\004\02087", ["AF_INET", 51709, "10.1.1.1",
"10.1.1.1"]]

The first numbers enclosed in the first set of parenthesis contain the
data in the trap.

Does anyone know how I would go about decoding these?

Thanks in advance

jackster.mobi
--
Posted via http://www.ruby-....

6 Answers

yermej

1/16/2008 3:01:00 PM

On Jan 16, 8:26 am, jackster the jackle <cont...@thirdorder.net>
wrote:
> Hi Ruby Forum,
>
> I have a script that opens a UDPSocket on port 162 and listens for traps
> which are then sent to STDOUT for now.
>
> I am seeing data strings coming in that are in a format that I need to
> decode somehow. I have read through all the doco on UDPSocket and
> BasicSocket and Socket and don't see any way to decode the data being
> sent in the traps.
>
> Here is an example of what I'm seeing from my Cisco devices:
>
> ["0\201\351\002\001\000\004\02087", ["AF_INET", 51709, "10.1.1.1",
> "10.1.1.1"]]
>
> The first numbers enclosed in the first set of parenthesis contain the
> data in the trap.
>
> Does anyone know how I would go about decoding these?
>
> Thanks in advance
>
> jackster.mobi
> --
> Posted viahttp://www.ruby-....

I'm not sure, but the data format is probably dependent on the Cisco
devices. I would check their documentation for more info.

You might also want to check out Ruby SNMP - http://snmplib.ruby...
- rather than writing your own socket routines.

jackster the jackle

1/16/2008 4:24:00 PM

yermej wrote:
> I'm not sure, but the data format is probably dependent on the Cisco
> devices. I would check their documentation for more info.
>
> You might also want to check out Ruby SNMP -
> http://snmplib.ruby...
> - rather than writing your own socket routines.

Good call yermej...thanks.

I copied the basic TrapListener script as follows and am receiving traps
that are readable:
-----------code one ---------------
require 'snmp'
require 'logger'

log = Logger.new(STDOUT)
m = SNMP::TrapListener.new do |manager|
manager.on_trap_default do |trap|
log.info trap.inspect
puts "------------------"
puts logger.value
end
end
m.join
----------------------------------

Interestingly enough, if I change the code a bit and print out
"logger.value",
you see the exact type of trap formatting that I originally asked about
in my initiail request:
-------------code two ----------------
log = Logger.new(STDOUT)
m = SNMP::TrapListener.new do |manager|
manager.on_trap_default do |trap|
log.info trap.inspect
puts logger.value
end
end
m.join
----------------------------------
What is the best way to get my logger values out if "code one" listed
above so that I can manipulate them? I'd like to be able to access this
output from "code one" for instance:
----------------------code three ------------
@value="Interface GigabitEthernet7/12, changed state to down",
---------------------------------------------

thanks

jackster.mobi
--
Posted via http://www.ruby-....

yermej

1/16/2008 4:55:00 PM

On Jan 16, 10:23 am, jackster the jackle <cont...@thirdorder.net>
wrote:
> yermej wrote:
> > I'm not sure, but the data format is probably dependent on the Cisco
> > devices. I would check their documentation for more info.
>
> > You might also want to check out Ruby SNMP -
> >http://snmplib.ruby...
> > - rather than writing your own socket routines.
>
> Good call yermej...thanks.
>
> I copied the basic TrapListener script as follows and am receiving traps
> that are readable:
> -----------code one ---------------
> require 'snmp'
> require 'logger'
>
> log = Logger.new(STDOUT)
> m = SNMP::TrapListener.new do |manager|
> manager.on_trap_default do |trap|
> log.info trap.inspect
> puts "------------------"
> puts logger.value
> end
> end
> m.join
> ----------------------------------
>
> Interestingly enough, if I change the code a bit and print out
> "logger.value",
> you see the exact type of trap formatting that I originally asked about
> in my initiail request:
> -------------code two ----------------
> log = Logger.new(STDOUT)
> m = SNMP::TrapListener.new do |manager|
> manager.on_trap_default do |trap|
> log.info trap.inspect
> puts logger.value
> end
> end
> m.join
> ----------------------------------
> What is the best way to get my logger values out if "code one" listed
> above so that I can manipulate them? I'd like to be able to access this
> output from "code one" for instance:
> ----------------------code three ------------
> @value="Interface GigabitEthernet7/12, changed state to down",
> ---------------------------------------------
>
> thanks
>
> jackster.mobi
> --
> Posted viahttp://www.ruby-....

Sorry, but I'm not seeing much difference between one & two. Where is
the local variable logger defined? If "log.info trap.inspect" is
printing the type of data you want, I would think that trap.inspect is
what you would want to operate on.

jackster the jackle

1/16/2008 5:14:00 PM

yermej wrote:
> On Jan 16, 10:23 am, jackster the jackle <cont...@thirdorder.net>
> wrote:
>> I copied the basic TrapListener script as follows and am receiving traps
>> puts logger.value
>> log = Logger.new(STDOUT)
>> output from "code one" for instance:
>> ----------------------code three ------------
>> @value="Interface GigabitEthernet7/12, changed state to down",
>> ---------------------------------------------
>>
>> thanks
>>
>> jackster.mobi
>> --
>> Posted viahttp://www.ruby-....
>
> Sorry, but I'm not seeing much difference between one & two. Where is
> the local variable logger defined? If "log.info trap.inspect" is
> printing the type of data you want, I would think that trap.inspect is
> what you would want to operate on.

if you do:
puts logger.value

you will see the encoding I'm talking about.

I was able to get some of the specifics out with:
trap.source_ip
and
trap.timestamp

if I do:
trap.value

I get the encoding again.

--
Posted via http://www.ruby-....

Gary Wright

1/16/2008 6:03:00 PM

On Jan 16, 2008, at 12:13 PM, jackster the jackle wrote:
>
> if I do:
> trap.value
>
> I get the encoding again.

Well I just perused the documentation at: <http://
snmplib.rubyforge.org/doc/index.html>

It looks like a trap object holds a collection of snmp variables you
could get at the info like this:

trap.each_varbind { |v|
puts v.name
puts v.value
puts v.value.asn1_type # or maybe v.asn1_type
}

or something close to that. I'm just reading the docs, not running
the software.

Gary Wright

jackster the jackle

1/16/2008 6:12:00 PM

Gary Wright wrote:
> On Jan 16, 2008, at 12:13 PM, jackster the jackle wrote:
>>
>> if I do:
>> trap.value
>>
>> I get the encoding again.
>
> Well I just perused the documentation at: <http://
> snmplib.rubyforge.org/doc/index.html>
>
> It looks like a trap object holds a collection of snmp variables you
> could get at the info like this:
>
> trap.each_varbind { |v|
> puts v.name
> puts v.value
> puts v.value.asn1_type # or maybe v.asn1_type
> }
>
> or something close to that. I'm just reading the docs, not running
> the software.
>
> Gary Wright

thank alot Gary...that works...

jackster.mobi
--
Posted via http://www.ruby-....

comp.lang.ruby

Help decoding UDPSocket trap data

jackster the jackle

yermej

jackster the jackle

yermej

jackster the jackle

Gary Wright

jackster the jackle

x Login to ForumsZone