I am attempting to setup an alert from a trap on a cisco router. The trap being sent is "snmp-server enable traps config" and I would like to email to report what user is writing the config? Can someone shed some light on how I may get this information?
Here are OID where the informatin resides about users, but I'm not sure how to add this to my alert:
1.3.6.1.4.1.9.9.43.1.4.3
1.3.6.1.4.1.9.9.43.1.1.6.1.8
Here is an example of the MIB information sent in the ${RawValue} and ${Message} parts of the trap/alert:
Raw values:
ccmHistoryEventCommandSource.18821:= 1 ccmHistoryEventConfigSource.18821:= 3 ccmHistoryEventConfigDestination.18821:= 4 snmpTrapOID:= 1.3.6.1.4.1.9.9.43.2.0.1 sysUpTime:= 2091158026 experimental.1057.1.0:= [IPADDRESS] snmpTrapEnterprise:= 1.3.6.1.4.1.9.9.43.2
SNMP Trap
Received Time:1/21/2014 5:56:14 PM
Source:[IP Address][(HOSTNAME)]Community:[communitystring]
ColorCode:= 33023
Variable Bindings
ccmHistoryEventCommandSource.18821:= commandLine(1) (1)
ccmHistoryEventConfigSource.18821:= 3
ccmHistoryEventConfigDestination.18821:= 4
snmpTrapOID:= CISCO-CONFIG-MAN-MIB:ciscoConfigManEvent (1.3.6.1.4.1.9.9.43.2.0.1)
sysUpTime:= 242 days 0 hours 46 minutes 20.26 seconds (2091158026)
experimental.1057.1.0:= [IP ADDRESS]
snmpTrapEnterprise:= CISCO-CONFIG-MAN-MIB:ciscoConfigManMIBNotificationPrefix (1.3.6.1.4.1.9.9.43.2)