Use Windows to Send an SNMP Trap

As a follow up to my post last week, I learned that you can use Windows to send an SNMP trap.  The functionality is built into windows, as long as you have enabled SNMP via computer management (in Windows 2008 R2 and later).  Once enabled in features, you can open the menu to configure SNMP by running the following command at the run menu:

evntwin

Once open, you can configure the trap that you require by utilizing the GUI that opens with evntwin.

evntwinHere you will add the event that you want sent to your SNMP server.  This is what is used as the trap definition.  You can then open the properties for the trap definition and get the Enterprise OID which can be used in your application such as SolarWinds to view the trap.

Once that is setup, you now need to tell the SNMP Service your community string and where you’re going to send the traps that we’ve created.  In the Services panel, you should have one for SNMP. Right-Click and choose Properties.  You’ll see the typical service tabs plus some that are specific to SNMP.

First, go to the agent tab and fill in the details about your organization.

SNMP Service AgentNext, you’ll want to go into the traps tab and fill in your community name and traps destination.

SNMP Service TrapsFinally, the security tab is where you’ll give rights to the community and trap sender.  localhost is in there by default and then you’ll want to include the same server that you’re sending traps to from the previous tab.

SNMP Service SecurityOnce all that is complete, you’re all set.  I typically would restart the service so it got the new settings. It’s a rather simple process to get going, but figuring it out was the tough part.

As always, hope it helped and feel free to leave a comment or question.

Use Powershell to Write to Event Log

One of my first tasks in my new position was to use Powershell to write to the event log.  The purpose of this was to monitor locked out users in an application and forward them to our Solarwinds application via an SNMP trap.  The application itself would write a .csv file to a share containing user information for those that are locked out.  The first part of this was to get Powershell to read the file, and put the details into the Event Log so it could later be sent to Solarwinds as a trap.

The script is below, with some helpful comments (The items in bold are what you will need to change according to your environment):

#Write events to the EventLog
Write-EventLog -LogName Application -Source The source name -EventId 1234 -EntryType Error -Message (Get-Content ‘File Path‘)
#Rename file with date/time stamp
$d = Get-Date -uFormat “%Y%m%d@%H%M%S”
$date = Get-Date -uFormat “%Y%m%d@%H%M%S”
## These will become parameters in our function later
$locationPath = “File Path
$fileName = “File Name
$extension = “.csv
$old = $locationPath + $fileName + $extension
$new = $locationPath + $fileName + “_” + $date + $extension
Rename-Item $old $new

 

The top part of the script is getting the content from the file and writing it to the event log that you specify.  The bottom can be molded to what you want to do but it will rename the file that is read to append the date and time to the file name.  It’s a rather basic script but a good starting point to do more with Powershell.  The script was also added to a scheduled task in order to get the data into the event log.

As a follow up, I’ll write another post describing how to use Windows to send an SNMP trap. The functionality is built into Windows and can be used to send traps for other types of events.

New Job, New Quirks

As some of you know, I’ve recently accepted a new position as a Senior System Engineer, mostly focusing on virtualization and networking.  The genre of the blog will stay the same but I expect it to also expand to some different technologies that I’ll be working with now including Citrix and some new Compellent storage systems.

And as I encounter issues and document them, I’ll continue to share them with the web as well.

Cheers!