0 Replies Latest reply on Apr 4, 2012 8:26 AM by texnet

    Windows event log traps - OID event source and ID translation


      Windows has the built in ability to send traps for the event log with the Evntcmd and the Eventwin utilities.It sends much of the information from the event in the trap details, but it does not send the event ID or the event source in a text format. However, it does encode the source name and event ID in the trap OID itself. Microsoft has a KB article of the format here - How to translate event log messages to SNMP OIDs


      Here is an example of a trap from the DB of our solarwinds server-




      The trap was generated from a test event using the DOS command "eventcreate /L Application /T Information /SO "Solarwinds" /ID 100 /D "Solarwinds Test Event". If you look at the trap snmpTrapEnterprise value it is . Translating that from the MS KB article you have the following - <----Full OID                                                                       <--- EVNTAGENT-MIB:evntagent 

                                        .10.                                                                  <--- 10 Characters in source name

                                      <--- Source name in ASCII
                                              S   o     l      a   r     w    i       n    d      s     <--- Source name in Text

      The value snmpTrapOID takes this a step further and adds a 0 and the event ID (.0.100) to the OID.

      Can a feature be added into SNMP Trap Veiwer that can process the Microsoft trap format into the event source and ID then have that value called as a variable in an alert action?