Microsoft have an extension capability to the Windows
events system that allows conversion of windows events to SNMP traps
which can be sent to an external fault management system. There are
some nasty aspects to the SNMP trap generated, but it does allow
management with no change to your code.
Reference:
Start
-> Control Panel -> Add Remove Programs
Start
-> Control Panel -> Administration Tools -> Services
Start
-> Run. Then evntwin
The Enterprise OID is under a Microsoft naming branch.
enterprises.microsoft(311).software(1).eventlog(13).evntagent(1).<len>.<application...>
* Where <len> is the length of the
registered application name e.g. 18 *
<application...> are the ascii values for the characters of the
application name.
e.g.
1.3.6.1.4.1.311.1.13.1.18.83.80.69.32.69.110.103.105.110.101.32.77.97.110.97.103.101.114
1.3.6.1.4.1.311 |
.1.13.1. |
18 |
83 |
80 |
69 |
32 |
69 |
110 |
103 |
105 |
110 |
101 |
32 |
77 |
97 |
110 |
97 |
103 |
101 |
114 |
Microsoft |
evntwin? |
length |
S |
P |
E |
[sp] |
E |
n |
g |
i |
n |
e |
[sp] |
M |
a |
n |
a |
g |
e |
r |
The specific trap number
is a combination of the windows 16 bit event number (e.g. 1) plus some
high bits depending on whether a system event, and also incorporates
the severity. e.g. 1073872897 = 0x40020001. The top 2 bits are encoded
-:
The
trap arguments are
The windows SNMP trap service receives SNMP traps and
provides an API for aware applications to register and be passed these.
It doesn't have a UI however.
The
snmptrapd utility from NETSNMP on Unix/Linux is a text based manager
that will display received traps. See http://net-snmp.sourceforge.net/
For
the above we see (in the debug trace)
snmptrapd: Trap OID: SNMPv2-SMI::enterprises.311.1.13.1.18.83.80.69.32.69.110.103.105.110.101.32.77.97.110.97.103.101.114.0.1073872897
dumpv_recv: ObjID: SNMPv2-SMI::enterprises.311.1.13.1.9999.1.0
:
dumpv_recv: String: Application program C:\\cygwin\\home\\dsm\\SPEC\\spec\\out\\spec\\out\\send_receive.exe
run by user dhorton on host DHORTON-PC called the Security Protection Engine.
INIT FILE not available
GUID not available
.\\module\\engine\\spe_manager.c line:2385
Security descriptor out of range : 10019