SNMP trap parameters

  • Published on Jul 8, 2025
  • 1 minute(s) read
Prev Next

SNMP traps can be configured as notification targets for the different event types.

  

Table: SNMP traps - parameters 
System monitoredElement monitoredTrap parameters
System OS events
Disk space

/var/log: log file system

/var/pg: DB file system

/var/identikey: IDENTIKEY file system – log and trace files

A DISMAN-EVENT-MIB::mteTriggerFired trap is sent with the following parameters:

  • DISMAN-EVENT-MIB::sysUpTimeInstance 0:0:22:00.30
  • SNMPv2-MIB::snmpTrapOID.0
  • DISMAN-EVENT-MIB::mteTriggerFired
  • DISMAN-EVENT-MIB::mteHotTrigger.0 log file system
  • DISMAN-EVENT-MIB::mteHotnotification targetName.0
  • DISMAN-EVENT-MIB::mteHotContextName.0
  • DISMAN-EVENT-MIB::mteHotOID.0 UCD-SNMP-MIB::dskErrorFlag.1
  • DISMAN-EVENT-MIB::mteHotValue.0 1
  • UCD-SNMP-MIB::dskPath.1 /var/log
  • UCD-SNMP-MIB::dskErrorMsg.1 /var/log: less than 10% free (= 100%)
MemoryMemory low

A DISMAN-EVENT-MIB::mteTriggerFired trap is sent with the following parameters:

  • DISMAN-EVENT-MIB::sysUpTimeInstance 0:0:26:01.01
  • SNMPv2-MIB::snmpTrapOID.0
  • DISMAN-EVENT-MIB::mteTriggerFired
  • DISMAN-EVENT-MIB::mteHotTrigger.0 memory
  • DISMAN-EVENT-MIB::mteHotnotification targetName.0
  • DISMAN-EVENT-MIB::mteHotContextName.0
  • DISMAN-EVENT-MIB::mteHotOID.0
  • UCD-SNMP-MIB::memSwapError.0
  • DISMAN-EVENT-MIB::mteHotValue.0 1
  • UCD-SNMP-MIB::memErrorName.0 swap
  • UCD-SNMP-MIB::memSwapErrorMsg.0 Running out of swap space (3136)
Processes, monitored via SNMP traps

OneSpan Authentication Server (ikeyserver)

LDAP sync daemon (ikldapsync)

MDC daemon (mdcserver)

System logging daemon (syslog-ng)

Timeserver (ntpd)

A DISMAN-EVENT-MIB::mteTriggerFired trap is sent with the following parameters:

  • DISMAN-EXPRESSION-MIB::sysUpTimeInstance 0:0:00:50.30
  • SNMPv2-MIB::snmpTrapOID.0
  • DISMAN-EVENT-MIB::mteTriggerFired
  • DISMAN-EVENT-MIB::mteHotTrigger.0 process down
  • DISMAN-EVENT-MIB::mteHotnotification targetName.0
  • DISMAN-EVENT-MIB::mteHotContextName.0
  • DISMAN-EVENT-MIB::mteHotOID.0
  • SNMPv2-SMI::enterprises.2021.2.1.100.4
  • DISMAN-EVENT-MIB::mteHotValue.0 1
  • SNMPv2-SMI::enterprises.2021.2.1.2.4 "syslog-ng"
  • SNMPv2-SMI::enterprises.2021.2.1.101.4 "No syslog-ng process running."

A similar trap is sent when the service comes back online:

    • DISMAN-EXPRESSION-MIB::sysUpTimeInstance 0:0:00:40.40
    • SNMPv2-MIB::snmpTrapOID.0
    • DISMAN-EVENT-MIB::mteTriggerFired
    • DISMAN-EVENT-MIB::mteHotTrigger.0 process up
    • DISMAN-EVENT-MIB::mteHotnotification targetName.0
    • DISMAN-EVENT-MIB::mteHotContextName.0
    • DISMAN-EVENT-MIB::mteHotOID.0
    • SNMPv2-SMI::enterprises.2021.2.1.100.4
    • DISMAN-EVENT-MIB::mteHotValue.0 0
    • SNMPv2-SMI::enterprises.2021.2.1.2.4 "syslog-ng"
    • SNMPv2-SMI::enterprises.2021.2.1.101.4 ""
OneSpan Authentication Server Appliance Configuration Tool events
Configuration ToolAll Configuration Tool events in the audit log are monitored.

For Configuration Tool events, traps with the following parameters are sent:

  • DISMAN-EVENT-MIB::sysUpTimeInstance 2:1:13:15.27
  • SNMPv2-MIB::snmpTrapOID.0 VASCO-AXSGUARD-IDENTIFIER-MIB::vdsIaAuditNotification
  • VASCO-AXSGUARD-IDENTIFIER-MIB::vdsIaNotificationContent.0 "User sysadmin logged in"
  • VASCO-AXSGUARD-IDENTIFIER-MIB::vdsIaNotificationType.0 Success

The MIB files sent with the VASCO-AXSGUARD-IDENTIFIER-MIB::vdsIaAuditNotification trap contains the information listed here, and explains which notifications and information can be monitored .

OneSpan Authentication Server events
OneSpan Authentication ServerAll OneSpan Authentication Server events in the audit log are monitored.
  • SNMP-FRAMEWORK-MIB::snmpEngineTime.0 = INTEGER: 1193 seconds
  • SNMP-FRAMEWORK-MIB::snmpEngineBoots.0 = INTEGER: 2
  • SNMPv2-MIB::snmpTrapOID.0 = OID:VASCO-IDENTIKEY-MIB::vdsIkSecAlertEvent
  • VASCO-IDENTIKEY-MIB::vdsIkSecAlertTime.11 = STRING:2014-11-12,14:10:31.6,+0:0
  • VASCO-IDENTIKEY-MIB::vdsIkSecAlertType.11 = STRING: Failure
  • VASCO-IDENTIKEY-MIB::vdsIkSecAlertContent.11 = STRING: "Time=\"2014/11/12 14:10:31\"; Code=\"F-002001\";AMID=\"0x47D1168D40EC1D4148F99985FD450501\"; Desc=\"Userauthentication failed.\";"

When an SNMP trap is sent, the information is added to a security alert table, which is an SNMP table defined in OneSpan Authentication Server and contains a list of recent security alerts. This list is defined in the VASCO-IDENTIKEY-MIB.txt file and can be accessed using an SNMP viewer. It is non-persistent, i.e. the list is cleared when the OneSpan Authentication Server process is stopped.