locked
CIM equivalent of Register-WmiEvent (SNMPTRAP) for namespace "root\snmp\localhost" ? RRS feed

  • Question

  • Hi!

    1. How would the usage of CIM classes look like, that would correspond to the WMI code below? I've looked everywhere but couldn't find any similar examples ..

    Register-WmiEvent -Query “SELECT * FROM SNMPExtendedNotification” -Namespace ‘root\snmp\localhost' 
    -sourceIdentifier “SNMPTRAP” -action {

    $Agent = $Event.SourceEventArgs.NewEvent.AgentAddress
    $OID   = $Event.SourceEventArgs.NewEvent.Identification
    .   .   .
    .   .   .
    }

    2. How does CMI cope with the VarBindList, i.e is it the same as the WMI $Event.SourceEventArgs.NewEvent.VarBindList?
    --

    Many thanks in advance!



    Monday, March 5, 2018 9:21 PM

Answers

  • For whoever is interested, here is a simple example of Powershell CIM boilerplate code for catching SNMP alert notifications (traps) without need for third party libraries.

    # 
    # Convert a VarBind property value to String
    #
    function GetVarBindString ($VarBind) {
    
        $Value = $VarBind.Value
        
        switch ($VarBind.encoding) {  
           "OBJECT IDENTIFIER" { $(for($i=0; $i -lt $Value.length; $i+=4) {, [BitConverter]::ToInt32($Value,$i)})-join '.' ; break}
           "IpAddress"         { $Value -split '\s' -join '.' ; break}
           "INTEGER"           { [BitConverter]::ToUInt32($Value, 0 ); break}
           "OCTET STRING"      { [Text.Encoding]::ASCII.GetString($Value); break}
            default            { "Unknown encoding: $($VarBind.encoding)" ; break}
        }
    }
    
    #
    # Listen for SNMP notifications (traps)
    #
    Register-CimIndicationEvent -Query 'SELECT * FROM SNMPExtendedNotification' -Namespace root/snmp/localhost -sourceIdentifier “SNMPTRAP” -action {
    
         $NewEvent = $Event.SourceEventArgs.NewEvent
    
         Write-Host `n `
         "Time:       $([DateTime]::FromFileTime($NewEvent.TIME_CREATED).ToString("yyyy-MM-dd - HH:mm:ss"))" `n `
         "Agent       $($NewEvent.AgentAddress)" `n `
         "OID:        $($NewEvent.Identification)" `n `
         "COMMUNITY:  $($NewEvent.Community)" `n `
    
         for ($i=0; $i -lt $NewEvent.VarBindList.Count; $i++)
         {
            $VarBind = $NewEvent.VarBindList[$i]
    
            Write-Host " OID      [$i]: " $VarBind.ObjectIdentifier
            Write-Host " Encoding [$i]: " $VarBind.Encoding
            Write-Host " Value    [$i]: " (GetVarBindString $VarBind) `n
         }
    
         # $Global:MyEvent = $Event # enable for interactive debugging...
    }


    Tuesday, March 6, 2018 2:39 PM

All replies

  • Thanks for the pointer!

    Register-CimIndicationEvent and CIM get/new/invoke/remove seems more or less the same as the equivalent WMI cmdlets. I don't really get it, where is the big change using the CIM cmdlets (or is it a marketing stunt :-) ? 

    Is it safe to assume that the rest of the internal data structures and properties are intact as well, like for example VarBindList?

    Btw, you don't happen to have a pointer to any example that is using the CIM cmdlets and the "root/snmp/" name space?
    --

    Bump, anyone??

    Tuesday, March 6, 2018 7:51 AM
  • For whoever is interested, here is a simple example of Powershell CIM boilerplate code for catching SNMP alert notifications (traps) without need for third party libraries.

    # 
    # Convert a VarBind property value to String
    #
    function GetVarBindString ($VarBind) {
    
        $Value = $VarBind.Value
        
        switch ($VarBind.encoding) {  
           "OBJECT IDENTIFIER" { $(for($i=0; $i -lt $Value.length; $i+=4) {, [BitConverter]::ToInt32($Value,$i)})-join '.' ; break}
           "IpAddress"         { $Value -split '\s' -join '.' ; break}
           "INTEGER"           { [BitConverter]::ToUInt32($Value, 0 ); break}
           "OCTET STRING"      { [Text.Encoding]::ASCII.GetString($Value); break}
            default            { "Unknown encoding: $($VarBind.encoding)" ; break}
        }
    }
    
    #
    # Listen for SNMP notifications (traps)
    #
    Register-CimIndicationEvent -Query 'SELECT * FROM SNMPExtendedNotification' -Namespace root/snmp/localhost -sourceIdentifier “SNMPTRAP” -action {
    
         $NewEvent = $Event.SourceEventArgs.NewEvent
    
         Write-Host `n `
         "Time:       $([DateTime]::FromFileTime($NewEvent.TIME_CREATED).ToString("yyyy-MM-dd - HH:mm:ss"))" `n `
         "Agent       $($NewEvent.AgentAddress)" `n `
         "OID:        $($NewEvent.Identification)" `n `
         "COMMUNITY:  $($NewEvent.Community)" `n `
    
         for ($i=0; $i -lt $NewEvent.VarBindList.Count; $i++)
         {
            $VarBind = $NewEvent.VarBindList[$i]
    
            Write-Host " OID      [$i]: " $VarBind.ObjectIdentifier
            Write-Host " Encoding [$i]: " $VarBind.Encoding
            Write-Host " Value    [$i]: " (GetVarBindString $VarBind) `n
         }
    
         # $Global:MyEvent = $Event # enable for interactive debugging...
    }


    Tuesday, March 6, 2018 2:39 PM