Well, here's how I do it:
proc traphandler {ip list} {
set timelist [lindex $list 0]
foreach add [lrange $list 1 end] {
array set Trap [list [mib name [lindex $add 0]] [lindex $add 2]]
# puts "[mib name [lindex $add 0]] [lindex $add 2]"
}
switch $Trap(snmpTrapOID.0) {
repeaterAgent.0.6 {
set msg "HUB Security/Port Access violation at IP $ip on port "
set port [lindex [lindex $list 3] 2]
set intruder [lindex [lindex $list 2] 2]
append msg "$port"
if {$port > 12} {
append msg "/B[expr $port - 12]"
}
append msg " from ether $intruder"
if {$port == ""} {
set msg $list
}
# puts "msg $msg"
if {[string first "Access violation" $msg] > 0} {
syslog critical "$msg"
}
}
default {
set msg "unrecognized trap from $ip: "
foreach d [array names Trap] {
append msg "$d $Trap($d) - "
}
syslog critical "$msg"
}
}
}
catch {exec rm /tmp/.straps}
set s [snmp session -port 162]
$s bind "" trap {traphandler %A "%V"}
You could modify the syslog to be an exec or whatever you wanted.
-- ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug@eng.auburn.edu
-- !! This message is brought to you via the `tkined & scotty' mailing list. !! Please do not reply to this message to unsubscribe. To subscribe or !! unsubscribe, send a mail message to <tkined-request@ibr.cs.tu-bs.de>. !! See http://wwwsnmp.cs.utwente.nl/~schoenw/scotty/ for more information.