diff --git a/extra/alerts/pcmk_alert_sample.sh b/extra/alerts/pcmk_alert_sample.sh
index a3a8e56fe4..5bfe383689 100755
--- a/extra/alerts/pcmk_alert_sample.sh
+++ b/extra/alerts/pcmk_alert_sample.sh
@@ -1,73 +1,106 @@
 #!/bin/bash
 #
 # Copyright (C) 2015 Andrew Beekhof <andrew@beekhof.net>
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public
 # License as published by the Free Software Foundation; either
 # version 2 of the License, or (at your option) any later version.
 #
 # This software is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 # General Public License for more details.
 #
 # You should have received a copy of the GNU General Public
 # License along with this library; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+##############################################################################
+# This sample script assumes that only users who already have root access can
+# edit the CIB. Otherwise, a malicious user can create damage anywhere in the
+# filesystem  where user hacluster has access - as well as writing to special
+# files.
+# If that is not the case in your environment, you should edit this script to
+# validate the log-destination.
+#
+# Sample configuration (cib fragment in xml notation)
+# ================================
+# <configuration>
+#   <alerts>
+#     <alert id="alert_sample" path="/path/to/pcmk_alert_sample.sh">
+#       <instance_attributes id="config_for_pcmk_alert_sample">
+#         <nvpair id="debug_option_1" name="debug_exec_order" value="false"/>
+#       </instance_attributes>
+#       <meta_attributes id="config_for_timestamp">
+#         <nvpair id="ts_fmt" name="timestamp-format" value="%H:%M:%S.%06N"/>
+#       </meta_attributes>
+#       <recipient id="logfile_destination" value="/path/to/logfile"/>
+#     </alert>
+#   </alerts>
+# </configuration>
 
 if [ -z $CRM_alert_version ]; then
     echo "Pacemaker version 1.1.15 is required" >> ${CRM_alert_recipient}
     exit 0
 fi
 
-tstamp=`printf "%04d. " "$CRM_alert_node_sequence"`
-if [ ! -z $CRM_alert_timestamp ]; then
-    tstamp="${tstamp} $CRM_alert_timestamp (`date "+%H:%M:%S.%06N"`): "
+debug_exec_order_default="false"
+
+: ${debug_exec_order=${debug_exec_order_default}}
+
+if [ "${debug_exec_order}" = "true" ]
+    tstamp=`printf "%04d. " "$CRM_alert_node_sequence"`
+    if [ ! -z $CRM_alert_timestamp ]; then
+        tstamp="${tstamp} $CRM_alert_timestamp (`date "+%H:%M:%S.%06N"`): "
+    fi
+else
+    if [ ! -z $CRM_alert_timestamp ]; then
+        tstamp="$CRM_alert_timestamp: "
+    fi
 fi
 
 case $CRM_alert_kind in
     node)
-	echo "${tstamp}Node '${CRM_alert_node}' is now '${CRM_alert_desc}'" >> ${CRM_alert_recipient}
-	;;
+        echo "${tstamp}Node '${CRM_alert_node}' is now '${CRM_alert_desc}'" >> ${CRM_alert_recipient}
+        ;;
     fencing)
-	# Other keys:
-	# 
-	# CRM_alert_node
-	# CRM_alert_task
-	# CRM_alert_rc
-	#
-	echo "${tstamp}Fencing ${CRM_alert_desc}" >> ${CRM_alert_recipient}
-	;;
+        # Other keys:
+        #
+        # CRM_alert_node
+        # CRM_alert_task
+        # CRM_alert_rc
+        #
+        echo "${tstamp}Fencing ${CRM_alert_desc}" >> ${CRM_alert_recipient}
+        ;;
     resource)
-	# Other keys:
-	# 
-	# CRM_alert_target_rc
-	# CRM_alert_status
-	# CRM_alert_rc
-	#
-	if [ ${CRM_alert_interval} = "0" ]; then
-	    CRM_alert_interval=""
-	else
-	    CRM_alert_interval=" (${CRM_alert_interval})"
-	fi
+        # Other keys:
+        #
+        # CRM_alert_target_rc
+        # CRM_alert_status
+        # CRM_alert_rc
+        #
+        if [ ${CRM_alert_interval} = "0" ]; then
+            CRM_alert_interval=""
+        else
+            CRM_alert_interval=" (${CRM_alert_interval})"
+        fi
+
+        if [ ${CRM_alert_target_rc} = "0" ]; then
+            CRM_alert_target_rc=""
+        else
+            CRM_alert_target_rc=" (target: ${CRM_alert_target_rc})"
+        fi
 
-	if [ ${CRM_alert_target_rc} = "0" ]; then
-	    CRM_alert_target_rc=""
-	else
-	    CRM_alert_target_rc=" (target: ${CRM_alert_target_rc})"
-	fi
-	
-	case ${CRM_alert_desc} in
-	    Cancelled) ;;
-	    *)
-		echo "${tstamp}Resource operation '${CRM_alert_task}${CRM_alert_interval}' for '${CRM_alert_rsc}' on '${CRM_alert_node}': ${CRM_alert_desc}${CRM_alert_target_rc}" >> ${CRM_alert_recipient}
-		;;
-	esac
-	;;
+        case ${CRM_alert_desc} in
+            Cancelled) ;;
+            *)
+                echo "${tstamp}Resource operation '${CRM_alert_task}${CRM_alert_interval}' for '${CRM_alert_rsc}' on '${CRM_alert_node}': ${CRM_alert_desc}${CRM_alert_target_rc}" >> ${CRM_alert_recipient}
+                ;;
+        esac
+        ;;
     *)
         echo "${tstamp}Unhandled $CRM_alert_kind alert" >> ${CRM_alert_recipient}
-	env | grep CRM_alert >> ${CRM_alert_recipient}
+        env | grep CRM_alert >> ${CRM_alert_recipient}
         ;;
-
 esac
diff --git a/extra/alerts/pcmk_snmp_helper.sh b/extra/alerts/pcmk_snmp_helper.sh
index ea878821bd..1f5142bd2b 100755
--- a/extra/alerts/pcmk_snmp_helper.sh
+++ b/extra/alerts/pcmk_snmp_helper.sh
@@ -1,150 +1,162 @@
 #!/bin/sh
 #
 # Description:  Manages a SNMP trap, provided by NTT OSSC as an
 #               script under Heartbeat/LinuxHA control
 #
 # Copyright (c) 2016 NIPPON TELEGRAPH AND TELEPHONE CORPORATION
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
 #
 ##############################################################################
 # This sample script assumes that only users who already have root access can
-# edit the CIB. Otherwise, a malicious user could run commands as root by
+# edit the CIB. Otherwise, a malicious user could run commands as hacluster by
 # inserting shell code into the trap_options variable. If that is not the case
 # in your environment, you should edit this script to remove or validate
 # trap_options.
 #
 # Sample configuration (cib fragment in xml notation)
 # ================================
 # <configuration>
 #   <alerts>
 #     <alert id="snmp_alert" path="/path/to/pcmk_snmp_helper.sh">
-#       <instance_attributes id="insta_9">
-#         <nvpair id="trap_nodes" name="trap_node" value="no"/>
-#         <nvpair id="trap_fencing" name="trap_fencing" value="no"/>
+#       <instance_attributes id="config_for_snmp_helper">
+#         <nvpair id="trap_node_states" name="trap_node_states" value="all"/>
 #       </instance_attributes>
+#       <meta_attributes id="config_for_timestamp">
+#         <nvpair id="ts_fmt" name="timestamp-format" value=""%Y-%m-%d,%H:%M:%S.%01N""/>
+#       </meta_attributes>
 #       <recipient id="snmp_destination" value="192.168.1.2"/>
 #     </alert>
 #   </alerts>
 # </configuration>
 # ================================
 # ================================
 # <configuration>
 #   <alerts>
 #     <alert id="snmp_alert" path="/path/to/pcmk_snmp_helper.sh">
 #       <recipient id="snmp_destination" value="192.168.1.2">
-#        <instance_attributes id="insta_9">
-#         <nvpair id="trap_nodes" name="trap_node" value="no"/>
-#         <nvpair id="trap_fencing" name="trap_fencing" value="no"/>
-#        </instance_attributes>
+#         <instance_attributes id="config_for_snmp_helper">
+#           <nvpair id="trap_node_states" name="trap_node_states" value="all"/>
+#         </instance_attributes>
+#         <meta_attributes id="config_for_timestamp">
+#           <nvpair id="ts_fmt" name="timestamp-format" value=""%Y-%m-%d,%H:%M:%S.%01N""/>
+#         </meta_attributes>
 #       </recipient>
 #     </alert>
 #   </alerts>
 # </configuration>
 # ================================
 
 if [ -z "$CRM_alert_version" ]; then
     echo "Pacemaker version 1.1.15 or later is required"
     exit 0
 fi
 
 #
 trap_binary_default="/usr/bin/snmptrap"
 trap_version_default="2c"
 trap_options_default=""
 trap_community_default="public"
-trap_node_default="true"
+trap_node_states_default="all"
 trap_fencing_tasks_default="all"
 trap_resource_tasks_default="all"
-trap_only_monitor_failed_default="true"
+trap_monitor_success_default="false"
+trap_add_hires_timestamp_oid_default="true"
 
 : ${trap_binary=${trap_binary_default}}
 : ${trap_version=${trap_version_default}}
 : ${trap_options=${trap_options_default}}
 : ${trap_community=${trap_community_default}}
-: ${trap_node=${trap_node_default}}
+: ${trap_node_states=${trap_node_states_default}}
 : ${trap_fencing_tasks=${trap_fencing_tasks_default}}
 : ${trap_resource_tasks=${trap_resource_tasks_default}}
-: ${trap_only_monitor_failed=${trap_only_monitor_failed_default}}
+: ${trap_monitor_success=${trap_monitor_success_default}}
+: ${trap_add_hires_timestamp_oid=${trap_add_hires_timestamp_oid_default}}
 
-#
-is_match_tasks() {
-    trap_tasks=`echo $1 | tr ',' ' '`
+if [ "${trap_add_hires_timestamp_oid}" = "true" ]
+    hires_timestamp="HOST-RESOURCES-MIB::hrSystemDate s \"${CRM_alert_timestamp}\""
+fi
+
+is_in_list() {
+    item_list=`echo "$1" | tr ',' ' '`
 
-    if [ "${trap_tasks}" = "all" ]; then
+    if [ "${item_list}" = "all" ]; then
         return 0
-    else 
-        for act in $trap_tasks
+    else
+        for act in $item_list
         do
-            act=`echo $act | tr A-Z a-z`
-            [ "$act" != "${CRM_alert_task}" ] && continue
+            act=`echo "$act" | tr A-Z a-z`
+            [ "$act" != "$2" ] && continue
             return 0
         done
     fi
     return 1
 }
-#
+
 case "$CRM_alert_kind" in
     node)
-        if [ "${trap_node}" = "true" ]; then
-    	    "${trap_binary}" -v "${trap_version}" ${trap_options} \
-		-c "${trap_community}" "${CRM_alert_recipient}" "" \
-		PACEMAKER-MIB::pacemakerNotificationTrap \
-		PACEMAKER-MIB::pacemakerNotificationNode s "${CRM_alert_node}" \
-		PACEMAKER-MIB::pacemakerNotificationDescription s "${CRM_alert_desc}"
-        fi
-	;;
+        is_in_list "${trap_node_states}" "${CRM_alert_desc}"
+        [ $? -ne 0 ] && exit 0
+
+        "${trap_binary}" -v "${trap_version}" ${trap_options} \
+        -c "${trap_community}" "${CRM_alert_recipient}" "" \
+        PACEMAKER-MIB::pacemakerNotificationTrap \
+        PACEMAKER-MIB::pacemakerNotificationNode s "${CRM_alert_node}" \
+        PACEMAKER-MIB::pacemakerNotificationDescription s "${CRM_alert_desc}" \
+        ${hires_timestamp}
+        ;;
     fencing)
-        is_match_tasks ${trap_fencing_tasks}
+        is_in_list "${trap_fencing_tasks}" "${CRM_alert_task}"
         [ $? -ne 0 ] && exit 0
 
         "${trap_binary}" -v "${trap_version}" ${trap_options} \
-		-c "${trap_community}" "${CRM_alert_recipient}" "" \
-		PACEMAKER-MIB::pacemakerNotificationTrap \
-		PACEMAKER-MIB::pacemakerNotificationNode s "${CRM_alert_node}" \
-		PACEMAKER-MIB::pacemakerNotificationOperation s "${CRM_alert_task}" \
-		PACEMAKER-MIB::pacemakerNotificationDescription s "${CRM_alert_desc}" \
-		PACEMAKER-MIB::pacemakerNotificationReturnCode i ${CRM_alert_rc}
-	;;
+        -c "${trap_community}" "${CRM_alert_recipient}" "" \
+        PACEMAKER-MIB::pacemakerNotificationTrap \
+        PACEMAKER-MIB::pacemakerNotificationNode s "${CRM_alert_node}" \
+        PACEMAKER-MIB::pacemakerNotificationOperation s "${CRM_alert_task}" \
+        PACEMAKER-MIB::pacemakerNotificationDescription s "${CRM_alert_desc}" \
+        PACEMAKER-MIB::pacemakerNotificationReturnCode i ${CRM_alert_rc} \
+        ${hires_timestamp}
+        ;;
     resource)
-        is_match_tasks ${trap_resource_tasks}
+        is_in_list "${trap_resource_tasks}" "${CRM_alert_task}"
         [ $? -ne 0 ] && exit 0
 
         case "${CRM_alert_desc}" in
-	    Cancelled) ;;
-	    *)
-                if [ "${trap_only_monitor_failed}" = "true" ]; then
-                    if [[ ${CRM_alert_rc} -eq 0 && "${CRM_alert_task}" == "monitor" ]]; then
-                        exit;
-                    fi
+        Cancelled) ;;
+        *)
+            if [ "${trap_monitor_success}" = "false" ]; then
+                if [[ ${CRM_alert_rc} -eq 0 && "${CRM_alert_task}" == "monitor" ]]; then
+                    exit;
                 fi
+            fi
 
-    	        "${trap_binary}" -v "${trap_version}" ${trap_options} \
-			-c "${trap_community}" "${CRM_alert_recipient}" "" \
-			PACEMAKER-MIB::pacemakerNotificationTrap \
-			PACEMAKER-MIB::pacemakerNotificationNode s "${CRM_alert_node}" \
-			PACEMAKER-MIB::pacemakerNotificationResource s "${CRM_alert_rsc}" \
-			PACEMAKER-MIB::pacemakerNotificationOperation s "${CRM_alert_task}" \
-			PACEMAKER-MIB::pacemakerNotificationDescription s "${CRM_alert_desc}" \
-			PACEMAKER-MIB::pacemakerNotificationStatus i ${CRM_alert_status} \
-			PACEMAKER-MIB::pacemakerNotificationReturnCode i ${CRM_alert_rc} \
-			PACEMAKER-MIB::pacemakerNotificationTargetReturnCode i ${CRM_alert_target_rc}
-		    ;;
+            "${trap_binary}" -v "${trap_version}" ${trap_options} \
+            -c "${trap_community}" "${CRM_alert_recipient}" "" \
+            PACEMAKER-MIB::pacemakerNotificationTrap \
+            PACEMAKER-MIB::pacemakerNotificationNode s "${CRM_alert_node}" \
+            PACEMAKER-MIB::pacemakerNotificationResource s "${CRM_alert_rsc}" \
+            PACEMAKER-MIB::pacemakerNotificationOperation s "${CRM_alert_task}" \
+            PACEMAKER-MIB::pacemakerNotificationDescription s "${CRM_alert_desc}" \
+            PACEMAKER-MIB::pacemakerNotificationStatus i ${CRM_alert_status} \
+            PACEMAKER-MIB::pacemakerNotificationReturnCode i ${CRM_alert_rc} \
+            PACEMAKER-MIB::pacemakerNotificationTargetReturnCode i ${CRM_alert_target_rc} \
+            ${hires_timestamp}
+            ;;
         esac
-	;;
+        ;;
     *)
         ;;
-
 esac