SNMP Trap Event Monitor Reference Guide

SNMP Trap Event Monitor

Alerts when traps are received from your SNMP devices.

Overview

Most SNMP monitoring operations use polling to retrieve data. In this model, the event monitor connects to the device to retrieve the data it requires. The SNMP protocol also supports "traps". Traps work in the opposite direction. With traps, your SNMP gear is configured to detect critical events like hard and soft resets. When one of these events is detected the unit sends a "trap" to one or more systems that it has been configured to notify.

Use the SNMP Trap event monitor to catch incoming traps, filter them based on content and send alerts as appropriate.

Use Cases

  • Catching SNMP traps sent by networking equipment when exceptional events occur

Monitoring Options

This event monitor provides the following options:

Include a list of all new traps in each notification

Select this option to show a list of all new traps that have been received since the last run. Use the "Limit" option to specify the maximum number that will be included. It's a good idea to set a reasonable limit because traps can often be generated in large numbers when there are significant network issues. Select the format for displaying trap data. The default format strikes a balance between size and legibility, but you can select one of the other available formats if you choose.

Attempt to convert device IPs to host names

With this option selected, the event monitor will take the trap sender's address and perform reverse DNS on it in an attempt to get a host name. This operation can be resource-intensive and we recommend that you leave it off unless host names are required to interpret trap data.

Include the trap description in each notification

With this option selected, the event monitor will search the available MIBs and attempt to include a description of each trap that is received.

Include the descriptions for each variable included in the trap

Traps can optionally include variables. With this option selected the event monitor will search the available MIBs and attempt to include a description of the variable and its meaning.

Include only the first sentence of each description

Some traps and variables have very long descriptions spanning multiple lines. Use this option to include only the first line of each description.

Record all traps as [Success|Warning|Error|Critical] events

Use this option to define the alert level that will be used by default when new traps arrive.

Define exceptions to the above rule

Use this option to define how other traps will be handled by the event monitor. For each exception, specify the Enterprise value, generic trap ID, and specific trap ID.

Only check traps with specified enterprise values

Use this option to tell the event monitor to discard traps that specified values in the enterprise values. To specify multiple filters, separate them with commas.

Only check traps from specified agent addresses

Use this option to filter out traps based on the IP address of the agent that sent the trap.

Only check traps from specified source addresses

Use this option to filter out traps based on the IP address of the source of the trap.

Only check traps from specified generic trap values

Each trap includes a generic trap value and a specific trap value. The two of them together can often be used to uniquely identify a trap type. Use this option to filter based on the generic trap value. To specify multiple generic trap values, separate them with commas.

Only check traps from specified specific trap values

Use this option to filter based on the specific trap value. To specify multiple specific trap values, separate them with commas.

Only check traps with specified text in extra variables

With this option enabled, the event monitor will look at each of the trap variables and skip any traps that do not have one or more of the text strings you specify. To specify multiple text strings, separate them with commas.

Ignore traps with specified text in extra variables

This option is the opposite of the previous one. Use it to tell the event monitor to ignore traps that have certain text strings in their extra variables.

Only include traps that match the specified regular expression

With this option selected, each trap record will be searched using the supplied regular expression and traps which do not match will be discarded.

Exclude traps that match the specified regular expression

With this option selected, each trap record will be searched using the supplied regular expression and any traps that match will be discarded.

Define friendly names for SNMP values

SNMP item names can be obscure and confusing. Use this option to automatically map values to more friendly names. For example, you could map "SNMPv2-MIB::sysDescr.0" to the more friendly "System Description". Click on the checkbox to enable friendly names and specify the substitutions you want FrameFlow to make.

Authentication and Security

This event monitor does not require authentication.

Protocols

Data Points

This event monitor does not generate any data points.

Sample Output

Tutorial

To view the tutorial for this event monitor, click here.

Back to Library

Comments

There are no user-contributed comments for this page. Be the first to submit a comment!

Add a comment