Processing SNMP Traps into Alarms

 

What is SNMP Trap?

Traps are cryptic messages of a fault that occurs in an SNMP device. SNMP traps are alerts generated by agents on a managed device. These traps generate 5 types of data:

  • Coldstart or Warmstart: The agent reinitialized its configuration tables.
  • Linkup or Linkdown: A network interface card (NIC) on the agent either fails or reinitializes.
  • Authentication fails: This happens when an SNMP agent gets a request from an unrecognized community name.
  • egpNeighborloss: Agent cannot communicate with its EGP (Exterior Gateway Protocol) peer.
  • Enterprise specific: Vendor specific error conditions and error codes.

 

Processing SNMP Traps into Alarms
OpManager enables you to process the traps from the managed devices.

When a trap is received from a managed device, the match criteria in the parser determines whether a specific trap matches the conditions specified in the Trap Processor.  Once a matching trap is found, an alert is generated.

Trap Processor converts the cryptic message to human-readable alarm.

Configure OpManager to process the traps that are not processed out-of-the-box and convert them into alarms.

The traps that are not processed are listed under 'Unsolicited Traps'.

 

Tools

The following actions can be done by clicking the relevant icon:

Edit: Edit the Trap

Enable or disable trap processing: Click to enable/disable trap processing

Delete processor: Delete the Trap Processor

 

Adding/Modifying Trap Processor

  • Go to Settings → Monitoring → SNMP Trap Processors.
  • Click ‘Add New’ to add a new trap.
  • Click the TrapParser name/ Edit icon to modify an existing one.
  • Configure/Modify the following properties:
    • Name: Configure a name for the new trap processor.
    • Description: Describe the trap.
    • SNMP Trap Version: Select the version (SNMP V1/V3).
      • SNMP V1 Properties:
        • Generic Type: Cold Start, Link Up, Enterprise, etc. Select the appropriate type for the OID
        • Specific Type: When Generic Type is set to Enterprise a specific trap ID s identified
        • Trap OID: For devices with SNMP v2c version, select the trap oid from the MIB using the Select button.
        • Severity: Select the Alarm severity.
        • Failure Component: This option is useful when you deal with a single trap OID that has multiple failure components. The Varbinds containing more details on the trap will have information on the failed components (entities like CPU, Temperature etc). You can match the entity too by appending the VarBind number in this field to generate separate alarms for the failed components. For instance, $Source_trapName_trap_$v5.
        • Source: Append the Varbinds to be matched if required. This option is useful if the trap is forwarded from another source.
        • Message: Select the required message variables
        • Match Criteria: Select the appropriate radio button to either match any one or all the conditions that you specify. Select the variable bindings, the condition, and the string to be matched.
        • Rearm Criteria: Similarly, select the appropriate radio button to match the rearm conditions. Select the variable bindings, the condition, and the string to be matched.
      • SNMP V3 Properties:
        • Trap OID: For devices with SNMP v3 version, select the trap oid from the MIB using the Select button.
        • Severity: Select the Alarm severity.
        • Failure Component: This option is useful when you deal with a single trap OID that has multiple failure components. The Varbinds containing more details on the trap will have information on the failed components (entities like CPU, Temperature etc). You can match the entity too by appending the VarBind number in this field to generate separate alarms for the failed components. For instance, $Source_trapName_trap_$v5.
        • Source: Append the Varbinds to be matched if required. This option is useful if the trap is forwarded from another source.
        • Message: Select the required message variables.
        • Match Criteria: Select the appropriate radio button to either match any one or all the conditions that you specify. Select the variable bindings, the condition, and the string to be matched.
        • Rearm Criteria: Similarly, select the appropriate radio button to match the rearm conditions. Select the variable bindings, the condition, and the string to be matched.
  • Click Save for the configuration to take effect.

 

Loading Trap Parsers from a MIB

Following are the steps to load the traps from various MIBs:

  • Go to Settings → Monitoring → SNMP Trap Processors. All the configured processors are listed here.
  • Click on Load Traps From Mibs at the top of the page.
  • From the list of MIBs, select the MIB from which you would like to load the trap variable. The traps in that MIB are listed.
  • Select the required trap variable, and click Add.
  • A Processor for the selected trap is added, and is listed under the Traps tab. 

 

How to process the Unsolicited Traps?

  • Go to Alarms ( ALT+A ) > Click on Unsolicited Traps.
  • Click on Create Trap Processor corresponding to the trap message.
  • Type a name for TrapName.
  • Make sure that the status is enabled.
  • Select the Severity.
  • Click on Add.

 

How to configure SNMP Traps in Agent?

Despite configuring the SNMP Trap Processor in opmanager, you might still not see the alarms based on traps. You might need to check the SNMP agent configuration on the monitored devices.

 

Can I process traps from a device which is not available in OpManager? 

No, the device must be available in OpManager for you to be able to process those traps.

 

How to combine multiple traps and generate them as a single alarm? 

If the value for the Failure Component field is the same for two or more trap processors, it'll be processed as a single entity. For instance, let us assume CISCO_SHUTDOWN and CISCO_FANSTATUS as two different trapprocessors. Now, if the Failure Component field for both these trap processors contain the value CISCO, then these trap processors will be processed as a single entity. 

To configure,

  • Go to Settings → Monitoring → SNMP Trap Processors
  • Select Add/Edit a trap procesor
  • Add/Edit the Failure Component field to contain the same value.

Now, OpManager will process these traps as a single entity.

 

How can I ignore a trap from being processed? 

  • Go to Settings → Monitoring → SNMP Trap Processors 
  • Under Status, disable the trap processor that you do not wish to be processed.