Help Network Monitoring SNMP Trap Processing

SNMP Trap Processing

SNMP traps are generated when any event occurs, including any network or hardware issues. Site24x7 processes SNMP trap messages to detect issues quickly and send notifications to admins for faster troubleshooting and resolution.

Here is the video to demonstrate Site24x7's SNMP Trap Processing:

What are SNMP traps?

An SNMP trap is any event generated and sent by a device, and received by a trap receiver whenever a change of state or anomaly is detected. Network management systems like Site24x7 receive the event messages generated by these devices. Site24x7 processes these traps, displays them, and instantly notifies you based on the thresholds you configure for different traps.

SNMP Trap Processing is supported only from On-Premise Poller versions 3.3.0 and above.

SNMP v1 traps

Basic SNMP v1 traps generally fall into two broad categories: generic and enterprise traps.

There are six types of generic traps: 

  • coldStart: This implies that the sending entity has been reinitialized and has a configuration change. In simple terms, the SNMP device has powered on.
  • warmStart: This is similar to coldStart; however, the configuration remains unaltered as the device is already on. In simple terms, the SNMP device has reloaded the software.
  • linkUp: This indicates that one of the connected interfaces has changed states from down to up.
  • linkDown: This indicates that one of the connected interfaces has changed states from up to down.
  • authenticationFailure: This happens when an SNMP agent gets a request from an unrecognized community name.
  • egpNeighborloss: This happens when the agent cannot communicate with its Exterior Gateway Protocol (EGP) peer.
  • enterpriseSpecific: Vendor-specific error conditions and error codes.

SNMP v2c/v3 traps

SNMP v2c/v3 traps are classified based on the trap OID, as defined in the vendor's management information base (MIB).

Configuring SNMP traps

You have to configure your device to send SNMP traps to Site24x7 by specifying the IP and the port. The traps should be received via User Datagram Protocol (UDP) port 162, so you must ensure that this port is free.

 Enter the IP address of On-Premise Poller used to monitor the desired device. 

Trap Processors view

Trap processors process the raw SNMP traps sent by network devices and displays them as simple, understandable messages. You can view the list of natively supported traps in the Trap Processors view. You can also add new traps, and edit or delete existing traps as well.

To navigate to the Trap Processors view:

  1. Log in to your Site24x7 account.
  2. Navigate to Network > Trap Processors.
    Trap processors view
    Figure 1. The Trap Processors view 
  3. Click a trap processor to view details like the Trap Processor Name, Description, SNMP Version, Generic Type, Source, Severity, Daily Limit, and Associated Devices.
    clicking on a trap processor

    Figure 2. After clicking on a Trap Processor.
  4. Click on the pencil pencil icon icon in the Action column to edit a Trap Processor. Here, you can edit the values for the following fields: Description, Generic Type, Source, Severity, Threshold Criteria, Rearm Criteria, Daily Limit, and Apply to Associated Devices.
  5. editing trap processor
    Figure 3. Editing a trap processor.
View device-specific traps by clicking on a device name. You can access this from Network > Network Devices.

Adding trap processors

You can create and configure trap processors from the Trap Processors view.

  1. Navigate to NetworkTrap Processors.
  2. Click Add Trap Processor(see Figure1) and enter the following:
    • Trap Processor Name: Enter a name to identify your trap.
    • Description: Enter a description to define your trap.
    • SNMP Version: Select your device's SNMP version (v1 or v2c/v3).
    • Generic Type: For SNMP v1, enter the generic type. These are generic trap types generated by SNMP v1 agents and defined by SNMP. If your SNMP version is v2c/v3, then enter your trap OID. Trap OIDs are object identifiers that identify which type of trap is being received. 
    • Specific Type: When you choose enterpriseSpecific(6) as the generic type, you can enter the specific type.
    • Source: This option is useful if the trap is forwarded from another source. It is the IP from which Site24x7 receives traps and can either be the source IP of the device or the agent that generates traps. Choose $Source when the trap is directly sent to the On-Premise Poller machine, and choose $Agent when it is forwarded.
    • Severity: Select one of the options from the drop-down list—Clear, Trouble, Critical, or Down. You need to specify the threshold and rearm criteria when you select Critical, Down, or Trouble.
    • Daily Limit: Site24x7 can process up to 500 traps per day. If you need to update the limit, contact our support team at support@site24x7.com.
    • Click Save.
  3. You can also directly import the above from a MIB browser.
    • Generic MIBs: These are available by default in Site24x7. Select the Vendor and the MIB from the drop-down.
      Adding trap processor
      Figure 4. Adding trap processors with generic MIBs.
    • Custom MIBs: You can upload MIBs from your system and use them to add custom performance counters.
      • On-Premise Poller: Selecting an On-Premise Poller will list all the MIBs inside the Poller-home/NetworkPlus/mibs folder. Select the On-Premise Poller that stores the MIB files you uploaded. If you select Recently Viewed, all the MIBs that were uploaded or recently used will be shown. 
      • MIB: Select an already uploaded MIB from the drop-down menu or click + to add new ones.
        Adding trap processors
        Figure 5. Adding trap processors from custom MIBs.
        In the Upload MIB screen, select a file and upload it from your computer. Also, choose the On-Premise Poller that has to store the MIB files. 
        upload MIB
        Figure 6. Upload MIB screen.
    • Source: This option is useful if the trap is forwarded from another source. It is the IP from which Site24x7 receives traps and can either be the source IP of the device or the agent that generates traps. Choose $Source when the trap is directly sent to the On-Premise Poller machine, and choose $Agent when it is forwarded.
    • Severity: Select one of the following options from the drop-down list—ClearDown, or Trouble. You need to specify the threshold and rearm criteria when you select Down or Trouble
    • Daily limit: Site24x7 can process up to 500 traps per day. If you need to update the limit, contact our support team at support@site24x7.com. 
  4. Click Save.
Added trap processors can be viewed in the SNMP Traps view, along with their current statuses.

Threshold and rearm criteria

Threshold rearm criteria
Figure 7. Setting Threshold Criteria and Rearm Criteria while adding trap processors.

You can set multiple conditions for threshold and rearm criteria when you select Down or Trouble for the severity. 

Threshold criteria:

Set the threshold criteria and receive a notification when that threshold is breached.

Rearm criteria: 

Rearm criteria is the value that determines whether the monitor has been restored to normal condition. Rearm criteria corresponds to the value beyond which you can revert Trouble or Down statuses to Clear

Example: Suppose the trouble threshold condition for a monitor is >65. If the value reaches 70, you'll receive an alert, and the monitor status will change to Trouble. Subsequently, when the value falls below the threshold—62, for instance—you'll receive an alert about the monitor returning to its normal state. For any subsequent threshold breaches or reverts, you'll keep receiving alerts. 

To avoid all these alerts, you can enter a rearm value. By entering a rearm value (e.g., 50), you will receive an alert only if the threshold reaches a value below the rearm value as the monitor status changes to normal only if this condition is satisfied.

You can set multiple threshold conditions and select whether they're triggered by:

  • All the conditions
  • Any of the conditions
  • Individual conditions

Each threshold condition is usually defined as Varbind, Condition, and Value (multiple conditions can be added with AND/OR options), with the following attributes:

  • Varbind: Select a necessary Varbind. Varbinds are variable bindings. It denotes the variable number of packets included in an SNMP packet of a received trap message. Each Varbind is identified by its OID, type, and value.
  • Condition: Select any of the following conditions from the drop-down list: Equals, Not equals, Starts with, Contains, Doesn't contain, =, !=, >, >=, <, or <=. You can also select Regular Expression to provide your own condition. Make sure you choose the appropriate numeric or string conditions based on the Varbind.
  • Value: Enter the appropriate numeric or string value. 

The SNMP Traps view

The configured and added trap processors are listed in the SNMP Traps view based on their current statuses: Down, Critical, Trouble, or Up. In this view, you can quickly see the count of total and active trap processors, as well as the number of trap processors remaining as per your license. 

To view SNMP Traps:

  1. Navigate to Network > SNMP Traps.
  2. Select a trap to view details like time of receipt and message.
  3. Click the thumbs up icon to acknowledge the trap. 
    For instance, in Figure 8, the AuthenticationFailure trap is in trouble, which will affect the device's status. This trap is unlikely to occur after logging in to a device. Since there is no option to auto-resolve the alarm created by this trap, you can resolve it manually by acknowledging this trap. Once acknowledged, the device status will change to green (if this was the only trap that was causing trouble). 

    Figure 8. The SNMP Traps view. 

Unsolicited Traps

Any SNMP trap that hasn't been configured for monitoring is collected and displayed as a list of Unsolicited Traps. These can be viewed and added from the SNMP Traps tab as shown in Figure 8.

You can add an SNMP Trap by clicking on the plus + icon and then follow the instructions described in the Adding trap processor guidance. While creating the Trap Processor, you can select the devices in which that trap has to be monitored. After this, you can view the data under the tab SNMP Traps.
Unsolicited Traps list
Figure 9. Unsolicited Traps view. 

Editing and deleting trap processors

All the added trap processors are listed in the Trap Processors view. You can edit and delete them by clicking on the pencil Edit icon icon or trash bin Delete icon icon respectively.

Device-wise traps

To view the device-specific traps:

  1. Navigate to Network > Network Devices.
  2. Click the device name, then navigate to the Traps tab to view device-specific traps. Here, you can view the Trap Name, Message, time of receipt (Last Received At), and Status. You can also add Trap Processors and bulk suspend them. Click the hamburger Hamburger icon icon to edit threshold conditions or activate a suspended trap processor (Figure 12).
    Device specific traps
    Figure 11. Device-specific traps.
    The device status gets updated depending on the trap status. If the trap status shows Trouble, then the device status also changes to Trouble. If the trap status is Critical or Down, the device status changes to Critical. If there are multiple traps with differing statuses, the most severe status is considered for updating the device status. For instance, in Figure 11, since one trap is trouble, the device status will be updated to trouble

Setting threshold
Figure 12. Setting threshold conditions

Related articles

Was this document helpful?
Thanks for taking the time to share your feedback. We’ll use your feedback to improve our online help resources.

Help Network Monitoring SNMP Trap Processing