Help Network Metrics SNMP Trap Processing
Network systems are prone to errors. Anomalies can occur at any time due to hardware or network issues. Whenever an issue occurs, it's important to quickly troubleshoot and resolve it, which requires instant notifications upon detection of hardware and network issues. Site24x7 aids admins with timely resolutions by instantly processing SNMP traps upon detection of an issue and sending out a notification.
An SNMP trap is any event, generated and sent by a device and received by a trap receiver whenever a change of state or anomaly is detected. These event messages generated by devices are received by a network management system like Site24x7. Site24x7 not only processes these traps and displays them, but also instantly notifies you based on the thresholds you configure for different traps.
Basic SNMP v1 traps generally fall into one of two broad categories: generic traps and enterprise traps.
Generic traps are further classified into six types:
Coldstart: This implies that the sending entity has reinitialized and that the configuration is altered. In simple terms, the SNMP device has powered on.
Warmstart: This is similar to Coldstart; the only difference is that the configuration remains unaltered. In simple terms, the SNMP device has reloaded the software.
Linkup: This indicates that one of the connected interfaces has changed states from down to up.
Linkdown: This indicates that one of the connected interfaces has changed states from up to down.
Authentication fails: This happens when an SNMP agent gets a request from an unrecognized community name.
egpNeighborloss: This happens when the agent cannot communicate with its Exterior Gateway Protocol (EGP) peer.
Enterprise specific: Vendor-specific error conditions and error codes.
SNMP v2c/v3 traps are classified based on the trap OID, as defined in the vendor's MIB.
You have to configure your device to send SNMP traps to Site24x7 by specifying the IP and the port. The traps should be received via port UDP 162. Ensure that this port is free.
Log in to Site24x7, click Network on the left panel, and select Trap Processors.
Here, you can view the list of natively supported traps as well as add new, edit, and delete traps.
Trap Processors process the raw SNMP traps sent by network devices and display them as simple understandable messages.
Click on a trap processor to view its details like name, SNMP version, description, trap OID, severity, threshold criteria, rearm criteria, and associated devices.
Figure 1. The Trap Processors view
You can create and configure trap processors from the Trap Processors view.
Figure 2. Adding trap processors.
You can set multiple conditions for threshold and rearm criteria when you select Down or Trouble for the severity.
Set the threshold criteria and receive a notification when that threshold is breached.
Rearm criteria is the value that determines whether the monitor has been restored to normal condition. Rearm criteria corresponds to the value beyond which you can revert the Trouble/Down statuses to Clear.
Example: Let's say the trouble threshold condition for a monitor is set at > 65, but during a poll it reaches 70, so you'll receive an alert and the monitor is labeled as being in severe condition. During the next poll, if the monitored value falls back down to a normal level—62 for example—you'll receive an alert about its return to normal condition. Should the value go back up to 71 for the next poll, you'll once again receive a breach alert. In order to avoid all these alerts, you can enter a rearm value. By entering a rearm value (in this case, it can be 50), the monitor will only be considered in normal condition once it drops down to this value.
You can set multiple threshold conditions and choose whether they're triggered by:
Each threshold condition is usually defined as Varbind Condition Value AND/OR, with the following attributes:
Varbind: Choose a necessary Varbind. Varbinds are variable bindings. Varbinds denote the variable number of packets included in an SNMP packet of a received trap message. Each Varbind is identified by its OID, type, and value.
Condition: Choose any of the following conditions from the drop-down list: Equals, Not equals, Starts with, Contains, Doesn't contain, =, =!, >, >=, <=, or <. Make sure you choose the appropriate numeric or string conditions based on the Varbind.
Value: Enter the appropriate numeric or string value.
The configured and added trap processors are listed in the SNMP Traps view based on their current statuses: Down, Up, or Trouble. In this view, you can quickly see the count of total and active trap processors, as well as the number of trap processors remaining as per your license. Click on a trap to view details like time of receipt and message.
Figure 3. The SNMP Traps view.
Any SNMP Trap that hasn't been configured for monitoring is collected and displayed as a list of unsolicited traps. These can be viewed and added from the SNMP Traps tab as shown in the image below.
You can add the SNMP Trap by clicking on the "+" icon and then follow the instructions described above. While creating the Trap Processor, you can select the devices in which that trap has to be monitored. After this, you can view the data under the tab SNMP Traps.
All the added trap processors are listed in the Trap Processors view. You can edit and delete them by clicking on the pencil
() or trash bin (
) icons respectively.
View device-specific traps by clicking on a device name. You can access this from Network > Network Devices.
Here, you can view the trap name, trap message, time of receipt, and status. You can also add trap processors and bulk suspend them.
Click the hamburger icon () to edit threshold conditions or activate a suspended trap processor.
Figure 4. Device-specific traps.
You can configure trap alerts to notify you through email, SMS, phone call, or push notifications. You can also receive these notifications through integrated applications, including ManageEngine's Alarms One and ServiceDesk Plus, as well as third-party applications like Zapier, Slack, PagerDuty, and Microsoft Teams.
Follow the steps below to configufre alerts:
Here is the video to demonstrate Site24x7's SNMP Trap Processing:
Help Network Metrics SNMP Trap Processing