Help Network Monitoring SNMP Trap Processing

SNMP Trap Processing

SNMP traps are generated when any events occur, including any network or hardware issues. Site24x7 processes SNMP trap messages to detect issues quickly and send notifications to admins for faster troubleshooting and resolution.

Here is the video to demonstrate Site24x7's SNMP Trap Processing:

Table of contents

What are SNMP traps?

An SNMP trap is any event generated and sent by a device, and received by a trap receiver whenever a change of state or anomaly is detected. Network management systems like Site24x7 receive the event messages generated by these devices. Site24x7 processes these traps, displays them, and also instantly notifies you based on the thresholds you configure for different traps.

SNMP Trap Processing is supported only from On-Premise Poller versions 3.3.0 and above.

SNMP v1 traps

Basic SNMP v1 traps generally fall into two broad categories: generic and enterprise traps.

There are six types of generic traps:

  • coldStart: This implies that the sending entity has been reinitialized and has a configuration change. In simple terms, the SNMP device has powered on.
  • warmStart: This is similar to coldStart; however, the configuration remains unaltered as the device is already on. In simple terms, the SNMP device has reloaded the software.
  • linkUp: This indicates that one of the connected interfaces has changed states from down to up.
  • linkDown: This indicates that one of the connected interfaces has changed states from up to down.
  • authenticationFailure: This happens when an SNMP agent gets a request from an unrecognized community name.
  • egpNeighborloss: This happens when the agent cannot communicate with its Exterior Gateway Protocol (EGP) peer.
  • enterpriseSpecific: Vendor-specific error conditions and error codes.

SNMP v2c/v3 traps

SNMP v2c/v3 traps are classified based on the trap OID, as defined in the vendor's MIB.

Configuring SNMP traps

You have to configure your device to send SNMP traps to Site24x7 by specifying the IP and the port. The traps should be received via port UDP 162. So, you must ensure that this port is free.

 Enter the IP address of On-Premise Poller used to monitor the desired device. 

Trap Processors view

Trap processors process the raw SNMP traps sent by network devices and displays them as simple, understandable messages. You can view the list of natively supported traps in the Trap Processors view. You can also add new traps, and edit or delete existing traps, as well.

To navigate to the Trap Processors view:

    1. Log in to your Site24x7 account.
    2. Navigate to Network > Trap Processors.The Trap Processors view
      Figure 1. The Trap Processors view 
    3. Click on a trap processor to view details like Name, SNMP version, Description, Trap OID, Severity, Daily Limit, and Associated Devices.
      After clicking on a trap processor
      Figure 2. After clicking on a Trap Processor.
    4. Click on the pencil icon pencil icon in the Action column to edit a Trap Processor. Here, you can edit the values for Description, Generic Type, Source, Severity, Threshold Criteria, Rearm Criteria, Daily Limit, and Apply to Associated Devices.
      editing trap processor
      Figure 3. Editing a trap processor.
View device-specific traps by clicking on a device name. You can access this from Network > Network Devices.

Adding trap processors

You can create and configure trap processors from the Trap Processors view.

  1. Navigate to NetworkTrap Processors.
  2. Click Add Trap Processor(shown in Figure1) and enter the following:
    • Name: Enter a name to identify your trap.
    • Description: Enter a description to define your trap.
    • SNMP version: Select your device's SNMP version (v1 or v2c/v3).
    • Generic type/trap OID: For SNMP v1, enter the generic type. These are generic trap types generated by SNMP v1 agents and defined by SNMP. If your SNMP version is v2c/v3, then enter your trap OID. Trap OIDs are object identifiers that identify which type of trap is being received. 
    • Specific type: When you choose enterpriseSpecific(6) as the generic type, you can enter the specific type.
  3. You can also directly import the above from a MIB browser.
    • Generic MIBs: These are available by default in Site24x7. Choose the Vendor and the MIB from the drop-down list.
      Adding trap processor
      Figure 4. Adding trap processors with generic MIBs.
    • Custom MIBs: You can upload MIBs from your system and use them to add custom performance counters.
      • On-Premise Poller: Choosing an On-Premise Poller will list all the MIBs inside the folder Poller-home/NetworkPlus/mibs. Choose the On-Premise Poller which stores the MIB files you uploaded. If you choose ‘Recently Viewed’, all the MIBs that were uploaded or recently used will be shown. 
      • MIB: Choose an already uploaded MIB from the drop-down menu or click + to add new ones.
        Adding trap processor - custom mib
        Figure 5. Adding trap processors from custom MIBs.
        In the Upload MIB screen, select files and upload them from your computer. Also, choose the On-Premise Poller which has to store the MIB files. 
        Upload MIB
        Figure 6. Upload MIB screen.
  4. Source: This option is useful if the trap is forwarded from another source. It is the IP from which Site24x7 receives traps and can either be the source IP of the device, or the agent that generates traps. Choose $Source when the trap is directly sent to the On-Premise Poller machine, and choose $Agent when it is forwarded.
  5. Severity: Select one of the following options from the drop-down list—ClearDown, or Trouble. You need to specify the threshold and rearm criteria when you select Down or Trouble
  6. Daily limit: Choose from the drop-down menu the total number of traps that Site24x7 should process per day.
  7. Click Save.
Added trap processors can be viewed in the SNMP Traps view, along with their current statuses.

Threshold and rearm criteria

Setting threshold and rearm criteria
Figure 7. Setting Threshold Criteria and Rearm Criteria while adding trap processors.

You can set multiple conditions for threshold and rearm criteria when you select Down or Trouble for the severity. 

Threshold criteria:

Set the threshold criteria and receive a notification when that threshold is breached.

Rearm criteria: 

Rearm criteria is the value that determines whether the monitor has been restored to normal condition. Rearm criteria corresponds to the value beyond which you can revert the Trouble/Down statuses to Clear

Example: Suppose the trouble threshold condition for a monitor is "> 65". However, if the value reaches 70, you'll receive an alert, and the monitor status will change to Trouble. Subsequently, when the value falls below the threshold—62, for instance—you'll receive an alert about the monitor returning to its normal state. For any subsequent threshold breaches or reverts, you'll keep receiving alerts. To avoid all these alerts, you can enter a Rearm value. By entering a Rearm value (ex., 50), you will receive an alert only if the threshold reaches a value below the Rearm value as the monitor status changes to normal only if this condition is satisfied.

The rearm value should be less than that threshold value and vice versa.

You can set multiple threshold conditions and select whether they're triggered by:
  • All the conditions
  • Any of the conditions
  • Individual conditions

Each threshold condition is usually defined as Varbind, Condition, and Value (multiple conditions can be added with AND/OR options), with the following attributes:

  • Varbind: Select a necessary Varbind. Varbinds are variable bindings. It denotes the variable number of packets included in an SNMP packet of a received trap message. Each Varbind is identified by its OID, type, and value.
  • Condition: Select any of the following conditions from the drop-down list: Equals, Not equals, Starts with, Contains, Doesn't contain, =, !=, >, >=, <, or <=. You can also select Regular Expression to provide your own condition. Make sure you choose the appropriate numeric or string conditions based on the Varbind.
  • Value: Enter the appropriate numeric or string value. 

The SNMP Traps view

The configured and added trap processors are listed in the SNMP Traps view based on their current statuses: Down, Up, or Trouble. In this view, you can quickly see the count of total and active trap processors, as well as the number of trap processors remaining as per your license. 

To view SNMP Traps:

  1. Navigate to Network > SNMP Traps.
  2. Select a trap to view details like time of receipt and message.

The SNMP Traps view
Figure 8. The SNMP Traps view. 

Unsolicited Traps

Any SNMP trap that hasn't been configured for monitoring is collected and displayed as a list of Unsolicited Traps. These can be viewed and added from the SNMP Traps tab as shown in the image below.
Unsolicited Traps
Figure 9. Viewing the Unsolicited Traps button.

You can add the SNMP Trap by clicking on the "+" icon and then follow the instructions described in the Adding trap processor guidance . While creating the Trap Processor, you can select the devices in which that trap has to be monitored. After this, you can view the data under the tab SNMP Traps.Unsolicited Traps list

Figure 10. Unsolicited Traps view. 

Editing and deleting trap processors

All the added trap processors are listed in the Trap Processors view. You can edit and delete them by clicking on the pencil icon
(Edit icon) or trash bin (Delete icon) icon respectively.

Device-wise traps

To view the device-specific traps:

  1. Navigate to Network > Network Devices.
  2. Click on a device name to view device-specific traps. Here, you can view the Trap Name, Message, time of receipt (Last Received At), and Status. You can also add Trap Processors and bulk suspend them. Click the hamburger icon (Hamburger icon) to edit threshold conditions or activate a suspended trap processor.Device-wise traps
    Figure 11. Device-specific traps.

Setting Alerts

You can configure trap alerts to notify you through email, SMS, phone call, or push notifications. You can also receive these notifications through integrated applications, including ManageEngine's Alarms One and ServiceDesk Plus, as well as third-party applications like Zapier, Slack, PagerDuty, and Microsoft Teams.

Follow the steps below to configufre alerts:

  1. Go to the Network tab and click on the desired device name. 
  2. Next, click on Traps. All your device-wise traps will be listed here. 
  3. Click on the hamburger (Hamburger icon) icon under Actions and click Edit Threshold Profile
  4. Toggle Yes against Mark the device as Trouble when the trap's status is Trouble/Down.
  5. Click Save.
    SNMP trap alerts
    Figure 12. Configuring trap alerts. 
You can also configure alerts while adding or editing threshold profiles.

Related articles

Was this document helpful?
Thanks for taking the time to share your feedback. We’ll use your feedback to improve our online help resources.

Help Network Monitoring SNMP Trap Processing