SNMP Trap Monitoring Tools


Monitoring SNMP Traps

SNMP Trap Monitoring Tools involve monitored devices sending messages to monitoring stations (LogicMonitor collectors in our case) to notify an event that needs attention. LogicMonitor generally recommends SNMP voting (where LogicMonitor asks the device for its status) as opposed to a trap, for the following reasons:
  • SNMP traps are single packets sent without guaranteed delivery, to notify of a problem. Unfortunately, it is sent when something is wrong - exactly when the single package is most unlikely to be sent.
  • Set SNMP traps requiring device configuration to send traps to the correct destination - on each device.
  • There is no way to ensure the trap is correctly configured to be sent by the device; not blocked by networks or firewalls; and received by the collector, except sending a trap. So months later, when you need to receive a trap, and many things have changed or maybe not.
  • Traps do not provide context: are temperature traps sent because temperatures have recently surged, or have they been rising for months?

However, if there are certain traps that you want to catch and be aware of.

Device Configuration

LogicMonitor can remind about SNMP traps that are received by collectors. Please follow these general steps to configure the device so that it can send SNMP traps to the collecting machine:

1. Check the SNMP configuration of the device, and make sure that the device's collection engine is configured as the "SNMP trap destination" for the device where the SNMP trap message is sent.
  • If running a backup collector, make sure to configure the two collectors as trap destinations. Only collectors are currently active for devices that will report a trap.

2. Make sure the 162 UDP port is open between this device and the collecting machine and no other application is listening on this port on the collecting machine.
  • If running a backup collector, make sure the 162 UDP port is open between the device and the secondary collecting machine too.
  • If necessary, the SNMP port trap default listening that the collector uses can be changed. Please contact support for further assistance with SNMP Trap Monitoring Tools.

EventSource Attribute

  • Applies to - This field is used to associate EventSource with a particular device (or device group). Click here for more information about how to use the AppliesTo field.
  • Groups - This field is used to group several Event Sources in a folder. This field is optional. Click here for more information about how to use grouping.
  • Filter - This section is used for inclusive filtering. This makes it possible to determine the parameters for receiving certain traps. This field is optional.
  • Warning Settings - This section allows to determine the severity of the warning that will be generated when a suitable trap is received and whether there must be a special alert template used for warning notifications. Alert routing still depends on the Alert Rules used.
  • Effective Interval - This field specifies a period of time within minutes to consider the trap as alert. For example, given an Effective Interval of 60, an event such as a system restart will show as a current warning for 60 minutes after the trap is received. This gives people time to be informed of the warning, acknowledge it, or maybe improve it. After the Effective Interval ends, the device is no longer alert to this trap. (Of course, alerts will appear in the alert history, and will be sent according to the applicable escalation rules.)

Download SNMP Trap Microsoft and Linux :

SNMP Trap 
Free Driver
SNMP Nagios Microsoft 
Free Driver
SNMP Nagios Linux
Free Driver



Just as filtering is used in LogicMonitor data source templates, it can determine a set of filters in the source of the SNMP trap collection that will make it possible to filter inclusive and choose for certain SNMP traps to be turned on. This filter is rated sequentially from top to bottom, and each trap that fails on one of the filters set here will be excluded from capture & warning.
The following objects included in most standard SNMPv1 trap messages can be referenced for SNMP Trap Monitoring Tools.

Filters:

  • General code
  • Specific code
  • EnterpriseOid
  • SysUpTime
  • TrapVariableBindingCount
  • Order

In SNMPv2 and v3 we can support the following trap filters:
  • SysUpTime
  • TrapOID
  • TrapVariableBindingCount
  • Order

The "Message" filter will allow users to filter messages based on RegexMatch or RegexNotMatch from any string in the SNMP Trap message. Please note that this requires the use of Collector 27,100 or higher. Note: Filtering & alerting other arbitrary strings contained in trap message content is not supported at this time with SNMP Trap Monitoring Tools.

Discussion: