How SNMP Trap Listener works ?

How SNMP Trap Listener works ?

SNMP Trap Listener


You can monitor your network devices by sending SNMP Traps in ManageEngine Applications Manager using SNMP Trap Listeners. This is achieved by: 

    1. Configuring Trap Listeners in Applications Manager 

    2. Sending trap to Applications Manager

    3. Generating alerts when the trap is received and the status of the trap listener is updated.

You can create SNMP Trap Listeners so that the traps from your device are captured in Applications Manager. To create an SNMP Trap Listener, navigate to Admin tab -> Traps -> SNMP Trap Listener and click on Add New link, or use the REST API to create an SNMP Trap Listener. Refer to our help page to learn more on configuring the trap listener.

Working of SNMP Trap Listener


When a trap is received in Applications Manager, the following series of steps are performed:

    1. The trap is compared with the corresponding version configuration of the trap listeners present.

      i. If version is v1,

      • Generic Type

      • Specific Type

      • Enterprise OID (The Enterprise OID can configured either as an exact OID or part of an OID)

      ii. If version is v2,

      • Trap OID (The Trap OID can configured as either exact TrapOID or part of TrapOID which ends with '.*' )

      iii. If version is v3,

      • Trap OID (The trap OID can configured as an exact Trap OID)

      • Username

      iv. If the Filter based on variable bindings option is enabled, the variable bindings of the trap are compared with the configured conditions.

      v. If the hostname is provided (after disabling the Associate this trap severity on server health option), then the host from which the trap is received is compared.

    2. For all the matched trap listeners, an alert is generated and the status of the trap listener is changed based on the severity configured.

      i. If severity configured is Critical - Critical

      ii. If severity configured is Warning - Warning

      iii. If severity configured is Clear - Clear

      iv. If severity configured is based on variable bindings,

      • the variable bindings of the trap is compared with the severity conditions configured.

      • if the advanced checkbox is enabled, and 'Warning' and 'Clear' conditions are configured, then the variable bindings of the trap is compared with the warning and clear conditions configured.

      • if none of the conditions matches, the status of the listener is changed to unknown.

    3. If Associate this trap severity on server health is enabled, the severity of the host monitor is affected

    4. If Associate this trap to Monitor Group is enabled, the health of Monitor groups are affected with the severity

    5. If actions are associated with the trap listener, the actions are executed.

Note: If the trap received in Applications Manager does not match any of the trap listener configuration, then the trap is moved to Unsolicited Traps (under Alarms -> Unsolicited Traps)

 Examples: 

 

Let us consider a device which send traps that describes some process and its status. Assume that the device sends v2c trap with OID .1.3.6.1.4.1.3830.1.1.46.107.3.101.1 

along with the following variable bindings: 

sysUpTime   TIMETICKS   2 hours, 48 minutes, 21 seconds.
.iso.org.dod.internet.snmpV2.snmpModules.1.1.4.1.0   OBJID   .1.3.6.1.4.1.3830.1.1.46.107.3.101.1
monitorNotifsProcessDownThrottle   INTEGER   1
monitorNotifsProcessDownNodeId   STRING   12345
monitorNotifsProcessDownSeverity   INTEGER   0
monitorNotifsProcessDownStatus   INTEGER   1



Example 1: Set severity as 'Critical' whenever the trap is received


You can set the severity as 'Critical' whenever the trap is received. For instance, 'Critical' severity is assigned to the trap listener 'Trap1' by choosing from the dropdown.


 


Example 2: Set severity based on the variable binding values

 

You can set the severity of the trap listener based on some values present in the variable bindings. For instance, for the trap listener 'Trap2',

  • the severity should be 'Critical' if the trap reaches with monitorNotifsProcessDownSeverity value as 0 or monitorNotifsProcessDownStatus as 1.

  • the severity should be 'Warning' if monitorNotifsProcessDownSeverity value is 1

  • the severity should be 'Clear' if monitorNotifsProcessDownSeverity value is 2.
























































Example 3: Filter traps based on variable bindings

 

You can choose to route traps with particular variable binding value only to the trap listener. (i.e.) You might send multiple traps with same OID to Applications Manager, but you want only some particular traps to be captured by a trap listener. For instance, only traps with monitorNotifsProcessDownNodeId having values 12345 and 12346 are monitored and captured by trap listener 'Trap3'. Also, the severity configuration is based on variable bindings (same as in Example 2).