Orion NPM v10.0 delivers quite a few new features. One of those features revolves around the Orion Trap Server. In previous versions of NPM, users could create rules on many aspects of an SNMP Trap, including the originating IP address, the community string, or the contents of the MIB (seen in the figure below as DNS Hostname, Community String, and Conditions). One notable absence was that there was no way to alert on the Details field of a trap—also known as the Trap Variable Bindings. This Details tab—highlighted in yellow below—is new to NPM v10.
The inability to alert on the Trap Details was a drag because that field contains a wealth of distinguishing data. For instance, you might see 20 traps from the same server, same community string and IP (obviously) based on the same MIB, but there’s a key word that shows up in the Trap Details that makes some more important than others. The only way to alert on these details previously was to go to the Conditions tab and figure out which OID was associated with the target information and work through it from that angle.
Let’s walk through an example of how to set up an alert on the Trap Details.
First, rules are created on the Trap Viewer, which you’ll find on your Orion server.
Once launched, you’ll see a list of traps. Click on the yellow yield-sign-looking icon to launch the settings dialog.
From the settings dialog, go to the Alerts/Filter Rules tab and click “Add Rule”
You can name the rule on the General tab, and you can set other restrictions on other tabs, but let’s assume that you just looking for traps that include a particular IP address in the Details field. The new Details tab can look for strings such as an IP Address or a word. Let me note that if you check the “Use Regular Expressions…” checkbox, you unleash a ton of power so that you can parse the text in virtually any way imaginable. Now, keep in mind that regular expressions are not for the technically meek, but if your geek-fu is strong, it’ll do back flips for you.
Let’s assume you just want the simple string lookup, which, really, will fully serve most people most of the time. Once you’ve filled out the string you want, you just need to add an alert action. For the alert action, you might want to add a color to traps with the target IP address so that it’s easy to identify in your list. Click ok and the rule will engage.
As soon as you get a trap that fits the rule, the action engages. You can see the results in both the Trap Viewer application and in the Orion Web Console.
So that’s it simple, but incredibly powerful if you want to be alerted on the contents of a trap. There are other new trap-related features, but more about those in another post.