Implemented
over 1 year ago

SNMP Trap & Syslog Rules Overhaul

In my opinion these two items have been neglected by SolarWinds for many years.  We use SNMP trapping extensively within my organization and every rule we have to create is an arduous process.  Ideally there are several aspects of both of these functions that should be improved upon.

1.  Copy/Paste rule creation.  When we look at alerts we can take a similar alert and make a copy of it altering the rule to suit our needs.  This element doesn't exist in the SNMP or Sylsog rules.  Each rule must be built from scratch.  For example I have multiple rules that are exactly the same with the minor exception being one specific OID for Netscaler traps.  If the OID equals one of our web servers we send it to the web team...if it is one of our exchange servers we send to our messaging team, and so on.  However to build these rules we have to manually create.

2.  Import/Export actions.  In alerts you can import/export an action for use within another alert.  This functionality is missing from the Syslog/SNMP rules.

3.  Enhanced ordering.  At my last count I have 160 + SNMP rules.  These rules are top down ordered.  When I create a new rule it is placed at the bottom.  If I need that rule to go to the top I have to click my mouse 160 times to get it to the top (no wonder I've had carpal tunnel surgery on both hands).  A drag an drop feature would solve this issue.

My first three requests I would think should be relatively simple because these features exist today within other components of SW.  The 4th I assume would be a little trickier to accomplish.

4.  Treat SNMP/Syslog rules like alerts that must be acknowledged (if desired).  Right now if I get an SNMP trap that I would consider to be critical it sends an email. It is not treated like an alert that requires acknowledgement.  I understand this would be a much greater challenge because you would have to have well defined reset scenarios.

I know that I am in the minority in this as it seems that many other members of the community rely less dependently on traps but they are a part of our environment and they aren't going away.  As they continue to grow I will be forced to look for alternatives to SW in this space if SW doesn't evolve these areas.  I have been using SW for 6 years and I have seen little to no improvement in these two areas.  I had hoped with the acquisition of Kiwi there would have been some nice improvements but alas that isn't the case.

  • At the moment I believe the only valid variable there is ${Message} but that will get you the entire message and probably isn't quite what you are looking for I would guess. I assume you are probably wanting to define certain strings within the message and send those along.

  • When I send the trap to the alerting engine can I extract any variables from it? I am trying to do this in order to use a field in the trap in the name of the generated alert, but I cannot get it to work with either $ or $.

    On Friday, October 18, 2019, 7:06:50 PM GMT+3, aLTeReGo wrote:

    SNMP Trap & Syslog Rules Overhaul

    new comment by aLTeReGo View all comments on this idea

    Traps don't automatically affect the status of a node, but now that Syslog & Traps are incorporated into Orion's Alert Manager, you can define a custom status as a trigger action for an alert.

     

    thwack.solarwinds.com/.../pastedImage_0.png

    Reply to this email to respond to aLTeReGo's comment.

    Following SNMP Trap & Syslog Rules Overhaul in these streams: Inbox

    To find answers to your questions and up-to-the-minute product info, please visit the THWACK forums.

    This email was sent to the email address used on your THWACK account.

    Unsubscribe

    Change Preferences

    SolarWinds, 7171 Southwest Parkway, Building 400, Austin, Texas 78735

  • Traps don't automatically affect the status of a node, but now that Syslog & Traps are incorporated into Orion's Alert Manager, you can define a custom status as a trigger action for an alert.

    pastedImage_0.png

  • I installed 2019.4 RC 1 today and it looks great, haven't got around to testing alerts yet. I have one more question, does Orion or NPM take into account traps when it comes to routing protocols? For example if BGP or OSPF goes down or up and it recieves a trap, does it change the status of the protocol for the respective node or is it just based on polling?

    On Thursday, October 17, 2019, 11:29:02 PM GMT+3, aLTeReGo wrote:

    SNMP Trap & Syslog Rules Overhaul

    new comment by aLTeReGo View all comments on this idea

    Release Candidates are fully supported in production environments, and we have hundreds of customers who have already upgraded to 2019.4.

    Reply to this email to respond to aLTeReGo's comment.

    Following SNMP Trap & Syslog Rules Overhaul in these streams: Inbox

    To find answers to your questions and up-to-the-minute product info, please visit the THWACK forums.

    This email was sent to the email address used on your THWACK account.

    Unsubscribe

    Change Preferences

    SolarWinds, 7171 Southwest Parkway, Building 400, Austin, Texas 78735

  • Thank you for the information!

    Sent from Yahoo Mail on Android

    On Thu, Oct 17, 2019 at 23:29, aLTeReGo wrote:

    SNMP Trap & Syslog Rules Overhaul

    new comment by aLTeReGo View all comments on this idea

    Release Candidates are fully supported in production environments, and we have hundreds of customers who have already upgraded to 2019.4.

    Reply to this email to respond to aLTeReGo's comment.

    Following SNMP Trap & Syslog Rules Overhaul in these streams: Inbox

    To find answers to your questions and up-to-the-minute product info, please visit the THWACK forums.

    This email was sent to the email address used on your THWACK account.

    Unsubscribe

    Change Preferences

    SolarWinds, 7171 Southwest Parkway, Building 400, Austin, Texas 78735

  • Release Candidates are fully supported in production environments, and we have hundreds of customers who have already upgraded to 2019.4.

  • Is it stable enough to use in production? I have a client that bought NPM, NTA, VNMQ, NCM and 3 pollers and is really interested in setting alarms based on traps and having traps for the node displayed in the node view. The current lack of this functionality in 2019.2 is causing problems in closing the implementation and it would be a life saver if I could use it in production. If all goes well the client is interested in buying more polling engines.

    On Thursday, October 17, 2019, 10:17:57 PM GMT+3, aLTeReGo wrote:

    SNMP Trap & Syslog Rules Overhaul

    new comment by aLTeReGo View all comments on this idea

    Yes, 2019.4 is currently a Release Candidate.

    Reply to this email to respond to aLTeReGo's comment.

    Following SNMP Trap & Syslog Rules Overhaul in these streams: Inbox

    To find answers to your questions and up-to-the-minute product info, please visit the THWACK forums.

    This email was sent to the email address used on your THWACK account.

    Unsubscribe

    Change Preferences

    SolarWinds, 7171 Southwest Parkway, Building 400, Austin, Texas 78735

  • Yes, 2019.4 is currently a Release Candidate.

  • Is the 2019.4 release out? All I could find is a release candidate.

    On Thursday, October 17, 2019, 10:05:09 PM GMT+3, bobmarley wrote:

    SNMP Trap & Syslog Rules Overhaul

    new comment by bobmarley View all comments on this idea

    Looking forward to playing with it in our lab

    Reply to this email to respond to bobmarley's comment.

    Following SNMP Trap & Syslog Rules Overhaul in these streams: Inbox

    To find answers to your questions and up-to-the-minute product info, please visit the THWACK forums.

    This email was sent to the email address used on your THWACK account.

    Unsubscribe

    Change Preferences

    SolarWinds, 7171 Southwest Parkway, Building 400, Austin, Texas 78735

  • Looking forward to playing with it in our lab