This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SNMP Trap Alerting questions

I have an external server that is sending SNMP traps to my NPM server. These traps have a certain variable in them that indicate a circuit ID. The problem is that this server sends the same snmp trap (until the problem is corrected) every 5 minutes, and unfortunately its not something I am able to change. What I need to be able to do create alerts based on the unique string in the variable I am looking for AND suppress the alerts so we only get the same unique alert once every 4 hours. Can I do this with NPM? I see that I can suppress the the alerts by the total number of alerts that come in on the rule, but I need to suppress them by the number of unique alerts.

  • sbeauchamp there are a few threads containing similar thought, concerns, and ideas:

    Re: CONVERT SNMP TRAP TO Solarwinds ALERT?

    Re: Getting SNMP Traps into Alert Central

    If this doesn't shed any light - I will be here awaiting your response.

    Cheers

  • Those two seem to be at least partially what I am going for. I actually write my alerts from solarwinds to a windows event log where another program picks them up. The first post you linked asking to have an active alert via snmp traps is the closest i think. I may end up needing a third party tool to do what I want. Something like "alert is active if trap message containing text ABC is received" "Alert goes inactive if alert containing text ABC hasn't been received within 5 minutes of the previous one". If that makes any sense....

  • I reached the limit of my knowledge for this subject however, I have a let a product manager know to take a look in to your issue. I will be monitoring this thread to make sure you get a response. Good luck and have a great day.

  • sounds like you are talking about event correlation...not something the product does out of the box.

  • We're putting some thought into how we might tackle this problem in the future. Would you perhaps be interested in spending 30 minutes with some of our UX folks to review some things?

  • Sure, I could likely find some time for that. How would I get in contact?

  • Will ping offline in just a moment. emoticons_happy.png

  • An active alert has two components:

    - the alert definition

    - the monitored object (node, interface, etc)

    what I do is use the TRAPviewer to tag traps of interest with a key, then use a CUSTOM SQL alert on a NODE like this:

    Trigger Condition:

    WHERE  nodeid IN (SELECT nodeid

                      FROM  traps

                      WHERE  datetime>Dateadd(hour,-1, Sysdatetime())

                      and tag='OSPF_IF_CONFIG_ERROR'

                    )

    (in this case incoming traps for OSPF_IF_CONFIG_ERROR tags received in the last hour will trigger the alert.)

    Reset Condition is:

    WHERE  nodeid NOT IN (SELECT nodeid

                      FROM  traps

                      WHERE  datetime>Dateadd(hour,-1, Sysdatetime())

                      and tag='OSPF_IF_CONFIG_ERROR'

                    )

    (aside: do not let the Alert editor 'reverse' the trigger rule for you, it will get it wrong.)

    for traps received in the past 10 minutes use  datetime>Dateadd(minute,-10, Sysdatetime())

  • I created an idea/feature request for this topic and hope it covers most of the needs also covered in this post to be implemented directly into NPM?

    A lot of people seem to want this and also most competitive products support propper Trap handling:

    http://thwack.solarwinds.com/ideas/3580

    Please vote!

  • Hi Richard

    Somehow when I try to find tag on the SQL no problem

    FROM [NetPerfMon].[dbo].[Traps]

    Where datetime>Dateadd(HH,-11, Sysdatetime()) AND Tag='MX80'

    But when I try it on the alert manager somehow "hell break loose"  :-)

    SELECT TrapID, EngineID, DateTime, IPAddress, Community, Tag, Acknowledged, Hostname, NodeID, TrapType, ColorCode, TimeStamp

    FROM Orion.Traps

    Where datetime>Dateadd(MINUTE,-10, Sysdatetime()) AND Tag='MX80'