cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

SNMP Trap & Syslog Rules Overhaul

SNMP Trap & Syslog Rules Overhaul

In my opinion these two items have been neglected by SolarWinds for many years.  We use SNMP trapping extensively within my organization and every rule we have to create is an arduous process.  Ideally there are several aspects of both of these functions that should be improved upon.

1.  Copy/Paste rule creation.  When we look at alerts we can take a similar alert and make a copy of it altering the rule to suit our needs.  This element doesn't exist in the SNMP or Sylsog rules.  Each rule must be built from scratch.  For example I have multiple rules that are exactly the same with the minor exception being one specific OID for Netscaler traps.  If the OID equals one of our web servers we send it to the web team...if it is one of our exchange servers we send to our messaging team, and so on.  However to build these rules we have to manually create.

2.  Import/Export actions.  In alerts you can import/export an action for use within another alert.  This functionality is missing from the Syslog/SNMP rules.

3.  Enhanced ordering.  At my last count I have 160 + SNMP rules.  These rules are top down ordered.  When I create a new rule it is placed at the bottom.  If I need that rule to go to the top I have to click my mouse 160 times to get it to the top (no wonder I've had carpal tunnel surgery on both hands).  A drag an drop feature would solve this issue.

My first three requests I would think should be relatively simple because these features exist today within other components of SW.  The 4th I assume would be a little trickier to accomplish.

4.  Treat SNMP/Syslog rules like alerts that must be acknowledged (if desired).  Right now if I get an SNMP trap that I would consider to be critical it sends an email. It is not treated like an alert that requires acknowledgement.  I understand this would be a much greater challenge because you would have to have well defined reset scenarios.

I know that I am in the minority in this as it seems that many other members of the community rely less dependently on traps but they are a part of our environment and they aren't going away.  As they continue to grow I will be forced to look for alternatives to SW in this space if SW doesn't evolve these areas.  I have been using SW for 6 years and I have seen little to no improvement in these two areas.  I had hoped with the acquisition of Kiwi there would have been some nice improvements but alas that isn't the case.

Tags (1)
197 Comments
Level 13

I would also like to add Macros to the various trap and syslog tables.  Right now for traps, you can only pull in from the Trap table.  We are wanting to pull in the RuleName similar to being able to pull in the AlertName in Alerts.

Level 15

Wow that would be extremely helpful.  I can't tell you how many times I ended up using a color code to try and make sure that the trap hit a certain rule.  However I do foresee one issue.  If the rule doesn't have a stop processing it could hit multiple.  I put stops in all rules but I can't guarantee everyone does.

Level 12

It's ridiculous that this isn't on the list of current 10.5 beta enhancements.  It's also totally garbage for SW to have this alleged priority system based on thwack voting and feedback and then continue to ignore it, and ignore it, and ignore it.

Peter

Level 15

I fully agree it has been 5 months since SolarWinds reached out to me on UX testing for this and another 2.5 since provided any updates.  Not only is this the heaviest receiver of votes but it has spawned dozens upon dozens of comments and has almost 3 times the views of any other idea on the boards.  There are several of SW MVPs (myself included) that have voiced this as a dire need for the product. 

As I have had to tell my kids before if I call you once and you don't answer I might assume you didn't hear me...if I call you repeatedly I'm going to assume you are ignoring me.  So I ask SolarWinds are you listening to your community?  I fully believe that you are and I'm hoping that you are working on something..but if you don't tell us...we feel ignored.

Level 21

I have moved to the conclusion that the Syslog and Trap receiver are not and never intend to be a functional part of Orion for anything beyond very small environments and am forwarding that information on to my VP of Operations and Engineering.  I am working on moving to another solution for that, hopefully LEM.

Level 16

I just recently purchased the LEM.  I am hoping I can have it perform some of the things that I wish were in Orion, My issue is that I do not want to maintain separate alerting.  If the LEM can get more integration with the Orion Alerting engine this may be a good fit.  But for now, and the forseeable future, I like many of you NEED a functional syslog/trap service integrated into Orion....

Level 21

I agree that better integration would be really nice.  Currently I have a Last 25 Logs resource on each node page in Orion which can really help with troubleshooting; if I move to LEM I will loose this.

Level 15

I understand your desire to move this out of SW and into LEM.  My big concern though is this is day 1 event-monitoring 101 type functionality that is in all platforms from your open/source to your mom and pop software all the way up to the big guys like HP & IBM.  It really shouldn't be that hard.

Level 21

Oh, don't get me wrong, I agree with you on this 110%.  Unfortunately I have given up no the idea of SW fixing this in Orion.

Level 12

Yeah, being that it's been being talked about for at least 5 years I know of, it's time to stop waiting and start looking at integrating something else, even if it has to be via perl, mysql and custom resources.  Pretty frustrated though with SW Product.

Peter