i have configure commnunity string in device as ro and rw.
I receive snmp traps from the device
But the problem is I dont know how to interpret those traps. I only wanted to monitor few things like interface UP/DOWN.
How can I configure solarwind to NOT monitor anything else?
How can i get the real-time status of interface UP/DOWN/?
Pls advise!!! Appreciate that!!!
Hi,
I installed trial NPM recently. I interested in 2 objectives.
1)Get real-time status frm my appliance (i.e. configured interface up/down and object up/down)
2)Customize alarm via received syslog and snmp,modify its contents and send out selected alerts.
I am facing some problems now in syslog viewer n snmp trap receiver,how can I seek yr technical guys help?
Thank you!
Best Regards,
Peter
You can use either Syslog or SNMP Traps to achieve real time detection.
For a Trap, open the Trap Viewer application on the Orion server. Add a new Alert and define the necessary values to look for this, with the easiest being the 'Trap Details' tab and entering *linkDown* as the filter.
Always use polling based in support of this as well
There a lots of snmp traps coming in, I doesnt know how to read them.How to filter these traps to get simple interface up/down status?
sysUpTime=30.98 seconds
snmpTrapOID=SNMPv2-SMI:enterprises.37288.1.4.3.0
entPhysicalAssetID.1=EK3P0003012A0137
ifAdminStatus.1=up(1)
ifAdminStatus.12=up(1)
ifAdminStatus.13=down(2)
ifAdminStatus.14=down(2)
ifAdminStatus.3=down(2)
ifAdminStatus.4=down(2)
ifAdminStatus.5=down(2)
ifAdminStatus.6=down(2
ifAdminStatus.2=down(2)
ifAdminStatus.9=down(2)
ifAdminStatus.11=down(2)
ifAdminStatus.7=up(1)
ifAdminStatus.10=down(2)
ifAdminStatus.8=down(2)
sysUpTime=30.37 seconds
snmpTrapOID=SNMPv2-SMI:enterprises.37288.1.4.2.0
entPhysicalAssetID.1=EK3P0003012A0137
enterprises.37288.1.5.1.1=internet
enterprises.37288.1.5.1.2=pc
enterprises.37288.1.5.2.1=0
enterprises.37288.1.5.2.2=1
Assuming you are using NPM to collect your information, what is your "real time" requirement? NPM is already polling devices every 2 minutes by default. This is typically good enough for most monitoring situations. If you have a requirement to poll more often, you can tune this polling cycle, either globally, or by individual object (device or interface). BE VERY careful tuning those settings, each tweak means more resources being used by NPM all the time. By doing it this way, we are only adjusting out-of-box settings and alerts, nothing special is needed.
If you still have a requirement to do something special for that one off situation, you are close -
Step 1: Enable SNMP on the device - you have completed this already
Step 2: Review the SNMP traps you are receiving, and look for something unique you can use as the "trigger" in your alert
Step 3: Configure Alert (Settings - Manage Alerts) - this is where it gets tricky if you've never created/modified alerts before. The best option is to find an alert that you can copy and modify (never modify the original version) to meet your needs. Something that performs the way you want, but doesn't "trigger" on the unique data you chose in Step 2.
Hope this helps.
D
SNMP traps take a bit of work to fully understand. Included in the trap should be the IP Address of the device you're looking at. The "ifAdminStatus" is fairly self-explanatory, it tells whether a device is up (value of 1), down (value of 2) or in testing mode (value of 3). A simple search of the internet should find this info, such as at this page:
What you're showing us above is the admin status of all 14 interfaces of the device. ie: ifAdminStatus.11 is the 11th interface on the device, this would correspond to the "ifIndex" in the same table. Other rows in this SNMP table will tell you what interface 11 is. ie: Look at the ifDescr in that table. That being said, the "ifIndex" of an interface can change from boot to boot, on a Cisco device you can prevent this from happening by issuing the "snmp-server ifindex persist" config command.
One thing to remember is if you're trying to monitor a device, lets say a WLC. And you have the WLC configured to send a trap when its LAN interface goes down. Since the LAN interface is down, it will have no way of getting this trap to Solarwinds, so you'd be SOL! SNMP-traps are "best-effort" delivery, so even when connectivity was restored, you wouldn't get the trap. Now you could monitor the switch interface to which the WLC is connected though, and as long as that switch has connectivity to Solarwinds you'd be ok. But, if the switch was down too, once again SOL! SNMP-informs guarantee delivery, but there is a host of problems associated with processing SNMP-informs too, which I'll let you find out on your own. My recommendation is to not use them.
So, as deverts said, doing SNMP polling and generating alerts off those is a very good thing. The problem with polling is that its not immediate. If the interface goes down a couple seconds after a poll, you'd have to wait for the next poll for the interface to go into a warning state, and then after that a down state. A trap would be received immediately.
So, assuming you still want to do trapping, at this point you will need to go on to the Solarwinds server and bring up the "Trap Viewer" application and set up an alert or filter. I tend to have a few traps that I look at, and filter the rest out so they're basically ignored. Fairly straightforward to set up. Add a new rule, under "General Details" you can filter based on the specific IP address of a node if you want. Then, fill out the trap details, usually I'll put the MIB in here for what I'm looking for. The more specific stuff goes under "Conditions". Its here where you can do something like "ifAdminStatus.3" "is equal to" "2" (ie: the third interface is down). Then do your Alert Actions. I like to do a color code for the trap I want so I can easily pick it out of the "Current Traps" screen.
Let us know if you have any more specific questions. I tried to give you enough detail to figure it out yourself.
HTH!!
I have to agree with deverts... the default polling interval is pretty tight. If you have a handful of nodes that are super super more important you can shorten the interval for just them but just remember this won't scale as well as the defaults. There are other advantages to doing relying on the polling... for some WAN interfaces having an alert for every time the interface seems to have gone down may just be bad WAN circuit with latency and God forbit packet loss. You'll be able to see this and also adjust your alerts to not get false alarms on problem circuits by allowing a little leaway even.
The polling interval is fine. I am having difficulty customizing the snmp traps.
Btw in syslog viewer, I cant delete the logs. There is no option to delete, and the logs are all in red. How can I delete, acknowledge & configure settings for the logs?
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.
