11 Replies Latest reply on Sep 7, 2010 8:26 PM by LGentile

    Alert Action (Syslog) for SNMP traps

    LGentile

      Hello,

      I haven't found a way to successfully do this, so I am wondering if I am simply looking in the wrong areas.

      We have a lot of use for using SNMP traps (instead of standard polling which is what 100% of our alerts are based off of now) for various 'instant' events we'd like to get alerts on.  We currently have a Syslog alert action for any "pollable" event since our main ticketing system is based off of syslog messages from a centralized server.  The problem is, I can't find a way to generate a Syslog action from an SNMP trap.  I basically need to have an alert created via a Syslog message (specifically formatted) so the Syslog server can interpret it and open automatic tickets for us.  However, the option to create a Syslog action on a trap is not there.  We are running 9.0 but planning to upgrade all the way to 10.1 soon but I also don't see that option in our demo version of 10.

      Is there a different way I should be doing this or is it simply not supported?  Emails/pagers, etc.. do us no need, we need to have the syslog messages. 

      Thanks!

        • Re: Alert Action (Syslog) for SNMP traps
          byrona

          Alert actions for SNMP Traps in NPM are setup in the SNMP Trap Viewer.  Open the Trap Viewer on the console and click on the yellow triangle icon at the top that looks like a hazard sign.

          Hope this helps!

          • Re: Alert Action (Syslog) for SNMP traps
            aLTeReGo

            It might sound convoluted but you can create an alert in the SNMP Trap Viewer to write the SNMP Trap information to the Windows Event Log and then use the Windows Event Log Forwarder to send the information to the Syslog Viewer in Orion. Alternatively you could use the Windows Event Log component monitor in APM to accomplish the same feat without the Windows Event Log Forwarder. 

            • Re: Alert Action (Syslog) for SNMP traps
              byrona

              I am curious, is there some reason why you don't want to just create the alert actions directly for the SNMP Traps versus forwarding them as Syslogs to another system?

                • Re: Alert Action (Syslog) for SNMP traps
                  LGentile

                  Well, this may help -

                  We use Remedy as our ticketing system.  We are somewhat slaves to it.  We also have HP OpenView for a variety of other systems out there.  OpenView is directly integrated with Remedy.  Basically, if you can configure your monitoring tool to talk to OpenView via syslog messages, you can get automatic tickets for your team.  So, we have SW and advanced alerts configured for anything we poll on (disk failures, node down, CPU usage, etc) and the action is that syslog message I posted above.  Any other process and I'd have to find some way to integrate it with OpenView. 

                    • Re: Alert Action (Syslog) for SNMP traps
                      aLTeReGo

                      LGentile, would my suggestion work for your needs until a Syslog alert action is incorporated into the SNMP Trap Viewer?

                      • Re: Alert Action (Syslog) for SNMP traps
                        byrona

                        Are you planning to continue to use both Orion and OpenView or do you plan to migrate from OpenView to Orion?  I ask because it may be worth your time to integrate Orion with Remedy similarly to how you have done with OpenView.  Once you have done the integration piece once it should just be a wash-rinse-repeat for each Orion alert that you setup.

                        Disclaimer: Just me thinking out loud.

                          • Re: Alert Action (Syslog) for SNMP traps
                            LGentile

                            Well, quite honestly, I am trying to get this working because we're moving to ESXi 4.1 and currently SW doesn't gel with vCenter directly - so the traps i'm talking about are coming from vCenter.  vCenter gives us LUN usage visibility and guest performance data without having to query Windows directly (which is a funny thing when the servers are virtual anyhow, since you are seeing what Windows 'thinks' it sees, not really how well it's performing under the hypervisor).    Honestly, OV is the tool that is sticking around, we only use Orion for Windows and VMware monitoring since it was easy to set up and get running.  We've even got routers in there for alert suppression.   What we may end up doing is just having vCenter talk directly with OV or use the Insight plugin for our HP servers to gather more data on the hosts.  I don't think we can wait for vCenter integration with SW. 

                            I can try the alert log deal suggested to see if it will work when i have some time.  I'll let you know if that works out.