2 Replies Latest reply on Feb 23, 2011 8:18 AM by ToMMyBoaY

    Trap management in Orion

      Hi all,

      My Orion server seems quite busy with all the traps it receives from my Cisco devices. Configuration on routers and switches are including a whole bunch of traps going from environment to IPsec status traps. This is all very cool but the trap database becomes huge and if no specific action / alert is taken behind, most of them are just useless.

      After watching the trap viewer for some time, I'm just wondering : How can I possible manage this ? So many different OIDs with unclear text notifications won't help me much. Am I really supposed to go to Cisco.com and analyze each trap type to know if it's needed and what trap category it is from ? If I define certain situations like "My ipsec tunnel goes down" or "I have OSPF route recalculation", how should I proceed to end up with a rule on the Orion trap engine that will inform me clearly on what's going on ?

      Sorry if this question is basic but it seems hard to make a link between an "snmp-server enable traps ipsec blablabla" and some cipSecMIBNotification flowing in the trap viewer.

        • Re: Trap management in Orion

          I'd probably try to use the Alert/Filter Rules (in Trap Viewer: View > Alert/Filter Rules ...) to accomplish this.

          You can setup rules to filter the incoming traps (based on contents, source etc.) and so can e.g. dump the ones you don't care about or have an email send to you if some specific trap arrives etc.

            • Re: Trap management in Orion

              Thanks for the advice and sorry for taking so long to respond.

              My biggest issue is about creating those filters. Are you really starting from trap analysis to then imagine what you could potentially do as an alert or information e-mail with them ? Monitoring tools like HPsim already have the capability of "translating" traps into e-mails that would summarize events.

              One example : I'd like to send an e-mail when a fan or power supply failed on my Cisco 4500s. How would you accomplish this ? Drill into Cisco's MIB, create a filter and make one fail to test ?