SNMP Trapmon

Introduction Copied

The Geneos Trapmon plugin allows the monitoring of Simple Network Management Protocol (SNMP) Trap traffic via Geneos. The plugin provides two modes of operation. The first pushes the messages to a Geneos stream that can be monitored using the File Keyword Monitor (FKM) plugin in the same way as a regular file. The second displays incoming traps that match user-specified criteria.

In Trapmon plugin, net-snmp writes trap information or debug to standard error (stderr).

Note

The remote devices being monitored must have traps enabled and be configured to send the traps to the host where the Netprobe with the Trapmon plugin is running.

The Trapmon plugin supports the following SNMP versions:

On Windows Netprobe, this plugin does not support the new MIB files, Custom View, and Clear Trap command features.

SNMP version Linux Windows
1
2c
3  
     

For more information, see Geneos Compatibility Matrix.

Functionality Overview Copied

In all modes, the plugin listens for SNMP traps sent to the host on which the netprobe is running. Further processing is then performed in one of the following modes:

Geneos Streams Mode Copied

snmp-trapmon0

In this mode, incoming traps are pushed onto a named Geneos stream and sent to the FKM plugin. The stream of incoming traps can then be used as any other FKM file by configuring the plugin with a file with the same name as the trapmon stream and the deliveryType set to STREAM.

Custom Views Mode Copied

snmp-trapmon1

In this mode, incoming traps are tested against a series of matchers and displayed in dataviews published by the plugin if they match successfully. Each dataview and the corresponding matchers are configured by the user to match information within the incoming traps. A row is displayed in the dataview for each incoming trap.

Clearing Traps Copied

Once a trap is displayed in the plugin, it can be dismissed from the dataview by right clicking and using the Clear Traps command.

It is also possible to specify Custom Clearing Commands. A variable name is specified in the configuration and when the command is run on an existing trap, all traps that have been received with the same value in the column specified by the variable will be cleared.

Finally, each view can have Automatic Clearing Rules defined. These rules clear traps matching certain criteria when certain traps arrive. For example, a trap that is sent out to indicate a failure could be automatically cleared by a trap sent out indicating that service has resumed.

Views Copied

Diagnostic View Copied

snmp-trapmon3

Headline Legend

Name Description
streamName The name of the Geneos stream down which the plugin pushes incoming traps. This name can then be used with the FKM plugin.

Table Legend

Name Description
tmLastRecv The time at which the last trap was received.
totalTrapsRecv Total number of traps received since starting the plugin.

Custom Views Copied

In addition to the standard diagnostic view, additional views can be configured that show incoming traps matching user specified criteria. Each row corresponds to a trap received and displays a column for all the variable bindings contained within the trap as well as columns for metadata about the trap itself. A number of these columns are displayed by default. Unwanted default columns can be hidden using the Active Console hide column feature. In addition, columns created by variable bindings in traps can be hidden or always shown in the plugin configuration.

Repeated occurrences of the same trap increment the count column of the view.

The plugin filters incoming traps and only displays those matching those matching the specified Matchers: a pair of Column Name and a regular expression for the value of the variable. The Column Name may be one of the following:

In the screenshot below, the view has been configured to display traps where the SMI::enterprises\_1824\_1\_0\_0\_1 variable begins with the string TRAP using the regular expression TRAP.\*.

snmp-trapmon4

Default Columns

Name Description
UID Unique identifier for each incoming trap
arrivalTime

Arrival time of the last occurrence of the trap

This column shows the latest arrival time if a trap is repeatedly received.

count Number of times this trap has been received.
genericType SNMP generic type for this trap.
specificType

SNMP specific type for this trap.

This field displays N/A for SNMPv2 traps whose specific type cannot be determined from the Trap OID, e.g. generic (predefined) traps.

source

Source from where the trap originated.

For Windows platforms, this is the source IP address.

version SNMP version for this trap.
community SNMP community for this trap.
oid

For SNMPv1 traps, this column shows the Enterprise OID.

For SNMPv2 traps, this column shows the Trap OID.

uptime Uptime of the source from where the trap originated

In addition, there will be columns displaying the variable bindings for each incoming trap.

In the case of the screenshot above, the plugin is following the default behaviour and displaying a column for each variable of the incoming traps. In this case, the traps had the SNMPv2-SMI::enterprises\_1824\_1\_0\_0\_1 and SNMPv2-SMI::enterprises\_1824\_1\_0\_0\_2 variables set.

If the incoming traps provide a number of unwanted variables in addition to those in which the user is interested, the plugin configuration can be set to display a static set of columns or hide specific columns from the dataview.

To prevent too many columns being created and swamping the dataview, the maximum number of additional columns is set to 20 and can be adjusted in the configuration.

Similarly, the maximum number of traps that will be displayed in a single dataview is set to 1000 and can be adjusted in the configuration.

Custom traps can also be grouped according to specified columns. This is intended for multiple traps with trap variables using some sort of index. This groups several trap variables into one column using the specified pattern, instead of creating additional trap variable columns.

For example, if two traps with the following variables are sent:

Trap 1: IF-MIB::ifAdminStatus.12 = INTEGER: down(2)
Trap 2: IF-MIB::ifAdminStatus.14 = INTEGER: up(1)

Instead of creating a new column for IF-MIB::ifAdminStatus_14, the second trap can reuse the same trap variable column as the first trap by specifying a column group “IF-MIB::ifAdminStatus”. The two trap variables are differentiated in the column value row by the value after the “IF-MIB::ifAdminStatus”:

snmp-trapmon5

This functionality is intended for multiple traps with a common OID pattern and if addition of similarly patterned trap variable columns isn’t needed.

Multiple column groupings can be specified (duplicate column groupings are ignored). If a trap variable falls under two or more groups, then the trap variable only appears under the more generic column group.

Note

The values displayed on the dataview for trap variables is similar to the output value of snmpget command with “-O q” parameter. The format of the timeticks data type is DD:HH:MM:SS.SS, where DD is the number of days, HH is the number of hours, MM is the number of minutes, SS.SS is the number of seconds.

Menu Options Copied

The Clear Trap command allows for a specific trap to be removed from a custom view by right clicking on the row for that trap.

Additionally, custom Clear Trap Commands can be defined in the user configuration. These then add additional clearing commands to the right click menu that clear other traps with the same values for the variable specified in the configuration.

For example: define a Clear Trap Command called test\_clear with the column name SNMPv2-SMI::enterprises\_1824\_1\_0\_0\_2. After receiving 3 traps, the dataview would look as below:

snmp-trapmon6

Right-clicking on the first row and choosing Trap Monitor > test_clear from the context menu removes the first and third rows, as they both have TRAPA2 in the appropriate column.

Outside Netprobe Configuration Copied

If you have MIB definitions stored in a non-standard location, the MIBDIRS environment variable must be set to point to the custom location.

This allows the Trapmon plugin to find the MIB files which contain the type and description of the MIB variables. Setting this environment variable to the correct value ensures that this translates the trap variable into its textual form.

You may have to run the Netprobe as the root user when using the standard port on Linux.

To use all possible MIB files, set it to ALL in the environment variable:

export MIBS=ALL

Matchers Copied

Key to the configuration is the concept of a matcher. This is a combination of a variable name and a regular expression and is applied to incoming and existing traps in a number of locations within the plugin to control behaviour.

For example, a matcher defined as:

would successfully match an incoming trap with the following variable binding:

Matchers are configured as follows:

Column Name

The name of the variable to test. Corresponds to a column in the plugin dataview.

Mandatory: Yes

Pattern

Perl Compatible Regular Expression which is applied to the value of the given variable when matching.

Plugin Configuration Copied

Caution

The following are the limitations of the Netprobe when running a Trapmon sampler:

  • On Linux, multiple Trapmon samplers are not allowed to run under one Netprobe. Otherwise, the Netprobe will display an ERROR message.
  • On Linux and Windows, when you update the configuration, the Netprobe running it must restart to properly clean up the SNMP daemon thread. Be aware of other unrelated plugins that can be potentially affected by these configuration changes.

Basic Settings Copied

Basic Settings

port Copied

This setting specifies the UDP port that SNMP traps are received on. (This setting is ignored on the Windows netprobe).

Mandatory: No

Default: 162

streamName Copied

The name of the Geneos stream produced by this plugin. This stream is referenced by the FKM plugin in the file list configuration.

Mandatory: No

Default: TRAPS

translateGenericType Copied

This setting indicates if the genericType in the trap dataview should be translated to human-readable text (instead of numbers) according to descriptions specified in RFC 1157.

Mandatory: No

mibFiles Copied

Additional MIB definitions that the plugin should load before running.

Mandatory: No

customViews Copied

Dataviews to display incoming traps meeting certain user configured criteria.

Mandatory: No

customViews > regexView > regexGroup Copied

Criteria which incoming traps must match to be displayed in the custom view. Specified as a set of matchers, all of which must match for the trap to be displayed.

Mandatory: Yes

customViews > regexView > clearTrapRules Copied

Rules that will automatically remove existing traps from the custom view when given new traps arrive.

Mandatory: No

customViews > regexView > clearTrapRules > incomingMatches Copied

Criteria which incoming traps must match to trigger the clearing rule. Specified as a set of matchers. An incoming trap must match all of the criteria defined to trigger the rule.

Mandatory: Yes

customViews > regexView > clearTrapRules > clearMatchGroups Copied

Specifies which existing traps to remove if this clearing rule is fired.

Mandatory: Yes

customViews > regexView > clearTrapRules > clearMatchGroups > clearMatchGroup Copied

Criteria that will be used to select which existing traps to remove if this clearing rule is fired. If a trap matches any of the clearMatches specified in the configuration it will be removed.

Mandatory: Yes

customViews > regexView > clearTrapRules > clearMatchGroups > clearMatchGroup > clearMatch Copied

Criteria that will be used to select which existing traps to remove if this clearing rule is fired. Checks each trap against a matcher or by comparing values in a given column with the incoming trap.

If a trap matches all of the matchers and specific vaalues in this part of the configuration it will be removed.

Mandatory: Yes

customViews > regexView > clearTrapRules > clearMatchGroups > clearMatchGroup > clearMatch > match > regex Copied

Matchers that must match for a trap to be removed when the rule fires.

Mandatory: No

customViews > regexView > clearTrapRules > clearMatchGroups > clearMatchGroup > clearMatch > match > columnName Copied

Specific trap variable. If the trap being tested for removal has the same value for this variable as the incoming trap, then it will be removed when the rule fires.

Mandatory: No

customViews > regexView > displayColumns Copied

Specifies which trap variables to display as columns in the dataview.

Mandatory: No

Default: Display columns for all incoming variables (up to 20 new variables)

customViews > regexView > displayColumns > showColumns Copied

A list of trap variable names whose values will be displayed in the dataview.

Note

No other trap variables will be displayed in the dataview with this setting.

Mandatory: No

customViews > regexView > displayColumns > hideColumns Copied

A list of trap variables whose values will not be displayed in the dataview.

Mandatory: No

customViews > regexView > displayColumns > hideColumns > maxAdditionalColumns Copied

The maximum number of new incoming trap variables for which to add columns.

Mandatory: No

Default: 20

customViews > regexView > columnGroups Copied

A list of trap variable names to use for column groupings.

Mandatory: No

customViews > regexView > columnGroups > columnGroup Copied

The trap variable name to use for a column grouping.

Mandatory: No

customViews > regexView > maxRows Copied

The maximum number of traps to display in the dataview.

Mandatory: No

Default: 1000

clearTrapCommands Copied

Custom commands to clear other traps based on the value of a variable in a given trap.

Mandatory: No

clearTrapCommands > clearTrapCommand > customPattern > columnName Copied

The name of the trap variables to test. The value for this variable of the target of the command will be compared against the values in the other traps in the system and if they match they will be removed.

Mandatory: Yes

Advanced settings Copied

Advanced settings

configurationFile Copied

Specifies the file that lists SNMPv3 users. The configuration file adopts the following Net-SNMP configuration file format when setting the SNMPv3 users:


 createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224|default) authpassphrase [(DES|AES|default) [privpassphrase]]
usmUser <system generated user credentials>

By default, no configuration file is specified, thus SNMPv3 traps are ignored and a LOG message is displayed.

If the configuration file is modified, you must restart the Netprobe.

Note

If the Trapmon and Mibmon plugins are running under the same Netprobe and they have the same username or security name, then the Mibmon plugin overwrites the users configured for the Trapmon plugin. It is recommended to use different username for querying Mibs, and for sending and receiving Traps.

Mandatory: No

["Geneos"] ["Geneos > Netprobe"] ["User Guide"]

Was this topic helpful?