SNMP Trap

The SNMP Trap alert sends an SNMP trap to the specified SNMP manager. Its function is to send the alert text to an SNMP manager where it is analyzed by string pattern matching rules, and then reported and recorded by your existing network management software.

The SNMP Trap alert sends an SNMP trap to any SNMP management application. The alert supports ipMonitor alert tokens, as well as enterprise-specific and generic trap types such as Cold Start, Warm Start, Link Down, and so on.

Use the SNMP Trap monitor to:

  • Integrate ipMonitor into any existing network management software in your organization.
  • Send custom failure notifications, recovery notification, and information messages using text and ipMonitor alert tokens.

Create an SNMP Trap monitor

  1. Click Devices in the toolbar.
  2. Locate and click the targeted device you want to monitor.
  3. In the toolbar, click Add > Add New Monitor.

  4. In the Select Monitor menu, click SNMP Trap.
  5. Under Identification, enter information about the monitor.

    1. Enter a name in the Monitor Name field using up to 64 characters. This name will appear in the monitor list, monitor status, log files, and your reports.

      You can change this name later, if necessary. ipMonitor does not use this field to internally identify this monitor.

    2. Select Enabled to enable the monitor.

      When enabled, the monitor tests the specified resource using the settings you enter under Test Parameters. You can disable the monitor later if required.

  6. Under Trap Filtering, enter information about the SNMP trap.

    1. Click the SNMP Version drop-down menu and select the version of the incoming SNMP trap.
    2. Enter a community string, such a private (read-write) or public (read-only).

      The SNMP Community string acts like an SNMP password. When ipMonitor receives a trap from an agent, it includes the SNMP Community string. If both ipMonitor and the agent use this same read-only string, ipMonitor continues its trap filtering and moves to the IP Range test.

      Some SNMP agents allow you to use non-default community strings. This can improve the SNMP security model, often in conjunction with a non-standard SNMP port.

    3. Under Allowed IP Address Range, enter an IP address range or a single IP address.

      To enter a range, enter the start and end IP address range that the SNMP traps will accept. To enter a single IP address, enter the same start and end IP address in both fields.

    4. Select the checkbox to use the IP address specified by the agent in the incoming trap packet to validate the IP address range. Leave this checkbox blank to use the IP address specified in the IP header.
    5. Click the Generic Type drop-down menu and select an option.

      Option Action
      Any Accept all trap types.
      coldStart The sending protocol entity is reinitializing itself so the agent's configuration or protocol entity implementation can be altered.
      warmStart The sending protocol entity is reinitializing itself so the agent configuration or the protocol entity implementation is not altered.
      linkDown The sending protocol entity recognizes a failure in one of the communication links represented in the agent's configuration.
      linkUp The sending protocol entity recognizes that one of the communication links represented in the agent's configuration is now up.
      authentication-Failure The sending protocol entity is the addressee of a protocol message that is not properly authenticated.
      egpNeighborLoss An EGP neighbor for whom the sending protocol entity was an EGP peer is marked down, and the peer relationship no longer exists.
      enterprise-Specific The sending protocol entity recognizes that some enterprise-specific event occurred. The specific-trap field identifies the particular trap that occurred.
    6. Enter the Enterprise OID that identifies the network management subsystem that generated the SNMP trap. To specify an OID Prefix, use an asterisk. For example:

      1.3.6.1.4.1*

      In this example, if the agent IP address is within the trap monitor's allowable range, all Enterprise OIDs sent by an SNMP agents are evaluated.

      Click Get Info to query the SNMP database for details regarding the specified Enterprise OID.

  7. Under Analysis of Test Results, click Enable to configure ipMonitor to examine the variable bindings of the incoming trap. This determines if an alert will be generated. If disabled, an alert is generated only if the incoming trap meets the criteria defined by the trap filter settings. You cannot use information alerts to locate specific information within the trap bindings.

    After you click Enable, you can select two match types: 

    • Prefix Match - Filters more than one variable binding (typically all). Enter up to a certain point in the Object ID, after which anything will be accepted.
    • Exact Match - Isolates a specific OID within the variable bindings.

    Variable bindings can contain several different OIDs. The Variable to analyze (by OID) options allow you to select the specific OID(s) that you want to filter for information.

    The variable bindings data type controls how the SNMP Trap QA Monitor analyzes the variable object. The SNMP Trap QA Monitor can perform two types of comparison: text and numeric.

    If you select text, the option is Variable will. This option instructs the monitor to operate on a string value. You can create a regular expression using the Regex Wizard, enter a regular expression to match (RegEx match), or enter a regular expression not to match (RegEx non-match).

    If you select numeric, the option is Variable is. This option instructs the monitor to operate on numeric values.

  8. Under Notification Control, click the Content Generator drop-down menu and select an option.

    The specified content will be applied to each incoming SNMP trap and passed along to each processed action.

  9. Click OK.

Set up trap listening

SNMP trap listening is disabled by default to ensure that ipMonitor does not conflict with your existing network management software. You can enable this feature in the ipMonitor configuration program.

  1. Log in to the server hosting ipMonitor.
  2. Click Start > SolarWinds ipMonitor > ipMonitor Configuration Program.
  3. Click Communications: Web Server Ports.
  4. Enable an SNMP trap listener.

    1. Select the Enabled checkbox to active the drop-down menus.
    2. Click the IP address drop-down menu and select a listening IP address port. Ensure that the IP address is not used by any other server application.
    3. Click the Port (UDP) drop-down menu and select a port for all SNMP trap QA monitors. Ensure that the port is not used by any other server application.

      Any agent configured to send traps to ipMonitor must use this same IP address and port combination.

    4. Click OK.

Resolve SNMP trap listener conflicts

When you enable the Windows SNMP Trap Service on the ipMonitor host system, it may conflict with the ipMonitor Trap Service (based on your configuration parameters.

The Windows SNMP Trap Service is configured to listen for all inbound traps on IP address 0.0.0.0 port 162. ipMonitor uses the same default settings for its SNMP trap listener. A conflict can occur because only one SNMP trap listener can be bound to port 162 at a time.

To resolve this issue, disable the Windows SNMP Trap Service from the Windows Control Panel > Services interface. In most situations, this configuration will not present any problems unless you installed ipMonitor on the host system as another SNMP solution that requires the Windows SNMP Trap Service.

You can also modify the ipMonitor SNMP port to an unused port. In this configuration, you must modify the outbound port for any SNMP agents that send traps to ipMonitor.

Set up trap filters

You can set up trap filters by configuring an SNMP trap monitor with filters for specific values. Send one SNMP trap from the problem device and then open the snmptrap.log file located at \ipmonitor\logs. This log includes the following SNMP traps:

  • Accepted: The values match the criteria of one or more SNMP trap monitors
  • Refused: The values did not match the criteria of any SNMP trap monitors

Locate the trap that was sent by the device and use its values to configure the monitor.

After you create and configure the monitor, send one more trap from the device. Ensure that the trap is marked as Accepted in the snmptrap.log file.