How to Select an SNMP Trap Management System
Here"s a handy checklist of essential features you should look for in SNMP trap management. Print this checklist out and use it to rate the SNMP trap managers you"re evaluating. If an SNMP trap manager can"t meet these basic requirements, cross it off your list.
NetDecision TrapVision - enterprise class SNMP trap management system
NetDecision TrapVision is an SNMP trap management and distribution application, which allows users to receive, visualize and handle SNMP traps in various ways. Due to its flexible trap handling capabilities, TrapVision can be used together with other network management applications to provide distributed and structured trap handling. TrapVision supports SNMPv1, SNMPv2c and SNMPv3 TRAP messages and SNMPv2c and SNMPv3 INFORMs.
The TrapVision is incredibly powerful fault manager and offers many features not found in even the top Fault Management solutions. The NetDecision TrapVision offers an easy way to view traps, alarms/alerts, and faults on local or remote machines. Because TrapVision can run as a service, there is no need to administer the console locally, so an engineer can make changes or review alams remotely using NetDecision Anywhere Launchpad. The system has been designed for a variety of uses, including:
TrapVision is capable of handling thousands of traps each second and storing millions of alarms. Not only can it receive traps but it can also send snmp traps from the trap console.
The picture below demonstrates the conceptual architecture of the TrapVision
Main window displays details of each received SNMP Trap. The user can customize the appearance of Trap table by hiding columns and changing columns order.
The following is a brief list of the main features in NetDecision TrapVision.
Due to its unique trap handling capability, TrapVision is an ideal tool for the first-stage handling of the SNMP trap traffic. TrapVision can manage SNMP traps at remote sites, forwarding only the important traps to the high-level management console application, possibly minimizing the traffic.
Trap handlers in TrapVision can be considered as definitions containing information on how to manage incoming traps. In other words, handlers contain information on what to do when a specified trap arrives.
Trap handlers configuration window:
Each trap handler is a combination of matching Criteria, Filter, Severity modifier and Action.
Defining matching criteria
In order to provide the most flexible logic when analyzing and matching trap data Trap handler is built as multi-level hierarchal structure consisting of unlimited number logical operators and data comparators.
Comparator defines what data parameter of incoming trap must be looked at in order to make a decision what action to perform next.
There are three basic types of comparator defined in TrapVision:
Logical operator can be either "OR" or "AND". Using operators allows having complex matching criteria. For example if desired criteria consists of two required conditions that have to be TRUE in order to perform an action, you must create two different comparators and join them together using AND operator.
Based on the result of logical comparison (matched or not) the trap can be either rejected or passed. If trap is passed it will not appear in the trap list window but corresponding record (about trap being rejected) would be added to the application log. Even if a trap is rejected it is still possible to execute Handler Action in order to have more handling options.
Trap severity identifies the level of importance that can be associated with specific trap. TrapVision provides six severity levels:
By default (if no trap handlers defined) TrapVision assigns severity NOSEVERITY to all incoming traps. In order to assign different severity to a trap it must be specified in trap handler configuration. The trap severity is changed ONLY if logical comparison matched and filter value is "Pass".
The user is able to specify severity description in trap handler in order to provide more specific information to the operator on trap details and/or possible actions.
ActionAn action in TrapVision is performed by NetDecision script. Trap handler configuration includes specifying script template to be used as action executer. Specific handler parameters are being passed to a script at runtime as script variables. These variables can be easily addressed within a script by name.
Specifies the lifespan of SNMP Notification in the datastore (internal + ODBC database if Database Handler is used). SNMP Notification will be deleted if the attribute "Receive Time" of the notification/trap is older than this value in the datastore. This value has an impact on the amount of storage required and affects system performance. Use Interval parameter to specify lifespan. You can also define whether you need (or don"t need) to execute action for aged traps by using Execute Delete Action option. Please note that Action execution significantly affects application performance.
This option automatically acknowledges trap.
In certain cases, specific devices and applications may generate repeatedly a set of identical and relevant SNMP traps. In some cases it is required to react only to the first trap out of this series of traps, and filter the rest of incoming traps out in order to prevent the execution of identical operations. With "deduplication" enabled, TrapVision reacts, performing the displayed rule if enabled, only to the first received trap. The deduplication for particular trap is performed within specified time interval. The ignored incoming traps which belong to the same bucket are counted. This counter is displayed in Trap List in each row.
Troubleshooting SNMP traps
TrapVision allows the administrator/user to specify the detailed instructions included in alarm notifications ensure that system operators, without extra training, will know precisely what to do and who to call/contact if an alarm happens.
The troubleshooting information includes:
In TrapVision the user is able to assign troubleshooting information manually or automatically. The automatic troubleshooting information assignment is implemented via standard Trap handling mechanism.
Tags are words or phrases that you can assign to SNMP traps to help you organize them (sorting and grouping). In addition, tags you assign to SNMP traps will also be available for reuse. TrapVision provides Tags Library that stores all user-defined tags.