How to Select an SNMP Trap Management System
Here"s a handy checklist of essential features you should look for in SNMP trap management. Print this checklist out and use it to rate the SNMP trap managers you"re evaluating. If an SNMP trap manager can"t meet these basic requirements, cross it off your list.
- Complete Alarm collection and device management: Don"t settle for a limited SNMP trap management system. Get multi protocol support for every monitoring device in your network in addition to SNMP.
- Alarm presentation and notification: Send detailed alarm descriptions and correction instructions to NOC and field techs via SMS (Mobile phone) notifications and emails. SMS and e-mail notifications let your field techs respond to alarms while they"re still in the field, speeding repairs and reducing windshield time. Look for an SNMP trap manager system with SMS support, which can send detailed alarm notifications to alpha pagers, cell phones, and PDAs.
- Alarm sorting and analysis: Make sense of alarm cascades with automatic intelligent alarm sorting, filtering and processing.
- Maintain a list of standing alarms:
SNMP trap management must maintain a list of standing alarms and not just log newly reported or acknowledged traps. Imagine what would happen to your network if a system operator acknowledged an alarm, and then failed to correct the alarm condition. Who would know the alarm was still standing? No one!
- Detailed, precise alarm descriptions:
SNMP alarm monitoring systems should record the time, location, severity, and a precise description of alarm events
- Nuisance alarm filtering: Even the best NOC staff stops taking alarms seriously if they"re bombarded with status alerts, oscillating conditions, and unimportant alarms. Look for an SNMP trap manager system that filters these out.
- Alarm sorting: A large, complex network can create a cascade of alarms. Some are unimportant, but others are critical. Look for an SNMP trap manager system that can automatically sort and prioritize this flood of information for you.
- Alarm correction instructions: Detailed instructions included in alarm notifications ensure that system operators, without extra training, will know precisely what to do and who to call if an alarm happens.
NetDecision TrapVision - enterprise class SNMP trap management system
NetDecision TrapVision is an SNMP trap
management and distribution application, which allows users to
receive, visualize and handle SNMP traps in various ways. Due to its
flexible trap handling capabilities, TrapVision can be used
together with other network management applications to provide
distributed and structured trap handling. TrapVision supports
SNMPv1, SNMPv2c and SNMPv3 TRAP messages and SNMPv2c and SNMPv3
The TrapVision is incredibly powerful fault manager and offers many features not found in even the top Fault Management solutions. The NetDecision TrapVision offers an easy way to view traps, alarms/alerts, and faults on local or remote machines. Because TrapVision can run as a service, there is no need to administer the console locally, so an engineer can make changes or review alams remotely using NetDecision Anywhere Launchpad. The system has been designed for a variety of uses, including:
- Fully Featured Fault Management Solution
- Trap Forwarding (Single or Multiple hosts)
- Trap Collection and Storage
- Comprehensive Trap Console
- Debugging of SNMP Traps
TrapVision is capable of handling thousands of traps each second and storing millions of alarms. Not only can it receive traps but it can also send snmp traps from the trap console.
The picture below demonstrates the conceptual architecture of the TrapVision
Main window displays details of each received SNMP Trap. The user can customize the appearance of Trap table by hiding columns and changing columns order.
The following is a brief list of the main features in NetDecision TrapVision.
- TrapVision can receive SNMPv1, SNMPv2c and SNMPv3 TRAP notification messages and SNMPv2c and SNMPv3 INFORM notification messages;
- The TrapVision main window acts as console viewer displaying real-time information about received traps;
- TrapVision allows the user to assign severity levels and colors to SNMP traps in order to indicate their importance and provide a better overview of received SNMP notifications displayed in the main window.
- TrapVision allows the user to create filtering and processing rules based on originator IP address, Enterprise ID, variable values;
- TrapVision provides a set of preconfigured Trap handlers enabling the following actions to be automatically executed upon trap receiving:
- forward Trap to one or more destinations (each specified by IP address and port);
- send e-mail to one or more recipients;
- log trap data to a log file;
- store trap data in a database via ODBC;
- execute any external application or command;
- enable audible alarm;
- send syslog message to one or more syslog servers;
- create task in MS Outlook;
- send SMS via GSM mobile phone;
- send SMS via SMPP protocol;
- place voice or chat message via skype;
- speak message using Text-To-Speech engine;
- invoke web service;
- write to Windows Event log.
- TrapVision allows the user to create new trap handlers or modify existing ones to implement custom handling procedures;
- TrapVision has built-in PDU tracing functionality which allows the user to catch, decode and view the SNMP data packet elements down to any single detail in decoded ASN.1 tree;
- TrapVision allows the user to create and view web reports (integration with NetDecision Anywhere Launchpad);
- TrapVision can be managed remotely using NetDecision Anywhere Launchpad;
- Quick Reports window provides user with a simple pie chart representing a summary information about traps currently listed in the main view;
- TrapVision automatically clears aged (outdated) traps based on user defined rules;
- TrapVision resolves IP addresses using DNS;
- TrapVision supports automatic acknowledgement of traps;
- TrapVision allows the user to sort and group traps;
- TrapVision supports technical outages (maintenance mode);
- TrapVision supports deduplication of SNMP traps;
- TrapVision supports DISPLAY-HINT value formatting (defined in RFC1903);
- TrapVision supports tagging of SNMP traps for better grouping/sorting;
- Runs as a windows service, maximizing uptime;
- Client/Server Architecture;
- Built-in performance monitor;
- TrapVision allows the user to assign troubleshooting information for incoming SNMP notifications;
- TrapVision allows the user to configure and execute custom tools to manage remote devices (like ssh and telnet clients, etc);
- Accepts Secure SNMPv3 Notifications;
- Alerting and Notification;
- Variety of display options;
- Highly Customizable.
Due to its unique trap handling capability, TrapVision is an ideal tool for the first-stage handling of the SNMP trap traffic. TrapVision can manage SNMP traps at remote sites, forwarding only the important traps to the high-level management console application, possibly minimizing the traffic.
Trap handlers in TrapVision can be considered as definitions containing information on how to manage incoming traps. In other words, handlers contain information on what to do when a specified trap arrives.
Trap handlers configuration window:
Each trap handler is a combination of matching Criteria, Filter, Severity modifier and Action.
Defining matching criteria
In order to provide the most flexible logic when analyzing and matching trap data Trap handler is built as multi-level hierarchal structure consisting of unlimited number logical operators and data comparators.
Comparator defines what data parameter of incoming trap must be looked at in order to make a decision what action to perform next.
There are three basic types of comparator defined in TrapVision:
- Originator Address - Compares originator IP address (extracted from SNMP packet) with specified IP address;
- Trap Object Identifier - Compares trap OID with specified OID (can be selected from the MIB tree);
- Trap Variable - With this type of comparator you must specify exact variable OID. If such OID is present in received SNMP trap packet it"s value will be compared with specified value.
Logical operator can be either "OR" or "AND". Using operators allows having complex matching criteria. For example if desired criteria consists of two required conditions that have to be TRUE in order to perform an action, you must create two different comparators and join them together using AND operator.
Based on the result of logical comparison (matched or not) the trap can be either rejected or passed. If trap is passed it will not appear in the trap list window but corresponding record (about trap being rejected) would be added to the application log. Even if a trap is rejected it is still possible to execute Handler Action in order to have more handling options.
Trap severity identifies the level of importance that can be associated with specific trap. TrapVision provides six severity levels:
- MAINTENANCE - The entity is currently in maintenance mode, all events must be ignored;
- NOSEVERITY - The entity status is OK;
- INFORMATIONAL - Informational message;
- MINOR - Trouble that does not have a serious effect on service, or that occurs in functions or components that are not essential for providing service;
- MAJOR - Serious disruption of service or the malfunctioning or failure of important functions or components. Less immediate or impending effect on system performance than Critical;
- CRITICAL - Severe, service-affecting condition requiring immediate corrective action.
By default (if no trap handlers defined) TrapVision assigns severity NOSEVERITY to all incoming traps. In order to assign different severity to a trap it must be specified in trap handler configuration. The trap severity is changed ONLY if logical comparison matched and filter value is "Pass".
The user is able to specify severity description in trap handler in order to provide more specific information to the operator on trap details and/or possible actions.
An action in TrapVision is performed by NetDecision script. Trap handler configuration includes specifying script template to be used as action executer. Specific handler parameters are being passed to a script at runtime as script variables. These variables can be easily addressed within a script by name.
Specifies the lifespan of SNMP Notification in the datastore (internal + ODBC database if Database Handler is used). SNMP Notification will be deleted if the attribute "Receive Time" of the notification/trap is older than this value in the datastore. This value has an impact on the amount of storage required and affects system performance.
Use Interval parameter to specify lifespan.
You can also define whether you need (or don"t need) to execute action for aged traps by using Execute Delete Action option. Please note that Action execution significantly affects application performance.
This option automatically acknowledges trap.
In certain cases, specific devices and applications may generate repeatedly a set of identical and relevant SNMP traps. In some cases it is required to react only to the first trap out of this series of traps, and filter the rest of incoming traps out in order to prevent the execution of identical operations.
With "deduplication" enabled, TrapVision reacts, performing the displayed rule if enabled, only to the first received trap.
The deduplication for particular trap is performed within specified time interval.
The ignored incoming traps which belong to the same bucket are counted. This counter is displayed in Trap List in each row.
Troubleshooting SNMP traps
TrapVision allows the administrator/user to specify the detailed instructions included in alarm notifications ensure that system operators, without extra training, will know precisely what to do and who to call/contact if an alarm happens.
The troubleshooting information includes:
- Linked Document - any document (doc, docx, pdf, html) that contains detailed troubleshooting instructions;
- Instructions - troubleshooting instructions;
- Contact Name - the person to contact;
- Contact Email - email address of contact person;
- Conact Work Phone - work phone of contact person;
- Contact Mobile Phone - mobile phone of contact person;
- Contact Skype ID - skypeID of contact person;
- Linked Trouble Ticket ID/URL - trouble ticket linked to the problem.
In TrapVision the user is able to assign troubleshooting information manually or automatically.
The automatic troubleshooting information assignment is implemented via standard Trap handling mechanism.
Tags are words or phrases that you can assign to SNMP traps to help you organize them (sorting and grouping). In addition, tags you assign to SNMP traps will also be available for reuse. TrapVision provides Tags Library that stores all user-defined tags.