SNMP Trap Sender
Posted: Wed Jun 19, 2019 3:16 am
I have service checks that have been set up in Nagios XI 5.4.12. We are using snmp trap sender component in Nagios XI 5.4.12 to send traps to a 3rd party snmp trap receiver. We set the snmp trap sender to only send critical alerts. We DO NOT have any contacts or notifications setup in our Nagios XI. All notifications are reliant on the traps sent out by the SNMP trap sender to the 3rd party snmp receiver who will that translate each trap they received into an incident ticket.
The issue we encounter is that the snmp trap receiver is receiving too many trap messages from the same service which translates into multiple incident tickets for the same issue. We would like to find out how we can fine tune the number of alerts sent out via the snmp trap sender.
Check settings scenario :
Check Interval: 2m
Retry Interval: 1m
Number of Retries: 5
1.01 Nagios checks service, service is OK, next check is 1.03, attempt 1/5
1.03 Nagios checks service, service is OK, next check is 1.05, attempt 1/5
1.03.30 service breaks somehow, Nagios does not know about it yet
1.05 Nagios checks service, detects thresholds have been tiggered, SOFT state, NEXT check 1.06, attempt 1/5
1.06 Nagios checks service, thresholds still tiggered, SOFT state, NEXT check 1.07, attempt 2/5
1.07 Nagios checks service, thresholds still tiggered, SOFT state, NEXT check 1.08, attempt 3/5
1.08 Nagios checks service, thresholds still tiggered, SOFT state, NEXT check 1.09, attempt 4/5
1.09 Nagios checks service, thresholds still tiggered, HARD state, notifications sent, NEXT check 1.10, attempt 5/5
I have some questions based on the above scenario and settings
1. at which point will an alert be sent through snmp trap sender? Is it at all points starting from 1.05?
2. what happen after 1.10? does it repeat the cycle from 1.01 again?
3. If the user acknowledge the issue under service management, what will be the expected behaviour?
4. What setting should we change to minimise the number of snmp trap alerts being sent over to the snmp trap receiver?
5. Does snmp trap sender send alerts to snmp receiver based on soft / hard state or based on every check that takes place that return a critical state (regardless of hard / soft)?
6. I have a very big confusion over notifications and alerts thus appreciate if you can explain as clearly as possible
Thanks!
The issue we encounter is that the snmp trap receiver is receiving too many trap messages from the same service which translates into multiple incident tickets for the same issue. We would like to find out how we can fine tune the number of alerts sent out via the snmp trap sender.
Check settings scenario :
Check Interval: 2m
Retry Interval: 1m
Number of Retries: 5
1.01 Nagios checks service, service is OK, next check is 1.03, attempt 1/5
1.03 Nagios checks service, service is OK, next check is 1.05, attempt 1/5
1.03.30 service breaks somehow, Nagios does not know about it yet
1.05 Nagios checks service, detects thresholds have been tiggered, SOFT state, NEXT check 1.06, attempt 1/5
1.06 Nagios checks service, thresholds still tiggered, SOFT state, NEXT check 1.07, attempt 2/5
1.07 Nagios checks service, thresholds still tiggered, SOFT state, NEXT check 1.08, attempt 3/5
1.08 Nagios checks service, thresholds still tiggered, SOFT state, NEXT check 1.09, attempt 4/5
1.09 Nagios checks service, thresholds still tiggered, HARD state, notifications sent, NEXT check 1.10, attempt 5/5
I have some questions based on the above scenario and settings
1. at which point will an alert be sent through snmp trap sender? Is it at all points starting from 1.05?
2. what happen after 1.10? does it repeat the cycle from 1.01 again?
3. If the user acknowledge the issue under service management, what will be the expected behaviour?
4. What setting should we change to minimise the number of snmp trap alerts being sent over to the snmp trap receiver?
5. Does snmp trap sender send alerts to snmp receiver based on soft / hard state or based on every check that takes place that return a critical state (regardless of hard / soft)?
6. I have a very big confusion over notifications and alerts thus appreciate if you can explain as clearly as possible
Thanks!