Page 1 of 2
SNMP Traps best practices
Posted: Thu Jun 13, 2013 1:30 pm
by BanditBBS
Ok, so I have had traps up and working for a while now. I would love to be using NSTI(trying to get help in NSTI forums) but even with or without that I have a question or two. What is the best practices setup for the trap service?
1.) Should it be set to volatile? Will this make it alert on every subsequent trap received regardless of if the state changed or not?
2.) How can I make it alert even on Normal/Ok traps?
Thanks
Re: SNMP Traps best practices
Posted: Thu Jun 13, 2013 4:22 pm
by sreinhardt
It really depends on what you wish to see and be notified for. In your case it seems that volatile would be a good option if you wish to have every message even repeats sent, or in the case of an already critical alert and another comes in to have that sent. However this can get overwhelming. As for OK states, you could likely do it one of two ways. Either change the snmptrapd severity and force it to be a warning or critical. Otherwise I would think alerting on recovery "should" alert on an OK state as well, volatile may help too.
Note I have not tested these settings, just how I would expect it to work. My thinking may certainly be flawed!
Re: SNMP Traps best practices
Posted: Thu Jun 13, 2013 5:46 pm
by BanditBBS
sreinhardt wrote:Note I have not tested these settings, just how I would expect it to work. My thinking may certainly be flawed!
I'll test and will report back.
Re: SNMP Traps best practices
Posted: Thu Jun 13, 2013 10:50 pm
by sreinhardt
Sounds great, I'm kind of excited to see how this works!.... hmm is that a bad thing that I'm excited about snmp traps?
Re: SNMP Traps best practices
Posted: Fri Jun 14, 2013 9:10 am
by BanditBBS
sreinhardt wrote:Sounds great, I'm kind of excited to see how this works!.... hmm is that a bad thing that I'm excited about snmp traps?
No, glad someone else is
Back on topic, I set the service to volatile, checked all notification options and even set it to stalk. None of the OK or Normal traps are being alerted and none are being logged either, which I thought would happen at least with the stalking on.
Re: SNMP Traps best practices
Posted: Fri Jun 14, 2013 12:06 pm
by sreinhardt
Talking with our good buddy nscott. He confirmed that the basic idea should work. Setting notify on recovery(among other things), volatile, and 0 notification delay.... However if you are not seeing them get logged into XI it is more likely an issue with snmptt. Have you verified that there is nothing new in the unknown log and that the snmptt configuration has the correct oid? Essentially anything that it knows about ok, normal, warning, or critical should get logged in xi without any exceptions.
Re: SNMP Traps best practices
Posted: Mon Jun 17, 2013 11:48 am
by BanditBBS
They are all appearing in the event log. I don't know what I was talking about in my last post. However, with the settings discussed, none are alerting the assigned contacts. The only time an OK gets alerted is if the service was in a warning or critical state before receiving the OK.
Re: SNMP Traps best practices
Posted: Mon Jun 17, 2013 1:10 pm
by abrist
Are you set to be notified about "recovery" states? If the service is set to volatile, my understanding is that every check is treated as a state change. Alternatively, you could set the service to volatile and create an event handler that notifies the relevant contacts. As event handlers run at every state change, volatile will force the event handler every time a trap is received.
Re: SNMP Traps best practices
Posted: Mon Jun 17, 2013 3:10 pm
by BanditBBS
abrist wrote:Are you set to be notified about "recovery" states? If the service is set to volatile, my understanding is that every check is treated as a state change. Alternatively, you could set the service to volatile and create an event handler that notifies the relevant contacts. As event handlers run at every state change, volatile will force the event handler every time a trap is received.
Yep, my account has all alerts enabled except downtime alerts. Here is the service configuration file:
Code: Select all
define service {
host_name 10.250.254.112
service_description SNMP Traps
use xiwizard_snmptrap_service
is_volatile 1
max_check_attempts 1
check_interval 1
retry_interval 1
check_period xi_timeperiod_24x7
notification_interval 1
first_notification_delay 0
notification_period xi_timeperiod_24x7
notification_options w,c,u,r,f,s,
notifications_enabled 1
contacts clarkj
stalking_options o,w,c,u,
icon_image snmptrap.png
_xiwizard snmp_trap
register 1
}
Re: SNMP Traps best practices
Posted: Mon Jun 17, 2013 4:07 pm
by sreinhardt
You generally have a good handle on whats going on around here, so I'm just going to throw this out there on the off chance it was overlooked. While your service has notify for everything, does your contact also? Could be that its just getting restricted there.. but again I would think you covered that already.