Nagios Support Forum

Good afternoon,

We're investigating the feasibility of using Nagios to replace some existing monitoring tools. A lot of our monitoring is based upon the receipt and processing of SNMP traps and we have some specific requirements around this which we are evaluating.

Is there any way we can create a view where we can see all alerts created from SNMP traps (not SNMP Trap service affecting alerts) for all devices in one place? If so, can we manage those alerts independently (acknowledge, clear...)? Or is it the case that we need to observe the SNMP Trap services changing state, then drill into those to find out the details of the trap(s) that caused the service degradation?

An example would be we have two devices, router1 and switch1. Gi0/1 is down on router1. Gi0/2 is down and fan 1 has failed on switch1. We receive traps for all 3 faults, and generate alerts for all 3. Can we see all three of these alerts in one place (table?) in Nagios XI?

Regards,
Neville

Hello @nevillestyles

Thanks for reaching out, sounds like you would like to group things for more organized and accurate alerting.

Take a look at the Nagios Business Process Intelligence (BPI) presents ways to group services, hosts, and or host groups.

https://assets.nagios.com/downloads/nagiosxi/docs/Using_Nagios_BPI_v2.pdf

Thanks,
Perry

Hi Perry,

Thanks for getting back to me. This isn't quite what I am after, however this does address another requirement we have so is very useful thank you.

I might be finding it difficult to articulate what we are looking for but I'll try again with a simpler example. Say we have a device which experiences a fan failure. This will result in an SNMP trap being sent into Nagios, which we process. This affects the condition of the SNMP Trap service on the device and turns it critical. If we look at the Operations Screen, we see this:



If that device experiences a second, unrelated problem, for example a power supply failure, another trap will be sent and the view will be updated to:



The original fault is no longer visible to the operator.

We'd like to be able to see both of these alerts in a view like this so we can deal with them separately. We want to be able to see them both, and acknowledge/clear them independently of one another.

Is this possible?

Regards,
Neville

You should be able to view the historical SNMP traps in Admin > SNMP Trap Interface. You should also be able to see them in the State History report as long as you have State Stalking enabled:

https://assets.nagios.com/downloads/nag ... lking.html

For the most part with SNMP Traps, keeping an on on the notifications is recommended for exactly this scenario.

Thanks for the guidance on using State Stalking. That would satisfy part of our requirement but I still envisage scenarios where events would be missed; it's not feasible for our operators to monitor the state history on multiple SNMP Trap services (we'd potentially have SNMP Trap services on hundreds of hosts). Nor would we expect them to monitor them through the SNMP Trap Interface as we'd not allow them administrative access to Nagios.

Our other concern is that we are unable to interact with the events individually. For example if a device suffers two faults, we'd like to be able to handle the faults separately (acknowledge, clear, raise tickets...). My understanding is that this wouldn't be possible out of the box, as there is effectively only one event on an SNMP Trap service at any time.

I understand why we are seeing this behaviour; it's because of the host/service architecture which works perfectly well for all other scenarios we've tested so far, but it doesn't seem to work for SNMP traps (for us at least).

Is there no way to display events from SNMP traps individually and for all hosts at once?

Many thanks,
Neville

You can view historic SNMP traps in Admin > SNMP Trap Interface.

With SNMP traps going to a single service description watching the notifications or state history is critical because different traps going into the same service will cause this type of scenario.

The only way to have them show up separately would be to create separate services for each trap definition so that different types of traps would not interfere with the others.

You can edit the different trap definitions in Admin > SNMP Trap Interface > Defined Traps and set the Service Description to a different service and then those traps will show up on those new services (or in Admin > Unconfigured Objects if you didn't preemptively create them).

Thanks very much, that's an interesting solution which might suit us perfectly. Is there a limit on the number of services on each host? Or a limit on the number of services in total?

Currently there are no per-host service limits or total number of service limits (other than what your system specs and the architecture can handle), it is licensed per node which directly translates into the number of hosts in XI.

The SNMP Trap Interface requires the Enterprise License add-on:

https://www.nagios.com/products/nagios- ... omparison/

See here for more information:

https://assets.nagios.com/downloads/nag ... h-NXTI.pdf