SNMP Traps are unsolicited SNMP information packets sent from any SNMP-compliant device to an SNMP manager such as Argent.

Traps can be sent for many reasons, such as hard drive failures, cooling fans that aren’t spinning at the right speed (or spinning at all), network interfaces suddenly dropping, or even for simple informational reasons like the SNMP service starting.

SNMP Rules are run in Relators at scheduled intervals, so something like a fan problem that comes and goes quickly might not be noticed. On the other hand, if the device sends an SNMP Trap that the fan isn’t running right, Argent can notify you immediately.

The Argent’s SNMP Trap Monitor definitions are sort of like Relators. You configure Argent to listen for specific traps, even for specific information within a trap, and which alerts to fire if that trap arrives. If a trap that arrives matches an SNMP Trap Monitor definition that’s in Production Mode, the selected alerts are fired.

The Argent for SNMP comes equipped with a large number of pre-defined SNMP Trap Monitor definitions for a wide variety of devices.

Basic Tab

Trap Enterprise OID List

Whenever an SNMP Trap is sent, it includes an Enterprise OID. This is includes the manufacturer ID, and maybe even a particular class or section of traps related to the sending application.

For example, if a server running Dell OpenManage detects a power supply failure, it can send a trap to Argent. The Enterprise OID will start with “.1.3.6.1.4.1.674.10892.1“. In this example, “674” is Dell’s manufacturer ID, and “10892” is part of OpenManage.

Note: While some of the pre-built SNMP Trap Monitor definitions include an asterisk at the end of the Enterprise OID List, it is not necessary.

Trap SNMP Filter

In order to differentiate between, say, a trap indicating a power supply failure and a trap showing that a fan was inserted, we need to get a little more specific. Otherwise, any trap with a specified Enterprise OID would create the same alert.

To define the filer, click the Insert button and select or enter the appropriate information. Traps can be filtered by specific trap types (such as trap number 1354), the contents of the trap message body (such as “fan failed”), or by a Variable OID appearing in the trap message body.

Alerts To Fire (In The Following Order)

In this section, you specify the alerts to be fired when the SNMP trap is received. Any alerts defined within Argent can be selected. If multiple alerts are selected, they will be fired in the order specified.

Console Comment

The Console Comment field is very useful for specifying what’s wrong, such as “fan failed”. The information entered here appears in the events created from this SNMP Trap Monitor definition, and can be included in alerts, as well.

Application Name

This field is where you define the name of the application the trap came from, such as “OpenManage”.

Include The Description Of for SNMP In Event Detail

If this box is selected, the contents of the Description tab are included in the detail of the event. This can further enhance the level of detail provided when a trap is received.

Relator’s Level Displayed On Console

These four radio buttons — Critical, Medium, Low, and Custom Text — allow you to define just how important the trap is. A trap indicating a hard drive failure, for example, usually indicates a critical event. On the other hand, a trap fired off because the SNMP service started is probably of low importance.

Advanced Tab

Alert Escalation Plan

Instead of either alerting everyone in the organization about an SNMP trap when it arrives, you can alert the appropriate staff first, and escalate only if the event isn’t resolved in a timely fashion. Use the Alert Escalation Plan feature to control when escalations are fired off.

Condition Is Corrected If Receiving Trap Matching Following Criteria

In many cases, one SNMP Trap is effectively canceled out by another SNMP Trap. For instance, if the power fails and your UPS kicks on, it could send a trap indicating it’s running on battery power. If this condition were to remain too long, of course, the UPS’s battery would run out and the computers would simply stop completely.

If utility power is restored (hopefully before the battery dies), the UPS could send a trap indicating as such. You can configure Argent to mark the event generated by the “on battery” trap when the “back on normal power” trap comes through. Select the Condition Is Corrected If Receiving Trap Matching Following Criteria box, then define the Trap Enterprise OID List and Trap SNMP Filter sections in the same way you did on the Basic tab, but with the settings for the “normal power” trap.

If Condition Is Corrected, Then

If the condition is corrected (the lights went back on, for instance), we can stop any defined escalation sequence, set the event posted to Argent Console as either Answered or Resolved, and fire alerts to indicate the problem has been taken care of.

Whenever an SNMP Trap is sent, it includes an Enterprise OID. This is includes the manufacturer ID, and maybe even a particular class or section of traps related to the sending application.