SNMP Trap Receiver

ProactiveAgents' capability to receive SNMP traps enhances its ability to integrate with other monitoring tools, and augments the existing SNMP monitoring capability of the agents. BMC ProactiveNet Analytics correlates SNMP traps to alarms via probable cause correlation.

SNMP Trap Receiver Monitors are different from most monitors. Unlike the synchronous data poll (of other monitors), these monitors receive and import traps in an asynchronous manner. One monitor instance can be configured for the entire system and run on any agent. However, BMC ProactiveNet Analytics recommends use of the local ProactiveAgent (assuming there is no requirement to receive traps in a different network). Traps are imported into BMC ProactiveNet Analytics system as alarms or events. In both cases, the alarm/event must be closed manually.

Monitored attributes

Traps Received (#) - Number of traps received during the last polling interval. This is just a count; the actual traps are available to the system immediately.

Configuration attributes

Input fields

  • Instance Name - Specify a name for the monitor instance. This is displayed on folders, graphs, lists, etc.
  • Tag - Specify tag value to search or group the objects. You can enter multiple name-value pairs, text, or include both (name-value pair and text). This gives you the option to group objects in different forms. Click the icon + to select a default tag class. The Enter Tag Details screen opens. Select Tag Class from the drop-down list and enter a tag value, click Add to append tag class and value. Click Finish.

The tag specified by you is not considered as a default class. You cannot enter special characters &"/<>' in the tag field.


    • Editing Tag Value on Enter Tag Details screen: Select a tag value and click Edit. Make the necessary modifications in Tag Value text box and click Set to add the changes.
    • Deleting a Tag Value on Enter Tag Details screen: Select a tag value and click Delete, click Yes to delete the tag value.
  • Source Agent - Select the agent that listens for traps.
  • Target IP/Host Name - Specify the name/IP address of the machine from which the traps will be received. This field is used only when Device Association has been activated. This field value is used only when the control attribute Device Associated is activated. BMC ProactiveNet Analytics recommends that the target IP and the IP address of the device where the monitor is being created be the same.
  • Port - Specify the port on which the system receives traps.
  • VarBinds File - Specify the name and location (on ProactiveServer) of the file detailing OID variable binding descriptions. The monitor uploads this file and imports varbind descriptions as events/alarms. Click Load to load the configuration files in the system. Alternatively, click Create/Edit to open the XML editor to create a new trap configuration file or edit an existing one.

System fields

There are no system-populated configuration attributes associated with this monitor.

Control attributes

  • Device Associated - Select/clear check box to associate/disassociate the traps to the device under which the monitor instance is being created. If the option is selected, the monitor instance receives only those traps generated by the device under which it is created. The received traps appear as alarms in the Device/Group/Service Matrix in the User Console.
    If this option is not selected, the monitor instance receives and processes SNMP traps from all devices. The received traps are displayed as external alarms in the User Console.
  • Collect Data - Select/clear check box to enable/disable data collection for the monitored component. By default, data collection is enabled (check box selected).
  • Statistics Poll Interval - Specify the time interval between two consecutive Statistical data polls. Default is 15 minutes.

Group tab

This allows you to add a device and its monitors to one or more groups. Optionally, you may associate the device with a group. A group is used to logically organize the devices and monitors by department, geographic area, or service. Assigning a device to a group also allows the system administrator to restrict or allow access to certain devices. To associate the device with a group, select the group name here.

Special notes

  • Specific import options for trap are set in the configuration file.
  • A trap filter file can have multiple filter condition sets (displayed as Trap folders in the left pane of the XML Editor). Incoming traps are processed based on the first set of matching filter conditions in the trap filter file.
  • BMC ProactiveNet Analytics deletes all alarms and events after seven days.
  • BMC ProactiveNet Analytics recommends NORMAL as the default severity for all SNMP Traps.
  • To view only device-associated imported alarms in the User Console, select the option Show External Alarms under Options > Operations > Alarm Display Preferences.
  • To view all imported alarms (both device associated and non-device associated) in the All Alarms page of the User Console, set Alarm Type to External Alarms or All Alarms.
  • Statistics poll interval is the interval for recording the trap count and does not affect real-time receipt of traps.
  • 7.0 SP2 agent’s SNMP trap receiver monitor is not compatible with 7.1 or later server version. Alarms are not generated for the traps received from 7.0 SP2 agents.

Device association

Associating a trap with a particular device is referred to as 'Device Association'. If a trap is associated with a device, then such alarms are displayed under Alarm Matrix (Device/Group/Service).

Device association is possible in the following situations:

Enable device associated control attribute

If the Device Associated control attribute is selected when creating a SNMP Trap Receiver monitor, then alarms generated by the monitor instance are displayed as BMC ProactiveNet Analytics Alarms and are always associated with the device under which they are created.

Use this approach when you are receiving traps from a limited number of devices. In such cases, to associate a device, it is recommended that a SNMP Trap Receiver monitor instance be set up under each trap-generating device in the system. However, they can run on the same source agent. BMC ProactiveNet Analytics does not recommend associating devices with instances where a large number of traps are anticipated.

Set device association property value in the trap configuration file

Specify value for the DeviceOID property in the Trap Filter File to add device-level association for the incoming traps. The traps will be displayed under the associated device in the User Console as BMC ProactiveNet Analytics Alarms. If the device is not registered on ProactiveServer, then such alarms are displayed as External Alarms.

Use this approach if traps are sent by third party NNM managers and the trap has associated device details.

Default device association

If an alarm is imported from a SNMP Trap Receiver monitor that does not have the Device Associated option selected, then ProactiveServer checks if the trap-sending device is already registered with it. If it is, then the imported alarm is associated with the device automatically and the alarm is displayed in the User Console as BMC ProactiveNet Analytics Alarm.

Importing consideration

There are two ways of importing SNMP traps as BMC ProactiveNet Analytics Alarms:

  • Associating traps to a device and importing as alarms
  • Receiving traps directly as events

The main consideration in these two options is the specified target IP address. For SNMP traps associated with a device, the target IP relates to the device sending the traps. For traps imported directly as events, the IP address specified relates to the machine receiving the traps.

Auto close/delete imported alarms

By default, imported alarms are closed automatically after 24 hours. The period after which imported alarms must be automatically closed can be set using the property 'pronet.externalalarams.closealarams.timeinterval' in pronet.conf file in <Proactiveinstall>/pw/pronto/conf directory. ProactiveServer must be restarted if this property is changed.

Similarly, by default, imported alarms older than seven days are automatically deleted from BMC ProactiveNet Analytics system. The period after which imported alarms must be automatically deleted can be set using the property 'pronet.importedevents.pruneperiod'. ProactiveServer must be restarted if this property is changed.

Monitor configuration

SNMP Trap Receiver Monitors are different from other BMC ProactiveNet Analytics monitors. Only users with proper knowledge of SNMP traps and MIB definitions should attempt configuring this monitor.

Consider the following when configuring the monitor:

  • It is not a replacement for trap viewer applications.
    Trap viewer applications (like HP-OV, NetCool, etc.) receive and display SNMP traps and can handle large number of traps. On the contrary, this monitor helps users correlate SNMP traps with BMC ProactiveNet Analytics alarms and is not designed to handle large number of traps.
  • Do not import all traps as alarms.
    SNMP devices routinely generate traps, which are of little use in troubleshooting problems, and can affect the system performance (due to large number of alarms). BMC ProactiveNet Analytics provides an extensive filtering mechanism (available through a separate configuration file for this monitor) to filter out routine (unimportant) traps.
  • Accurate configuration is critical for system performance.
    Syntax accuracy is critical; faulty configuration can affect system performance. BMC ProactiveNet Analytics recommends user discretion while creating the configuration file. Do not configure if in doubt.
  • Severity
    Abnormal is the recommended default severity. It produces events that do not require user acknowledgement (unlike alarms, which need user acknowledgment).

Trap generator utility/test SNMP receiver monitor

Once a Trap filter file has been created or edited using XML Editor, use the Trap Generator utility 'send_trap' available with ProactiveServer to test the Trap Filter file. This utility can be used to send both SNMP v1 and SNMP v2 traps.

Steps to test a trap filter file in a nutshell

To test a newly created/edited Trap Filter File:

  1. Create a SNMP Trap Receiver monitor instance on the device hosting ProactiveServer. While creating the monitor instance, select the newly created/edited Trap Filter file as the Varbinds File to be used for filtering incoming traps. Select Device Associated control attribute.
  2. Use any text editor to create a configuration file with necessary SNMP trap details on the device hosting ProactiveServer.
  3. Open a command shell. Source BMC ProactiveNet Analytics environment and execute the trap generator utility.
  4. Check BMC ProactiveNet Analytics User Console to verify whether the trap has been imported as an Alarm.

Create a configuration file with trap details

Before sending a trap, create a configuration file with trap details required to test the trap filter file. Each trap detail must be in a separate line. It is recommended that the trap generator configuration file be created in ‘<Proactive Server Install dir>/pw/pronto/usr_conf/trap_sender’ directory so that the files survive upgrades.

The trap details that can be configured are:

 Option  

 Description  

 v1  

 The SNMP version. To send v2 traps use, v2 or v2c.  

 -d  

 The destination IP address, where the SNMP Trap Receiver monitor listens. Port values are separated by a colon. Default value of port is 162.  

 -c  

 The community name. Default value is public.  

 -o  

 The senderOID/enterprise OID/TrapOID.  

 -i  

 The sender's IP address.  

 -g  

 traptype. For generic trap type, the value can range from 0 to 5. For specific trap type, the value must be 6.  

 -s  

 Specific type (use only when the specific trap type is used in the trap filter file)  

 -v  

 varbind (if any). Each varbind should be in the format <OID TYPE value>, where:  

OID: Object ID of the variable. TYPE: Must be one of the following: STRING, INTEGER, IPADDRESS, OID, TIMETICKS, COUNTER, GAUGE, OPAQUE Value: Value of the OID.

You can find sample trap configuration files in "<ProactiveNet Install dir>/pw/pronto/examples/trap_examples" directory.

Sample trap generator configuration files

Sample File 1 - pronet_test.txt

To simulate a BMC ProactiveNet Analytics trap, the configuration file should be as follows:

-d Texas:165
-o 1.3.6.1.4.1.3287.2.1.1.1
-i Texas
-v 1.3.6.1.4.1.3287.2.1.1.1.9 INTEGER 4
-v 1.3.6.1.4.1.3287.2.1.1.1.11 STRING "ProactiveNet Trap with severity set to Critical"

The above trap generator configuration file sends a SNMP trap to device ‘Texas’ on port 165 with the following details:

Enterprise OID - 1.3.6.1.4.1.3287.2.1.1.1
Trap Sending device - Texas
Variable Binding - 1.3.6.1.4.1.3287.2.1.1.1.9 (indicating severity of trap) set to ‘4’ i.e. Critical
Variable Binding - 1.3.6.1.4.1.3287.2.1.1.1.11 (indicating cause of trap) with a description String.

To test a Trap Filter File it is sufficient to only have the Variable Bindings used in Filter File. For example, BMC ProactiveNet Analytics SNMP Trap has 10 Variable Bindings. But to test pronet_conf.xml, the Trap Filter file that imports BMC ProactiveNet Analytics trap can have only the severity and alarm description Variable Bindings as shown above.

Sample File 2 - netscalar_primary.txt

To generate a Netscalar "changeToPrimary" trap, the configuration file is as follows:

v1
-d 192.168.3.249:162
-c public
-o 1.3.6.1.4.1.5951.1.1
-g 6
-s 1

The above trap generator configuration file would send a SNMP trap to device 192.168.3.249 on port 162 with the following details:

Community string as ‘public’
Enterprise OID as ‘1.3.6.1.4.1.5951.1.1’
Trap type as ‘specific’
Specific Trap Type as ‘1’

Netscalar traps do not have any variable bindings, and traps are to be filtered based on the value of specific trap type.

Invoke Trap Generator utility

The SNMP Trap Generator utility 'send_trap' is located in <ProactiveNet Server install dir>/pw/pronto/bin directory.

Trap Generator utility can be executed by running the following command:

send_trap <path of the configuration file>

Alternatively, you can invoke the utility by executing the runjava tool as follows:

runjava apps.cmd.testtrap.TrapGen -f <path of the configuration file>

Run the command "source <ProactiveNet Home>//pw/pronto/bin/.tmcsh" to reset the path and other environmental variables before executing the trap generator utility.

Check user console for imported alarm

The following diagram illustrates traps displayed as alarms in the User Console.

alarm.PNG

Example to send SNMP trap from one ProactiveNet server to another ProactiveNet server along with device association:

Introduction

Two ProactiveNet Servers running, the first ProactiveNet server is for monitoring servers and their corresponding applications and the other ProactiveNet Server is only for monitoring networking components. In this type of configuration, since the Infrastructure components are split into two ProactiveNet Servers, there is no way to correlate the abnormal behavior of Application with that of the network or server performance with that of the network. For better Probable cause analysis and correlation on the First server (AKA Application ProactiveNet Server), we have made the Second Server (AKA Network ProactiveNet Server) send SNMP traps to the First Server.

You can send SNMP traps from the Proactivenet Server, monitoring Network to the ProactiveNet server, monitoring Applications.

As per the standard configuration and the best practice methods, we have to create a SNMP trap receiver monitor for each of the device sending a trap, with device association. But, creating a trap receiver monitor for more number of devices is a tedious job and can often land in errors. To resolve this you can use Single SNMP Trap Receiver Monitor concept. Single SNMP Trap Receiver Monitor concept will associate the device, help in better Probable cause analysis and correlation.

enterprise management system.PNG

Test scenarios

Test setup

  1. Install two ProactiveNet Servers.
  2. Configure the Network ProactiveNet Server with three different Switches, with only ping monitor in each of them.
  3. Configure the Application ProactiveNet Server with two different Switches without any monitors in them. Let the two switches have the same IP as that of the switches configured in Network ProactiveNet Server.
    Let the Application ProactiveNet Server (SNMP Trap Receiver) Hostname be:
    titas.proactivenet.co.in
    Let the Network ProactiveNet Server (SNMP Trap Sender) Hostname be:
    shyok.proactivenet.co.in
  4. Add an entry in the default pronet.conf for device association for each trap condition. DeviceOID doid="1.3.6.1.4.1.3287.2.1.1.1.6”.
  5. Modify the pronetconf.xml file.
  6. Make sure that there is no other instances of SNMP Trap Receiver monitor available on the Application ProactiveNet Server and create a Single SNMP Trap Receiver monitor on the Local Agent with the Target IP as that of the Network ProactiveNet Server.

Test case for network ProactiveNet server

  1. Create a group with the ping monitors of the switches and change the instant level threshold of these monitors to raise alarms.
  2. A group based, Alarm rule was configured to send SNMP traps to Application ProactiveNet Server on any abnormality with in the group.

Alarms generated on net work ProactiveNet server

network PN server.PNG

Test case for application ProactiveNet server

  1. Generate the External Alarms on the ProactiveNet Server. The Alarms will perform device association for the devices which are available in the Receiving ProactiveNet Server. If there are no device association for the devices which are not in the system. Such monitors will get listed in the All Alarms with no device info.

app PN server.PNG

Test results:

SNMP traps were created under the external Alarms category with device association, except for the devices which were not present in the receiving ProactiveNet Server.

Additional observations:

  • There should be only one SNMP Trap Receiver monitor for receiver traps from another Proactivenet server.
  • The Target IP of the SNMP Trap Receiver monitor should be the IP address of the sending ProactiveNet Server.
  • The device association for SNMP Trap Receiver monitor should be unchecked.
  • A Dummy device should be present in the Receiving Proactivenet Server for proper device association. Please use the “pw dev add <IP ADDRESS> -d “DEVICE TYPE
  • If a device is not present in the receiving ProactiveNet Server, then an external alarm is created with out any device info.
  • Please enable the show external alarm option by logging in to the Web UI -> Options-> Operations.

Setup and dependencies

There are no external setup requirements for this monitor.

External dependencies

There are no external dependencies for this monitor.

ProactiveAgent dependencies

ProactiveAgent installation on the monitored host is not mandatory. Monitor instance can be created on any ProactiveAgent.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*