SNMP Trap Monitor

The SNMP Trap Monitor watches for SNMP Traps received by SiteScope from other devices. The agents for the SNMP enabled devices need to be configured to send traps to the SiteScope server.

Note: To have SiteScope query a specific device for a specific value, use the SNMP Monitor.

Usage Guidelines

The SNMP Trap Monitor is useful for automatically collecting SNMP Traps from other devices. With SiteScope doing this for you at set intervals, you can eliminate the need to check for the SNMP Traps manually. In addition, you can be notified of warning conditions that you might have otherwise been unaware of until something more serious happened. Each time that it runs this monitor, SiteScope checks traps that have been received since the last time it ran.

Note: The SiteScope SNMP Trap Monitor uses port 162 for receiving traps. If another application or process on the machine where SiteScope is running has bound this port, the monitor will report an "Address in use" error and the monitor type will be unavailable. You can resolve this problem by stopping any other service on the SiteScope server that may be bound to port 162. However, you must stop and restart SiteScope to enable SiteScope to bind to port 162.

Completing the SNMP Trap Monitor Form

To display the SNMP Trap Monitor Form, either click the Edit link for an existing SNMP Trap Monitor in a monitor table, or click the add a Monitor link on a group's detail page and click the Add SNMP Trap Monitor link.

Complete the items on the SNMP Trap Monitor Form as follows. When the required items are complete, click the Add Monitor button.

Note: You will also need to configure the network devices to send SNMP Traps to SiteScope. On Windows 2000 systems, this can be configured via the Admninistrative Tools-->Services-->SNMP Service-->Properties-->Traps screen. SNMP agents on UNIX platforms usually require that you edit the configuration files associated with the agent. For an example of working with other devices, see the instructions on the Cisco Web site for SNMP Traps and Cisco Devices

Content Match

Enter the text to look for in SNMP Traps. Regular expressions may also be used in this box.

All of the SNMP Traps received by SiteScope are logged to SiteScope/logs/SNMPTrap.log

For example, the following shows two traps received from one router and another trap received from a second router:

Note: The three examples shown here may wrap across multiple lines to fit on this page. The actual traps may a single extended line for each trap.

09:08:35 09/10/2001 from=router1/10.0.0.133 oid=.1.3.6.1.4.1.11.2.17.1 trap=link down specific=0 traptime=1000134506 community=public agent=router1/10.0.0.133 var1=The interface Serial1 is down 09:08:45 09/10/2001 from=router1/10.0.0.133 oid=.1.3.6.1.4.1.11.2.17.1 trap=link up specific=0 traptime=1000134520 community=public agent=router1/10.0.0.133 var1=The interface Serial1 is up 09:10:55 09/10/2001 from=router2/10.0.0.134 oid=.1.3.6.1.4.1.11.2.17.1 trap=enterprise specific specific=1000 traptime=1000134652 community=public agent=router2/10.0.0.134 var1=CPU usage is above 90%

Run Alert

Select the method for running alerts.

Select "for each event matched" to have the monitor trigger alerts for each and every matching entry found.
Note: When the SNMP Trap Monitor is run with this alert method selected, the monitor will never be displayed as an error or warning status in the SiteScope interface, regardless of the results of the content match. The monitor will trigger alerts if one or more matching entries are found and the Error if or Warning if thresholds are defined accordingly in the Advanced Options section. For example, setting Error if to the default of matchCount > 0.
Select "once, after all events have been checked" to have the monitor count up the number of matches and trigger alerts one time based on the Error if and Warning if thresholds defined for the monitor in the Advanced Options section.
Note:By default, selecting this option will cause SiteScope to send one alert message if one or more matches are found, but the alert will not include any details of the matching entries. To have SiteScope include the matching entries, you must associate the monitor with an alert definition that has the property, <matchDetails> in the alert template. This special template property is used to populate the alert with the details of all the matching entries. You use this for e-mail alerts or other alert types that work with template properties. E-mail alert templates are stored in the SiteScope\templates.mail directory. See the chapter on Custom Alert Templates in the SiteScope Reference Guide for more information about modifying alert templates.

Update every

Select how often the monitor should read the application SNMP Trap. The default interval is to run or update the monitor once every 10 minutes. Use the drop-down list to the right of the text box to specify another update interval in increments of seconds, minutes, hours, or days. The update interval must be 15 seconds or longer.

Title

Enter a title text for this monitor. This text is displayed in the group detail page, in report titles, and other places in the SiteScope interface. If you do not enter a title text, SiteScope will create a title based on the host, server, or URL being monitored.

Advanced Options

The Advanced Options section presents a number of ways to customize monitor behavior and display. Use this section to customize error and warning thresholds, disable the monitor, set monitor-to-monitor dependencies, customize display options, and enter other monitor specific settings required for special infrastructure environments. The options for this monitor type are described below. Complete the entries as needed and click the Add or Update button to save the settings.

Disable

Check this box to temporarily disable this monitor and any associated alerts. To enable the monitor again, clear the box.

Verify Error

Check this box if you want SiteScope to automatically run this monitor again if it detects an error. When an error is detected, the monitor will immediately be scheduled to run again once.

Note: In order to change the run frequency of this monitor when an error is detected, use the Update every (on errors) option below.

Note: The status returned by the Verify Error run of the monitor will replace the status of the originally scheduled run that detected an error. This may cause the loss of important performance data if the data from the verify run is different than the initial error status.

Warning: Use of this option across many monitor instances may result in significant monitoring delays in the case that multiple monitors are rescheduled to verify errors at the same time.

Update Every (on error)

You use this option to set a new monitoring interval for monitors that have registered an error condition. For example, you may want SiteScope to monitor this item every 10 minutes normally, but as often as every 2 minutes if an error has been detected. Note that this increased scheduling will also affect the number of alerts generated by this monitor.

Schedule

By default, SiteScope monitors are enabled every day of the week. You may, however, schedule your monitors to run only on certain days or on a fixed schedule. Click the Edit schedule link to create or edit a monitor schedule. For more information about working with monitor schedules, see the section on Schedule Preferences for Monitoring.

Monitor Description

Enter additional information about this monitor. The Monitor Description can include HTML tags such as the <BR> <HR>, and <B> tags to control display format and style. The description will appear on the Monitor Detail page.

Report Description

Enter an optional description for this monitor that will make it easier to understand what the monitor does. For example, network traffic or main server response time. This description will be displayed on with each bar chart and graph in Management Reports and appended to the tool-tip displayed when you pass the mouse cursor over the status icon for this monitor on the monitor detail page.

Depends On

To make the running of this monitor dependent on the status of another monitor or monitor group, use the drop-down list to select the monitor on which this monitor is dependent. Select None to remove any dependency.

Depends Condition

If you choose to make the running of this monitor dependent on the status of another monitor, select the status condition that the other monitor or monitor group should have in order for the current monitor to run normally. The current monitor will be run normally as long as the monitor on which it depends reports the condition selected in this option.

List Order

By default, new monitors are listed last on the Monitor Detail page. You may use this drop-down list to choose a different placement for this monitor.

Error if

Set an error threshold for this monitor. The thresholds are used when the "Run Alerts: once, ..." option is chosen. By default, an error is signalled whenever there is one or more matching events. Select a comparison value from the list, and use the comparison operator list to specify an error threshold such as: >= (greater than or equal to), != (not equal to), or < (less than).

The possible comparison values are:

matches - the number of matches found.
lines - the number of lines processed.
lines/min - the number of lines per minute processed during this monitoring period.
matches/min - the number of matches per minute that occurred during this monitoring period.

Warning if

Set the Warning threshold for this monitor. The default is to generate a warning if SiteScope is unable to read the SNMP Trap. The symbols in the comparison value drop-down list are the same as those for Error if.

Good if

The default is to mark the monitor as good if the SNMP Trap can be read and there are no matches.