 |
 |
 |
EMS SNMP Trap Monitor
The EMS SNMP Trap Monitor watches for SNMP Traps received by SiteScope from third-party Enterprise Management Systems (EMS). These other systems need to be configured to send traps to the SiteScope server.
Usage Guidelines
What to monitor
The EMS SNMP Trap Monitor is useful for integrating alerts that your external devices generate into the Topaz Application Management framework.
What is being sent to Topaz
The EMS SNMP Trap monitor sends to Topaz data that is extracted from any incoming trap.
Use the configuration file in order to control the data that is sent to topaz. Refer to the Working with EMS Alert Probe Monitor Configurations for more details on the file structure and syntax.
Note: When referring to data arriving from the EMS SNMP Trap monitor in the config file, use the names from the snmptrap.log file, prefixed with the dollar sign ($). For example:
$oid for oid $var1 for variable bound as first variable in trap, or $var2 for variable bound as second variable in trap
Additional configuration steps may be necessary to have monitor data reported to the Topaz Alert Log. See the section Reporting Monitor Data to the Topaz Alert Log for information on how to enable reporting to the Topaz Alert Log.
Setup Requirements
The following are requirements for using the EMS SNMP Trap Monitor to forward alerts to Topaz:
- SiteScope must be registered with a Topaz installation. The SiteScope must have a profile defined in the Topaz installation prior to enabling the registration in the SiteScope interface. In order to verify registration or to re-register SiteScope with the Topaz server, see the Topaz Server Registration page under SiteScope Preferences.
Note: The SiteScope EMS SNMP Trap Monitor uses port 162 for receiving traps. If another application or process on the machine where SiteScope is running has bound this port, the monitor will report an "Address in use" error and the monitor type will be unavailable.
Completing the EMS SNMP Trap Monitor Form
To display the EMS SNMP Trap Monitor Form, either click the Edit link for an existing EMS SNMP Trap Monitor in a monitor table, or click the add a Monitor link on a group's detail page and choose the "Add EMS SNMP Trap Monitor" link.
Complete the items on the EMS SNMP Trap Monitor Form as follows. When the required items are complete, click the Add Monitor button.
Note: You will also need to configure the network devices to send SNMP Traps to SiteScope. On Windows 2000 systems, this can be configured via the Administrative Tools >Services >SNMP Service > Properties > Traps screen. SNMP agents on UNIX platforms usually require that you edit the configuration files associated with the agent and restart the agent. For an example of working with other devices, see the instructions on the Cisco web site for SNMP Traps and Cisco Devices
- Content Match
- Enter the text to look for in SNMP
Traps. Regular expressions may also be used in this
box.
All of the SNMP Traps received by SiteScope are logged to SiteScope/logs/SNMPTrap.log
For example, the following shows two traps received from one router and another trap received from a second router:
Note: The three examples shown here may wrap across multiple lines to fit on this page. The actual traps may be a single extended line for each trap.
09:08:35 09/10/2001 from=router1/10.0.0.133 oid=.1.3.6.1.4.1.11.2.17.1 trap=link down specific=0 traptime=1000134506 community=public agent=router1/10.0.0.133 var1=The interface Serial1 is down
09:08:45 09/10/2001 from=router1/10.0.0.133 oid=.1.3.6.1.4.1.11.2.17.1 trap=link up specific=0 traptime=1000134520 community=public agent=router1/10.0.0.133 var1=The interface Serial1 is up
09:10:55 09/10/2001 from=router2/10.0.0.134 oid=.1.3.6.1.4.1.11.2.17.1 trap=enterprise specific specific=1000 traptime=1000134652 community=public agent=router2/10.0.0.134 var1=CPU usage is above 90% - Run Alert
- Choose the method for running alerts. If "for
each event matched" is chosen, then the monitor triggers alerts for every
matching entry found.
Note: When the EMS SNMP Trap Monitor is run in the "for each event matched" alert method, the monitor will never report a status of error or warning, regardless of the results of the content match or even if the target SNMP Trap is not found.
If the "once, after all events have been checked" method is chosen, then the monitor counts up the number of matches and triggers alerts based on the "Error If" and "Warning If" thresholds defined for the monitor in the Advanced Options section.
- Update every
- Enter how frequently the monitor
should read the application SNMP Trap. The drop-down list to the right of the
text box lets you specify time increments of seconds, minutes, hours, or days.
You must specify a time increment of at least 15 seconds.
- Title
- Enter a name for this monitor. This
name appears in the Name text box on the monitor table when you open the
group's detail page. If you don't enter a name, a default name will be created.
Advanced Options
The Advanced Options section presents a number of ways to customize monitor behavior and display. Use this section to customize error and warning thresholds, disable the monitor, set monitor-to-monitor dependencies, customize display options, and enter other monitor specific settings required for special infrastructure environments. The options for this monitor type are described below. Complete the entries as needed and click the Add or Update button to save the settings.
- Disable
- Check this box to temporarily disable
this monitor and any associated alerts. To enable the monitor again, clear the
box.
- EMS Configuration File Path
- Enter the path to the EMS integration configuration file. The default location is:
SiteScope\ems\SNMPTrap\main.config.
For more information about format of the file see EMS Generic Alert Probe Configuration.Note: All instances of EMS SNMP Trap Monitors receive notifications on ALL SNMP Traps that enter the system. To prevent multiple reports on same trap, try to define match conditions in the EMS integration configuration file in as precise fashion as possible.
- Verify Error
- Check this box if you want
SiteScope to automatically run this monitor again if it detects an error. When
an error is detected, the monitor will immediately be scheduled to run again
once.
Note: In order to change the run frequency of this monitor when an error is detected, use the Update every (on errors) option below.
Note: The status returned by the Verify Error run of the monitor will replace the status of the originally scheduled run that detected an error. This may cause the loss of important performance data if the data from the verify run is different than the initial error status.
Warning: Use of this option across many monitor instances may result in significant monitoring delays in the case that multiple monitors are rescheduled to verify errors at the same time.
- Update Every (on error)
- This options allows you to set a
new monitoring interval for monitors that have registered an error condition.
For example, you may want SiteScope to monitor this item every 10 minutes
normally, but as often as every 2 minutes if an error has been detected. Note
that this increased scheduling will also affect the number of alerts generated
by this monitor.
- Schedule
- By default, SiteScope's monitors
are enabled every day of the week. You may, however, schedule your monitors to
run only on certain days or on a fixed schedule. Choose the Edit
schedule link to create or edit a monitor schedule. For information about
creating schedules, read these instructions.
- Monitor Description
- Enter additional information about this
monitor. The Monitor Description can include HTML tags such as the <BR>
<HR>, and <B> tags to control display format and style. The
description will appear on the Monitor Detail page.
- Report Description
- Enter a description for this
monitor that will make it easier to understand what this monitor does. The
description will appear on Management Reports and on the info list for a
monitor.
- Depends On
- To make the running of this monitor
dependent on the status of another monitor or monitor group, use the drop-down
list to select the monitor on which this monitor is dependent. Select None
to remove any dependency.
- Depends Condition
- If you choose to make the running
of this monitor dependent on the status of another monitor, choose the status
condition that the other monitor or monitor group should have in order for the
current monitor to run normally. The current monitor will be run normally as
long as the monitor on which it depends reports the condition selected in this
option.
- List Order
- By default, new monitors are listed
last on the Monitor Detail page. You may use this drop-down list to choose a
different placement for this monitor.
- Error if
- Set an error threshold for this
monitor. The thresholds are used when the "Run Alerts: once, ..."
option is chosen. By default, an error is signalled whenever there is one or
more matching events. Select a comparison value from the list, and use the
comparison operator list to specify an error threshold such as: >= (greater
than or equal to), != (not equal to), or < (less than).
The possible comparison values are:
- matches - the number of matches found.
- lines - the number of lines processed.
- lines/min - the number of lines per minute processed during this monitoring period.
- matches/min - the number of matches per minute that occurred during this monitoring period.
- Warning if
- Set the Warning threshold for this
monitor. The default is to generate a warning if SiteScope is unable to read
the SNMP Trap. The symbols in the comparison value drop-down list are the same
as those for Error if.
- Good if
- The default is to mark the monitor
as good if the SNMP Trap can be read and there are no matches.
Troubleshooting
The following table summarizes common problems and suggested solutions
|
Problem Symptom |
Possible Cause |
Solution |
|---|---|---|
|
The Forward Events to Topaz checkbox does not appear in SNMP Trap Monitor configuration screen. |
Option License for EMS Monitors had not been provided. |
Provide the Option License for EMS Monitors. |
|
The SNMP traps are not forwarded to Topaz Applications (Common cases) |
The SNMP Agent does not emit SNMP Traps |
Verify that the SNMP Agent is configured to emit SNMP Traps. Use SiteScope/logs/snmptrap.log file to verify that traps are received by SiteScope |
|
The EMS Configuration file contain errors |
Use the SiteScope/ems/tools/verify_configuration.bat tool to verify the EMS configuration file. |
|
|
The SNMP Trap port is busy. |
Make sure that no other SNMP Trap service is listening to SNMP Traps on the SiteScope machine. Microsoft SNMP Trap Service is common cause on computers running Windows NT or Windows 2000 OS. |
|
|
The SNMP Trap Monitor is
not configured to report to these applications |
Make sure that the SNMP Trap Monitor is configured to report to these applications. Refer to Appendix A for details. |
|
|
The SNMP Traps are not available to the Topaz Business Availability Application |
The SNMP Traps are not processed by the Topaz Business Availability Application. |
Set up Topaz Business Availability application to process SNMP Traps delivered by SiteScope. Refer to the Topaz Business Availability application Installation Guide for details. |
|
The SNMP Traps are not available to the Topaz Reports/Topaz Alert Log/Topaz Root-Cause Analysis applications |
No appropriate EMS profile exists in the Topaz Admin Center |
Use the Topaz Admin Center application to create appropriate EMS profile. Refer to Appendix A for details. |
|
The Topaz database was not
updated for delivering SNMP Traps to these applications. |
Use appropriate database client to update the Topaz Database |
Verify SNMP Trap Reception to SiteScope
You can verify that SiteScope is receiving SNMP traps from other management systems using the SiteScope SNMP Trap Monitor. Use the following steps to verify that SIteScope is receiving traps.
- Add a SNMP Trap Monitor to SiteScope. In case you already have SNMP Trap Monitor defined, you can skip this step. Otherwise, add a new instance of SNMP Trap Monitor.
- Configure the intended SNMP Trap sending entity to send traps to the SiteScope machine. The steps to configure the SNMP host depends on system. Usually, it involves lowering system thresholds to cause normal situations to generate traps. On some systems there is a test mode that you can use to generate traps on demand. The other way is to use one of the freely available SNMP trap generators, and to send copies of the trap to SiteScope.
- Inspect the SNMP Trap Monitor log file in SiteScope for sent traps. Every SNMP Trap received by the SiteScope will be written into the SNMP Trap Monitor’s log file, located in <SiteScope_install>/SiteScope/logs/snmptrap.log
Copyright © 2004 Mercury Interactive Corporation.
All rights reserved.
|
|
|