Well the way I see it is, if you're specifying the OID's you want to check, from particular IP's you don't need additional filtering. You ignore anything that doesn't conform to the properties of your checks. The alert wouldn't be generated just because a trap was received but because the value in the OID matches what you're checking for. This effectively filters all traps received whether they've been generated for a specific reason or because the device sends periodically for status (once every 2 mins). As far as an alert status being found every two minutes, the alert settings (more or less as they are) would be where you specify how often to perform the actions.
Lots of people specified an interest in this when it was previously discussed. C'mon, let your voice be heard or forever hold your peace! Ali -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dirk Bulinckx Sent: 13 October 2004 10:37 To: [EMAIL PROTECTED] Subject: RE: [SA-list] SNMP Traps & Alerts Well the points that you're talking about are those that were already clear for me :-) The fuzzy part is how exactly people want to filter. If you look at how a trap works you would see that within a trap you can have different objects. So the big question is do they want to filter on one object per trap or a combination of multiple object per trap, also what about devices that send out traps every 2 minutes just to give an update...should that generate an "alert" each time or should there be some kind of rule for it too. And what if you create a "generic filter" were that trap (of the device that sends every 2 minutes) fits will the generec trap be flagged as already send and don't resend, that could block alerts for other traps that also fit that "generic filter".... Well looking at the huge responses (one until now :-() maybe it's not such an important feature... Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alistair Francis Sent: Wednesday, October 13, 2004 8:43 AM To: [EMAIL PROTECTED] Subject: RE: [SA-list] SNMP Traps & Alerts Hi Dirk, Please bear in mind I'm still a bit fuzzy on exactly how traps work. That said... I think it would be great if SA could gen an alert based on traps received. I suppose, in the setup you should be able to specify MIB's which you want to use (in addition to standard ones), such as APC. You'd also need to specify IP's to accept/reject. Then (somewhere) you'd be able to specify that you want an alert generated on a given OID meeting specified criteria (much the same way as the existing SNMP check). I'm not sure how best to integrate these checks into the monitor window, as they don't run on cycles. I guess that'll have a lot to do with difficulty of implementation. Possibly, you could have an option under the View menu to show/not show monitored traps. When you are showing them you could split the main window (horizontally), with the top (majority) part showing the normal view and have the bottom (scrollable panel) part showing which traps are being monitored? Regards, Alistair Francis Systems Administrator Comm Express Services SA (PTY) LTD TEL: +27 (0)11 475-5567 FAX: +27 (0)11 475-6238 CELL: +27 (0)82 608-0181 The information contained in this electronic mail message is confidential to the Matragon group of companies and may enjoy legal privilege. The contents are intended solely for the addressee and access thereto by anyone else is unauthorised. Should you not be the intended recipient, kindly delete the message and inform us. Any disclosure, copying or distribution is prohibited and may be unlawful. Please also note that any action taken, or omitted to be taken in reliance on the information contained herein is done at your own risk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dirk Bulinckx Sent: 12 October 2004 18:55 To: [EMAIL PROTECTED] Subject: [SA-list] SNMP Traps & Alerts Some people seem to be wanting alert on the received traps. I would like to get some more insight on what exactly you want to do. Aspecialy how you want to "filter" what received traps should generate an alert and what (of those traps) should be within those alerts. Dirk. ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive
