Forwarding traps is just one example of an alert. The IP level (accept/reject) is already within the product :-)
The drill-down is exactly what I'm looking at, just try to get some info from people who want to have/use this... Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alistair Francis Sent: Wednesday, October 13, 2004 11:50 AM To: [EMAIL PROTECTED] Subject: RE: [SA-list] SNMP Traps & Alerts Yeah, but now you're talking about forwarding traps, not just generating alerts from them. I guess it would be handy to be able to work with traps on a more generic scale but you definately need to be able to go down to specific OID level. Maybe you could make the check selection hierarchical. IP (accept/reject) - if you stop at this level you could gen alerts on the basis of trap received from machine x OID - Dependant on how far you drill down, alerts would be generated on a basis of device x trap received, through to device x blah has a status of x: e.g. :- If trap contains .1.3.6.1.4.1.318.1.1.1 gen alert (trap recieved from 192.168.0.1, APC UPS) :- If trap contains .1.3.6.1.4.1.318.1.1.1.4.1.1 and its value is 3 gen alert (trap received from 192.168.0.1, APC UPS, Basic Output Status is onBattery) Does that make sense? Alistair Francis Systems Administrator Comm Express Services SA (PTY) LTD TEL: +27 (0)11 475-5567 FAX: +27 (0)11 475-6238 CELL: +27 (0)82 608-0181 The information contained in this electronic mail message is confidential to the Matragon group of companies and may enjoy legal privilege. The contents are intended solely for the addressee and access thereto by anyone else is unauthorised. Should you not be the intended recipient, kindly delete the message and inform us. Any disclosure, copying or distribution is prohibited and may be unlawful. Please also note that any action taken, or omitted to be taken in reliance on the information contained herein is done at your own risk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dirk Bulinckx Sent: 13 October 2004 11:15 To: [EMAIL PROTECTED] Subject: RE: [SA-list] SNMP Traps & Alerts That would mean that for each OID you want to get an alert for that you need to create an alert...that could make a lot of alerts/filters. In some cases I can see a use for a very basic filter (just on IP for example - or just OID and not IP) when you want to forward the traps to an big console. Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alistair Francis Sent: Wednesday, October 13, 2004 11:07 AM To: [EMAIL PROTECTED] Subject: RE: [SA-list] SNMP Traps & Alerts Well the way I see it is, if you're specifying the OID's you want to check, from particular IP's you don't need additional filtering. You ignore anything that doesn't conform to the properties of your checks. The alert wouldn't be generated just because a trap was received but because the value in the OID matches what you're checking for. This effectively filters all traps received whether they've been generated for a specific reason or because the device sends periodically for status (once every 2 mins). As far as an alert status being found every two minutes, the alert settings (more or less as they are) would be where you specify how often to perform the actions. Lots of people specified an interest in this when it was previously discussed. C'mon, let your voice be heard or forever hold your peace! Ali -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dirk Bulinckx Sent: 13 October 2004 10:37 To: [EMAIL PROTECTED] Subject: RE: [SA-list] SNMP Traps & Alerts Well the points that you're talking about are those that were already clear for me :-) The fuzzy part is how exactly people want to filter. If you look at how a trap works you would see that within a trap you can have different objects. So the big question is do they want to filter on one object per trap or a combination of multiple object per trap, also what about devices that send out traps every 2 minutes just to give an update...should that generate an "alert" each time or should there be some kind of rule for it too. And what if you create a "generic filter" were that trap (of the device that sends every 2 minutes) fits will the generec trap be flagged as already send and don't resend, that could block alerts for other traps that also fit that "generic filter".... Well looking at the huge responses (one until now :-() maybe it's not such an important feature... Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alistair Francis Sent: Wednesday, October 13, 2004 8:43 AM To: [EMAIL PROTECTED] Subject: RE: [SA-list] SNMP Traps & Alerts Hi Dirk, Please bear in mind I'm still a bit fuzzy on exactly how traps work. That said... I think it would be great if SA could gen an alert based on traps received. I suppose, in the setup you should be able to specify MIB's which you want to use (in addition to standard ones), such as APC. You'd also need to specify IP's to accept/reject. Then (somewhere) you'd be able to specify that you want an alert generated on a given OID meeting specified criteria (much the same way as the existing SNMP check). I'm not sure how best to integrate these checks into the monitor window, as they don't run on cycles. I guess that'll have a lot to do with difficulty of implementation. Possibly, you could have an option under the View menu to show/not show monitored traps. When you are showing them you could split the main window (horizontally), with the top (majority) part showing the normal view and have the bottom (scrollable panel) part showing which traps are being monitored? Regards, Alistair Francis Systems Administrator Comm Express Services SA (PTY) LTD TEL: +27 (0)11 475-5567 FAX: +27 (0)11 475-6238 CELL: +27 (0)82 608-0181 The information contained in this electronic mail message is confidential to the Matragon group of companies and may enjoy legal privilege. The contents are intended solely for the addressee and access thereto by anyone else is unauthorised. Should you not be the intended recipient, kindly delete the message and inform us. Any disclosure, copying or distribution is prohibited and may be unlawful. Please also note that any action taken, or omitted to be taken in reliance on the information contained herein is done at your own risk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dirk Bulinckx Sent: 12 October 2004 18:55 To: [EMAIL PROTECTED] Subject: [SA-list] SNMP Traps & Alerts Some people seem to be wanting alert on the received traps. I would like to get some more insight on what exactly you want to do. Aspecialy how you want to "filter" what received traps should generate an alert and what (of those traps) should be within those alerts. Dirk. ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive
