04-show_file-documentCreated with Sketch.07-revisions_historyCreated with Sketch. 08-backlink_link-variantCreated with Sketch.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
en:documentation:03_monitoring:08_snmp_traps_monitoring [2021/08/06 10:59]
jimmy.olano [Introduction] He subido una nueva captura de pantalla. Estilo. 		en:documentation:03_monitoring:08_snmp_traps_monitoring [2023/05/16 08:31] (current)
Line 58: Line 58:
 ==== Access to TRAP Reception Console ==== ==== Access to TRAP Reception Console ====
  
-To use the trap reception console, go to **Monitoring > SNMP > SNMP Console**, where you may take a look at the list of TRAPs which have been received so far. There is an eye-shaped icon which displays all the trap information. You can learn any detailed information regarding SNMP traps there.+To use the trap reception console, go to **Monitoring** -**SNMP** -**SNMP Console**, where you may take a look at the list of TRAPs which have been received so far. There is an eye-shaped icon which displays all the trap information. You can learn any detailed information regarding SNMP traps there.
  
 {{  :wiki:traps.jpg?850  |traps.jpg}} {{  :wiki:traps.jpg?850  |traps.jpg}}
Line 107: Line 107:
 At the top of the trap console, there is the option named **Toggle Filter**  displayed. By clicking on that option, the trap's filtering field options appear or disappear. At the top of the trap console, there is the option named **Toggle Filter**  displayed. By clicking on that option, the trap's filtering field options appear or disappear.
  
-{{  :wiki:alert.png?850  }}+{{  :wiki:alert.png  }}
  
 === TRAP Validation === === TRAP Validation ===
Line 144: Line 144:
 **Enterprise String** **Enterprise String**
  
-The main OID of the trap. It will look for the presence of the string. For example, if you are looking for a piece of the OID, you may use ''1.21.34.2.3''  and every OID that contains that one will be filtered, as if it were ''*1.21.34.2.3*''  But there is NO need to use the * character.+The main OID of the trap. It will look for the presence of the string. For example, if you are looking for a piece of the OID, you may use ''1.21.34.2.3'' and every OID that contains that one will be filtered, as if it were ''*1.21.34.2.3*'' But there is NO need to use the * character.
  
 **Custom Value/OID** **Custom Value/OID**
  
-This element will search within the trap's **value**, **custom OID**, **custom value**  and in the rest of the TRAP fields. Regular expressions are supported here. For example, if you have a trap that sends the "Testing TRAP 225" string, you can search for any trap with the subchain "Testing TRAP" through the regular expression "Testing. *TRAP.*"+This element will search within the trap's **value**, **custom OID**, **custom value** and in the rest of the TRAP fields. Regular expressions are supported here. For example, if you have a trap that sends the "Testing TRAP 225" string, you can search for any trap with the subchain "Testing TRAP" through the regular expression "Testing. *TRAP.*"
  
 **SNMP Agent** **SNMP Agent**
Line 156: Line 156:
 **Trap type** **Trap type**
  
-The filter by trap type. Most of the generated traps are usually **Other**  type. If nothing is specified, it will look for any type of trap.+The filter by trap type. Most of the generated traps are usually **Other** type. If nothing is specified, it will look for any type of trap.
  
 {{  :wiki:trap_type.png?360  }} {{  :wiki:trap_type.png?360  }}
Line 166: Line 166:
 **Variable bindings/Data #1-20'** **Variable bindings/Data #1-20'**
  
-These are regular expressions which try to match the binding variables from 1 to 20. If there is a match, the alert is triggered. The value of the variable is stored in the corresponding ''_snmp_fx_''  macro (e.g. ''_snmp_f1_'', ''_snmp_f2_'', etc.). Although only twenty binding variables are able to search for matches, the ''_snmp_fx_''  macros are set for all of them (''_snmp_f11_'', ''_snmp_f12_'', etc.).+These are regular expressions which try to match the binding variables from 1 to 20. If there is a match, the alert is triggered. The value of the variable is stored in the corresponding ''_snmp_fx_'' macro (e.g. ''_snmp_f1_'', ''_snmp_f2_'', etc.). Although only twenty binding variables are able to search for matches, the ''_snmp_fx_'' macros are set for all of them (''_snmp_f11_'', ''_snmp_f12_'', etc.).
  
 {{  :wiki:alertsnmp2.png?600  }} {{  :wiki:alertsnmp2.png?600  }}
Line 172: Line 172:
 **Field 1** **Field 1**
  
-Field to set the ''Field 1''  alarm command parameter. This is the field that will be used in case of choosing to generate an event, or the destination mail in case of choosing an ''eMail''  action (if you wish to overwrite the default email in the action). To fully understand how custom fields work in actions/alerts templates, read the documentation chapter that explains the alerts in Pandora FMS [[http://wiki.pandorafms.com/index.php?title = en:documentation:start:Alerts|here]].+Field to set the ''Field 1'' alarm command parameter. This is the field that will be used in case of choosing to generate an event, or the destination mail in case of choosing an ''eMail'' action (if you wish to overwrite the default email in the action). To fully understand how custom fields work in actions/alerts templates, read the documentation chapter that explains the alerts in Pandora FMS [[http://wiki.pandorafms.com/index.php?title = en:documentation:start:Alerts|here]].
  
 **Field 2** **Field 2**
-<code> 
  
-Field to set the command parameter of the ''Field 2'' alarm. In case of sending an email, it will be the subject of the message. If left blank, it would use what it had defined in the action. + Field to set the command parameter of the ''Field 2'' alarm. In case of sending an email, it will be the subject of the message. If left blank, it would use what it had defined in the action.
- +
-</code>+
  
 **Field 3** **Field 3**
  
-<code> + Field to set the command parameter of the ''Field 3'' alarm. In case of sending an email, it would be the text of the message. If left blank, it would use what it had defined in the action.
-Field to set the command parameter of the ''Field 3'' alarm. In case of sending an email, it would be the text of the message. If left blank, it would use what it had defined in the action. +
- +
-</code>+
  
 **Min. Number of Alerts** **Min. Number of Alerts**
Line 202: Line 196:
 **Priority** **Priority**
  
-Combo where the alarm priority is set. The priorities of the alerts are different and have nothing to do with the priority of the traps, nor with the Pandora FMS events.+Combo where the alarm priority is set. 
 + 
 +{{  :wiki:pfms-alerts-snmp_alerts-snmp_console_create_alert-priority.png  }} 
 + 
 +<WRAP center round info 60%>\\ 
 +The priorities of the alerts are different and have nothing to do with the priority of the traps, nor with the Pandora FMS events.\\ 
 +</WRAP>
  
 **Alert Action** **Alert Action**
Line 211: Line 211:
  
 The alerts with a lower position are evaluated first. If several alerts with the same position match a trap, all alerts matching the same position will be triggered. Although lower position alerts may match the trap, they will not be triggered. The alerts with a lower position are evaluated first. If several alerts with the same position match a trap, all alerts matching the same position will be triggered. Although lower position alerts may match the trap, they will not be triggered.
 +
  
 === Alert Field Macros === === Alert Field Macros ===
Line 248: Line 249:
 === TRAP-Storm Protection === === TRAP-Storm Protection ===
  
-There are a couple of parameters in the server which are conceived to protect the system against the arrival of a Trap Storm, coming from a single location. Use the following settings in the ''pandora_server.conf''  file for this:+There are a couple of parameters in the server which are conceived to protect the system against the arrival of a Trap Storm, coming from a single location. Use the following settings in the ''pandora_server.conf'' file for this:
  
-  * ''snmp_storm_protection''The max. number of processed SNMP traps by the same source IP in a given interval (see below). +   * ''snmp_storm_protection'' The max. number of processed SNMP traps by the same source IP in a given interval (see below). 
-  * ''snmp_storm_timeout''The interval in seconds for protection against an SNMP Trap Storm. During this interval, the system will only process 'snmp_storm_protection' type traps from the same source (IP). +  * ''snmp_storm_timeout'' The interval in seconds for protection against an SNMP Trap Storm. During this interval, the system will only process 'snmp_storm_protection' type traps from the same source (IP). 
-  * ''snmp_storm_silence_period''If it is greater than 0 each time the storm protection is triggered for a particular source, the current time will be added plus the silence time. Until this time passes, no new traps will be registered for the specific source.+  * ''snmp_storm_silence_period'' If it is greater than 0 each time the storm protection is triggered for a particular source, the current time will be added plus the silence time. Until this time passes, no new traps will be registered for the specific source.
 When this protection fires, it is reflected in an event on the console: When this protection fires, it is reflected in an event on the console:
  
Line 258: Line 259:
  
 Trap storm protection combined with trap filtering (see below) allows that if you receive hundreds of thousands of traps per day, you work with only a few thousand traps to delete redundant or unhelpful traps. Trap storm protection combined with trap filtering (see below) allows that if you receive hundreds of thousands of traps per day, you work with only a few thousand traps to delete redundant or unhelpful traps.
 +
  
 === TRAP Filtering in the Server === === TRAP Filtering in the Server ===
ºº