SNMP (Simple Network Management Protocol) traps are alert messages sent from network devices—such as routers, switches, servers, or printers—to an SNMP manager. These messages notify the manager of specific events or changes on the device, such as:
- Interface or port failures
- Hardware malfunctions
- Threshold breaches
Each trap corresponds to a predefined condition in the device’s Management Information Base (MIB) and includes variable bindings (varbinds) that describe the alert. OpsRamp receives these traps and converts them into actionable alerts on the platform.
Prerequisites
Before configuring SNMP traps, ensure the following requirements are met:
Network Configuration
- Port Access: Allow UDP port 162 (unidirectional) from the end device to the OpsRamp Gateway.
- Gateway IP Configuration:
- Classic Gateway: Configure the Gateway IP address on the end device.
- NextGen Gateway: Configure the external IP address of the UDP service on the end device.
- To retrieve the list of services and their corresponding IP addresses for the NextGen Gateway, run the following command:
kubectl get svc -n <namespace>
. Here, replacewith the namespace of your OpsRamp deployment.
- To retrieve the list of services and their corresponding IP addresses for the NextGen Gateway, run the following command:
Configure SNMP Traps
- Create an SNMP Trap monitor for each client.
- Follow the SNMP Trap Monitor configuration instructions.
Custom SNMPv3 Credentials Configuration:
See Configure SNMPv3 Traps for details.
SNMP Traps Processing Flow
When a trap is sent from an end device, the OpsRamp Gateway processes it according to the SNMP Trap Monitor configuration. The processing flow includes the following steps:
Step 1: OID Filtering
The Gateway checks if the Trap OID is part of the Exclude OID or Include OID lists:
- Exclude OID: If the OID is in the exclude list, the trap is dropped. Otherwise, it proceeds to further evaluation.
- Include OID: If the OID is in the include list, the trap is processed. If not, the trap is dropped.
Note
If the OID exists in both the global-level exclusion list and the include list, the trap will be processed.If the trap passes this step, it proceeds to Step 2.
Step 2: Device IP Address Filtering
The OpsRamp Gateway checks whether the device’s IP address matches the filtering criteria defined in the SNMP Trap Monitor configuration.
- If the IP address matches the selected filters, the trap is processed. Otherwise, the trap is ignored.
Filtering Interface Traps
- If the Process All Interface Traps option is selected, the Gateway processes traps for both monitored and unmonitored interfaces.
- If not selected, only traps from monitored interfaces are processed.
Note
If a trap with the same state (for example, warning or critical) is received again within 30 minutes, the Gateway drops the repeated trap to avoid duplicates. The OpsRamp Gateway can process up to 1,000 traps per minute.Attenuated Alerts
OpsRamp uses alert throttling at the Gateway level to prevent excessive alerts for the same resource.
Default Throttling Behavior
A maximum of four alerts are allowed per 10 minutes for each unique key: deviceip_metric_component
.
If the threshold is reached:
- The Gateway stops sending alerts to the cloud for that key. Throttling remains in effect for the next 10 minutes.
- Once the throttling period ends, if a new alert is generated, the subject line of the alert is prepended with Attenuated Alerts.
If the OpsRamp Cloud receives multiple alerts with the same key within 1 minute, only one alert is processed; all others are dropped.