SNMP (Simple Network Management Protocol) traps are alert messages sent from network devices—such as routers, switches, servers, or printers—to an SNMP manager. These messages indicate specific events or changes on the device, such as:

  • Interface or port failures
  • Hardware malfunctions
  • Threshold breaches

Each trap maps to a predefined condition in the device’s Management Information Base (MIB) and contains variable bindings (varbinds) defining the alert. OpsRamp receives these traps and converts them into actionable alerts on the platform.

Prerequisites

Before configuring SNMP traps, ensure the following requirements are met.

  1. Network Configuration
  • Port Access: Allow UDP port 162 (unidirectional) from the monitored device to the OpsRamp Gateway.
  • Gateway IP Configuration
    • Classic Gateway: Configure the Gateway IP address on the sending device.
    • NextGen Gateway: Configure the external IP address of the UDP service on the sending device.

To retrieve the list of services and their corresponding IP addresses for the NextGen Gateway, run the following command:

kubectl get svc -n

Here, replace with the namespace of your OpsRamp deployment.

SNMP Traps Processing Flow

When a trap is sent from a monitored device, the OpsRamp Gateway processes it through the SNMP Trap Monitor configuration. The processing flow follows these steps:

Step 1: OID Filtering

The Gateway checks whether the Trap OID is part of the Exclude OID list or the Include OID list.

  • Exclude OID: If the OID is in the exclude list, the trap is dropped. If not, the trap proceeds to further evaluation.

  • Include OID: If the OID is in the include list, the trap is processed. If not, the trap is dropped.

  • Conflict Resolution: If the OID exists in both the global-level exclusion list and the include list, the trap will be processed.

If the trap passes this step, proceed to Step 2.

Step 2: Device IP Address Filtering

  • The Gateway checks whether the device’s IP address matches the filtering criteria defined in the SNMP Trap Monitor configuration.

    • If the IP address is included in the selected filters, the trap is processed.
    • If not, the trap is ignored.

  • If the Process All Interface Traps option is selected:

    • The Gateway processes traps for both monitored and unmonitored interfaces.

  • If not selected:

    • Only traps from monitored interfaces are processed.

  • If a trap with the same state (e.g., warning or critical) is received again within 30 minutes, the Gateway drops the repeated trap to avoid duplicates.

Attenuated Alerts

  • Alert throttling is handled at the Gateway level.

  • By default, only 4 alerts per 10 minutes are allowed for each unique key combination:

    deviceIP_metric_component

  • Once the throttling threshold is reached:

    • The gateway stops sending alerts to the cloud for that key for the next 10 minutes.
    • After the 10-minute window, if a new alert is generated, the subject line is prepended with:

Attenuated Alerts

OpsRamp uses alert throttling at the Gateway level to avoid excessive alerts for the same resource.

Default Throttling Behavior:

  • A maximum of 4 alerts are allowed per 10 minutes for each unique key: deviceip_metric_component.
  • If the threshold is reached:
    • The Gateway stops sending alerts to the cloud for that key.
    • Throttling remains in effect for the next 10 minutes.
    • Once the throttling period ends, if a new alert is generated:
    • The subject line of the alert is prepended with Attenuated Alert:
    • If the OpsRamp Cloud receives multiple alerts with the same key within 1 minute, only one alert is processed. All others are dropped.

Configure SNMP Traps

  1. Create an SNMP Trap monitor for each client.
  2. Configure SNMP Trap

Custom SNMPv3 Credentials Configuration

See Configure SNMP V3 Traps