locked
Microsoft SCOM 2007 R2 is not able to see my SNMP traps RRS feed

  • Question

  • I just created a management pack, and am trying to send custom SNMP traps to SCOM, and it is not able to see them. I have configured the SNMP community string to "public", and given "READ CREATE" permissions on both sides.

    I was able to see the SNMP traps correctly when I used "TrapReceiver". In some forums it was mentioned that these types of software might capture the ports, so I un-installed it, and still SCOM is not able to see the SNMP traps sent from my device.

    I followed all the instructions listed here:

    http://technet.microsoft.com/en-us/library/bb381355.aspx

    I am running Windows Server 2003 SP2, and searched the forums for answers to this question, but none of them seem to work for me.

    On both sides, I have set the machines up to accept traps from all hosts.

    I have added the machine as a "network device" inside SCOM, and tried with both SNMP v1 and v2.

    I have disabled all firewalls between the two machines, and have made sure that they can reach each other (which is why "TrapReceiver" was able to see the traps).

    Can anyone please provide some insight on how to make SCOM see those traps?

    Monday, April 12, 2010 4:24 PM

Answers

  • Shankar,

    The monitor you configured seems to be configured correctly. A couple of pointers here which may lead to a solution to your problem:

    First of all to be sure SCOM is detecting the SNMP alerts the more reliable way is to create a SNMP Rule which is triggered on every SNMP trap received:

    The basic ways to catch all traps in a rule: Is create a Rule from the authoring pane Alert Generating Rule\SNMP Trap (alert) fill in the details an select all traps.

    Give the configuration change some time (30 minutes) and test the rule by sending a snmp trap to the SCOM server.

    Also did you configure the SNMP Service correctly on the SCOM server side?

    http://www.systemcentercentral.com/BlogDetails/tabid/143/IndexID/13020/Default.aspx The SNMP Setup is the one of interest ;-)

    How strange it may seem but sometimes recreating the monitor might work.... delete the monitor wait for like 30 minutes and re-create the monitor again. After this again you will have to be patient for the configuration changes to take effect.

    Aslo be careful receiving traps seems to be a cool feature but can overload your console in a flash! After making sure everything is working define the traps you want to send on the network device (if possible) to avoid unwanted SNMP traps being send for every change....

    regards,

    Oskar Landman

     

    • Marked as answer by shankar_ananth Thursday, April 22, 2010 11:01 PM
    Wednesday, April 14, 2010 10:21 AM

All replies

  • Did you run a discovery on your SNMP devices? 
    Microsoft Corporation
    Monday, April 12, 2010 5:23 PM
  • Yes, I did run a discovery, and added it as a network device. It did find it correctly, and once I added it, I was able to check its status under "Monitoring->Network Devices->Status". I was also able to look at its health using health explorer.
    Monday, April 12, 2010 5:49 PM
  • Can you post the Monitor you created to receive the SNMP traps?

    Because it could well be the expression is configured incorrectly and therfore you are not receiving any alerts/snmp traps.

     

    Tuesday, April 13, 2010 9:36 AM
  • Thank you for responding!

    Here is the "monitoring" part from my management pack XML file:

      <Monitoring>
        <Rules>
          <Rule ID="MomUIGeneratedRulec41b8c1141b740a996d7d8b220977a99" Enabled="true" Target="MicrosoftSystemCenterNetworkDeviceLibrary6172210!Microsoft.SystemCenter.NetworkDevice" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
            <Category>Custom</Category>
            <DataSources>
              <DataSource ID="DS" TypeID="Snmp!System.SnmpTrapEventProvider">
                <IP>$Target/Property[Type="MicrosoftSystemCenterNetworkDeviceLibrary6172210!Microsoft.SystemCenter.NetworkDevice"]/IPAddress$</IP>
                <CommunityString>$Target/Property[Type="MicrosoftSystemCenterNetworkDeviceLibrary6172210!Microsoft.SystemCenter.NetworkDevice"]/CommunityString$</CommunityString>
                <AllTraps>true</AllTraps>
                <Version>$Target/Property[Type="MicrosoftSystemCenterNetworkDeviceLibrary6172210!Microsoft.SystemCenter.NetworkDevice"]/Version$</Version>
                <OIDProps />
                <EventOriginId>$Target/Id$</EventOriginId>
                <PublisherId>$Target/Id$</PublisherId>
                <PublisherName>Snmp Event</PublisherName>
                <Channel>SnmpEvent</Channel>
                <LoggingComputer />
                <EventNumber>1501</EventNumber>
                <EventCategory>5</EventCategory>
                <EventLevel>10</EventLevel>
                <UserName />
                <Params />
              </DataSource>
            </DataSources>
            <WriteActions>
              <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
                <Priority>2</Priority>
                <Severity>2</Severity>
                <AlertName>OPNET Panorama</AlertName>
                <AlertDescription>Event Description: {0}</AlertDescription>
                <AlertOwner />
                <AlertMessageId>$MPElement[Name="MomUIGeneratedRulec41b8c1141b740a996d7d8b220977a99.AlertMessage"]$</AlertMessageId>
                <AlertParameters>
                  <AlertParameter1>$Data/EventDescription$</AlertParameter1>
                </AlertParameters>
                <Suppression />
                <Custom1 />
                <Custom2 />
                <Custom3 />
                <Custom4 />
                <Custom5 />
                <Custom6 />
                <Custom7 />
                <Custom8 />
                <Custom9 />
                <Custom10 />
              </WriteAction>
            </WriteActions>
          </Rule>
        </Rules>
        <Monitors>
          <UnitMonitor ID="UIGeneratedMonitord901a3b47be6404ca573d8218cffa774" Accessibility="Public" Enabled="true" Target="MicrosoftSystemCenterNetworkDeviceLibrary6172210!Microsoft.SystemCenter.NetworkDevice" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Snmp!System.SnmpTrapProvider.2SingleEvent2StateMonitorType" ConfirmDelivery="false">
            <Category>Custom</Category>
            <AlertSettings AlertMessage="UIGeneratedMonitord901a3b47be6404ca573d8218cffa774_AlertMessageResourceID">
              <AlertOnState>Warning</AlertOnState>
              <AutoResolve>true</AutoResolve>
              <AlertPriority>Normal</AlertPriority>
              <AlertSeverity>Error</AlertSeverity>
            </AlertSettings>
            <OperationalStates>
              <OperationalState ID="UIGeneratedOpStateId7f78b1022b9e4a0c8dc8e814a4e41744" MonitorTypeStateID="SecondEventRaised" HealthState="Success" />
              <OperationalState ID="UIGeneratedOpStateIdc3a55bf922204ec5bcf926c145b325f0" MonitorTypeStateID="FirstEventRaised" HealthState="Warning" />
            </OperationalStates>
            <Configuration>
              <FirstIP>$Target/Property[Type="MicrosoftSystemCenterNetworkDeviceLibrary6172210!Microsoft.SystemCenter.NetworkDevice"]/IPAddress$</FirstIP>
              <FirstCommunityString>$Target/Property[Type="MicrosoftSystemCenterNetworkDeviceLibrary6172210!Microsoft.SystemCenter.NetworkDevice"]/CommunityString$</FirstCommunityString>
              <FirstAllTraps>true</FirstAllTraps>
              <FirstVersion>$Target/Property[Type="MicrosoftSystemCenterNetworkDeviceLibrary6172210!Microsoft.SystemCenter.NetworkDevice"]/Version$</FirstVersion>
              <FirstOIDProps />
              <FirstExpression>
                <RegExExpression>
                  <ValueExpression>
                    <XPathQuery Type="String">/DataItem/SnmpVarBinds/SnmpVarBind[1]/Value</XPathQuery>
                  </ValueExpression>
                  <Operator>MatchesWildcard</Operator>
                  <Pattern>*</Pattern>
                </RegExExpression>
              </FirstExpression>
              <SecondIP>$Target/Property[Type="MicrosoftSystemCenterNetworkDeviceLibrary6172210!Microsoft.SystemCenter.NetworkDevice"]/IPAddress$</SecondIP>
              <SecondCommunityString>$Target/Property[Type="MicrosoftSystemCenterNetworkDeviceLibrary6172210!Microsoft.SystemCenter.NetworkDevice"]/CommunityString$</SecondCommunityString>
              <SecondAllTraps>true</SecondAllTraps>
              <SecondVersion>$Target/Property[Type="MicrosoftSystemCenterNetworkDeviceLibrary6172210!Microsoft.SystemCenter.NetworkDevice"]/Version$</SecondVersion>
              <SecondOIDProps />
              <SecondExpression>
                <RegExExpression>
                  <ValueExpression>
                    <XPathQuery Type="String">/DataItem/SnmpVarBinds/SnmpVarBind[1]/Value</XPathQuery>
                  </ValueExpression>
                  <Operator>DoesNotMatchWildcard</Operator>
                  <Pattern>*</Pattern>
                </RegExExpression>
              </SecondExpression>
            </Configuration>
          </UnitMonitor>
        </Monitors>
      </Monitoring>

    Tuesday, April 13, 2010 4:26 PM
  • Shankar,

    The monitor you configured seems to be configured correctly. A couple of pointers here which may lead to a solution to your problem:

    First of all to be sure SCOM is detecting the SNMP alerts the more reliable way is to create a SNMP Rule which is triggered on every SNMP trap received:

    The basic ways to catch all traps in a rule: Is create a Rule from the authoring pane Alert Generating Rule\SNMP Trap (alert) fill in the details an select all traps.

    Give the configuration change some time (30 minutes) and test the rule by sending a snmp trap to the SCOM server.

    Also did you configure the SNMP Service correctly on the SCOM server side?

    http://www.systemcentercentral.com/BlogDetails/tabid/143/IndexID/13020/Default.aspx The SNMP Setup is the one of interest ;-)

    How strange it may seem but sometimes recreating the monitor might work.... delete the monitor wait for like 30 minutes and re-create the monitor again. After this again you will have to be patient for the configuration changes to take effect.

    Aslo be careful receiving traps seems to be a cool feature but can overload your console in a flash! After making sure everything is working define the traps you want to send on the network device (if possible) to avoid unwanted SNMP traps being send for every change....

    regards,

    Oskar Landman

     

    • Marked as answer by shankar_ananth Thursday, April 22, 2010 11:01 PM
    Wednesday, April 14, 2010 10:21 AM
  • Thanks a lot oskar!

    I went through the whole procedure once again on another machine, and things seem to work fine!

     


     

    Thursday, April 22, 2010 11:17 PM