Active IQ Unified Manager Discussions

OC5: SNMP traps severity

mg
NetApp
3,466 Views

Hello,

I have some troubles monitoring some events with OnCommand Core 5/DFM.

First, all SNMP traps have a severity "Information", so some events on the storage are not emphasized properly (last night, a panic on my customer's controller followed by a takeover has not raised any "detectable" DFM event).

My idea is to change severity for all "trap-received" event:

>dfm eventtype modify -v Critical critical-trap-received

Modified event "critical-trap-received".

>dfm eventtype list -C critical-trap-received

Event Name Severity     Class

-------------------------------------------------- ------------ ------------------

critical-trap-received Critical     critical-trap-received

Is it the right approach?

Second, I would like to send some alarms based on specific SNMP traps characteristics. For example, when a vscan server disconnects, operators should be notified that something goes wrong. Unfortunately, I couldn't find a way to it as alarms can only be generated based on the event type which is "<severity>-trap-received". Any clue?

Standard trap received:

Warning vscanDisConnection  17 avr. 18:56  <filer> productTrapData=CIFS: Virus scan server \\SERVERNAME (1.2.3.4) has disconnected from the filer productSerialNum=xxxxxxxxxxxx

Third, I'm also thinking about raising the severity of some SNMP traps so they get classified in another category which would be more relevant for customer. Back to vscan servers disconnections, this is normally a warning trap, but I would like to set it as "alert". Looking at netapp.mib file, trap has following definition:

vscanDisConnection NOTIFICATION-TYPE

OBJECTS {productTrapData, productSerialNum}

STATUS current

DESCRIPTION

"VScan: A virus scanner has dropped its connection from the Filer"

::= { netapp 0 255 }

If I understood correctly, last digit of trap code represents severity, so I was wondering if I could set a new trap with a new trap code that would reflect another severity...I read TR-3608, but when creating custom traps, you have to refer to an OID representing a counter you can measure, which is not the case with AV scanners disconnect. How can I achieve it? Can I modify /etc/mib/netapp.mib?

Thanking you in advance,

Kind regards,

Michel

2 REPLIES 2

jhubert
3,466 Views

Searching on this issue, I've read SNMP traps do not show up in OnCommand/DFM with severity (Informational) although they contain that information.  Is this still true in OC5?

Is the guidance still to create alarms on these events to provide notification?

alert-trap-received                           Information  alert-trap-received

critical-trap-received                        Information  critical-trap-received

emergency-trap-received                       Information  emergency-trap-received

error-trap-received                           Information  error-trap-received

warning-trap-received                         Information  warning-trap-received

adaikkap
3,466 Views

Yes, thats true, trap of all severity are shown with informational severity in OnCommand and this behaviour hasn't changed. Yes in order to provide notification you will have to create alarms.

Regards

adai

Public