N-central Troubleshooting
How to Monitor SNMP traps
Last Modified
Tue Jun 19 13:52 GMT 2018
Description
- This article provides steps to monitor SNMP traps.
Environment
- N-able N-central 9.5+
Solution
Functionality
The process of monitoring these traps through syslog.log will have all entries from all devices that are providing SNMP trap entries to the probe. As such, the Security Log Service is designed to monitor via an AND statement. The functionality is otherwise the same as a Log Analysis Appended service where the probe records the last line number it looked at and during the next scan interval checks from that line forward only, however, rather than check each line for the Regex values a Syslog based service first checks that the line in question has the appropriate IP for the device being monitored, this helps filter out results that are intended for a different device. Example:
Apr 07 09:15:00 192.168.1.250 snmptrapd: Enterprises=1.3.6.1.4.1.21239.5.1 Uptime=1 day 19:05:26.51 agentip=192.168.1.240 Oid=1.3.6.1.4.1.21239.5.1.2.1.5.1 Val=718
Implementation
1. Make sure that your device is configured to send SNMP Traps to your probe device (each device will have UI to configure but basically the logic is to configure the SNMP destination to point it to your probe)
2. Any traps that are received will get logged to C:\Program Files (x86)\N-able Technologies\Windows Software Probe\syslog\log\Syslog.log
3. Add the Security Log service by clicking on the device name > Monitoring > Status > Add
4. Click on the drop-down for Monitoring Appliance, and then select your probe
5. Select the Security Log service
6. Click on the Security Log service and go to the Service Details tab
7. Configure your Regular Expressions and then save it
Note: A Probe does not support receiving traps from SNMPv3.