SNMP Traps Alert

NAVIGATION  Monitor > Agent Monitoring > SNMP Traps Alert

The SNMP Traps Alert page configures alerts for a managed machine, acting as a SNMP trap "listener", when it detects an SNMP trap message.

When SNMP Traps Alert is assigned to a managed machine, a service is started on the managed machine called Kaseya SNMP Trap Handler. This service listens for SNMP trap messages sent by SNMP-enabled devices on the same LAN. Each time an SNMP trap message is received by the service, an SNMP trap Warning entry is added to the managed machine's Application event log. The source of these Application event log entries is always KaseyaSNMPTrapHandler.

NOTE  Create an event set that includes KaseyaSNMPTrapHandler as the source. Use asterisks * for the other criteria if you don't want to filter the events any more than that.

Word 60% / HTML 100%

NOTE  SNMP uses the default UDP port 162 for SNMP trap messages. Ensure this port is open if a firewall is enabled.

Event Sets

Because the number of events in Windows events logs is enormous the VSA uses a record type called an event set to filter an alert condition. Event sets contain one or more conditions. Each condition contains filters for different fields in an event log entry. The fields are source, category, event ID, user, and description. An event log entry has to match all the field filters of a condition to be considered a match. A field with an asterisk character (*) means any string, including a zero string, is considered a match. A match of any one of the conditions in an event set is sufficient to trigger an alert for any machine that event set is applied to. For details on how to configure event sets, see Monitor > Event Log Alerts > Edit Event Sets.

Creating an SNMP Traps Alert

  1. Select the Monitor > SNMP Traps Alert page.
  2. Select the Event Set filter used to filter the events that trigger alerts. Do not select an event set to include all SNMP Trap events.
  3. Check the box next to the Warningevent category.No other event categories are used by SNMP Trap Alert.

Note:Event categories highlighted in red (EWISFCV) indicate these event categories are not collected by the VSA. Event log alerts are still generated even if event logs are not collected by the VSA.

  1. Specify the frequency of the alert condition required to trigger an alert:
  • Alert when this event occurs once.
  • Alert when this event occurs <N> times within <N> <periods>.
  • Alert when this event doesn't occur within <N> <periods>.
  • Ignore additional alarms for <N> <periods>.
  1. Click the Add or Replace radio options, then click Apply to assign selected event type alerts to selected machine IDs.
  2. Click Remove to remove all event based alerts from selected machine IDs.
  3. Ignore the SNMP Community field. This option is not yet implemented.

Passing Alert Information to Emails and Procedures

NOTE  SNMP Traps Alert shares the same Format Email window with Monitor > Event Log Alerts.

Apply

Click Apply to apply parameters to selected machine IDs. Confirm the information has been applied correctly in the machine ID list.

Clear

Click Clear to remove all parameter settings from selected machine IDs.

Create Alarm

If checked and an alert condition is encountered, an alarm is created. Alarms are displayed in Monitor > Dashboard List, Monitor > Alarm Summary and Info Center > Reporting > Reports > Logs > Alarm Log.

Create Ticket

If checked and an alert condition is encountered, a ticket is created.

Run Script

If checked and an alert condition is encountered, an agent procedure is run. You must click the select agent procedure link to choose an agent procedure to run. You can optionally direct the agent procedure to run on a specified range of machine IDs by clicking this machine ID link. These specified machine IDs do not have to match the machine ID that encountered the alert condition.

Email Recipients

If checked and an alert condition is encountered, an email is sent to the specified email addresses.

  • The email address of the currently logged on user displays in the Email Recipients field. It defaults from System > Preferences.
  • Click Format Email to display the Format Alert Email popup window. This window enables you to format the display of emails generated by the system when an alert condition is encountered. This option only displays for master role users.
  • If the Add to current list radio option is selected, when Apply is clicked alert settings are applied and the specified email addresses are added without removing previously assigned email addresses.
  • If the Replace list radio option is selected, when Apply is clicked alert settings are applied and the specified email addresses replace the existing email addresses assigned.
  • If Remove is clicked, all email addresses are removed without modifying any alert parameters.
  • Email is sent directly from the Kaseya Server to the email address specified in the alert. Set the From Address using System > Outbound Email.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine. Hovering the cursor over a check-in icon displays the agent Quick View window.

Word 50% / HTML 50% Agent is currently offline

Word 50% / HTML 50% User Logged In and Agent is Active

Word 50% / HTML 50% User Logged In and Agent is Inactive

Word 50% / HTML 50% User Not Logged In and Agent is online

Word 50% / HTML 50% User Not Logged In and Agent is Idle

Word 50% / HTML 50% The agent has been suspended

Word 50% / HTML 50% Agent has never checked in

Machine.Group ID

The list of Machine.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the user is authorized to see using System > User Security > Scopes.

Log Type

The type of event log being monitored.

ATSE

The ATSE response code assigned to machine IDs or SNMP devices:

  • A = Create Alarm
  • T = Create Ticket
  • S = Run Agent Procedure
  • E = Email Recipients

EWISFCV

The event category being monitored.

Email Address

A comma separated list of email addresses where notifications are sent.

Event Set

Displays All Events if no SNMP trap event set was selected, meaning all SNMP trap events are included.

Interval

The number of times an event occurs within a specified number of periods. Applies only if the Alert when this event occurs <N> times within <N> <periods> option is selected. Displays Missing if the Alert when this event doesn't occur within <N> <periods> option is selected. Displays 1 if the Alert when this event occurs once is selected.

Duration

The number of periods and event must occur to trigger an alert. Applies only if the Alert when this event occurs <N> times within <N> <periods> or Alert when this event doesn't occur within <N> <periods> options are selected.

Re-Arm

Displays the number of periods to wait before triggering any new alerts for the same combination of event set and event category. Applies only if a re-arm period greater than zero is specified using Ignore additional alarms for <N> <periods>.