Using the Symantec Management Platform as an SNMP trap alert manager
book
Article ID: 180042
calendar_today
Updated On:
Products
IT Management SuiteMonitor Solution
Issue/Introduction
Resolution
The Event Console Solution for the Symantec Management Platform supports SNMP trap alert management. The following steps outline how to install and configure the Event Console for SNMP trap alert management:
Install the Event Console Solution from within the Symantec Installation Manager by accessing Install new products > Filter by: Product Type > Filter: Solutions
The Event Console installs 2 services: Altiris Event Engine and Altiris Event Receiver. The Altiris Event Receiver service is responsible for listening for incoming SNMP traps. Ensure there are no software applications that also listen for SNMP traps as they may conflict with this service and prevent SNMP traps from being received (e.g. The Windows SNMP Trap Service service conflicts with the Altiris Event Receiver service. Ensure that this service is disabled)
If you wish to receive alerts from resources which are unmanaged (do not have the Symantec Management Agent installed), the alerts will appear with the IP address of the resource as the hostname. For the proper hostname to appear in the alert details and for the resource inventory to exist in the CMDB, run a Network Discovery task to add the desired resources. First, configure the appropriate protocols to communicate with the resources by accessing: Settings > All Settings > Monitoring and Alerting > Protocol Management > Connection Profiles > Manage Connection Profiles. Choose to either edit the existing Default Connection Profile, or create a new Connection Profile. Second, create a new Network Discovery task to discover the desired resources and connect to them using the desired Connection Profile. In the Console, access: Actions > Discover > Network Devices
Import the SNMP MIB files for the desired operating system(s) and/or 3rd party application(s) which will be responsible for sending the SNMP traps.
Note: The MIB files contain the alert definitions so the traps are properly identified by the Event Console when they are received. If an SNMP trap is received and there is no alert definition in the database for that alert, it will appear with a category of "Undetermined".
You may either import the desired MIB files by accessing: Settings > All Settings > Monitoring and Alerting > SNMP MIB Import Browser > MIB Browser > Import MIB file, or by creating and leveraging the MIB Import task.
Note: The imported alert definitions will be placed, by default, in the Unknown category under: Settings > All Settings > Monitoring and Alerting > Protocol Management > Alert Management Settings. These alert definitions can then be optionally dragged and dropped to their desired categories
Configure the target resource's operating system or 3rd party software to send SNMP traps to the Notification Server. Refer to the manufacturer's documentation for instructions on configuring SNMP trap destinations. Generate a test SNMP trap to ensure communication is working, the SNMP trap is received in the Event Console, and the alert is properly identified. All SNMP trap alerts are viewable and managed by accessing: Manage > Events and Alerts
You may then choose to take action on specific SNMP traps, to filter certain traps from being received, or to forward traps to additional SNMP management stations. To configure these options, access: Home > Monitoring and Alerting > Event Console > Alert Rule Settings