What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Filtering Traps

Votes:

0

Hi Community,

I got the following demand: We have several PaloAlto networks firewalls and I need to monitor different traps - unfortunately, the Trap-Handling is quite cumbersome related to other network monitoring systems, but it is how it is.

This trap OID is sent, when a connected software module fails: 1.3.6.1.4.1.25461.2.1.3.2.0.2303 SNMPv2-SMI::enterprises.25461.2.1.3.1.304 = TS-Agent <name>(vsys1): Error: Failed to connect to <ip>(<ip>):5009 details: none

I created a Trap-Receiver on the firewall object and configured these settings to filter out only this specific trap:

Include Filter: any Exclude Filter: Warning Filter: Error Filter: bindings[1.3.6.1.4.1.25461.2.1.3.2.0.2303,Failed]

When the trap fires, I can see, the trap under the message tab, but the trap is not recognized as an error-trap.

I already tried to leave out the text after the OID, but that didn't work either.

Has somebody ideas how to fix this problem? I'm looking forward to any input.

Best Regards Chacko

PS: A more general question: Isn't there a better way to monitor trap behavior? - if I understood it right, I need to filter out each specific trap which I need to have monitored, because the default polling-interval and alerting settings is different for most traps.

paloalto prtg snmp trap

Created on May 7, 2018 7:46:28 AM



3 Replies

Votes:

0

Dear Chacko,

in which sense is the trap not recognized as error? The error filter would not directly set the sensor to the error status. Instead, the trap appears as above-zero bandwidth in the error traps channel of the sensor.

What is the overall maximum value of that channel in your trap receiver sensor?

Created on May 7, 2018 11:51:27 AM by Arne Seifert [Paessler Support]



Votes:

0

Hi Arne,

if I have a look at the live-data tab, I can see that the message volume has increased by one, but the error volume is not increased as well. That's exactly the problem, because my alerting is based on volume inside the error channel.

All in all I simply need a error-filter which includes only this received trap.

Best Regards Chacko

Created on May 7, 2018 11:55:09 AM



Votes:

0

Dear Chacko,

because this case seems to get more complex, please contact [email protected]. Please describe the issue again and attach screenshots of the sensor, of

  • the overview tab
  • the logs tab
  • the settings tab (multiple screenshots if necessary to cover all options.)

Please capture the whole PRTG user interface in any screenshot and send them as email file attachment. You can mention me (Arne) being already informed about the case.

Created on May 7, 2018 12:05:12 PM by Arne Seifert [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.