SNMP Trap monitoring with SCOM 2012 R2

Article
02/03/2015

<!--[if lt IE 9]>

<![endif]-->

Comments

Anonymous
January 01, 2003
Please remove/ignore the previous post, i hope this is more readable;

Hi Kevin,

Great article! I do have a question though, despite your very clear description.

Let's say i want to create an alert based on multiple snmpVarBind conditions. I was hoping to achieve this by separating my expressions by inserting AND in between, but that's probably not how it should work. SCOM also refuses to import the modified MP. Any ideas?

This is what i tried;

[code]

EventData/DataItem/SnmpVarBinds/SnmpVarBind[7]/Value

Equal

99

AND

EventData/DataItem/SnmpVarBinds/SnmpVarBind[8]/Value

Equal

99

AND

EventData/DataItem/SnmpVarBinds/SnmpVarBind[9]/Value

Equal

99

[/code]
Anonymous
January 01, 2003
The comment has been removed
Anonymous
January 01, 2003
SNMP on the OS should have ZERO bearing on any of this - SCOM does not use the SNMP service on the OS. To accept V1 traps, the rule taking action needs to have the tag removed from the XML, and you need to ensure the community string is the same as the discovered community string. If they are different, add that community string in your list of available community strings, or hard code the string for that rule.
Anonymous
January 01, 2003
Astonishing but true, I see the value under Simple Network Management Protocol in Wireshark for the trap that were received called snmp.community: SNMP_trap but the device has the Read community string totally different. Maybe that seems to be the issue. I added the comunity string within SCOM and distributed it to the resource pool but still no cigar. Suggestions?
Anonymous
January 01, 2003
Ah, of course, that makes sense. Better yet, SCOM imports the management pack now without any errors, Thanks Kevin!
Anonymous
January 01, 2003
The comment has been removed
Anonymous
January 01, 2003
Did you make sure you disabled/aren't running the SNMP TRAP service?
Is there a chance that you discovered the device using a specific community string - but the trap is sent using a different community string? Look at the community in wireshark.
Anonymous
January 01, 2003
@Martijn -

Yes, you just need to use the correct expression syntax for an AND statement in XML. There are many examples of this, you could make one just by making an event rule with two event ID's to see an example of the XML. Here is a sample.

https://msdn.microsoft.com/en-us/library/ee692979.aspx

<Expression>
<And>
    <Expression>
      <SimpleExpression>
         <ValueExpression>
           <XPathQuery Type="String">EventData/DataItem/SnmpVarBinds/SnmpVarBind[3]/Value</XPathQuery>
         </ValueExpression>
         <Operator>Equal</Operator>
         <ValueExpression>
           <Value Type="String">12345</Value>
         </ValueExpression>
      </SimpleExpression>
    </Expression>
    <Expression>
      <SimpleExpression>
         <ValueExpression>
           <XPathQuery Type="String">EventData/DataItem/SnmpVarBinds/SnmpVarBind[4]/Value</XPathQuery>
         </ValueExpression>
         <Operator>Equal</Operator>
         <ValueExpression>
           <Value Type="String">foo</Value>
         </ValueExpression>
      </SimpleExpression>
    </Expression>
</And>
</Expression>
Anonymous
January 01, 2003
The comment has been removed
Anonymous
January 01, 2003
Should work fine. It has to be some data in the trap that is root cause.... most of the time it came down to version (fixed by removing this from the rule) or IP address (agent-addr in trap must match discovered device IP)
Anonymous
January 01, 2003
Great article! Thanks!

-Tero
Anonymous
January 01, 2003
FYI: Make sure you keep track of SNMP version discovered VS SNMP trap version:http://blogs.msdn.com/b/wei_out_there_with_system_center/archive/2014/02/15/opsmgr-customizing-the-snmp-trap-collection-rule-for-all-snmp-version-traps.aspx
Anonymous
January 01, 2003
@ Niki -

http://www.mib2mp.com/
Anonymous
February 04, 2015
Yeah, thanks Mihai! I was more than confused reading your initial post in my feed reader and was asking myself "man, how did I make that work so often?" :-)
Anonymous
February 06, 2015
Excellent article. Not worked for me. Wirehshark shows SNMP traps but SCOM 2012 still not picking them up even though catch all trap rule set.
Anonymous
February 06, 2015
Only got one MS, but went ahead and created the resource pool anyway. Yes device discovered as ICMPSNMP. Yes to Q.3.
Anonymous
February 06, 2015
SNMP Service and SNMP Trap are both disabled. Community name is the same as per discovery and what appears in Wireshark.
Anonymous
February 06, 2015
V1 traps are being received in Wireshark. Agent-addr ip has now been added as network device, still no traps showing in SCOM. I am trying to get SCOM to monitor EMC RPA's which use linux Net-SNMP agent 5.1.
Anonymous
February 06, 2015
Hello Kevin, I have a similar case like SajMo. The traps are getting received by SCOM 2012 R2 instance we have for few devices that are discovered as network device. Alerting is working fine too. The issue is that we discovered a new device that got discovered as SNMP v2. It sends trap using SNMP v1. I forced the discovery to be as a v1 device and it got discovered successfully.
The issue is that the device is sending traps to one MS in our NMPool and I confirmed the same using WireShark. But not getting into SCOM. Created empty UID alert rule, collection rule and they capture all other traps from other devices but not from this one. One interesting thing you wrote is that to ensure the community string that the device is using should be same as one used to discover device. I can see the trap in wireshark but no reference to the community string within it. Any idea where can I find that info in a sample trap? will be a big help.
Thanks. Just to let you know, you are considered a rockstar within my support team!!! Keep up giving back to the community.
Regards,
Kapil Dham
Anonymous
February 09, 2015
SCOM discovers my EMC RPA cluster as snmp v2. I know the traps come in as v.1 only as set like that by storage guy. No option for v.2 only v1 and v.3. Is there a way I can configure SNMP on OS to look for v.1 only traps ? SNMP service now running.
Anonymous
February 13, 2015
Hi Kevin,

several month ago I've published how to receive snmp traps from a MS windows based vCenter server on SCOM 2012 R2. Maybe this is worth a try:

http://www.fricnet.de/scom2012r2-trapreceiver/scom2012r2-trapreceiver.html

regards,

Frank
Anonymous
February 19, 2015
Thanks so much for this post Kevin! Great job as usual.
Anonymous
February 25, 2015
Troubleshooting steps -
1. Is the trap making it to the SCOM server?
2. Is the originating IP in the "network" discovered section?
3. Is your rule/monitor targeting "Node"?
4. Is the SNMP trap received a different version than the device you discovered? (V1, V2) -- see editing out the version filter above
5. Is SCOM listening on the standard SNMP trap port? (If the SNMP service or Trap service is running, likely THEY are grabbing the trap)
6. Is the originating IP a Windows machine? SNMP will be dropped from any Windows machine.
7. This one needs tested... but my experience was that once I had installed the SNMP service, even if it was disabled, I still needed to update the Traps and Security sections of the SNMP service properties - I think the security section there was blocking some SNMP traffic.
Anonymous
March 05, 2015
Hi Kevin,

Great article! I do have a question though, despite your very clear description.

Let's say i want to create an alert based on multiple snmpVarBind conditions. I was hoping to achieve this by separating my expressions by inserting AND in between, but that's probably not how it should work. SCOM also refuses to import the modified MP. Any ideas?

This is what i tried;

EventData/DataItem/SnmpVarBinds/SnmpVarBind[7]/Value

Equal

2

AND

EventData/DataItem/SnmpVarBinds/SnmpVarBind[8]/Value

Equal

99

AND

EventData/DataItem/SnmpVarBinds/SnmpVarBind[9]/Value

Equal

1

Thanks,
Martijn
Anonymous
March 10, 2015
THANK YOU! I can't tell you how many hours I spent trying to get this to work using the various methods found on the internet. I stumbled across this today and had it working in less than an hour.

If you feel like revising, if you could put in something about HOW to export and import the management pack, that threw me for a little bit (but I found it finally, duh).
Anonymous
May 21, 2015
Hi Kevin, May we know if there is a need to install any SCOM agent to a linux server for SNMP to work and be discovered in SCOM? The network devices are found in the network devices in SCOM already.
Anonymous
May 22, 2015
any third party tool to convert MIBs into a MP?
Anonymous
May 22, 2015
Perfect i will look into that product.
Anonymous
August 17, 2015
Kelvin, I have 300 Servers to be monitored from SCOM 2012 R2 all are Win2012 R2 and pls can you tell me will it be possible to install the SNMP Services on all the Server and generate the alerts using SNMP, the main reason for this is that the client want to integrate this will BMC Remedy and they want to configure this using SNMP Trap only..
Anonymous
August 17, 2015
@SV -

My name is Kevin, not Kelvin. This is important in a dialogue. :-)

For some reason - the product group decided not to allow SNMP monitoring or traps from another Windows Computer object. These are filtered out. I have heard this is hackable - and you could change this, but I don't have the info handy.
Anonymous
August 17, 2015
The comment has been removed
Anonymous
August 17, 2015
Dear Kevin, Apologize for the typo error in your name.. Extremely Sorry for that.. :) :) Thanks a lot for your immediate response on my post... :) :)
Anonymous
August 18, 2015
@Andrew - yes - see the "catch all traps" rule - see if the OID is sent as a varbind - then create an expression.

@SV - no worries. :-)
Anonymous
August 19, 2015
Hi Kevin,

Another great article. Your blogs always helps me. Thank you.

I have a situation. On one my gateway server SNMP service is used by another application. So I have to keep it running.

I have noticed the event id 12300 –
Log Name: Operations Manager
Source: Health Service Modules
Date: 8/19/2015 7:43:56 PM
Event ID: 12300
Task Category: Health Service Module
Level: Error
Keywords: Classic
User: N/A
Computer: *********
Description:
Error: The SNMP Trap port is already in use by another program. Please uninstall or disable other SNMP services.
One or more workflows were affected by this.

And then custom rules are failing...
does this SNMP services used by another application causing this?
Anonymous
August 19, 2015
Hi Kevin, do you know if these steps can be used to receive SNMP traps from another/different monitoring system running on Windows server since we won't be able to discover it as a network device?

Regards,
MA
Anonymous
August 19, 2015
@Pacman,

Kevin already answered it -- "For some reason - the product group decided not to allow SNMP monitoring or traps from another Windows Computer object. These are filtered out."
Anonymous
August 27, 2015
Hi All -

I am going to monitor a UPS device (Eaton 93E UPS), there's already available management pack and successfully imported in SCOM. The UPS device was discovered with SNMP v1. Windows SNMP service was uninstalled and SNMP Trap service was already disabled. We have setup the device to send trap and verified that is was also sending SNMP Trap under v1 but unfortunately SCOM did not received any traps. We are using network monitor to trace the trap and found that it was received by the MS but did not see on SCOM.

Do i miss anything here?

Thanks!

Marlon
Anonymous
August 27, 2015
Please ignore my post above because I have found the root cause of the problem. The protocol that the device used to communicate back to the management server is port 162 and we have manually assigned it with port 161.

Thanks Kevin for this very helpful blog! More power!
Anonymous
September 03, 2015
Hi Kevin,

I've add two new MS to my management group, added them to my "network monitoring" resource pool but they don't seem to enable their "snmp trap receiver" feature...
I can see using wireshark that they receive snmp traps, but their answer is "port unreachable".
"Netstat -na | findstr 162" shows that they are not listening on port 162.

Am I missing something here? For now, the traps are still received by the old MS but I'll have to take it offline sooner or later, so I need my new MS to be able to receive traps as well.

Any idea?

Thanks!
Anonymous
September 03, 2015
@Cyraz -

Try changing your network device discovery to be run by a new MS. I believe only the MS that discovers the SNMP device will listen for traps.
Anonymous
September 03, 2015
Done that in the first place as it was part of my "migration process", and re-ran the discovery rule.
I just did it again I do have events showing that this has been taken into account such as 12121/12127/12003/12004 (topology cleared/proceeding to discover/probing/probing completed), but it's still not listening on udp 162...
Anonymous
September 03, 2015
(thanks for this incredebly fast answer, though!)
Anonymous
October 15, 2015
Hi Kevin,
Nice work with this custom SNMP Alerting, exactly what I needed :)

I followed to the letter what you did and it worked like a charm, i'd like to push this further, and I am wondering if you could help.
We are trying to monitor Tripp Lite batteries, and if work well.. i.e:
Trap filtered to ti OID of the batteries, limiting the "spam" on the trap, which is perfect.
Made and alert like you explained and when we unplug the battery we get and alert
$Data/EventData/DataItem/SnmpVarBinds/SnmpVarBind[5]/Value$ >> it Reports "On Battery", meaning the power is off, which is great

Now I have noticed there is and Alert Suppression button on the Alerting page, so my question is this.
How can I have this alert resolve automatically when I plug back the power... It reports "On Utility power" with the same varbind.
I dunno much about xml programming unfortunately, so I don't know how to capture in a variable and pass it in the expression to suppress the alert, or the steps required, if any, to modify the MP for it to work.

Thanks
Anonymous
November 11, 2015
What about the HP Storage , Proliant and Blade MP?
In my environment they all throw out SNmp and require snmp config of the trap service. How do you set those up now?
Anonymous
December 03, 2015
Excellent Article. Its worked for me. One doubt, when the alert triggered, with in 1 minute it is moving to closed state. What is the reason for that.
Anonymous
December 16, 2015
I previously wrote about using the network device monitoring in SCOM here: http://blogs.technet.com/b
Anonymous
January 27, 2016
If the Device is not discoverable (like DELL TPAM), it does not allow incomming PING or SNMP, how to manually add the device anyway? even if they are not discoverable.
Harun Akboga
Anonymous
January 27, 2016
Thanks. Nice Article.
Anonymous
February 21, 2016
Kevin, i'm a fan of your blogs :-)
Anonymous
February 23, 2016
This is a really old entry and my question is a little off topic, but what if you have SNMP trap messages being sent from an application running on another server, in my case AIX and Linux? Is there no way to simply set up SCOM to listen for traps from a particular address? The server doesn't run SNMP as it's not needed just to send trap messages, so it can't be discovered by SCOM.
Anonymous
February 23, 2016
@ Bob Compono -

SCOM unfortunately must discover an object in order to receive traps from it. I dislike this requirement, and if I ever find time, I think we can add network devices on our own via script based discovery. I was planning on showing an example of that, using scripts to read a CSV file, and discover network objects for just this very purpose, bypassing the interrogation method that is built into SCOM.
Anonymous
April 27, 2016
Hi,I want to send Snmp trap from SCOM 2012 R2 to Nagios, how can I do that .I think the above code is for receiving trap to SCOM.Can anybody say me about how to send snmp trap from SCOM to Nagios, Please.Thank You.
Anonymous
May 18, 2016
The comment has been removed
- Anonymous
  May 18, 2016
  The comment has been removed
  - Anonymous
    December 28, 2016
    When you say V3 devices are supported. Does that apply to V3 traps? Can only find articles that says it does not. Will V1/V2 traps work with devices discovered with snmp V3
    - Anonymous
      February 20, 2017
      Hi Henrik,SCOM 2012 does not and even SCOM 2016 does not (MS Request No.117021415314872). You can discover and monitor v3 devices, but you cannot catch their (v1/v2/v3) traps with SCOM 201x. Maybe we should vote that up to make it happen one day:https://systemcenterom.uservoice.com/forums/293064-general-operations-manager-feedback/suggestions/12332553-support-for-snmp-v3-traps
Anonymous
July 07, 2016
The comment has been removed
Anonymous
July 11, 2016
Hi Kevin,Thanks for this article, i couldn't find the class "node" when creating the rules for the SNMP event trap.Instead i could see the below in the rule target when search for Node.Dell Sled Server NodeDell Sled Server Node with Operatinf systemDell sled Server Node without Operating systemDell Windows Sled Server Node
- Anonymous
  July 11, 2016
  Please ignore my previous post. I could find it.I searched in view common target instead of view all targets.Thanks.
Anonymous
August 01, 2016
is there any link that show how to insert expression for SCOM 2007R2 same as SCOM 2012 in the SNMP rule?
Anonymous
August 02, 2016
i have force discover windows based server as v1 to receive traps from vcenter.. i receive traps from both vcenter but only 1 of them is published into SCOM. both are using the same rule and the traffics are capture via wireshark. anywhere i need to check??
Anonymous
August 19, 2016
The comment has been removed
Anonymous
September 21, 2016
Hello, Kevin!I don't understand this step:- Now increment the XML version of the MP in the Manifest section, and re-import the MP. This will limit confusion and SNMP version issues down the road.Could you explain?1) Export MP to XML2) Delete / 3) Re-import MP - on this step error, that MP already present in system.
- Anonymous
  September 23, 2016
  Fuf it works! After few days and install test ubuntu :)In my questions: 1) go administration-> management pack -> export created MP2) delete "version" as in article3) change "version" in manifest 1.0.0.0 -> to 1.0.0.14) Import xml to SCOM Thanks Kevin! Good job!
Anonymous
October 05, 2016
Hi Kevin, Is it possible for using SNMP trap to calculate HP storage capacity? If yes, could you please help with the procedure?
Anonymous
October 28, 2016
Fantastic article :)One issue I did run into was the listener didn't start quickly on port 162. I left it over night and it started, also found a reboot will start it if you cannot wait.
Anonymous
November 01, 2016
Hi Kevin, I've been trying to setup a trap based monitor to capture if an appliances services are down or not (has 3 services that run). I have it working as a rule without any issues but when I try and recreate it via a monitor I have no success at all.Below is a trap captured in SCOM using your method in this post.Object Identifier Syntax Value.1.3.6.1.2.1.1.3.0 Timeticks 1167094645.1.3.6.1.6.3.1.1.4.1.0 Oid .1.3.6.1.4.1.23365.10000.0.1051.1.3.6.1.4.1.23365.10000.7.1.1.1 Integer 1I'm trying to set up the monitor using the using the expression below while having the "First SnmpTrapProvider" blank.SnmpVarBinds/SnmpVarBind[OID=”.1.3.6.1.4.1.23365.10000.7.1.1.1”]/ValueAny insight as to why this isn't working?
- Anonymous
  November 01, 2016
  If you are using the UI - to create the monitor - there is a bug:https://social.technet.microsoft.com/Forums/systemcenter/en-US/282b61e6-69d9-4bd4-ba14-a9d43a40d093/snmp-integer-value-convert?forum=operationsmanagergeneralIt defaults to string - and you cannot use an integer based expression with string - so you have to do some XML edits (see link above)
  - Anonymous
    November 02, 2016
    Thanks for your reply Kevin.I did try changing it but it still doesn't trigger with the OID. SnmpVarBinds/SnmpVarBind[OID=”.1.3.6.1.4.1.23365.10000.7.1.1.1”]/Value Equal 1 SnmpVarBinds/SnmpVarBind[OID=”.1.3.6.1.4.1.23365.10000.7.1.1.1”]/Value Equal 0I did get it working by using "SnmpVarBinds/SnmpVarBind[3]/Value" but this doesn't allow me to monitor all 3 services individually.
Anonymous
November 03, 2016
The comment has been removed
- Anonymous
  November 03, 2016
  Not sure I understand.Where is the "problem"? What do you want to delete?
  - Anonymous
    November 30, 2016
    I had over 1 million traps sitting in my view for All SNMP Traps. I corrected this by tuning the days to keep events in Administration\Settings\Database Grooming.
  - Anonymous
    January 17, 2017
    Hi Kevin,We have SNMP monitoring configured and we would like to exclude few alert triggered with few keywords. Is this achievable?
Anonymous
January 18, 2017
We have created a SNMP rule to monitor autosys jobs based on OID's. We want to exclude few jobs from alerting from these rules. Is there an option to exclude few job failures from alerting?
- Anonymous
  January 18, 2017
  The comment has been removed
  - Anonymous
    January 18, 2017
    Thanks Kevin :)
Anonymous
April 11, 2017
The comment has been removed
- Anonymous
  April 26, 2017
  Exactly the same problem. The port listens to the process, but there are no events.What to do?
  - Anonymous
    June 14, 2017
    Same problem here, any idea Guys?
Anonymous
May 31, 2017
Thanks for the article very helpful.I succeeded to receive SNMP traps on my SCOM consol. Those traps are generated by a third party application on a Linux systems. The application is configured to send SNMP traps to 1 of my management server. But what will happens if this management server fall down? I've got two others in the same resource pool but they don't received the SNMP traps...Any idea how I can manage the failover? Thanks in advance for your help.Adrien
- Anonymous
  May 31, 2017
  The comment has been removed
  - Anonymous
    June 01, 2017
    Hi Kevin,Thanks for your quick reply. Yes it's what I thought, we will try this.Adrien
  - Anonymous
    June 08, 2017
    Hi Kevin,After some tests it seems that SCOM only catch SNMP traps from the MS which discovered the device. I've got tree management servers in the same "Network ressouce pool" with the community string distributed on each one. But only one received the traps...Any idea ? Thanks in advance !
    - Anonymous
      June 08, 2017
      I already commented on this above.It is NOT the MS that discovers the device. It is the MS that HOSTS the device. If you have three MS in a pool hosting network devices, you must send the traps to ALL THREE Management servers, because of load balancing the network device object could be hosted on any of the management servers at any given time.
Anonymous
June 02, 2017
Hi Kevin, wondering if you can give me some help on an SNMP trap issue.I've done these steps I believe, but I also followed your other guide on setting up a Windows Server as an SNMP device.I did those steps, and I have my VEEAMONE server setup as an SNMP node in SCOM 2012 R2. I have several other SNMP devices as well. Confirming through Wireshark, I am getting the traps sent to my SCOM management server, but I am not getting the alerts showing up in my event view, but I am with the other SNMP traps I send.Help!! SCOM is not in production, but we are probably migrating towards it soon and need to be able to get these alerts sent from VEEAM ONE
Anonymous
June 07, 2017
Hi! need a example that SCOM2012 Sends Traps to another system.... Is it Possible?
Anonymous
June 12, 2017
Hello,will this work with SCOM 2016 on Windows server 2016?Thanks
- Anonymous
  June 12, 2017
  Yes, yes.
Anonymous
June 12, 2017
Hello,Will This Work on Windows Server 2016 (SCOM2016 aswell)?Thanks
Anonymous
June 13, 2017
I have tried this, but it does not work. I even tried your MP. I can see in NETMONITOR that the traps go with the same community string, but the rule does not show any of them. :(
- Anonymous
  June 13, 2017
  Did you place ONLY a single management server in the resource pool used for network monitoring?
  - Anonymous
    June 14, 2017
    Yes, I did, but doesnt work. I have two MGMT, but only one in resource pool. :(
  - Anonymous
    June 15, 2017
    I got it, problem was with local firewall. Now its working perfectly!!Thanks
    - Anonymous
      September 19, 2018
      Hi -May i know what firewall settings did you check for this? We are also experiencing same issue in SCOM 1807. Thanks!
    - Anonymous
      September 19, 2018
      Hi -It this the local firewall you have modified?Operations Manager SNMP Response (disabled in our MS)Thanks!
- Anonymous
  June 13, 2017
  Yes
Anonymous
October 02, 2017
Has this been tested in SCOM2016 UR3? I'm trying to get SNMPv1 traps from a windows machine where commvault sends traps.I already enabled windows device discovery as network devices. So the device is discovered as a network device (SNMPv2). I have captured traffic with wireshark and confirms that the traps arrive at the ManagementServer. I followed the procedure of creating a view for all events and then removing the to be able to catch SNMPv1. But i can't display it in events view. I have also imported the MP "demo - SNMP monitoring" to see if i messed up somewhere. But there i cannot see the events either. When i look at the events that are actually displayed it are all SNMPv2 events. But not the SNMP traps i'm looking for. The whireshark displays the traps as SNMPv1 traps. So i think there should be the issue. I checked the MP XML again for version tags, but they are all removed. Any suggestions on where to look to get the SNMPv1 traps from a windows machine in my console?
- Anonymous
  October 03, 2017
  Make sure in your network resource pool you only place ONE of your management servers while testing. If you have more than one MS, you dont know which MS is hosting your network device. That is the MS which must receive the traps, otherwise you must send your traps to ALL management servers in the network devices resource pool.
Anonymous
October 10, 2017
For processing vast amounts of SNMP traps an efficient solution is to have a Linux machine receiving the traps. This server is monitored by SCOM and then we use the SCOM agent to send the resulting SNMP alerts to the SCOM itself... More details at https://scomart.blogspot.pt/2017/10/using-linux-machine-for-receiving-snmp.html
Anonymous
January 09, 2018
Hi Kevin,Any idea why I don`t have the Node monitoring target, when I try to create the rule. I am running SCOM 2012 R2.
- Anonymous
  January 09, 2018
  No idea.
Anonymous
April 12, 2018
Hi Kevin,First thank you for the great article. I was wondering if you can help. I have SCOM 2016 environment with 2 mgmt servers in a pool. I imported your MP and tested test trap, which it work for v2. But for snmp devices that are discovered with snmp version, 1 I'm not able to receive any alerts or traps. I ran wireshark and I can see the traps going through. I ran a test using this article (https://michelkamp.wordpress.com/2012/07/02/how-to-check-if-a-snmp-trap-is-received/) and I was able to verify the scom server is receiving the traps. I have tried it with 1 mgm serverin my snmp pool and still not registring in All SNMP Traps and All SNMP Alerts. I have tried creting a new one receive all event trap with specific OID and nothing coming through All SNMP Traps and All SNMP Alerts. I verified the MP you have didn't have the version tag, which is good. I verified no firewall on windows or any type of appliance firewall between the snmp device and scom mgmt server. Anything else to try?
- Anonymous
  April 12, 2018
  The comment has been removed
Anonymous
May 10, 2018
Hi Kevin,Is it possible, using a SNMP probe monitor, to set a minimum amount of time the data source must be in breach condition to generate an alert?We have configured IP SLA in our Cisco routers, and this feature gives me an OID with a specific value. The monitor has been created, however I need to find a way to generate alerts only after 3 consecutive reads above defined SLA, which is not working. The monitor runs each 2 minutes, so using my logic an alert should be generates only after 6 minutes out of defined threshold, but I did not find any option for this.Do you know how can I implement this on this monitor?
Anonymous
June 07, 2018
Hi KevinI managed to get SCOM to alert on SNMP traps generated by hardware issues on HP Gen 10 servers. Is there a limit to the number or traps that can be received by a 3 server resource pool before it would start having an impact on 'normal' monitoring?Thanks
- Anonymous
  June 07, 2018
  The comment has been removed
Anonymous
September 19, 2018
Hi Kevin -Thanks a lot for this blog and it helps us customizing SNMP monitoring in SCOM.We are already in the stage of upgrading SCOM 2012 R2 to SCOM 1807, upon our testing of management packs, we cannot work the SNMP trap monitoring in SCOM 1807.We use MS Network Monitor tool and confirmed that trap was successfully sent to the SCOM server, however it is not reflecting in SCOM console.Your help is highly appreciated.Thanks.Marlon
- Anonymous
  September 19, 2018
  Hi Kevin -I have tried to enable below firewall settings and SCOM 1807 is now receiving SNMP Traps.netsh advfirewall firewall set rule name="Operations Manager SNMP Response" new enable=yes netsh advfirewall firewall set rule name="Operations Manager SNMP Trap Listener" new enable=yesWill consult this with our Server Team.Thank you all!

Share via

SNMP Trap monitoring with SCOM 2012 R2

Comments

Additional resources