SNMP Traps in AppFormix
AppFormix supports monitoring of SNMP traps sent from network devices. Traps are unsolicited messages sent from an SNMP agent to remote network management systems or trap receivers.
Configuring Devices to Forward SNMP Traps
For AppFormix to listen to SNMP traps from devices, you need to configure the devices to forward the traps because they are not forwarded by default. This can be done either manually from the Junos OS CLI of the device or through AppFormix software development kit (SDK).
Check the SNMP Trap Configuration on Device
Before AppFormix Version 3.1:
In AppFormix version 3.0, AppFormix only supports SNMPv2 traps. After the device is configured to forward SNMP traps, you can verify the configuration by logging into the Junos OS CLI and running the following command:
show snmp
The output should be similar to the following example:
trap-options {
source-address {device_ip};
}
trap-group snmp-trap-metallb-test {
version v2;
destination-port 42597;
categories {
link;
authentication;
}
targets {
{collector_1_ip};
{collector_2_ip};
}
}
For additional details regarding configuration, refer to Configuring SNMP Traps.
After AppFormix Version 3.1:
When AppFormix version 3.1 or later is installed, SNMP trap configuration on the device needs to be updated because the configuration for the devices on AppFormix version 3.0 is no longer valid. In AppFormix version 3.1 or later, AppFormix supports both SNMPv2 and SNMPv3. You need to configure the device using the following sample configuration so that AppFormix will collect the SNMP traps.
After the device is configured to forward SNMP traps, you can verify the configuration by logging into Junos OS CLI and running the following command:
show snmp v3
The output should be similar to the following example for SNMPv2:
The security-name public in the following
configuration refers to the SNMPv2 community name you set in your
device. Set the SNMPv2 community name before you add this SNMP trap
configuration.
...
SNMP v2c Configuration
...
target-address appformix_snmp_v2 {
address x.x.x.x;
port 42597;
tag-list appformix_snmp_v2;
target-parameters appformix_snmp_v2;
}
target-parameters appformix_snmp_v2 {
parameters {
message-processing-model v2c;
security-model v2c;
security-level none;
security-name public; //this is the snmp v2c community name
}
notify-filter appformix_snmp_v2;
}
notify appformix_snmp_v2 {
type trap;
tag appformix_snmp_v2;
}
notify-filter appformix_snmp_v2 {
oid .1 include;
}
The output should be similar to the following example for SNMPv3:
...
SNMP v3 Configuration
...
target-address appformix_snmp_v3 {
address x.x.x.x;
port 42597;
tag-list appformix_snmp_v3;
target-parameters appformix_snmp_v3;
}
target-parameters appformix_snmp_v3 {
parameters {
message-processing-model v3;
security-model usm;
security-level authentication;
security-name acelio;
}
notify-filter appformix_snmp_v3;
}
notify appformix_snmp_v3 {
type trap;
tag appformix_snmp_v3;
}
notify-filter appformix_snmp_v3 {
oid .1 include;
}
For additional details regarding configuration, refer to Configuring SNMPv3 Traps on a Device Running Junos OS.
The variables security-model, security-level, and security-name are related to the SNMPv3 configuration you set in this device.
Configure the device with SNMPv3 credentials before you enable SNMPv3
traps.
Configuring AppFormix to Enable SNMP Traps Monitoring from Network Devices
Enable Listening to SNMP Traps for Network Devices
In AppFormix Dashboard, Settings > Network Devices, you can add or edit SNMP device configuration and enable AppFormix
to collect the SNMP traps for those configured devices. As long as
you have posted the snmp_trap_network_device plugin from Ansible, AppFormix will automatically start listening
on SNMP traps from all SNMP network devices configured in AppFormix.
The field SnmpEngineId is needed
when you want to enable SNMPv3 traps for a device. This field is not
required for normal SNMP polling.
Create Network Device JSON File for SNMPv2c
The list of network devices that needs to be monitored should be added to a JSON file with the following format. There can be multiple devices in the JSON file.
{
"NetworkDeviceList": [
{
"NetworkDevice": {
"MetaData": {
"SnmpConfig": {
"Version": "2c",
"OIDList": ["TCP-MIB::tcp",
"IF-MIB::ifTable",
"enterprises.2636.3.1.13.1"],
"Community": "public"}
},
"Name": "QFX0",
"NetworkDeviceId": "QFX0",
"ManagementIp": "x.x.x.x",
"ChassisType": "tor",
"Source": ["user.snmp"],
"InterfaceList": [
],
"ConnectionInfo": []
}
}
]
}
The user.snmp needs to be included
in Source field. AppFormix automatically
starts monitoring the traps sent from all user.snmp devices configured in AppFormix. For more details about other fields
and how to post network devices using Ansible, refer to Network Devices.
Create Network Device JSON File for SNMPv3
The list of network devices that needs to be monitored should
be added to a JSON file using the following format. There can be multiple
devices in the JSON file. For SNMPv3 traps, you need to specify the SnmpEngineId for SnmpConfig.
{
"NetworkDeviceList": [
{
"NetworkDevice": {
"MetaData": {
"SnmpConfig": {
"Version": "3",
"Password": "pwd",
"Level": "authPriv",
"PrivKey": "privkey",
"PrivProtocol": "DES",
"Protocol": "MD5",
"SnmpEngineId": "80000a4c010a574478",
"OIDList": ["TCP-MIB::tcp",
"IF-MIB::ifTable",
"enterprises.2636.3.1.13.1"],
"Username": "user"}
},
"Name": "QFX0",
"NetworkDeviceId": "QFX0",
"ManagementIp": "x.x.x.x",
"ChassisType": "tor",
"Source": ["user.snmp"],
"InterfaceList": [
],
"ConnectionInfo": []
}
}
]
}
Configuring AppFormix Network Device Monitoring Plugins
AppFormix needs to be configured at the time of installation
to enable the SNMP trap plugin. AppFormix has a built-in SNMP trap
plugin in the certified_plugins folder
in the Ansible installation directory. This needs to be included in
the plugin descriptor in the appformix_plugins variable in group_vars/all.
# network_device_file_name is optional, if you want to add devices from UI, then you don't need it
network_device_file_name: <path_to_above_json_file>
appformix_plugins:
- { plugin_info: certified_plugins/snmp_trap_network_device.json }
Enable SNMP Trap to Show in AppFormix Dashboard
There is a built-in SNMP trap rule that is configured in profiles/network_device_snmp_trap_profile.json to enable
SNMP trap pop-up in the AppFormix Dashboard Alarm page. The trap is
posted to AppFormix by default and every time traps are sent to AppFormix
Agent, the traps appear in the AppFormix Dashboard Alarm page and
display detailed information about the traps AppFormix receives.
SNMP Trap Data for External Notification
When AppFormix receives a SNMP trap, AppFormix displays the
trap in Dashboard > Alarms as rule network_device_snmp_trap and sends it to Apache Kafka, if Kafka has been configured in AppFormix. You can associate
the rule network_device_snmp_trap with
external notifiers such as PagerDuty, ServiceNow, Slack, Custom Notifier,
and so on.
Following is an example JSON file sent to external notifiers for SNMP trap:
{'status': {
'description': 'NetworkDevice sample_device: SNMP Trap Received for OID=linkUp',
'timestamp': 1555549001000,
'entityType': 'network_device',
'state': 'triggered',
'entityDetails': {},
'entityId': 'sample_device',
'metaData': {
'snmpTrapOID': 'linkUp',
'Timestamp': 1555548996000,
'ifAdminStatus': '1',
'roomKey': 'sample_device',
'ifIndex': '545',
'ifName': 'irb.20',
'ifOperStatus': '1',
'sysUpTimeInstance': '1028117810'}
},
'kind': 'Alarm',
'spec': {
'aggregationFunction': 'sum',
'intervalDuration': 1,
'severity': 'none',
'module': 'alarms',
'intervalCount': 1,
'metricType': 'snmp.trap',
'name': 'network_device_snmp_trap',
'eventRuleId': 'NETWORK_DEVICE_SNMP_TRAP',
'mode': 'event',
'intervalsWithException': 1,
'threshold': 1,
'comparisonFunction': 'equal'},
'apiVersion': 'v2'}
You can find a brief description of the SNMP trap in the status > description field,
detailed information of the SNMP trap in the status > metaData field, and status > entityId tells you which network device
this trap belongs to.
Install MIBs in AppFormix Network Agents
When AppFormix receives the traps from devices, AppFormix might
not be able to decode the OID into a proper user understandable string
if corresponding MIBs are not installed in your AppFormix Network
Agents. You need to download the MIBs and either manually copy all
of the *.txt MIB files to all network agents /usr/share/snmp/mibs/ or use AppFormix Ansible to deploy
the MIB files.
To install MIBs from Ansible see Custom SNMP Plug-Ins.