Monitoring External Events in NetCrunch
Using multiple tools to catch every SNMP trap or SYSLOG message might be hard. NetCrunch simplifies this task with the External Events window and lets you fine-tune your log and SNMP monitoring:
External Events - what are those:
External Events, as the name suggests, are types of events that aren't directly defined in NetCrunch, so there are no out-of-the-box alerts related to them. You can simply stream events into NetCrunch to see what comes, and then with a single click convert the selected ones into alerts.
All such unstructured messages and traps, even from nodes not yet in NetCrunch atlas, can be seen in the External Events tab. Currently there are two types of external events supported by NetCrunch:
- SYSLOG messages
- SNMP traps
The goal of the External Events view is to catch every Syslog Message and SNMP trap sent to NetCrunch and to show them to the user.
At first these aren't "alerts", just simple notifications in the External Events tab that shows all the information from this event that can be read by NetCrunch.
SYSLOG Message as an external event.
SNMP Trap as an external event.
Defining alert for the External event:
Here's how you can define alerts for a SYSLOG Message or SNMP v1 or v2 Trap :
- Make sure that the trap or message is sent to NetCrunch by your device or system.
- Open the External Events tab, and switch to SNMP or SYSLOG.
- Find your event on the list and hover over the "monitored" column next to the event to make the set alert option appear.
- Click on the set alert option. If the device sending the message is not in the atlas (as is the case above), it will be automatically added to your Network Atlas.
- A window with alerting rules will appear, and it will be automatically filled with data gathered from the trap or syslog. Add a description to the alert and click OK.
- Set an alerting rule or choose one from the already defined ones.
- That's it! You can now see an icon confirming that this kind of external event is being monitored and you will be alerted every time such a trap or message is received.
For SNMP v3 traps we need authorization for the trap to be decoded. It's necessary to add an SNMP profile first and then add the trap to be monitored.
-
If the trap was already sent, try to find it in the SNMP Traps external event list and click on set alert. Undecoded traps will look similar to the one on the screen below:
-
You will be informed that the SNMP v3 notification profile is needed to decode the trap. Set the proper credentials for SNMP v3, and save the profile.
-
Send the trap once again. Now it will be properly decoded and you will be able to set alerts on it (follow the same steps as for SNMP v1 and v2 traps above).
- [25.06.2018]How to start monitoring of new SNMP device with NetCrunch
Is your device monitorable? Read the article to learn how to approach configuring monitoring for a new device.
- [05.04.2017] Using NetCrunch to track Port Security status of Cisco switches.
Cisco port security is a great feature to make your network safer. Learn how to configure NetCrunch to display the status of Cisco Port Security on the switch interfaces.
- [07.04.2016] Optimizing SNMP Monitoring in NetCrunch
This article will explain reasons for most common SNMP monitoring problems, describing ways to fine-tune SNMP monitoring settings in NetCrunch. Learn how to monitor without stressing your SNMP device.