Though you can create three types of passive monitors, the SNMP passive monitor is the type most widely used. The SNMP Trap monitor listens for any (all) or specific SNMP traps. SNMP traps enable an SNMP device agent to notify on significant device events through unsolicited SNMP messages. For more information, see Cisco's Understanding Simple Network Management Protocols (SNMP) Traps.

SNMP Trap passive monitors in the library

The SNMP Trap monitors listed in the Passive Monitor Library are based on one of three following situations:

  • Passive monitors already in the database. By default, the passive monitor database comes with a few of the most Common SNMP traps included.
  • Passive monitors automatically created by WhatsUp Gold Trap Definition Import Tool. Use the Trap Definition Import Tool to create SNMP Traps from MIB files stored in the \Program Files\Ipswitch\WhatsUp\Data\Mibs folder. The Trap Definition Import Tool allows you to search for the specific SNMP trap for which you want WhatsUp Gold to listen, and then import the trap into the Passive Monitor Library. After you import the trap, you can make specifications to the passive monitor in the Passive Monitor Library using the Rules Expression Editor dialog. For example, if you want WhatsUp Gold to monitor when a specific IP address causes an authentication failure on your SNMP-enabled device, you can create a rule that tells WhatsUp Gold to log an event only when this particular IP address attempts to access the SNMP-enabled device.
  • Passive monitors that you define yourself. While using the Trap Definition Import Tool or any of the pre-configured passive monitors are two easy ways to configure SNMP Trap passive monitors, you still have the option to manually configure all passive monitor types via the Passive Monitor Library. This can be accomplished either by copying and pasting trap information directly from existing logs, or by browsing the MIB for OID values that you are interested in, and adding the Generic type (Major) and Specific type (Minor) information if required.

The SNMP Trap passive monitor requires one or more of the following credentials:

  • SNMPv1
  • SNMPv2
  • SNMPv3

Configure the SNMP Trap passive monitor using the following boxes:

  • Name. Enter a unique name for the passive monitor. This name displays in the Monitor Library.
  • Description. (Optional) Enter a short description for the passive monitor. This description displays next to the monitor in the Monitor Library.
  • Enterprise/OID. This option is only available if Generic Type (Major) is set to 6-EnterpriseSpecific. Click browse (...) to select the desired object identifier (OID) from the Enterprise section of the MIB. This is the SNMP enterprise identifier in the trap, which is used for unique identification of traps for a particular application. If you specify the OID in this box, then an incoming trap matches this rule only if the trap enterprise box begins with the OID that you have specified. If you are unsure of the OID to use or you do not need to be specific, you can leave this box blank and it is ignored.
  • Generic Type (Major). Each trap has a generic type number. This number is part of the rule that determines the matching criteria for an incoming trap. The definitions of 0 through 6 are not WhatsUp Gold definitions, but are derived from the SNMP specifications. For more information, see Common SNMP Traps.
  • Specific Type (Minor). This can have an integer value from 0 to 4294967296. To use this option, Generic Type must be always enterprise-specific. If you want to ignore this box, select Any.
  • Payload. Click Add to create a payload rules expression match scenario, test it, and compare it to potential payloads. The Rules Expression Editor allows you to use a rule expression to test a string of text for particular patterns. The monitor payload is the vital data that is passed within a packet or other transmission unit. A monitor payload can include data such as the event name, the IP address that the event came from, date of the event, etc. The payload does not include the "overhead" data required to get the packet to its destination. Generally speaking, the payload are the bits that get delivered to the end user at the destination. After creating an expression, click OK to insert that string into the list under Match On.
  • Add. Click to view the Rules Expression Editor and create a rules expression, test it, and compare it against potential payloads WhatsUp Gold may receive. After creating the expression, click OK to insert that string into the Match on box.
  • Edit. Click to edit a selected SNMP trap match.
  • Remove. Click to remove a selected SNMP trap match.