SNMP trap definitions include a set of fields that control how incoming traps are identified, processed, and converted into alerts.
Understanding these fields helps you configure trap behavior accurately and ensures that alerts are meaningful and actionable.
Field categories
Trap fields can be grouped based on their purpose:
- Identification fields
- Severity and processing fields
- Alert configuration fields
- Alert behavior fields
Identification fields
These fields define the identity and basic details of the trap.
| Field | Description |
|---|---|
| Name | The display name of the trap definition. Used to identify the trap within the platform. |
| OID | The unique object identifier for the trap. This field is read-only and derived from the MIB definition. It cannot be modified. |
| Description | A brief description of the trap, providing context about the event. |
Severity and processing fields
These fields determine how the trap is interpreted and prioritized.
| Field | Description |
|---|---|
| Severity Type | Defines how severity is assigned. Can be static or dynamic. |
| Severity | The severity level assigned to the trap (for example, Critical, Warning, OK). |
| Sender VarOID | The VarBind OID used to identify the source device (such as hostname or IP address). This helps map the trap to the correct resource. |
| Alert Component | The VarBind OID used to define the alert component. Enables creation of separate alerts for different component values. |
| Recovery Trap OID | The OID of the trap that represents recovery for this alert. When received, it clears or resolves the corresponding alert. |
Alert configuration fields
These fields define how alerts are presented.
| Field | Description |
|---|---|
| Alert Subject | The title of the alert generated for the trap. |
| Alert Description | The detailed message for the alert. Additional trap data (varbinds) may be appended automatically. |
Alert behavior fields
These fields control how alerts are generated and managed.
| Field | Description |
|---|---|
| Alert Exclude | Prevents the trap from generating alerts. Useful for filtering out low-value or noisy events. |
| Alert for each occurrence | Generates an alert for every occurrence of the trap. When disabled, duplicate alerts may be suppressed. |
Important notes
- The OID uniquely identifies the trap and cannot be modified
- Some fields may vary depending on the trap type or scope
- Changes to these fields directly impact alert generation behavior
Best practices
- Align severity levels with operational priorities
- Use conditions and components to reduce alert noise
- Avoid enabling “alert for each occurrence” unless necessary
- Use alert exclusion carefully to prevent missing important events