SNMP trap definitions determine how incoming traps are interpreted and converted into alerts. When a device sends a trap, OpsRamp evaluates it against a configured trap definition to determine how the trap should be processed, including the severity to assign, the conditions to apply, and how the resulting alert should be generated.
Understanding trap behavior is essential to ensure that alerts are accurate, meaningful, and aligned with your monitoring requirements.
Trap behavior flow
- Trap Identification: The trap is identified using its Object Identifier (OID).
- Trap Definition Matching: The trap is matched with a corresponding trap definition configured in the platform.
- Condition Evaluation: Any configured conditions are evaluated based on trap data, such as varbind values.
- Severity Determination: The severity of the event is determined based on the evaluation results.
- Alert Content Configuration: Configured alert content, including subject and description, is applied.
- Alert Generation Rules: Duplicate handling and suppression rules are enforced before the alert is created.
This flow ensures that raw trap data is transformed into structured and actionable alerts.
Configuring trap behavior
…to determine how the trap should be processed, including the severity to assign, the conditions to apply, and how the resulting alert should be generated.
Note
Trap behavior should be configured carefully to ensure alerts are accurate and actionable. Incorrect or overly broad configurations can result in excessive alerts, while overly restrictive conditions may cause important events to be missed.Severity configuration
Severity can be set as either static or dynamic:
- Static severity: A fixed severity level applied to all trap occurrences
- Dynamic severity: Severity determined by specific values within trap data, allowing context-based outcomes (for example, Critical for production interfaces, Warning for test interfaces)
Important
Trap behavior should be configured carefully to ensure alerts are accurate and actionable. Incorrect or overly broad configurations can result in excessive alerts, while overly restrictive conditions may cause important events to be missed.Condition-based processing
Conditions refine trap processing by applying rules based on trap content. These conditions are typically based on varbind values and allow you to control how different events are handled. For example, you can configure conditions to generate alerts only when specific thresholds are exceeded or when certain status codes are present. This helps ensure that alerts are relevant and actionable, reducing noise from non-critical events.
You can also configure alert subject and description to include meaningful context, making alerts easier to understand and act upon.
Alert generation behavior
Trap definitions also control how alerts are generated and managed.
Alert suppression: OpsRamp can suppress duplicate alerts from repeated identical traps, reducing alert noise and preventing alert fatigue.
Alert generation options: You can configure alert behavior to either:
- Suppress duplicate alerts (default deduplication behavior)
- Generate alerts for each trap occurrence (when tracking repeated events is important)
Alert resolution: Recovery traps can be mapped to existing alerts to automatically clear or resolve them, keeping alert states synchronized with resource conditions.
Alert filtering: Specific traps can be excluded from alert generation to filter out low-value or noisy events that do not require attention.