The Operations Sentinel Trap Service runs on one or more Windows systems and receives SNMP traps from any network device for forwarding to the Operations Sentinel server as event reports. Event reports are sent using the spo_event command, which is installed along with the WRM. This requires the WRM to be installed on the Windows system that is running the Operations Sentinel Trap Service.
Event reports of any type can be generated and triggered by the occurrence of an Operations Sentinel Trap Service from a managed system. You can change the predefined event reports by modifying the trap service database. See “Operations Sentinel Trap Service Database.”
When a trap occurs on a system, that trap is sent to the Windows system running the Operations Sentinel Trap Service. You must configure the correct trap destinations in the SNMP service on each node. See “SNMP Trap Destination Setup.” The Operations Sentinel Trap Service then searches its database for the specific trap OID and trap number. When it finds an entry, it builds an event report (using information from the database entry) and sends it to the Operations Sentinel server.
Figure 15–1 shows an Alerts window that contains an alert for an SNMP trap. The Details pane in this window shows the detailed information for this alert.
where
| Alert ID, Severity and Text | These values are all retrieved from the Operations Sentinel Trap Service database for the particular trap received. See “[Operations Sentinel Trap Service Database” for details on adding information to the Operations Sentinel Trap Service database. |
| System | Name of the managed node that sent the SNMP trap. |
| Application | Name of the Operations Sentinel Trap Service. |
| Application Qualifier | Contains the name of the Windows system that sent the event report. The Operations Sentinel Trap Service runs on this Windows system. |
| User Defined Attributes | Includes all the information from the SNMP trap. |
If an SNMP trap is received and an entry for that SNMP trap does not exist in the Operations Sentinel Trap Service database (that is, the specific trap OID and trap number are not present), it uses the database entry “Undefined SNMP Trap.” See ”Undefined SNMP Trap Entry.” The default entry for Undefined SNMP Trap causes the alert shown in Figure 15–2 to be forwarded to the Operations Sentinel server.
If an undefined SNMP trap is recognized, the Operations Sentinel administrator should create a new entry in the Operations Sentinel Trap Service database with the corresponding text and Operations Sentinel Event Report information. See “Operations Sentinel Trap Service Database.” If different actions should be performed for the Undefined SNMP Trap, the administrator can easily change them. See ”Undefined SNMP Trap Entry.” For instructions on how to update the Operations Sentinel Trap Service database once you have made changes, see “Updating the Trap Service Database.”