SNMP Traps and ServiceNow Event Mangement

darren_halliday · ‎04-10-2019

Creating an SNMP Trap and sending Events to a ServiceNow Instance

Hello Everyone I am a technical trainer working for ServiceNow and I have over the years delivered many courses in the ITOM field. I teach and have taught subjects such as Discovery, Service Mapping, Event Management and Cloud Management.

In this article I will describe by example the process of setting up SNMP Traps and generating Events from those Traps in a ServiceNow instance. This blog is based upon my understanding and my practical application examples.

SNMP Traps

SNMP Traps are events that we wish to capture on any SNMP enabled device. Some event examples are; a service state (e.g. up/down) on a host, a hardware failure on a server, invalid login attempt on a network device or even a printer being out of paper. The trap requires the device to send a Trap to a SNMP Trap Manager which will be a service/application running on a Host system.

MIBs

MIB is short for Management Information Base. MIBs are files provided by a manufacturer (e.g. Microsoft) to define the attributes of a managed device and the state values for those attributes. MIBs are required to translate the SNMP data coming from the Trap.

Example scenario

In my example I will use a Windows Host to trigger Traps that will be sent to a ServiceNow MID Server and passed on as Events to a ServiceNow Instance. In the example I describe, that the MID Server is running on the same Windows host as the source of the event Traps. However, in reality the Trap Manager and the Trap source will be two different networked devices. In this case the Trap that will be generated will be a Windows Event - Event ID 7036 - regarding the state of the services running on the Windows Server (e.g. Up/Down).

Please see attached document explaining how to set up the ServiceNow instance, MID Server and Windows Host to listen for and receive Traps.

Please let me know your thoughts and comments on this functionality and my article.

Also note that my example is for demonstration purposes and should be carried out in a 'sand-box' environment.

Regards, Darren Halliday

christianmalone · ‎08-08-2019

Great write-up!

I avoid traps at all costs but when I have to deal with them I want it to be quick and painless...

SNowUser11 · ‎01-16-2020

Is there any way we can monitor the "SNMP Trap Listener". because MidServer can be Up and running while the listener might not. In that case to notify relevant users/groups

darren_halliday · ‎01-20-2020

Are you talking about the listener defined in the ServiceNow Platform? If so I suspect you could create a business rule on the table for the listener record (ecc_agent_ext_context_trap). If the status changes to 'stopped', you could have the business rule trigger an Event in the ServiceNow Events table. Notifications can be triggered by events and that notification could be sent to any group/user defined (via the user/group's email address).

Mid Server Listener

https://docs.servicenow.com/bundle/newyork-it-operations-management/page/product/event-management/ta...

In the business rule you could raise an Event using gs.eventQueue(eventname,current,parm1,parm2);

In this example it could be:

gs.eventQueue(mid.server.listener.down,current,current.mid_server.name,current.status);

Then you would need to add a record referencing the event name in the Event Registry table. Finally you could then use that Event as a trigger for Notifications.

Does this make sense?

SNowUser11 · ‎01-21-2020

Is there any Self Monitoring rule as OOB for SNMP listener Failure , I can see for connector

Thanks

Nazim Ansari2 · ‎01-21-2020

Great Informative post!

How to manage SNMP traps from multiple event sources? Do we need separate SNMP Listener for each source?

SNowUser11 · ‎01-22-2020

method using business rule and event seems interesting and acheivable what I am confused is that the same as self health monitor rule? as there is an OOB connector rule . Is connector and listener different. Sorry less knowledge in ITOM area just started in this segment.

ashishnow · ‎04-25-2021

nice article Darren and very well explained!

Ganesh Manasali · ‎08-30-2024

@darren_halliday : Thank you for this article.

Is there any way to check SNMP Traps reaching MID Server or not?

I have configured SNMP Trap Listener in ServiceNow for two different sources. We are getting the events from MID Server for one source not for other source.

Kindly help me here. Thank You!

Best Regards,
Ganesh