The name “Simple Network Management Protocol,” also known as SNMP, sounds like this methodology is a quick but inferior alternative to a better protocol. In fact, SNMP is the universal monitoring standard for network devices and it is implemented in all of the network equipment that you buy. There is no better system.
Here is our list of the best SNMP network monitoring tools:
- SolarWinds Network Performance Monitor EDITOR’S CHOICE Automatically scans the network and lists all devices on install using SNMP. As devices are added and removed from the network the software updates the network map. Start a 30-day free trial.
- SolarWinds Log Analyzer (FREE TRIAL) Acts as an SNMP receiver and detects status change messages in real-time. Built-in alert system.
- Site24x7 SNMP Trap Processing (FREE TRIAL) A network, server, application, and website monitoring package that used SNMP to monitor device statuses. This is a cloud-based service.
- Paessler PRTG Network Monitor (FREE TRIAL) Automatically maps the devices on your network at install and offers a range of map visualizations.
- ysAid Monitoring Help Desk and IT service management system that uses SNMP to track device changes on the network.
- Kaseya Network Monitor Maps network devices and transposes them onto a geographical map. The dashboard also includes helpful graphs, charts, and dials.
- Atera Network monitoring system that integrates well with a Help Desk. Data can also be used for staff time log tracking and invoicing.
- ManageEngine OpManager Comprehensive network performance monitor for Windows and Linux. Uses SNMP for detecting network changes.
- Spiceworks Network Monitor Free, ad-supported network monitoring system for Windows.
- Pulseway IT Management Software Uses SNMP to create a real-time inventory of managed devices on the network.
- LogicMonitor Cloud-based service that uses collectors that can run on Windows, Mac OS, and Linux. The dashboard is cloud-based and can be accessed remotely.
- Event Sentry Security-based network event tracker that can be used to alert of unauthorized use and detect malicious activities.
- Progress WhatsUp Gold Acts as an SNMP manager and runs on Windows server environments.
- What are the elements of an SNMP configuration?
- What is an SNMP trap?
- How do you set up SNMP alerts?
- SNMP versions
- SNMP trap format
- Implementing SNMP
- What is a granular trap?
- What is a trap category?
- The best SNMP network monitoring tools
- How to use SNMP trap messages
- SNMP Trap FAQs
- How are alarms encoded in SNMP traps?
- Is SNMP polling the same as SNMP traps?
- What are SNMP trap filters?
What are the elements of an SNMP configuration?
SNMP includes three elements: a central manager, a device agent, and a management information base (MIB). Your network devices will already have an SNMP agent installed on it. The capability to use SNMP might be turned off when you first get a device, so you will have to be sure the agent is active if you want to employ SNMP for your network.
The central controller is not a standard fixture on computers. When you install a network monitoring system, this most likely employs SNMP and takes the SNMP manager role. Your new network management software is probably an interface that interprets MIB files, giving a display of the data that is gathered from the device agents.
The SNMP manager will send out information requests to all device agents periodically. Each device agent responds to this request by sending back a file, which is structured according to the MIB specifications in the Simple Network Management Protocol. While the device agent is waiting for a demand for information, it keeps updating its own copy of the MIB so the information that it returns is completely up-to-date and ready to be sent out on demand.
See also: SNMP Explained
What is an SNMP trap?
The normal operations of SNMP dictate that the device agent takes a passive role. It only sends out SNMP messages when prompted by a request from the SNMP manager. However, if the agent detects an emergency event on the device that it is monitoring, it will send out a warning message to the manager without waiting to be polled for data. This emergency message is called a trap.
Not all traps are worrisome. For example, when a printer detects that one of its toner cartridges is getting low and wants you to order a new one, the SNMP agent on that printer will treat this as a trap condition. Some very serious conditions don’t result in trap messages. For example, if the managed device gets a fatal error and stops working, it prevents the SNMP agent from operating as well. Also, if the network card on a device breaks, the SNMP agent cannot send out a trap message. In these instances, the emergency will be revealed the next time the SNMP manager sweeps the managed network for SNMP responses.
How do you set up SNMP alerts?
If you install a network monitor, you won’t see the term “trap” used anywhere in the dashboard of your software. It is a convention of network monitoring systems that traps are labeled as “alerts” instead. The total failure of a device or a network card is the only example of alerts that aren’t just displaying a trap.
The actions that can be taken on receipt of a trap message depend on the sophistication of your network monitoring software. If your monitor just reports on statuses, then you will have to use some other application to fix a problem or connect directly to the device to explore for error information, and fix the problem through its operating system. Some network monitors are actually network management systems and allow you to set up actions to perform in the event of an alert condition arising.
If the problem that is notified by a trap is physical, there isn’t anything that any software package could do to resolve it. In some cases, you wouldn’t want your network management system to go off and fix problems without waiting for your approval of the intended action. Usually, network management systems offer you the opportunity to specify in its settings what level of fault resolution automation you would like.
Trap messages can arise at all times of the day or night unless you turn all of your network equipment off in the evening when you go home. If you don’t have enough resources to sit someone in front of a console all day waiting for alert messages, you should look for a network monitor that will forward alert messages and display them in the dashboard. Some management systems can send out alert notifications by email, SMS, or chat system. You can even specify different team members to which messages should be sent according to the device type of the origin of the trap message, or the message severity level.
To date, there have been three versions of SNMP. Version 1 wasn’t very widely implemented. This was released in 1988. It was replaced in 1993 by version 2. At this point, the protocol wasn’t integrated into firmware by the manufacturers of network devices. Network managers that wanted to implement the standard needed to install the SNMP agent software on their devices. SNMPv2 has backward compatibility to version 1. So, if you have a version 2 controller, it will also be able to communicate with version 1 device agents. However, that compatibility was built into the definition of SNMP manager procedures because the format of the SNMP trap changed in version 2.
SNMPv2 was not popular because it incorporated a new authentication methodology, which was difficult to implement. The authentication process specified for SNMP version 1 was much easier to use, and so a new edition of version 2 was created that used the authentication system of version 1. This and this adjustment to the definition of SNMP made it much more workable. The major network device producers decided to integrate the agent element of SNMPv2c into the firmware of their equipment. Any new entrant into the network device market had to integrate SNMP as well, otherwise, their products would not be competitive. There is another variation of version 2, which is SNMPv2u. So there are three different types of SNMPv2. Confusingly, SNMPv2c is so dominant that is often referred to as SNMPv2.
There is also an SNMPv3. The latest version of the Simple Network Management Protocol includes a different encryption method to protect transmissions of MIB files. However, the MIB structure remains the same. So a controller can communicate with either version 2 or version 3 as long as it is able to adjust the transmission security parameters that it uses. Generally, the leading network monitors are compatible with both version 2 (meaning SNMPv2c) and version 3.
SNMP trap format
The MIB contains a series of codes that represent a position in a tree structure. The entire MIB doesn’t have to be sent every time the agent reports to the central manager. A trap message contains the time time, an identifier, and a value. The identifier is an “OID” (Object Identifier). This is a code from the MIB structure denoting the trap condition’s position in the tree. Each OID represents an attribute of the device being monitored. So, the central controller can decode the OID and work out which bit of the switch or the router is being described by the trap.
The MIB encoding system is so complicated and obscure that it is impossible to try to capture SNMP messages and traps and interpret them manually. The availability of network monitors that integrate SNMP functions makes it very easy to implement the protocol in a sophisticated software package. There are several SNMP-based network monitors that are free to use. Others offer free versions for small networks or a free trial for an introductory period. So, the cost of implementing SNMP on your network can be very economical.
What is a granular trap?
The MIB structure contains two methods for reporting problems with a device. Each element in the reporting tree structure is labeled with an identifier, called an OID. In many cases, a device element OID has child OIDs that specifically express a problem.
If a message arrives at the SMNP manager and it has one of those OIDs activated, the referencing of the OID automatically tells the manager where the problem is and what is its nature. The OID that signifies a problem is called a “granular trap.”
The second method for notifying problems doesn’t have a specific name – it is just a “trap,” or could be identified as a “standard trap.” In this scenario, the trap message will contain an OID that indicates a specific component of the monitored device and that will have a value associated with it – a variable instantiated by the device controller. The information contained in that field will indicate a problem with that device element.
So a granular trap cuts out the need for the device agent to write in that there is a problem because the presence of the OID itself already gives that information.
What is a trap category?
Traps are warnings about problems with specific elements of a device. A trap category is a grouping of possible trap codes according to the element to which they refer. So, category examples include CPU, Fan, shelf, and so on.
The best SNMP network monitoring tools
You can get a full description of recommended network monitoring tools in the article, SNMP Explained and 11 Best SNMP Monitoring Tools. However, you can read summaries of these tools here:
SolarWinds uses SNMP to drive its industry-leading Network Performance Monitor. The tool will search your network and document all of your devices once it is installed. The inventory that the monitor compiles is made up of information that is derived through SNMP. The interface programs of the monitor compile network maps from the register of devices that the SNMP procedures provide.
The standard SNMP procedures that require the manager to keep polling devices for MIB reports means that the Network Performance Monitor can keep updating its equipment register and maps to take account of added, removed, or moved devices.
SolarWinds developed the Orion platform for all of its major systems monitoring utilities. This means that you can add on other specialized monitors to cover servers and applications and also monitor traffic flows. Extra modules that integrate into the Network Performance Monitor include a Network Configuration Manager, a User Device Tracker, and an IP Address Manager. Adding on these other capabilities will give you greater control over your resources.
The SNMP traps are interpreted into alerts by the NPM. These are displayed in the utility’s dashboard and the software can also send out alert notifications by email or SMS. The dashboard includes graphical representations of live data that include charts and graphs that interpret SNMP responses. Received Data is also available over a timeline to enable performance analysis for capacity planning.
The SolarWinds Network Performance Monitor installs on Windows environments and you can get it on a 30-day free trial.
MORE INFORMATION ON THE OFFICIAL SOLARWINDS SITE:
The SolarWinds Network Performance Monitor is the leading SNMP-driven system monitor on the market today. The tool uses SNMP information and procedures for a range of services, including an autodiscovery function and the collation of a network hardware inventory. The trap handling capabilities of the Network Performance Monitor mean that the systems administrator does not need to continue watching the NPM console for statuses because the tool can be set up to send out alerts by email or SMS as soon at it receives a trap message.
Start 30-day Free Trial: solarwinds.com/network-performance-monitor
OS: Windows Server 2016 or later
The SolarWinds Log Analyzer can act as an SNMP trap receiver as well as searching through log files. The log analyzer doesn’t need to wait to file trap messages before it can process them. This enables it to spot status change messages immediately. The Log Analyzer has a built-in alerting system, just the same as that used in the Network Performance Monitor. The alert messages appear on the screen of the Log Analyzer console and they can also be sent out as an email or SMS to a key worker.
The difference between the Log Analyzer and the SolarWinds Network Performance Monitor is that this tool doesn’t act as an SNMP manager. That is, it doesn’t send out status update requests or process MIBs regularly. It just listens on the network and receives any trap messages that are being broadcast.
Overall, those who aren’t interested in when the network is running normally and just want to be warned when problems arise could do just as well with the SolarWinds Log Analyzer as the Network Performance Monitor. The Log Analyzer has other capabilities apart from SNMP trap receiving. These analysis functions include the examination of traps to identify troublesome equipment or possible tampering.
SolarWinds offers a 30-day free trial for the Log Analyzer.
Site24x7 is a cloud-based monitor that includes a Network Monitor and also monitors servers, applications, and websites. The Network Monitor includes device performance monitoring and also network traffic monitoring.
The network device monitor uses SNMP to gather reports from device agents. The Site24x7 system performs data processing in the cloud. However, it needs a data collector to be installed on a server that is connected to the network that is being monitored. That agent software is available for Windows Server and Linux.
The data collector acts as the SNMP Manager and broadcasts an SNMP request on the network. When all of the responses are received back, the data collector uploads these to the Site24x7 server for processing. The data collector is also available to collect SNMP Trap messages. These are override notifications that device agents send out when they detect a problem.
Traps are sent to the server, which displays then in traffic light colors – yellow for Warning and red for Alert. Site24x7 Infrastructure can also be set up to forward alerts to key personnel via SMS, email, voice call, or instant messaging post.
The Network Monitor is also included in other Site24x7 plans. These are Website Monitoring, Application Performance Monitor, All-in-one, and MSP. In addition to network device monitoring with SNMP, the Network monitor communicates with switches and routers to gain traffic throughput information. This service can communicate with network devices using NetFlow, J-Flow, sFlow, CFlow, IPFIX, NetStream, and AppFlow.
Site24x7 Infrastructure is a subscription service and costs $9 per month when paid annually. You can get it on a 30-day free trial.
Paessler PRTG monitors networks, servers, and applications. The software package comes out of the box with a large number of sensors that fulfills the functions other companies market as separate applications. A sensor monitors one hardware element or service condition. Paessler includes an SNMP sensor at the heart of the PRTG system.
The SNMP functions of PRTG will take an inventory of all of your devices as soon as it begins operating. From this information, the tool will automatically generate maps. PRTG offers a range of map types, including its own proprietary starburst layout. This is a circular graph, which shows end user applications in the inner rim and all of the services that support those applications radiating out, forming a star shape. The map is color-coded to show the status of each element in the stack. This visualization is a great way to spot exactly which layer of service is impairing delivery when you experience problems with your network.
The SNMP system keeps surveying the network, so it notices when equipment is added or removed. In these instances, it updates its equipment inventory and automatically redraws all of its available maps. You can also create your own customized network maps through a mapping tool in the utility.
Paessler PRTG installs on Windows environments, or you can choose to access it as a cloud service. The tool is free to use for up to 100 sensors. You can download the 30-day free trial.
SysAid is a Help Desk and IT service management system. You can get the server and network monitoring add-on to enhance the Help Desk functions. This is not a bad idea because you are likely to need a Help Desk application for your IT department as well as a network monitor.
The network monitoring feature of SysAid uses SNMP to map and track the performance of your network devices. As with any other SNMP implementation, the monitor keeps polling network devices and so it notices when equipment is moved, removed, or added, and updates the inventory automatically. Unlike the other tools on this list, SysAid doesn’t have a mapping module.
A strong suit of SysAid is the way it handles SNMP traps. For a received trap, it displays an alert in the dashboard and you can get alerts sent to you as notifications via email or SMS. However, this application can also feed those alerts to the Help Desk system. When an alert gets logged in the support management interface, Help Desk technicians can see that an issue has been raised about a part of the network and can notify users who are impacted by the problem that a solution is in progress. Automatic ticket generation means that a technician can automatically be allocated to address the alert. This is a great way to integrate the information that you get out of SNMP with your task scheduling software.
The SysAid interface includes a scripting language that enables you to automate alert resolution and put in place workflows to log and track progress on maintenance and firefighting tasks. This will help you to keep a tighter control over your IT budget by showing where most specialists’ time is spent.
Other features of the monitoring system include configuration and patch management.
The system monitoring package called Kaseya VSA includes a network monitoring module that uses SNMP. This tool can draw a network map and plot in a real map of the world after it has initially searched for devices and registered their details. Other graphical data representations in the Kaseya dashboard include graphs, charts, and dials. SNMP traps are interpreted as alerts by the network monitor.
The tool includes a development environment that enables you to easily assemble actions scripts in the Kaseya proprietary scripting language, which is called Lua. With a Lua script in place, you can set triggering events, such as specific types of trap messages. Thanks to this feature, it is possible to automate much of the investigation and resolution tasks when well-known alert conditions arise.
Other features of Kaseya VSA include patch management and specialized server monitoring. Kaseya VSA installs on Windows and you can get it on a 14-day free trial.
Atera Networks is a monitoring system which is integrated into an MSP support environment. So, you get remote monitoring functions that can exchange data and triggers with a full Help Desk system when you choose Atera. Another great feature of this option is its staff time tracking and invoicing system. Therefore, you would be able to cut out a lot of your admin work with Atera if your IT department is run as a cost center.
Atera’s network monitoring system uses SNMP to track the statuses of network devices and the console manages SNMP traps. You will receive traps in the console as alerts and it is possible to feed actions to the Help Desk system on receipt of an error condition warning.
Atera includes a scripting support module that enables you to create your own automation scripts to deal with errors. The dashboard can be reached from mobile devices and you can get trap notifications set up as support tickets that will trigger notification messages to you and to nominated team members. Atera is a cloud-based service, so you don’t have to worry about installing or managing the application. Other features of the full system include remote management facilities, configuration control, and a patch manager. Atera is available on a 30-day free trial.
ManageEngine’s OpManager is a highly-regarded network performance monitor and is probably in the top three in the market. Like the SolarWinds Network Performance Monitor, and WhatsUp Gold, OpManager is the base monitoring product of its inventory and there are a lot of other modules that you can add on to it to extend your system monitoring capabilities. However, it is OpManager that uses SNMP to gather its data. This software will install on Windows or Linux. When it is run for the first time, it will start sending out SNMP requests and compiling a device inventory from the MIB responses that it receives. OpManager also has a nice network mapping module that will give you different views on your network equipment and how it connects together.
The SNMP traps that the OpManager processor receives get displayed in the dashboard. If you are out of the office, you can check in with the network by viewing the dashboard remotely on your mobile device. The dashboard is customizable and so are the actions that should be performed when alerts arise. You can get trap notifications sent out to nominated team members by email or SMS messages.
OpManager is capable of processing 300 trap messages per second — yes, per second. That processing volume capability shows that OpManager is capable of delivering speeds and performance that are needed by very large networks. However, this system is also suitable for middle-sized networks. The operators of small networks might find all of the functionality of OpManager a bit too much to cope with. However, the company offers the tool for free to those who have up to 10 devices to monitor. The owners of larger networks can get OpManager on a 30-day free trial.
Spiceworks is a free, ad-supported utility that you can install on premises or choose to access as a cloud service. The on-premises version of the tool installs on Windows.
The network monitor relies on SNMP to provide its information sources and it starts its service life with a scan of the network to compile a device inventory. SNMP traps get shown in the dashboard on a headline strip as alerts and you can also get alert notifications sent to you by email. The dashboard features stackable graphs that show your device statuses alongside environment, data flow, and application performance information.
The Spiceworks network management system includes configuration management and user device tracking, which will beef up your security monitoring. Support for Spiceworks is delivered through a community forum.
Pulseway RMM includes system monitoring modules and the network performance monitor section relies on SNMP procedures. The regular SNMP manager-to-agent communications provide the system with an inventory of devices on your network, which is continually updated. SNMP traps are interpreted as alarms in the console, which can be sent as notifications by phone, email, or SMS message. You can also access the dashboard from a mobile device over the internet.
The network monitoring software acts as the SNMP manager and gives you a dashboard to view received data and manage the functions of the monitor. This software can be installed on Windows, Linux, or Mac OS. You can specify how alerts will be dealt with. This includes the ability to set priorities for traps that arrive from specific devices or to drop alerts of less importance. The console includes a scripting language in which you can set up procedures and workflows that will kick in automatically when defined triggering events arise.
Other facilities in the Pulseway IT Management package include configuration and patch management. A key element of the tool is remote access, so you can fix problems on devices that are located on other sites. The rest of the monitor extends to server and applications, including services provided from the cloud.
You can access Pulseway IT Management software as a cloud service. In this case, the monitor is free perpetually to monitor two endpoints. The paid-for service can be installed or used as a cloud service. It starts with a unit that can monitor 25 endpoints. Pulseway offers a 14-day free trial of the paid version.
Logic Monitor is a cloud-based service, but you have to install collectors on site. These collectors will run on Windows, Mac OS, and Linux. The LogicMonitor will also monitor any cloud servers that you employ as long as you install a collector on each of them.
This service monitors networks, servers, and applications, and it’s also possible to track user experience, which involves stack displays of every utility on your system that get triggered by individual user visits. The network monitoring section of this service relies on SNMP to gather data about network devices.
The collector operates as the SNMP manager and polls devices for their statuses. The information that the collector gathers is then forwarded to the cloud server of LogicMonitor. The dashboard for the service is hosted at the cloud server, so it can be accessed from any device with a browser and the company also provides apps for mobile devices.
Communications over the internet are protected by encryption. As LogicMonitor operates off-site, it can integrate all the sites of a WAN as long as you install a collector at each location.
SNMP traps appear in the dashboard as alerts. You can customize the dashboard, so it is possible to create a view that only shows alerts. The ability to create individual screens means that it is possible to tailor access to different team members and it is also possible to create a reporting account to which business managers can be given access.
Live data from the SNMP MIBs are interpreted in graphical content, such as histograms, charts, and line graphs. The visualization of your network extends to a map, which is imposed on a real-world map. Device data and network connections are updated automatically, to make adjustments to the network map. The system will also retain data for trend analysis.
You can get a 14-day free trial of LogicMonitor.
EventSentry is specifically a security utility, but it also tracks your network performance while it is keeping your business safe from hackers and intruders. One problem with modern IT service security is that genuine users can be duped into performing malicious acts through phishing and masquerading. So, to prevent data disclosure and system damage, you need to track the behavior of authorized users as well as look out for unauthorized access. This is what EventSentry does.
The network monitoring sections of this service use SNMP to gather device data. This covers the regular SNMP services that include compiling a device inventory and keeping it up to date. EventSentry generates alarms from a range of sources, including SNMP traps and log messages.
Extra utilities of EventSentry include configuration and patch management. The monitor covers network traffic, server and environment performance, application delivery as well as network device statuses. The security checks examine events on email, databases, log files, and data transfers.
You can use EventSentry for free by accessing EventSentry Light. This version is limited to monitoring up to five devices, so it would only be suitable for very small networks. The full-featured EventSentry can be experienced on a 30-day free trial. The software installs on Windows and Windows Server.
WhatsUp Gold is a network monitoring system that is produced by Ipswitch. The monitor’s functions are based on SNMP processes. The software that you install acts as an SNMP manager. The WhatsUp Gold utility installs on Windows Server environments and it will perform an initial system sweep once you have the tool running.
This scan of your network enables the program to compile a registry of all of your devices and then build network maps from that information. Both the registry and the maps get updated automatically whenever your network hardware changes. This is because the monitor continues to poll the network from SNMP messages, thus noticing when devices are added or removed. The device register can be accessed in the dashboard where a data viewer allows you to sort and filter records of your hardware inventory.
SNMP traps arrive at the dashboard as alerts and you can get them sent to you as emails or SMS messages. You can also get alerts fed to chat apps, including Slack. The dashboard is customizable so you can create user accounts and user roles to allow different team members to access data and management functions without giving junior staff access to all of the controls.
WhatsUp Gold can be expanded by add-on modules to include more monitoring and network management capabilities. This utility is suitable for small and middle-sized networks and you can get a 30-day trial of WhatsUp Gold and any of its add-ons.
How to use SNMP trap messages
The benefit of SNMP traps is that they report device failure very quickly. However, they don’t give a complete picture of your network. You will notice that most of the tools in this list of recommended SNMP tools also blend in other information sources, such as NetFlow for traffic data and Syslog for system events.
As all of these tools offer free trials or free versions, you will be able to try out a candidate without risk. You might even try a couple of those SNMP tools that tempt you most.
Do you use an SNMP tool right now? Do you find that you focus more on the alerts raised by SNMP traps, or are Syslog messages more relevant to your network administration responsibilities? Leave a message in the Comments section below to share your experience.
SNMP Trap FAQs
How are alarms encoded in SNMP traps?
A trap contains an OID that indicates a device element followed by a status message, which can be automatically posted to the screen for the user to interpret. An alternative message format is the “granular trap” where the OID itself is an error code, which the SNMP manager just has to look up in order to derive the error message.
Is SNMP polling the same as SNMP traps?
SNMP polling refers to the SNMP manager sending out a request message. This is broadcast, so any device agent that is active and connected to the network will respond to this request with a status report. A trap is sent out by the device agent without waiting for a request.
What are SNMP trap filters?
A trap filter is an instruction to the SNMP manager that tells it what to do when it receives a trap message. The SNMP manager can either process a trap into an alert for the attention of the system user, it can send a request back to the device controller for more details, or it can just drop the message and do nothing about it.
Network management systems usually have a default of processing all trap messages into alerts. However, there is usually a settings section of the user interface in the network manager that allows the user to adjust these actions. For example, it is possible to tell the SNMP manager to drop all messages with lower severity, such as warnings.