we are seening an increasing amount of traps being sent to our Spectrum servers. Most of it seems to be related to devices configured incorrectly. E.g. all traps enabled instead of setting up configuration only for important traps.
What are your strategies to avoid or at least educate your network people ?
I know about attributes for trap storm and also traps received, but I think trap storm alarm is intended to work with short bursts of traps (within seconds or minutes). But what I am looking for is more on hourly, daily or weekly basis. I also looked ito CABI, however, by the amount of devices and events we are generating even Jaspersoft seems to have its problems coping with it - not only, but also caused by the amount of traps we are receiving.
From a Spectrum perspective you could disable unmanaged trap handling.
This will at least cover traps from devices that Spectrum does not have modeled.
If these are modeled devices you could review the events processed and setup Spectrum to not process those traps.
However the best method is to do it from the network level - filter what is going to Spectrum.
Thank you Matthew
I think I forgot to mention the devices which are sending the traps actually should send traps to Specturm genereally, just not as much as they do(are configured).
You can use TrapExploder to filter out the traps that you don´t want Spectrum to receive although there are some limitations with SNMPv3.
Here is a techdoc on how to configure TrapExploder to run on the same system as Spectrum.
How to configure Trap Exploder and Spectrum to run - CA Knowledge
You can get the latest version of TrapExploder from here.