Scroll to...

Intro One Target Routing Enrichment Text-to-Trap Security Reduction Forensics Testing

Use Cases

TrapStation is more than just a "trap forwarder." It has been designed for multiple roles:

One Target

When you have many agents to configure, or your equipment only allows one trap target, it’s useful to have a single destination that can route traps further. This basic hubbing feature ensures that the multitude of your equipment can be easily configured, then tweaks can be broadly applied in TrapStation's centralized configuration.

Routing to Distributed NMS

If you have a very large network with differentiated NMS pairs, TrapStation can ensure that each NMS is fed with only the appropriate traps for its purpose.

Enrichment

Using TrapStation's enhanced JavaScript syntax, you can enrich traps by editing or adding varbinds. New data can be computed, looked up from a plain file, or possibly retrieved from external sources such as a database. For example, you might add customer information to a trap. Your enriched traps are then used for logging and forwarding.

Testing your NMS's Rules

Log search results can be displayed in your browser, but they can also be forwarded as if they were live traps. That can be useful to re-play an incident, and for testing your NMS after you edit its rules.

Text-to-Trap

TrapStation can process your text events in the rule tree too. Each text event gets a skeleton SNMP v2 trap that your rules can configure with data parsed from the event. Then you can forward and log it like any other trap. You can SNMP-enable your syslog, an automated email account, your in-house programs, etc.

Security

SNMP version 3 updated the standard with encryption and authentication features. But not all of your agents may be able to send traps as v3. TrapStation will optionally convert traps to v3. You can specify that policy per forwarding target. The security of v3 is especially important if any of your NMS trap targets have to cross any public or non-secure network boundaries.

Reduction

TrapStation includes many filtering tools to help you reduce the number of traps that need to be forwarded in the first place, and that offloads your: infrastructure, and your NMS’s workload, and reduces the noise your technicians have to ignore too. You could filter in your NMS, but it makes sense to do it before unwanted traps are forwarded to multiple places.

Forensics

TrapStation keeps detailed trap logs. And it has a handy search tool for finding traps. You can search back a year or more. You can filter by time range, rule nodes, addresses, and varbind content. Matching traps are displayed with their matching rule node too, so you can see how a trap was processed.