SNMP Trap Monitoring

Product Documentation

About LogicMonitor
- Overview
- Technical Support
  - Technical Support Overview
  - Accessing Support Resources
Getting Started
- Implementation Readiness
  - LogicMonitor Implementation Readiness Recommendations for Enterprise Customers
  - Top Dependencies for LogicMonitor Enterprise Implementation
- LogicMonitor Tutorial
- Advanced LogicMonitor Setup
LogicMonitor Concepts
- Limits, Quotas, and Constraints
Collectors
- Collector Overview
- Collector Installation
- Collector Configurations
- Collector Management
- Collector Integrations
- Collector Troubleshooting
Devices
- Adding and Managing Devices
- Device Groups
- Resources Page Overview
- Device DataSources and Instances
- Netscans
Dashboards and Widgets
- Managing Dashboards
- Managing Widgets
- Widget Types
Alerts
- About Alerts
- Alert Discovery
- Responding to Alerts
AIOps
- Anomaly Detection
  - Anomaly Detection Visualization
- Forecasting
  - Data Forecasting
- Topology Mapping
- AIOps for Alerting
LM Service Insight
- About LM™ Service Insight
- Adding Services
- Managing Services
LogicModules
- LogicModule Overview
- LM Exchange
  - LM Exchange
- Modules
- DataSources
- Data Collection Methods
- Datapoints
- Active Discovery
- Groovy Support
- Powershell Support
  - Creating PowerShell Script Datasources
  - Using PowerShell Scripts in LogicMonitor
- ConfigSources
- EventSources
- PropertySources
  - Creating PropertySources
  - External Resource IDs Source Output Scripts
- TopologySources
  - TopologySource Overview
  - TopologySources Scripts
- AppliesTo
  - AppliesTo Scripting Overview
  - User-Defined AppliesTo Functions
- JobMonitors
- SNMP sysOID Maps
  - SNMP SysOID Maps
Reports
- Which report should I use?
- Creating & Managing Reports
- Scheduling a Report for Auto-Delivery
- Creating a Report Group
- Report Types
Security
- Two-Factor Authentication
- Single Sign On
- Multi Sign-On
- Configuring the Azure Active Directory SSO Integration
- LogicMonitor Security Best Practices
- Log4j Security Vulnerabilities
Settings
- About the Account Information Page
- Notification Center
- About Audit Logs
- Message Templates
  - Alert Messages
  - New User Message
- Users and roles
Terminology and Syntax
- Scripting Support
LM Logs
- LM Logs Overview
- Log Ingestion
- Log Processing
- Log Anomaly Detection
- Logs Query Language
- Reviewing Logs and Log Anomalies
- Log Processing Pipelines
- Log Alert Conditions
- LM Logs Roles and Permissions
- LM Logs Usage Monitoring
- Troubleshooting Logs
LM APM
- LM APM Overview
- Push Metrics
- OpenMetrics Integration
  - OpenMetrics DataSource Wizard
  - OpenMetrics Monitoring
- Distributed Tracing
- Synthetics
Cloud Monitoring
- Getting Started
- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform (GCP)
SaaS Monitoring
- Airbrake Monitoring
- Microsoft Office 365 Monitoring
- SaaS Lite Monitoring
- Salesforce Monitoring
- Slack Monitoring (Open Beta)
- Webex Monitoring (Open Beta)
- Zoom Monitoring
Container Monitoring
- About LogicMonitor Container Monitoring
- Kubernetes
- Docker
  - Docker Monitoring
Website Monitoring
- About Websites
- Adding and Managing Websites
- Website Groups
  - Adding Website Groups
  - Editing and Deleting Website Groups
Monitoring Solutions
- Applications and Databases
- Backup and Recovery Systems
- Networking and Firewalls
- Operating Systems and Virtualization
- Server and operations Hardware
- Storage Systems
- Network Traffic Flow
LM Integrations
- LogicMonitor Integrations Overview
- Communication Integrations for LogicMonitor
- Workflow Integrations for LogicMonitor
- Automation Integrations for LogicMonitor
- Custom Integrations for LogicMonitor
- Logs for LM Integrations
  - Logs for Integrations Overview
  - Integrations Logs Filtering and Sorting
Mobile
- About LogicMonitor’s Mobile View and Application
- Responding to Alerts from a Mobile Device
- Viewing Alerts from a Mobile Device
- Viewing Dashboards from a Mobile Device
- Viewing Graphs from a Mobile Device
REST API Developers Guide
- Rest API Overview
- REST API v3
- REST API v2
  - About REST API v2
  - Creating Services via the API
- Rest API v1
RPC API - Deprecated
- About LogicMonitor’s RPC API (Deprecated)
Training and Certification
- LogicMonitor Certified Professional Exam Information
- LogicMonitor Training and Certification

Overview

SNMP traps involve the monitored device sending a message to a monitoring station (the LogicMonitor Collector in our case) to notify of an event that needs attention. Through the creation of an EventSource, LogicMonitor can alert on SNMP traps received by the Collector.

Preferred Alternatives to SNMP Trap Monitoring

LogicMonitor generally recommends SNMP polling (where LogicMonitor queries the device for its status) as opposed to monitoring SNMP traps, for the following reasons:

An SNMP trap is a single packet sent without any deliverability guarantees, to tell you something is going wrong. Unfortunately, it is sent when something is going wrong—exactly the time a single packet is least likely to be delivered.
Setting up SNMP traps requires configuring your device to send the traps to the correct destination—on every device.
There is no way to ensure traps are configured correctly to be sent by the device (not blocked by the network or a firewall), and received by the Collector, except sending a trap. So months later, when you need to receive a trap, and things have changed, you may not receive it.
Traps give no context: did a temperature trap get sent because temperature just recently spiked, or has it been climbing for months?

However, if there is a particular trap that you would like to capture and alert on, perform the various configurations outlined in this support article.

Configuring Your Device to Send SNMP Traps to the Collector Machine

LogicMonitor can alert on SNMP traps received by the Collector. Please follow these general steps to configure your device to send its SNMP traps to the Collector machine:

Check your device’s SNMP configuration and ensure that this device’s Collector machine is configured as the SNMP “trap destination” for the device to dispatch its SNMP trap messages out to.
If you run a backup Collector, configure both Collectors as trap destinations. Only the Collector that is currently active for the device will report the trap.
Ensure that UDP port 162 is open between this device and the Collector machine and that no other applications are listening on this port on your Collector machine.
If you run a backup Collector, please make sure that UDP port 162 is open between your device and secondary Collector machine as well.

If necessary, the default listening SNMP trap port that the Collector uses can be changed. Please contact support for assistance.

Configuring an SNMP Trap EventSource

To add a new SNMP Trap Eventsource, navigate to Settings | LogicModules | EventSource | New | EventSource. There are three categories of settings that must be established in order to configure a new SNMP Trap EventSource:

General Information
Collector Attributes
Alert Settings

The settings in these three categories collectively determine the type of EventSource, which devices the EventSource will be applied to, and the conditions that must exist in order for the EventSource to trigger an alert.

General Information

In the General Information area of an EventSource’s configurations, complete the basic settings for your new EventSource. These settings are global across all types of EventSources; see Creating EventSources for more information on these basic settings.

Filters

In the Filters area of an EventSource’s configurations, you can specify a set of filters that will allow you to inclusively filter and select for particular SNMP traps to alert on. All filters defined here are assessed, and any traps that fail any of the filters are excluded from capture and alerting.

The following objects included in most standard SNMPv1 trap messages can be referenced as the Type for your trap filters:

generalCode
specificCode
enterpriseOid
sysUpTime
trapVariableBindingCount
Message*

For SNMPv2 and v3, LogicMonitor supports the following trap filters:

sysUpTime
TrapOID
trapVariableBindingCount
Message*

* “Message,” when selected as the filter from the Type field, allows users to filter message strings using the RegexMatch and RegexNotMatch operators.

Alert Settings

In the Alert Settings area of an SNMP Trap’s EventSource configurations, use the Severity field’s dropdown to indicate the severity level that will be assigned to the alerts that are triggered by this EventSource.

The other alert settings found in this area are global settings that must be configured across all types of EventSources; see Creating EventSources for more information on configuring these.

Configuring a Collector for SNMPv3 Traps

In order for a Collector to decrypt SNMPv3 traps, you must manually enter additional credentials into into the Collector’s agent.conf file, which, as discussed in Editing the Collector Config Files, is accessible from the LogicMonitor interface. This must be done for every Collector that will receive v3 traps, including backup Collectors.

The following parameters must be edited in the agent.conf file to match those of the device sending v3 traps:

eventcollector.snmptrap.security
eventcollector.snmptrap.auth
eventcollector.snmptrap.auth.token
eventcollector.snmptrap.priv
eventcollector.snmptrap.priv.token

For more information on these SNMPv3 credentials, see Defining Authentication Credentials.