Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
SNMP traps involve the monitored device sending a message to a monitoring station (the LogicMonitor Collector in our case) to notify of an event that needs attention. Through the creation of an EventSource, LogicMonitor can alert on SNMP traps received by the Collector.
LogicMonitor generally recommends SNMP polling (where LogicMonitor queries the device for its status) as opposed to monitoring SNMP traps, for the following reasons:
However, if there is a particular trap that you would like to capture and alert on, perform the various configurations outlined in this support article.
LogicMonitor can alert on SNMP traps received by the Collector. Please follow these general steps to configure your device to send its SNMP traps to the Collector machine:
If you run a backup Collector, configure both Collectors as trap destinations. Only the Collector that is currently active for the device will report the trap.
If you run a backup Collector, please make sure that UDP port 162 is open between your device and secondary Collector machine as well.
If necessary, the default listening SNMP trap port that the Collector uses can be changed. Please contact support for assistance.
To add a new SNMP Trap Eventsource, navigate to Settings | LogicModules | EventSource | New | EventSource. There are three categories of settings that must be established in order to configure a new SNMP Trap EventSource:
The settings in these three categories collectively determine the type of EventSource, which devices the EventSource will be applied to, and the conditions that must exist in order for the EventSource to trigger an alert.
In the General Information area of an EventSource’s configurations, complete the basic settings for your new EventSource. These settings are global across all types of EventSources; see Creating EventSources for more information on these basic settings.
In the Filters area of an EventSource’s configurations, you can specify a set of filters that will allow you to inclusively filter and select for particular SNMP traps to alert on. All filters defined here are assessed, and any traps that fail any of the filters are excluded from capture and alerting.
The following objects included in most standard SNMPv1 trap messages can be referenced as the Type for your trap filters:
For SNMPv2 and v3, LogicMonitor supports the following trap filters:
* “Message,” when selected as the filter from the Type field, allows users to filter message strings using the RegexMatch and RegexNotMatch operators.
In the Alert Settings area of an SNMP Trap’s EventSource configurations, use the Severity field’s dropdown to indicate the severity level that will be assigned to the alerts that are triggered by this EventSource.
The other alert settings found in this area are global settings that must be configured across all types of EventSources; see Creating EventSources for more information on configuring these.
In order for a Collector to decrypt SNMPv3 traps, you must manually enter additional credentials into into the Collector’s agent.conf file, which, as discussed in Editing the Collector Config Files, is accessible from the LogicMonitor interface. This must be done for every Collector that will receive v3 traps, including backup Collectors.
The following parameters must be edited in the agent.conf file to match those of the device sending v3 traps:
eventcollector.snmptrap.security eventcollector.snmptrap.auth eventcollector.snmptrap.auth.token eventcollector.snmptrap.priv eventcollector.snmptrap.priv.token
For more information on these SNMPv3 credentials, see Defining Authentication Credentials.
In This Article