SNMP Traps LogSource Configuration

Last updated on 03 November, 2023

SNMP Traps type LogSource enables LogicMonitor collector to ingest SNMP traps to LogicMonitor logs without configuring alerts.

Requirements

  • Collector version EA Collector 34.500 or later. For more information on upgrading collector, see Managing Collectors.
  • Access to LogicMonitor UIv4

Configuration Options

The configuration option includes configuration details specific to the SNMP Traps LogSource. For more information on adding a LogSource, see Configuring a LogSource.

Info

Select LM Logs: SNMP Traps from the Type drop-down and provide basic information such as name, group name, description, and technical notes.

Enterprise OIDs

Provide Enterprise OIDs of the respective enterprises for which the SNMP traps will be sent to collector. To know the enterprise OID of your vendor, see Enterprise numbers.

Exclude Filters

Traps that match with the exclude filter criteria are not ingested. You can use the following filters to exclude SNMP traps.

Available Parameters

AttributesComparison OperatorValue ExampleDescription
TrapOIDEqual, NotEqual, StartsWith1.3.6.1.4.1.9.9.61.2.0.1Trap OID of the trap
VarbindKeyEqual, NotEqual1.3.6.1.4.1.9.9.13.1.3.1.2Key of the variable binding present in the trap

Log Fields

You can configure Log Fields (tags) to add metadata to the log entry.

Available Parameters

MethodKey ExampleValue ExampleDescription
StaticCustomerCustomer_XYZKey and value is added as is to the log entry metadata
LM Property(Token)Device##system.deviceId##The device ID value extracted from the device property in LogicMonitor

Resource Mappings

For resource mapping you can configure LM log key to match a monitored resource’s LM property.

Available Parameters

MethodKey ExampleValue ExampleDescription
StaticCustomer_Id1219Key and value is used as is for resource mapping.
IPsystem.ips10.20.30.40Use the SNMP trap host field information and resolve it to IP. The Value field is disabled if you select this method. You can only enter a key.
FQDNsystem.hostnameapplication.service.example.comFully Qualified Domain Name, from DNS resolution of hostname received from the host address of the trap. The Value field is disabled if you select this method. You can only enter a key.
HOSTNAMEsystem.hostnamehost1.example.comThe Value field is disabled if you select this method. You can only enter a key.
HOST WITHOUT DNSsystem.hostnamehost1The Value field is disabled if you select this method. You can only enter a key.

Example

The following is an example of configuring an SNMP Traps LogSource.

Basic Information

Field NameValue Example
NameSNMP Traps LogSource
GroupSNMP Trap LogSources
TypeLM Logs: SNMP Traps
DescriptionUPS related traps will be processed using this LogSource
AppliesTo(custom query) isLinux() || isNetwork()

Enterprise OIDs

NameEnterprise OID
CISCO1.3.6.1.4.1.9

Exclude Filters

AttributeComparison OperatorValue
TrapOIDEqual1.3.6.1.4.1.9.9.61.2.0.1

Log Fields

MethodKeyValue
StaticCustomerCustomer_xyz

Resource Mappings

MethodKeyValue
LM Property(Token)system.deviceId##system.deviceId##
In This Article