SNMP Traps LogSource Configuration

Last updated on 14 March, 2024

SNMP Traps type LogSource enables LogicMonitor collector to ingest SNMP traps to LogicMonitor logs without configuring alerts.


  • Collector version EA Collector 34.500 or later. For more information on upgrading collector, see Managing Collectors.
  • Access to LogicMonitor UIv4

Configuration Options

The configuration option includes configuration details specific to the SNMP Traps LogSource. For more information on adding a LogSource, see Configuring a LogSource.

Note: We have removed the Enterprise OIDs field. Starting with EA Collector 35.300, Enterprise OIDs are not required to translate SNMP traps. However, SNMP Traps translation will still work for all the out-of-the-box enterprises/MIBs supported by LogicMonitor.


Select LM Logs: SNMP Traps from the Type drop-down and provide basic information such as name, group name, description, and technical notes.

Exclude Filters

Traps that match with the exclude filter criteria are not ingested. You can use the following filters to exclude SNMP traps.

Available Parameters

AttributesComparison OperatorValue ExampleDescription
TrapOIDEqual, NotEqual, StartsWith1. OID of the trap
VarbindKeyEqual, NotEqual1. of the variable binding present in the trap

Log Fields

You can configure Log Fields (tags) to add metadata to the log entry.

Available Parameters

MethodKey ExampleValue ExampleDescription
StaticCustomerCustomer_XYZKey and value is added as is to the log entry metadata
LM Property(Token)Device##system.deviceId##The device ID value extracted from the device property in LogicMonitor

Resource Mappings

For resource mapping you can configure LM log key to match a monitored resource’s LM property.

Available Parameters

MethodKey ExampleValue ExampleDescription
StaticCustomer_Id1219Key and value is used as is for resource mapping.
IPsystem.ips10.20.30.40Use the SNMP trap host field information and resolve it to IP. The Value field is disabled if you select this method. You can only enter a key.
FQDNsystem.hostnameapplication.service.example.comFully Qualified Domain Name, from DNS resolution of hostname received from the host address of the trap. The Value field is disabled if you select this method. You can only enter a key.
HOSTNAMEsystem.hostnamehost1.example.comThe Value field is disabled if you select this method. You can only enter a key.
HOST WITHOUT DNSsystem.hostnamehost1The Value field is disabled if you select this method. You can only enter a key.


The following is an example of configuring an SNMP Traps LogSource.

Basic Information

Field NameValue Example
NameSNMP Traps LogSource
GroupSNMP Trap LogSources
TypeLM Logs: SNMP Traps
DescriptionUPS related traps will be processed using this LogSource
AppliesTo(custom query) isLinux() || isNetwork()

Exclude Filters

AttributeComparison OperatorValue

Log Fields


Resource Mappings

LM Property(Token)system.deviceId##system.deviceId##

Processing SNMP Traps using LogSource and EventSource

Collector processes SNMP traps using LogSource or EventSource. At a time, either LogSource or EventSource is used and under any scenario, both cannot be used simultaneously.

  • Processing SNMP traps using LogSource–If a collector monitors a device with LogSource applied on it, the collector processes the SNMP traps only from devices on which LogSource is applied. Collector ignores (that is, does not process) traps from devices that do not have LogSource applied on them.
  • Processing SNMP traps using EventSource–If LogSource is not applied on all the devices monitored by a collector, but EventSource is applied on them, the collector processes the SNMP traps from devices on which EventSource is applied.

Refer the following scenarios to understand how collector processes SNMP traps. In these scenarios, we have considered 3 devices monitored by the same collector. 

Scenario 1

The collector processes SNMP traps from both Device 1 and Device 3 only using LogSource as there is at least one device with LogSource applied on them.

The SNMP traps from Device 2 are ignored (that is, not processed) as LogSource is not applied on Device 2.

DeviceIs LogSource AppliedIs EventSource Applied
Device 1YesYes
Device 2NoYes
Device 3YesNo

Scenario 2

The collector processes SNMP traps from both Device 1 and Device 2 only using EventSource as none of the devices have LogSource applied on them. The SNMP traps from Device 3 are ignored (that is, not processed) as Device 3 does not have EventSource applied on it.

DeviceIs LogSource AppliedIs EventSource Applied
Device 1NoYes
Device 2NoYes
Device 3NoNo

Translating SNMP Traps using Custom MIBs

Starting with EA Collector 35.300 release, the collector is able to translate SNMP traps through custom Management Information Base (MIB) files. Based on the enterprise of the MIB files, the custom MIB files are converted to JSON files. Currently, LogicMonitor converts the custom MIBs to JSON files. Follow these steps to use custom MIBs for SNMP trap translation:

  1. Share the custom MIB files with your LogicMonitor Customer Success Manager (CSM). 
  2. The CSM creates a support ticket to convert the custom MIB files to JSON.
  3. Once the JSON files are ready, the CSM shares them with you.
  4. Copy the JSON files to the <agent-root>/snmpdb directory on your collector machine.
    Once the collector restarts, the JSON files translate the respective SNMP traps.

Note: After the collector restarts, if the custom MIBs belong to the out-of-the-box supported enterprises, then the custom JSON files are replaced. LogicMonitor is working to fix this issue.

In This Article