SNMP Traps LogSource Configuration
Last updated on 03 November, 2023SNMP Traps type LogSource enables LogicMonitor collector to ingest SNMP traps to LogicMonitor logs without configuring alerts.
Requirements
- Collector version EA Collector 34.500 or later. For more information on upgrading collector, see Managing Collectors.
- Access to LogicMonitor UIv4
Configuration Options
The configuration option includes configuration details specific to the SNMP Traps LogSource. For more information on adding a LogSource, see Configuring a LogSource.
Info
Select LM Logs: SNMP Traps from the Type drop-down and provide basic information such as name, group name, description, and technical notes.
Enterprise OIDs
Provide Enterprise OIDs of the respective enterprises for which the SNMP traps will be sent to collector. To know the enterprise OID of your vendor, see Enterprise numbers.
Exclude Filters
Traps that match with the exclude filter criteria are not ingested. You can use the following filters to exclude SNMP traps.
Available Parameters
| Attributes | Comparison Operator | Value Example | Description |
| TrapOID | Equal, NotEqual, StartsWith | 1.3.6.1.4.1.9.9.61.2.0.1 | Trap OID of the trap |
| VarbindKey | Equal, NotEqual | 1.3.6.1.4.1.9.9.13.1.3.1.2 | Key of the variable binding present in the trap |
Log Fields
You can configure Log Fields (tags) to add metadata to the log entry.
Available Parameters
| Method | Key Example | Value Example | Description |
| Static | Customer | Customer_XYZ | Key and value is added as is to the log entry metadata |
| LM Property(Token) | Device | ##system.deviceId## | The device ID value extracted from the device property in LogicMonitor |
Resource Mappings
For resource mapping you can configure LM log key to match a monitored resource’s LM property.
Available Parameters
| Method | Key Example | Value Example | Description |
| Static | Customer_Id | 1219 | Key and value is used as is for resource mapping. |
| IP | system.ips | 10.20.30.40 | Use the SNMP trap host field information and resolve it to IP. The Value field is disabled if you select this method. You can only enter a key. |
| FQDN | system.hostname | application.service.example.com | Fully Qualified Domain Name, from DNS resolution of hostname received from the host address of the trap. The Value field is disabled if you select this method. You can only enter a key. |
| HOSTNAME | system.hostname | host1.example.com | The Value field is disabled if you select this method. You can only enter a key. |
| HOST WITHOUT DNS | system.hostname | host1 | The Value field is disabled if you select this method. You can only enter a key. |
Example
The following is an example of configuring an SNMP Traps LogSource.
Basic Information
| Field Name | Value Example |
| Name | SNMP Traps LogSource |
| Group | SNMP Trap LogSources |
| Type | LM Logs: SNMP Traps |
| Description | UPS related traps will be processed using this LogSource |
| AppliesTo | (custom query) isLinux() || isNetwork() |
Enterprise OIDs
| Name | Enterprise OID |
| CISCO | 1.3.6.1.4.1.9 |
Exclude Filters
| Attribute | Comparison Operator | Value |
| TrapOID | Equal | 1.3.6.1.4.1.9.9.61.2.0.1 |
Log Fields
| Method | Key | Value |
| Static | Customer | Customer_xyz |
Resource Mappings
| Method | Key | Value |
| LM Property(Token) | system.deviceId | ##system.deviceId## |