SNMP Traps LogSource Configuration
Last updated on 14 March, 2024SNMP Traps type LogSource enables LogicMonitor collector to ingest SNMP traps to LogicMonitor logs without configuring alerts.
Requirements
- Collector version EA Collector 34.500 or later. For more information on upgrading collector, see Managing Collectors.
- Access to LogicMonitor UIv4
Configuration Options
The configuration option includes configuration details specific to the SNMP Traps LogSource. For more information on adding a LogSource, see Configuring a LogSource.
Note: We have removed the Enterprise OIDs field. Starting with EA Collector 35.300, Enterprise OIDs are not required to translate SNMP traps. However, SNMP Traps translation will still work for all the out-of-the-box enterprises/MIBs supported by LogicMonitor.
Info
Select LM Logs: SNMP Traps from the Type drop-down and provide basic information such as name, group name, description, and technical notes.
Exclude Filters
Traps that match with the exclude filter criteria are not ingested. You can use the following filters to exclude SNMP traps.
Available Parameters
| Attributes | Comparison Operator | Value Example | Description |
| TrapOID | Equal, NotEqual, StartsWith | 1.3.6.1.4.1.9.9.61.2.0.1 | Trap OID of the trap |
| VarbindKey | Equal, NotEqual | 1.3.6.1.4.1.9.9.13.1.3.1.2 | Key of the variable binding present in the trap |
Log Fields
You can configure Log Fields (tags) to add metadata to the log entry.
Available Parameters
| Method | Key Example | Value Example | Description |
| Static | Customer | Customer_XYZ | Key and value is added as is to the log entry metadata |
| LM Property(Token) | Device | ##system.deviceId## | The device ID value extracted from the device property in LogicMonitor |
Resource Mappings
For resource mapping you can configure LM log key to match a monitored resource’s LM property.
Available Parameters
| Method | Key Example | Value Example | Description |
| Static | Customer_Id | 1219 | Key and value is used as is for resource mapping. |
| IP | system.ips | 10.20.30.40 | Use the SNMP trap host field information and resolve it to IP. The Value field is disabled if you select this method. You can only enter a key. |
| FQDN | system.hostname | application.service.example.com | Fully Qualified Domain Name, from DNS resolution of hostname received from the host address of the trap. The Value field is disabled if you select this method. You can only enter a key. |
| HOSTNAME | system.hostname | host1.example.com | The Value field is disabled if you select this method. You can only enter a key. |
| HOST WITHOUT DNS | system.hostname | host1 | The Value field is disabled if you select this method. You can only enter a key. |
Example
The following is an example of configuring an SNMP Traps LogSource.
Basic Information
| Field Name | Value Example |
| Name | SNMP Traps LogSource |
| Group | SNMP Trap LogSources |
| Type | LM Logs: SNMP Traps |
| Description | UPS related traps will be processed using this LogSource |
| AppliesTo | (custom query) isLinux() || isNetwork() |
Exclude Filters
| Attribute | Comparison Operator | Value |
| TrapOID | Equal | 1.3.6.1.4.1.9.9.61.2.0.1 |
Log Fields
| Method | Key | Value |
| Static | Customer | Customer_xyz |
Resource Mappings
| Method | Key | Value |
| LM Property(Token) | system.deviceId | ##system.deviceId## |
Processing SNMP Traps using LogSource and EventSource
Collector processes SNMP traps using LogSource or EventSource. At a time, either LogSource or EventSource is used and under any scenario, both cannot be used simultaneously.
- Processing SNMP traps using LogSource–If a collector monitors a device with LogSource applied on it, the collector processes the SNMP traps only from devices on which LogSource is applied. Collector ignores (that is, does not process) traps from devices that do not have LogSource applied on them.
- Processing SNMP traps using EventSource–If LogSource is not applied on all the devices monitored by a collector, but EventSource is applied on them, the collector processes the SNMP traps from devices on which EventSource is applied.
Refer the following scenarios to understand how collector processes SNMP traps. In these scenarios, we have considered 3 devices monitored by the same collector.
Scenario 1
The collector processes SNMP traps from both Device 1 and Device 3 only using LogSource as there is at least one device with LogSource applied on them.
The SNMP traps from Device 2 are ignored (that is, not processed) as LogSource is not applied on Device 2.
| Device | Is LogSource Applied | Is EventSource Applied |
| Device 1 | Yes | Yes |
| Device 2 | No | Yes |
| Device 3 | Yes | No |
Scenario 2
The collector processes SNMP traps from both Device 1 and Device 2 only using EventSource as none of the devices have LogSource applied on them. The SNMP traps from Device 3 are ignored (that is, not processed) as Device 3 does not have EventSource applied on it.
| Device | Is LogSource Applied | Is EventSource Applied |
| Device 1 | No | Yes |
| Device 2 | No | Yes |
| Device 3 | No | No |
Translating SNMP Traps using Custom MIBs
Starting with EA Collector 35.300 release, the collector is able to translate SNMP traps through custom Management Information Base (MIB) files. Based on the enterprise of the MIB files, the custom MIB files are converted to JSON files. Currently, LogicMonitor converts the custom MIBs to JSON files. Follow these steps to use custom MIBs for SNMP trap translation:
- Share the custom MIB files with your LogicMonitor Customer Success Manager (CSM).
- The CSM creates a support ticket to convert the custom MIB files to JSON.
- Once the JSON files are ready, the CSM shares them with you.
- Copy the JSON files to the <agent-root>/snmpdb directory on your collector machine.
Once the collector restarts, the JSON files translate the respective SNMP traps.
Note: After the collector restarts, if the custom MIBs belong to the out-of-the-box supported enterprises, then the custom JSON files are replaced. LogicMonitor is working to fix this issue.