Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Services

      Resources

      Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

      View Resources
    Learn

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    SNMP Traps LogSource Configuration

    Last updated on 30 May, 2024

    SNMP Traps type LogSource enables LogicMonitor collector to ingest SNMP traps to LogicMonitor logs without configuring alerts.

    Requirements

    • Collector version EA Collector 34.500 or later. For more information on upgrading collector, see Managing Collectors.
    • Access to LogicMonitor UIv4

    Configuration Options

    The configuration option includes configuration details specific to the SNMP Traps LogSource. For more information on adding a LogSource, see Configuring a LogSource.

    Note: We have removed the Enterprise OIDs field. Starting with EA Collector 35.300, Enterprise OIDs are not required to translate SNMP traps. However, SNMP Traps translation will still work for all the out-of-the-box enterprises/MIBs supported by LogicMonitor.

    Info

    Select LM Logs: SNMP Traps from the Type drop-down and provide basic information such as name, group name, description, and technical notes.

    AppliesTo

    Applying LogSource on a Collector

    With collector version EA-35.200 onwards, you can apply LogSource to a collector directly using the Apply to Collector(s) option. By default, the Apply to Collector(s) option is disabled.

    Applying LogSource on the collector is useful in the following scenarios:

    • The collector does not monitor the device which is forwarding the SNMP traps to the collector.
    • LogicMonitor does not monitor the device which is forwarding the SNMP traps to the collector.

    For a device that forwards the SNMP traps to a collector, perform the following steps to apply a LogSource to a collector.

    1. Add the SNMP community (for the SNMP v1/v2 traps) or the SNMP credentials (for the SNMP v3 traps) as collector (self-monitoring device) properties to enable the collector to authenticate the traps forwarded to it. For more information, see Defining community strings and SNMP credentials for Ingestion of SNMP traps as LM Logs.
    2. Create a LogSource and enable the Apply to Collector(s) option to apply the LogSource on the collector.

    Note:

    • The AppliesTo section lists only the self-monitoring collectors that have EA Collector 35.200 or later installed.
    • Only one LogSource of SNMP Traps type can be applied to a self-monitoring collector.
    • If a device is monitored by the collector that receives traps, then the LogSource that is applied on the device is preferred over the LogSource applied on the collector. For more information, see the SNMP Traps Processing Preference section.

    Exclude Filters

    Traps that match with the exclude filter criteria are not ingested. You can use the following filters to exclude SNMP traps.

    Available Parameters

    AttributesComparison OperatorValue ExampleDescription
    TrapOIDEqual, NotEqual, StartsWith1.3.6.1.4.1.9.9.61.2.0.1Trap OID of the trap
    VarbindKeyEqual, NotEqual1.3.6.1.4.1.9.9.13.1.3.1.2Key of the variable binding present in the trap

    Log Fields

    You can configure Log Fields (tags) to add metadata to the log entry.

    Available Parameters

    MethodKey ExampleValue ExampleDescription
    StaticCustomerCustomer_XYZKey and value is added as is to the log entry metadata
    LM Property(Token)Device##system.deviceId##The device ID value extracted from the device property in LogicMonitor

    Resource Mappings

    For resource mapping you can configure LM log key to match a monitored resource’s LM property.

    Available Parameters

    MethodKey ExampleValue ExampleDescription
    StaticCustomer_Id1219Key and value is used as is for resource mapping.
    IPsystem.ips10.20.30.40Use the SNMP trap host field information and resolve it to IP. The Value field is disabled if you select this method. You can only enter a key.
    FQDNsystem.hostnameapplication.service.example.comFully Qualified Domain Name, from DNS resolution of hostname received from the host address of the trap. The Value field is disabled if you select this method. You can only enter a key.
    HOSTNAMEsystem.hostnamehost1.example.comThe Value field is disabled if you select this method. You can only enter a key.
    HOST WITHOUT DNSsystem.hostnamehost1The Value field is disabled if you select this method. You can only enter a key.

    Example

    The following is an example of configuring an SNMP Traps LogSource.

    Basic Information

    Field NameValue Example
    NameSNMP Traps LogSource
    GroupSNMP Trap LogSources
    TypeLM Logs: SNMP Traps
    DescriptionUPS related traps will be processed using this LogSource
    AppliesTo(custom query) isLinux() || isNetwork()

    Exclude Filters

    AttributeComparison OperatorValue
    TrapOIDEqual1.3.6.1.4.1.9.9.61.2.0.1

    Log Fields

    MethodKeyValue
    StaticCustomerCustomer_xyz

    Resource Mappings

    MethodKeyValue
    LM Property(Token)system.deviceId##system.deviceId##

    Processing SNMP Traps using LogSource and EventSource

    Collector processes SNMP traps using LogSource or EventSource. At a time, either LogSource or EventSource is used and under any scenario, both cannot be used simultaneously.

    • Processing SNMP traps using LogSource–If a collector monitors a device with LogSource applied on it, the collector processes the SNMP traps only from devices on which LogSource is applied. Collector ignores (that is, does not process) traps from devices that do not have LogSource applied on them.
    • Processing SNMP traps using EventSource–If LogSource is not applied on all the devices monitored by a collector, but EventSource is applied on them, the collector processes the SNMP traps from devices on which EventSource is applied.

    Refer the following scenarios to understand how collector processes SNMP traps. In these scenarios, we have considered 3 devices monitored by the same collector. 

    Scenario 1

    The collector processes SNMP traps from both Device 1 and Device 3 only using LogSource as there is at least one device with LogSource applied on them.

    The SNMP traps from Device 2 are ignored (that is, not processed) as LogSource is not applied on Device 2.

    DeviceIs LogSource AppliedIs EventSource Applied
    Device 1YesYes
    Device 2NoYes
    Device 3YesNo

    Scenario 2

    The collector processes SNMP traps from both Device 1 and Device 2 only using EventSource as none of the devices have LogSource applied on them. The SNMP traps from Device 3 are ignored (that is, not processed) as Device 3 does not have EventSource applied on it.

    DeviceIs LogSource AppliedIs EventSource Applied
    Device 1NoYes
    Device 2NoYes
    Device 3NoNo

    SNMP Traps Processing Preference

    With the capability to apply LogSource on a collector, depending on the customer requirement, there are three ways in which the collector can process the SNMP traps.

    • To ingest the SNMP traps received by the collector–Enable the lmlogs.snmptrap.enabled property in the agent.conf settings. Alternatively, you can select the Enable log collection for Syslog and SNMP trap option on the Add collector page to enable this property. Once enabled, the collector ingests all the SNMP traps without any customisation such as filters, resource mapping, and so on.
    • To add customisations–For customisations such as filtering traps or adding a different method for resource mapping, a LogSource should be created and applied on the collector that receives the SNMP trap by enabling the Apply to Collector(s) option on the LogSource.
    • To handle the SNMP traps from a device using a specific LogSource definition–A usual LogSource should be applied on the device which is forwarding the SNMP traps to the collector. 

    A usual LogSource that is applied on a device is preferred over the LogSource applied on a collector for processing the SNMP traps.

    A LogSource that is applied on a collector is preferred over collector’s agent.conf property lmlogs.snmptrap.enabled for processing the SNMP traps.

    You can refer the following scenarios to understand the preference in which the collector (that receives the SNMP traps) processes the SNMP traps.

    Scenario #Is the device monitored by the collector*Is a usual LogSource applied on the device Is a LogSource applied on the collector Is lmlogs.snmptrap.enabled set to trueResult
    1YesYesAny(Yes/No)Any(Yes/No)SNMP traps are processed using the usual LogSource applied on the device which is forwarding the SNMP traps.
    2YesNoYesAny(Yes/No)SNMP traps are processed using the LogSource applied on the collector which is receiving the SNMP traps.
    3NoAny(Yes/No)YesAny(Yes/No)SNMP traps are processed using the LogSource applied on the collector which is receiving the SNMP trap
    4NoAny(Yes/No)NoYesSNMP traps are processed using the lmlogs.snmptrap.enabled property in the agent.conf settings of the collector which is receiving the SNMP traps.

    * A collector monitors a device in the following 2 scenarios:

    • On the Manage Resource page, the collector is assigned as a Preferred Collector to the device.
    • On the Manage Resource page, the collector is assigned as a Log Collector using the Set LM Logs Collector option.

    Translating SNMP Traps using Custom MIBs

    Starting with EA Collector 35.400 release, you can use the MIBs to JSON Converter Utility to convert the MIB files to JSON files. In a collector, the utility is located at [LogicMonitor Collector Directory]/bin/snmpMibsToJsonConversionUtil.

    This Python-based utility is designed to convert the custom MIBs (which LogicMonitor does not support out-of-the-box) to enterprise JSON files, which the collector then uses to translate the SNMP traps. By default, the enterprise JSON files are placed in the [LogicMonitor Collector Directory]/snmpdb/custom directory. 

    Requirements to Use the Utility

    • Custom MIB files along with all its dependencies or parent MIB files.
    • You must have Python version between 3.8 to 3.12 installed on your machine.
    • The utility must be run with the same user which is used for installing the collector.
    • Ensure that the definition of a MIB file is not part of multiple input MIB files. If it is, the utility will consider either of such files. For example, for the ABC MIB, there should not be multiple files with the below line
      ABC DEFINITIONS ::= BEGIN
    • Install the dependencies of the utility. To do so, go to the utility directory [LogicMonitor Collector Directory]/bin/snmpMibsToJsonConversionUtil/ and run the following command:
    pip install -r requirements.txt

    How the Utility Generates the JSON Files

    1. Run the snmpMibsToJsonConverter.py file provided in the utility directory.
    2. Specify the directory path where the custom MIB files are placed.
    3. Specify the directory path to generate the converted JSON files. By default, the files are generated in the default directory [LogicMonitor Collector Directory]/snmpdb/custom. However, you can specify a different directory.
    4. The utility converts the MIB files and generates the JSON files in the directory that you specified.
    5. If the JSON files are generated in a different directory, copy the files to the default directory [LogicMonitor Collector Directory]/snmpdb/custom.
    6. When the collector restarts, the collector uses the JSON files to translate the corresponding SNMP traps.

    Note: For the common enterprise JSON files present in both the [LogicMonitor Collector Directory]/snmpdb/core and the [LogicMonitor Collector Directory]/snmpdb/custom directories, if common traps or OIDs are present in these JSON files, the SNMP traps are translated using the JSON file present in the custom directory. For exclusive traps or OIDs, the SNMP trap translation works as per the corresponding JSON file.

    If you have questions or face any issues while using the utility, contact your LogicMonitor Customer Success Manager (CSM).

    Troubleshooting Utility Issues

    When running the utility, look for the “Failed MIBs:” logs. Any error in the log indicates that the MIB conversion failed along with the reason for failure. In the “Failed MIBs:” logs, you can find the following log messages.

    Missing Parent or Dependent MIB

    Error

    Failed MIBs: ABC (no module "XYZ" in symbolTable at MIB ABC)

    The log indicates that conversion failed for the ABC MIB.

    Solution

    In the directory that you specified, add the “XYZ” MIB along with the other MIBs and run the utility again.

    WinError 183

    Error

    Failed MIBs: ABC (failure writing file inter_json\ABC.json: [WinError 183] Cannot create a file when that file already exists: 'C:\\snmpMibsToJsonConversionUtil\\inter_json\\tmp44ahdl2d' -> 'inter_json\\ABC.json' at MIB ABC)

    Solution

    This error can occur only for the Windows OS. You can ignore this error, as the MIB is already compiled by the utility.

    In This Article