Installing SNMP Trapd v2

Download the TrapdLamV2 bundle from the following location  https://speedy.moogsoft.com/contrib/Moogsoft-TrapLamV2.tar.gz.

This requires your credentials to Moogsoft Support and can be performed with a cURL command similar to the following:

curl https://${SPEEDY_USER}:${SPEEDY_PASSWORD}@speedy.moogsoft.com/contrib/Moogsoft-TrapLamV2.tar.gz --output Moogsoft-TrapLamV2.tar.gz

Create a “staging” directory (for example, /tmp/traplamv2), copy and un-tar the traplamv2 files into the staging directory.

mkdir /tmp/trapdlamv2
cp Moogsoft-TrapLamV2.tar.gz /tmp/trapdlamv2
cd /tmp/trapdlamv2
tar -zxvf Moogsoft-TrapLamV2.tar.gz

Create a backup of the existing include files, LAMbot and config (and mib2lam if preferred):

tar -cvzf $MOOGSOFT_HOME/traplamv2_includes.tar.gz -C $MOOGSOFT_HOME bots/lambots/trapModules bots/lambots/MoogTrapdLam.js config/moog_trapd_lam.conf mib2lam 

Copy any locally modified include files from their current location in $MOOGSOFT_HOME/bots/lambots/trapModules to the corresponding path in the staging directory.

For example, if a custom include was created for “VendorX” and placed in $MOOGSOFT_HOME/bots/lambots/trapModules/vendorx , then the “vendorx” directory and contents would need to be copied to /tmp/trapdlamv2/bots/lambots/trapModules.

If you are uncertain of the local include files you may have, then using diff may help:

diff -qr $MOOGSOFT_HOME/bots/lambots/trapModules /tmp/trapdlamv2/bots/lambots/trapModules | sort

Look for entries like this, which indicate a difference between the new and existing files.

Files /usr/share/moogsoft/bots/lambots/trapModules/cisco/CiscoEntityExtTraps.include and /tmp/trapdlamv2/bots/lambots/trapModules/cisco/CiscoEntityExtTraps.include differ

And entries like this that show an existing include file that does not exist in the traplamv2 base set.

Only in /usr/share/moogsoft/bots/lambots/trapModules/<directory> : <filename.include>

Files referenced in the above entries need to be copied into the trapdlamv2 include set.

Modify the /tmp/trapdlamv2/bots/lambots/trapModules/master.includes to reference any files you may have copied over in step 4. Follow the instructions in the “Including TrapdLamV1 includes in TrapdLamV2” section, below.

Copy the staging files to the correct directories and locations.

mv $MOOGSOFT_HOME/bots/lambots/trapModules $MOOGSOFT_HOME/bots/lambots/trapModules.v1
cp -r /tmp/trapdlamv2/bots/lambots $MOOGSOFT_HOME/bots
cp /tmp/trapdlamv2/contrib/*.js $MOOGSOFT_HOME/contrib
cp /tmp/trapdlamv2/config/*.conf $MOOGSOFT_HOME/config
cp -r /tmp/trapdlamv2/mib2lam $MOOGSOFT_HOME

Add any local v1 MoogTrapdLam.js LAMbot modification to the appropriate place in the new MoogTrapdLamV2.js LAMbot. The file contains the following section, and any custom code should be placed there:

// ------------------------------------------------------------------------------------
  // If customer specific processing is needed, e.g. adding static lookup, add it here.
  // ------------------------------------------------------------------------------------
  // Custom code start: 
  // ------------------------------------------------------------------------------------
  //
  //
  // ------------------------------------------------------------------------------------
  // Custom code end. 
  // ------------------------------------------------------------------------------------  

Modify the /etc/init.d/trapdlam service file to reference the new config file (moog_trapd_lamv2.conf) or alternatively rename the moog_trapd_lamv2.conf file to match your existing configuration file.

If you have made modifications to the LAMbot (MoogTrapdLamV2.js), ensure that it is named appropriately (for example, MoogTrapdLamV2.CUSTOMER.js) and ensure the configuration file is referencing this modified LAMbot and not the default:

For example, in moog_trapd_lamv2.conf, modify the filter section to point to the modified LAMbot.

filter:
        {
            #
            # Specify the default stream this LAM will send events to.
            # If this configuration is not specified then the generic 
            # stream "events" is used, i.e. no specific stream.
            #
            # stream: "myStream",
			presend: "MoogTrapdLamV2.CUSTOMER.js",
			modules : []
        }

Ensure your config file is configured to use the correct precompiled mib file and SNMPv2 usm file if these are being used.

Stop the existing trapdlam, and start the traplam up in debug, logging to the console.

service trapdlam stop
trapd_lam --config moog_trapd_lam.TEST.conf --logconsole --loglevel debug

Look for the line:

WARN : [main][20220207 11:00:28.105 +0000] [CLogModule.java:123] +|[MoogTrapdLamV2.js]: TrapUtility::loadAllModules: Loaded 471 include files, there were 0 failures.|+

If there are any loading failures, then some include files have failed to load. Resolve these issues before continuing.

If you rely on trapDebug data as part of filtering, workflows or recipes (custom_info.trapDebug, custom_info.trapDebug.trapInfo, custom_info.trapDebug.trapData) this is on by default in the TrapdLamV2. If you do not use this data, then disable this in the lambot by commenting out the following line:

trapUtil.setTrapDebug(true);

Leaving trap debug enabled can result in large event sizes and should be disabled if it is not actively used. If an unknown trap is received, it will always pass through with its full debug payload, allowing an operator to see the trap details.

Restart the trapdlam with the new config file, LAMbot, and include files.

service trapdlam start