Skip to main content

Ingest SNMP Traps

You can use the Trapd LAM integration in Moogsoft Enterprise to ingest and process SNMP traps as events. See SNMP Trapd LAM v1 for details.

The Trapd LAM is useful if you are monitoring a large network with hundreds or thousands of devices that are sending traps from multiple objects and you want Moogsoft Enterprise to reduce some of this noise.

Trap Processing Overview

In the standard workflow, the setup steps for Moogsoft Enterprise to ingest traps are:

  1. Run the Mibparser utility to check your MIBs for any issues and generate your parsed MIBs. See Parse MIBs for Trap Integration.

  2. Configure the Trapd LAM to load the parsed MIBs See step three of Configure the SNMP Trapd LAM.

  3. Run the Mib2Lam utility to generate Trap modules from the parsed MIBs. See Create LAMbots from MIBs (DEPRECATED).

  4. Deploy the Trap modules into the Trapd LAM and the Trap LAMbot. See Create LAMbots from MIBs (DEPRECATED).

Once these steps have been completed, the Trapd LAM can ingests traps and pass them through to the LAMbot. The Trap LAMbot processes each trap payload, determines the processing path and passes the trap along the event stream.

In the example diagram, Trapd LAM ingests a coldStart Trap from a LAN switch. It translates the trap using a MIB file then passes it to the LAMbot and Trap Module for processing.

29961770.png

Trap Processing Components

The following components comprise the trap processing system in Moogsoft Enterprise:

SNMP

Moogsoft Enterprise supports three versions of SNMP:

  • SNMPv1 - the original version of the protocol that supports 32-bit counters, trap messages and uses a simple authentication scheme with little security.

  • SNMPv2 - the second, improved version of SNMP is nearly identical to v1 but includes support for 64-bit counters and the addition of Inform messages.

  • SNMPv3 - the latest version of SNMP has enhanced security features with the additions of both authentication and encryption. See SNMPv3 for configuration details.

Trapd LAM

The Trapd LAM is Moogsoft Enterprise' standard integration for receiving and processing SNMP traps sent from your SNMP applications. You can configure it using $MOOGSOFT_HOME/config/trapd_lam.conf. See SNMP Trapd LAM v1 for more information.

MIBs

The Management Information Base (MIB) files are virtual databases of variables describing the conditions at each SNMP device. Trapd LAM uses the MIBs to interpret the trap messages it receives. Each MIB is organized in a hierarchical tree of uniquely identify managed objects and each object has an object identifier (OID). See MIBs for more details.

Mibparser

The Mibparser utility parses MIB (management information base) files used by SNMP Trap integrations. The utility helps identify issues and conflicts between your MIBs. For more information on the checks see Parse MIBs for Trap Integration.

Mib2lam

The Mib2lam utility creates trap modules and LAMbots from the SNMP trap definitions in raw MIB files. See Create LAMbots from MIBs (DEPRECATED) for more information.

Trap LAMbot

The Trap LAMbot is the entry point for all trap processing. The LAMbot normalises the data, determines the processing path and forwards along the event processing chain to a Moolet such as the AlertBuilder. You can load the MIBdb LAMbot module into the Trap LAMbot to translate OIDs (object identifiers) into their defined names. See MIB Db for more information.

Trap Module

The Trap modules are individual modules the Trapd LAM routes the traps to for processing. These modules contain specific trap processing on a trap-by-trap basis. You can create these manually or you can use boilerplate LAMbot modules that the Mib2lam generates.