SNMP Trapd LAM v2

Notice

See Installing SNMP Trapd v2 for instructions on obtaining and installing SNMP Trapd v2.

Note

Certain features of this LAMbot require Moogsoft Enterprise 8.0.0.4 or greater.

Processing traps indirectly will not work prior to 8.0.0.4. See Working with partially translated payload values for indirect traps.

An updated version of the SNMP Trapd LAM was released in Add-Ons 2.4, including LAMbot, utilities, include files and modules in the MoogTrapdLamV2.tar.gz archive.

This archive contains the following files:

bots/lambots/MoogTrapdLamV2.js
bots/lambots/trapModules/master.includes
bots/lambots/trapModules/<vendor> 
contrib/TrapUtiity.js
contrib/BotUtility.js
config/moog_trapd_lamV2.conf
mib2lam/

Features

A simplified core LAMbot
A new, simpler mechanism to load and instantiate .include files.
- Easier to control which include files are loaded
A modified mib2lam MIB conversion to work with the new load and instantiate process.
Existing include files will work - no changes should be needed to these.
- Custom includes will need to be routed in the new master.includes file. See Including TrapdLamv1 includes in TrapdLamv2.
Ability to use process indirect traps via include files:
- Indirect traps are those delivered as non-SNMP traps - e.g. encapsulated in a REST or Kafka payload, or forwarded from a 3rd party system such as Elastic or Splunk.

Simplified LAMbot

The v1 trap LAMbot contained both core processing and user changeable data (e.g. loading and routing modules), and presented an upgrade risk due to these functions being combined into a single file. The v2 LAMbot has been significantly simplified to allow changes to be made (e.g. the addition of custom code) without risk, and to allow core processing functionality to be modified as part of a distribution without the complexity of merging old and new LAMbots.

The core LAMbot presend() function has been reduced to the following code, with a clear placeholder for any custom code that needs to be added.

function presend(event) { 

  // ------------------------------------------------------------------------------------
  // Process the trap, and return a processed trapEvent that will be used to populate
  // attribures of the originial source event.
  // ------------------------------------------------------------------------------------

  var trapEvent = trapUtil.processSNMPTrap(event);

  // ------------------------------------------------------------------------------------
  // Discard this event if set within the processing.
  // ------------------------------------------------------------------------------------

  if ( trapEvent.discard ) {
    logger.info("Event marked for discard");
    return false;
  }

  // ------------------------------------------------------------------------------------
  // Validate the trapEvent before despatch
  // Populate the source event with the processed trap data. 
  // If the trap cannot be processed, generate an ingestion errot event. 
  // ------------------------------------------------------------------------------------

  var eventOk = trapUtil.prepareEvent(event,trapEvent);

  if ( !eventOk ) {
    logger.warning("Trap failed validation - generating ingeston alert");
    botUtil.printObj(trapEvent,"failed to validate");
    botUtil.generateIngestEvent(event,"Trap failed to validate");
    return true;
  }

  // ------------------------------------------------------------------------------------
  // If customer specific processing is needed, e.g. adding static lookup, add it here.
  // ------------------------------------------------------------------------------------
  // Custom code start: 
  // ------------------------------------------------------------------------------------
  //
  //
  // ------------------------------------------------------------------------------------
  // Custom code end. 
  // ------------------------------------------------------------------------------------
  //
  // 
  // ------------------------------------------------------------------------------------
  // Check for a stream in the trapEvent and despatch.
  // ------------------------------------------------------------------------------------

  if ( trapEvent.streamName ) {
    return( { passed: true, stream: trapEvent.streamName } );
  }
  else {
    return(true);
  }
}

The only changes that would be expected to be made in this file is the addition of any custom code at the appropriate place.

All supporting processing functionality has been moved to the TrapUtility.js module. Changes to the TrapUtility.js (like the BotUtility.js and other utility modules) are not supported, and this should not need to be modified without prior consultation with the Moogsoft technical team.

In this section: